From cfa97c0011078c0f673d1025762e8f329002e6f5 Mon Sep 17 00:00:00 2001
From: Kelly Baker <v-kbaker@microsoft.com>
Date: Mon, 3 Aug 2020 08:21:11 -0700
Subject: [PATCH 01/66] Edit pass: provisioning-create-package

Changes coming, do not review/merge yet.
---
 .../provisioning-packages/provisioning-create-package.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 035bdf4010..3c75f63d1f 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -21,12 +21,12 @@ manager: dansimp
 -   Windows 10
 -   Windows 10 Mobile
 
-You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. 
+You can use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings, and then apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. 
 
 >[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
 
->[!TIP]
->We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.
+> [!TIP]
+> We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.
 
 ## Start a new project
 

From a75c6ecfffa08ea71fe6c5ddfb10ff6a4267ad4d Mon Sep 17 00:00:00 2001
From: Adam Gross <github@grosshome.com>
Date: Wed, 5 Aug 2020 10:36:42 -0500
Subject: [PATCH 02/66] Updated several app names that have changed

I have updated the names of several apps. Can someone also update this list for Windows 10 2004?
---
 .../application-management/apps-in-windows-10.md   | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index c27ad32063..9d150d9583 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -51,13 +51,13 @@ Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, a
 | Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
 | Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MicrosoftOfficeHub                 | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |          Yes          |
 | Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |          Yes          |
 | Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
 | Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Office.OneNote                     | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.OneConnect                         | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |                       |
 | Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
@@ -77,10 +77,10 @@ Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, a
 | Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Xbox.TCUI                          | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxApp                            | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGameOverlay                    | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGamingOverlay                  | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |           No          |

From e401b14fa5746aabd67000c2180a87ef70b3b772 Mon Sep 17 00:00:00 2001
From: Russ Rimmerman <russ.rimmerman@microsoft.com>
Date: Sat, 8 Aug 2020 19:56:12 -0500
Subject: [PATCH 03/66] Update
 open-the-group-policy-management-console-to-windows-firewall.md

This heading doesn't seem to make sense and it's lacking sufficient wording in the navigation pane
---
 ...e-group-policy-management-console-to-windows-firewall.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index bce220a506..134a6bb928 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -1,6 +1,6 @@
 ---
-title: Open a GPO to Windows Defender Firewall (Windows 10)
-description: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security
+title: Group Policy Management of Windows Defender Firewall (Windows 10)
+description: Group Policy Management of Windows Defender Firewall with Advanced Security
 ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
 ms.reviewer: 
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 04/02/2017
 ---
 
-# Open the Group Policy Management Console to Windows Defender Firewall
+# Group Policy Management of Windows Defender Firewall
 
 **Applies to**
 -   Windows 10

From 0556754e06163a59cb6327d134f90fa04f54ce34 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 12 Aug 2020 09:39:45 +0500
Subject: [PATCH 04/66] Update bitlocker-to-go-faq.md

---
 .../information-protection/bitlocker/bitlocker-to-go-faq.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
index e8bd11f12b..275443414a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
@@ -24,7 +24,7 @@ ms.date: 07/10/2018
 
 ## What is BitLocker To Go?
 
-BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. 
+BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
 
 As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel. 
 

From 6a3aabb8663ecefec0c988147f4beea056cd1ac4 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 12 Aug 2020 17:13:42 +0500
Subject: [PATCH 05/66] Update
 network-access-restrict-clients-allowed-to-make-remote-sam-calls.md

---
 ...ccess-restrict-clients-allowed-to-make-remote-sam-calls.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index f5a0e5c08f..ed9022b411 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -91,9 +91,9 @@ In other words, the hotfix in each KB article provides the necessary code and fu
 
 | |Default SDDL	|Translated SDDL| Comments
 |---|---|---|---|
-|Windows Server 2016 domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.|
+|Windows Server 2016 (or later) domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.|
 |Earlier domain controller |-|-|No access check is performed by default.|
-|Windows 10, version 1607 non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>DACL: <br>•	Revision: 0x02 <br>•	Size: 0x0020 <br>•	Ace Count: 0x001 <br>•	Ace[00]------------------------- <br> &nbsp;&nbsp;AceType:0x00 <br> &nbsp;&nbsp;(ACCESS\_ALLOWED_ACE_TYPE)<br> &nbsp;&nbsp;AceSize:0x0018 <br> &nbsp;&nbsp;InheritFlags:0x00 <br> &nbsp;&nbsp;Access Mask:0x00020000 <br> &nbsp;&nbsp;AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544) <br><br> &nbsp;&nbsp;SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
+|Windows 10, version 1607 (or later) non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>DACL: <br>•	Revision: 0x02 <br>•	Size: 0x0020 <br>•	Ace Count: 0x001 <br>•	Ace[00]------------------------- <br> &nbsp;&nbsp;AceType:0x00 <br> &nbsp;&nbsp;(ACCESS\_ALLOWED_ACE_TYPE)<br> &nbsp;&nbsp;AceSize:0x0018 <br> &nbsp;&nbsp;InheritFlags:0x00 <br> &nbsp;&nbsp;Access Mask:0x00020000 <br> &nbsp;&nbsp;AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544) <br><br> &nbsp;&nbsp;SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
 |Earlier non-domain controller |-|-|No access check is performed by default.|
 
 ## Policy management

From 69428242703c27f768b02fcd5b8845563324f56a Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 12 Aug 2020 14:26:33 -0700
Subject: [PATCH 06/66] adding topic, started formatting

---
 .../troubleshooting-uwp-firewall.md           | 2074 +++++++++++++++++
 1 file changed, 2074 insertions(+)
 create mode 100644 windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
new file mode 100644
index 0000000000..dbc2f8af22
--- /dev/null
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -0,0 +1,2074 @@
+---
+title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
+description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
+
+ms.reviewer: 
+ms.author: dansimp
+ms.prod: w10
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: dansimp
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: troubleshooting
+---
+
+# Troubleshooting UWP App Connectivity Issues
+
+This document is intended to help network admins, support engineers, and developers to
+investigate UWP app network connectivity issues.
+
+# Introduction
+
+This document guides you through steps to debug different Universal Windows Platform (UWP) app network connectivity issues by providing practical case examples.
+
+UWP app network connectivity issues typically stem from one of the following causes:
+
+1. The UWP app was not permitted to receive loopback traffic (this must be configured as, by default, a UWP app is not allowed to receive loopback traffic).
+2. The UWP app is missing the proper capability tokens.
+3. The private range is configured incorrectly (i.e. set incorrectly through GP/MDM policies, etc.)
+
+To understand these causes more thoroughly, there are several concepts that should be reviewed.
+
+The traffic of network packets (e.g. what's permitted and what’s not) on Windows is ultimately determined by the Windows Filtering Platform (WFP). When a UWP app
+or the private range is configured incorrectly, it affects how the UWP app’s network traffic will be processed by WFP.
+
+When a packet is processed by WFP, the characteristics of that packet must explicitly match all the conditions of a filter to either be permitted or dropped to its target address. Connectivity issues typically happen when the packet does not match the filter conditions of any filters, leading the packet to be dropped by a default block filter. The presence of the default block
+filters ensures network isolation for UWP applications. Specifically, it guarantees a network drop for a packet that does not have the correct capabilities for the resource it is trying to reach, ensuring the application’s granular access to each resource type and preventing the application from “escaping” its environment.
+
+For more information on the filter arbitration algorithm and network isolation,
+please read [Filter
+Arbitration](https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration)
+and
+[Isolation](https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation).
+
+The next sections will cover debugging case examples for loopback and
+non-loopback UWP app network connectivity issues.
+
+> [!NOTE] 
+> As improvements to debugging and diagnostics around the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
+traces collected on an older Windows build.
+
+# Debugging UWP App Loopback scenarios
+
+If you have a scenario where you are establishing a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
+
+To enable loopback for client outbound connections, run the following in a command prompt:
+
+`CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>`
+
+To enable loopback for server inbound connections, please run the following in a
+command prompt:
+
+`CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>`
+
+You can ensure loopback is enabled by checking the appx manifests of both the
+sender and receiver.
+
+For more information about loopback scenarios, please read [Communicating with
+localhost
+(loopback)](https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback)
+
+# Debugging Live Drops
+
+If the issue happened recently, but you find you are not able to reproduce the
+issue, go to Debugging Past Drops for the appropriate trace commands.
+
+If you can consistently reproduce the issue, then you can run the following in
+an admin command prompt to gather a fresh trace:
+
+```
+Netsh wfp capture start keywords=19
+\<Run UWP app\>
+Netsh wfp capture stop
+```
+
+The above commands will generate a wfpdiag.cab. Inside the .cab exists a
+wfpdiag.xml, which contains any allow or drop netEvents and filters that existed
+during that repro. Without “keywords=19”, the trace will only collect drop
+netEvents.
+
+Inside the wfpdiag.xml, search for netEvents which have
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP as the netEvent type. To find the relevant
+drop events, search for the drop events with matching destination IP address,
+package SID, or application ID name. The characters in the application ID name
+will be separated by periods:
+```
+(ex) 					
+
+\<asString\>
+
+\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
+
+\</asString\>
+```
+The netEvent will have more information about the packet that was dropped
+including information about its capabilities, the filter that dropped the
+packet, and much more.
+
+## Case 1: UWP app connects to Internet target address with all capabilities
+
+In this example, the UWP app successfully connects to bing.com
+[2620:1ec:c11::200].
+
+A packet from a UWP app needs the correct networking capability token for the
+resource it is trying to reach.
+
+In this scenario, the app could successfully send a packet to the Internet
+target because it had an Internet capability token.
+
+The following shows the allow netEvent of the app connecting to the target IP.
+The netEvent contains information about the packet including its local address,
+remote address, capabilities, etc.
+
+```**Classify Allow netEvent, Wfpdiag-Case-1.xml**
+
+\<netEvent\>
+\<header\>
+>   \<timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
+>   \<flags numItems="9"\>
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+>   \</flags\>
+>   \<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+>   \<ipProtocol\>6\</ipProtocol\>				
+>   \<localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+\<localPort\>52127\</localPort\>
+\<remotePort\>443\</remotePort\>
+\<scopeId\>0\</scopeId\>
+\<appId\>				
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+\</appId\>
+\<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+\<addressFamily\>FWP_AF_INET6\</addressFamily\>
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+\<enterpriseId/\>
+\<policyFlags\>0\</policyFlags\>
+\<effectiveName/\>
+\</header\>
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
+\<classifyAllow\>
+>   \<filterId\>125918\</filterId\>
+>   \<layerId\>50\</layerId\>
+>   \<reauthReason\>0\</reauthReason\>
+>   \<originalProfile\>1\</originalProfile\>
+>   \<currentProfile\>1\</currentProfile\>
+\</classifyAllow\>
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+\<capabilities numItems="3"\>				
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+>   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+\</capabilities\>
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+>   \<item\>
+		\<filterId\>125918\</filterId\>					
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+>   \</item\>
+>   \<item\>
+		\<filterId\>121167\</filterId\>
+		\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+    \</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+\</netEvent\>
+```
+
+The following is the filter that permitted the packet to be sent to the target
+address according to the terminatingFiltersInfo in the netEvent. This packet was
+allowed by Filter \#125918 which is from the InternetClient Default Rule.
+
+**InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
+```
+\<item\>
+
+>   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>InternetClient Default Rule\</name\>
+
+>   \<description\>InternetClient Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>ad2b000000000000\</data\>
+
+>   \<asString\>.+......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_RANGE_TYPE\</type\>
+
+>   \<rangeValue\>
+
+>   \<valueLow\>
+
+>   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
+
+>   \<byteArray16\>::\</byteArray16\>
+
+>   \</valueLow\>
+
+>   \<valueHigh\>
+
+>   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
+
+>   \<byteArray16\>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\</byteArray16\>
+
+>   \</valueHigh\>
+
+>   \</rangeValue\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>125918\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>103079219136\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+```
+One condition is
+
+**Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
+```
+\<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+\</item\>
+```
+which is the condition for checking capabilities in this filter.
+
+The important part of this condition is S-1-15-3-1, which is the capability SID
+for INTERNET_CLIENT privileges.
+
+From the netEvent’s capabilities section,
+```
+Capabilities from netEvent, Wfpdiag-Case-1.xml
+
+\<capabilities numItems="3"\>				
+
+>   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+
+\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+
+\</capabilities\>
+```
+it shows the packet came from an app with an Internet client token
+(FWP_CAPABILITIES_FLAG_INTERNET_CLIENT) which matches the capability SID in the
+filter. All the other conditions are also met for the filter, so the packet is
+allowed.
+
+Something to note is that the only capability token required for the packet to
+reach bing.com was the Internet client token, even though this example showed
+the packet having all capabilities.
+
+## Case 2: UWP APP cannot reach Internet target address and has no capabilities
+
+In this example, the UWP app is unable to connect to bing.com
+[2620:1ec:c11::200].
+
+The following is a drop netEvent that was captured in the traces during this
+repro.
+
+**Classify Drop netEvent, Wfpdiag-Case-2.xml**
+```
+\<netEvent\>
+\<header\>
+\<timeStamp\>2020-03-30T23:53:09.720Z\</timeStamp\>
+\<flags numItems="9"\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+\</flags\>
+\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+\<ipProtocol\>6\</ipProtocol\>
+\<localAddrV6.byteArray16\>2001:4898:1a:1045:8469:3351:e6e2:543\</localAddrV6.byteArray16\>
+\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+\<localPort\>63187\</localPort\>
+\<remotePort\>443\</remotePort\>
+\<scopeId\>0\</scopeId\>
+\<appId\>
+\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0034002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...4...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+\</appId\>
+\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
+\<addressFamily\>FWP_AF_INET6\</addressFamily\>
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+\<enterpriseId/\>
+\<policyFlags\>0\</policyFlags\>
+\<effectiveName/\>
+\</header\>
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+\<classifyDrop\>
+\<filterId\>68893\</filterId\>
+\<layerId\>50\</layerId\>
+\<reauthReason\>0\</reauthReason\>
+\<originalProfile\>1\</originalProfile\>
+\<currentProfile\>1\</currentProfile\>
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+\<isLoopback\>false\</isLoopback\>
+\<vSwitchId/\>
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+\</classifyDrop\>
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+\<capabilities/\>
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+\<item\>
+\<filterId\>68893\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+\</item\>
+\<item\>
+\<filterId\>68879\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+\</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+\</netEvent\>
+```
+The first thing that should be checked in the netEvent is the capabilities
+field\*. In this example, the capabilities field is empty, indicating that the
+UWP app was not configured with any capability tokens to allow it to connect to
+a network.
+
+**Internal Fields from netEvent, Wfpdiag-Case-2.xml**
+```
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+**\<capabilities/\>**
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+\<item\>
+\<filterId\>68893\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+\</item\>
+\<item\>
+\<filterId\>68879\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+\</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+```
+The netEvent also gives us information about the filter that explicitly dropped
+this packet, like the FilterId, listed under classify drop
+
+**Classify Drop from netEvent, Wfpdiag-Case-2.xml**
+```
+\<classifyDrop\>
+**\<filterId\>68893\</filterId\>**
+\<layerId\>50\</layerId\>
+\<reauthReason\>0\</reauthReason\>
+\<originalProfile\>1\</originalProfile\>
+\<currentProfile\>1\</currentProfile\>
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+\<isLoopback\>false\</isLoopback\>
+\<vSwitchId/\>
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+\</classifyDrop\>
+```
+If we search for that filter, \#68893, in Wfpdiag-Case2.xml, we will see that
+the packet was dropped by a Block Outbound Default Rule filter.
+
+**Block Outbound Default Rule Filter \#68893, Wfpdiag-Case-2.xml**
+
+```
+\<item\>
+>   \<filterKey\>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}\</filterKey\>
+>   \<displayData\>
+>   \<name\>**Block Outbound Default Rule**\</name\>
+>   \<description\>Block Outbound Default Rule\</description\>
+>   \</displayData\>
+>   \<flags/\>
+>   \<providerKey\>{4b153735-1049-4480-aab4-d1b9bdc03710}\</providerKey\>
+>   \<providerData\>
+>   \<data\>b001000000000000\</data\>
+>   \<asString\>........\</asString\>
+>   \</providerData\>
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
+>   \<subLayerKey\>{b3cdd441-af90-41ba-a745-7c6008ff2300}\</subLayerKey\>
+>   \<weight\>
+>   \<type\>FWP_EMPTY\</type\>
+>   \</weight\>
+>   \<filterCondition numItems="1"\>
+>   \<item\>
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+>   \<conditionValue\>
+>   \<type\>FWP_SID\</type\>
+>   \<sid\>S-1-0-0\</sid\>
+>   \</conditionValue\>
+>   \</item\>
+>   \</filterCondition\>
+>   \<action\>
+>   \<type\>FWP_ACTION_BLOCK\</type\>
+>   \<filterType/\>
+>   \</action\>
+>   \<rawContext\>0\</rawContext\>
+>   \<reserved/\>
+>   \<filterId\>68893\</filterId\>
+>   \<effectiveWeight\>
+>   \<type\>FWP_UINT64\</type\>
+>   \<uint64\>68719476736\</uint64\>
+>   \</effectiveWeight\>
+\</item\>
+```
+
+A packet will reach a default block filter if the packet was unable to match any of the conditions of other filters, and thus not allowed by the other filters in
+the same sublayer.
+
+If the packet had the correct capability token,
+FWP_CAPABILITIES_FLAG_INTERNET_CLIENT, it would have matched a condition for a
+non-default block filter and would have been permitted to reach bing.com.
+Without the correct capability tokens, the packet will be explicitly dropped by
+a default block outbound filter.
+
+## Case 3: UWP app cannot reach Internet target address without Internet Client capability
+
+In this example, the app is unable to connect to bing.com [2620:1ec:c11::200].
+
+The app in this scenario only has private network capabilities (Client and
+Server). The app is trying to connect to an Internet resource (bing.com), but
+only has a private network token. Therefore, the packet will be dropped.
+
+**Classify Drop netEvent, Wfpdiag-Case-3.xml**
+```
+\<netEvent\>
+\<header\>
+\<timeStamp\>2020-03-31T16:57:18.570Z\</timeStamp\>
+\<flags numItems="9"\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+\</flags\>
+\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+\<ipProtocol\>6\</ipProtocol\>
+\<localAddrV6.byteArray16\>2001:4898:1a:1045:9c65:7805:dd4a:cc4b\</localAddrV6.byteArray16\>
+\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+\<localPort\>64086\</localPort\>
+\<remotePort\>443\</remotePort\>
+\<scopeId\>0\</scopeId\>
+\<appId\>
+\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0035002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...5...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+\</appId\>
+\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
+\<addressFamily\>FWP_AF_INET6\</addressFamily\>
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+\<enterpriseId/\>
+\<policyFlags\>0\</policyFlags\>
+\<effectiveName/\>
+\</header\>
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+\<classifyDrop\>
+\<filterId\>68893\</filterId\>
+\<layerId\>50\</layerId\>
+\<reauthReason\>0\</reauthReason\>
+\<originalProfile\>1\</originalProfile\>
+\<currentProfile\>1\</currentProfile\>
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+\<isLoopback\>false\</isLoopback\>
+\<vSwitchId/\>
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+\</classifyDrop\>
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+**\<capabilities numItems="1"\>**
+**\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>**
+**\</capabilities\>**
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+\<item\>
+\<filterId\>68893\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+\</item\>
+\<item\>
+\<filterId\>68879\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+\</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+\</netEvent\>
+```
+
+## Case 4: UWP app cannot reach Intranet target address without Private Network capability
+
+In this example, the UWP app is unable to reach the Intranet target address,
+10.50.50.50, because it does not have a Private Network capability.
+
+**Classify Drop netEvent, Wfpdiag-Case-4.xml**
+
+\<netEvent\>
+
+\<header\>
+
+>   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
+
+>   \<flags numItems="9"\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+>   \</flags\>
+
+>   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+>   \<ipProtocol\>6\</ipProtocol\>
+
+>   \<localAddrV4\>10.216.117.17\</localAddrV4\>
+
+>   \<remoteAddrV4\>10.50.50.50\</remoteAddrV4\>
+
+>   \<localPort\>52998\</localPort\>
+
+>   \<remotePort\>53\</remotePort\>
+
+>   \<scopeId\>0\</scopeId\>
+
+>   \<appId\>				
+
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+>   \</appId\>
+
+>   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+
+>   \<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+>   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+>   \<enterpriseId/\>
+
+>   \<policyFlags\>0\</policyFlags\>
+
+>   \<effectiveName/\>
+
+\</header\>
+
+>   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+
+>   \<classifyDrop\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<layerId\>48\</layerId\>
+
+>   \<reauthReason\>0\</reauthReason\>
+
+>   \<originalProfile\>1\</originalProfile\>
+
+>   \<currentProfile\>1\</currentProfile\>
+
+>   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+
+>   \<isLoopback\>false\</isLoopback\>
+
+>   \<vSwitchId/\>
+
+>   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+
+>   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+
+\</classifyDrop\>
+
+\<internalFields\>
+
+>   \<internalFlags/\>
+
+>   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+>   \<capabilities numItems="2"\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+
+>   \</capabilities\>
+
+>   \<fqbnVersion\>0\</fqbnVersion\>
+
+>   \<fqbnName/\>
+
+>   \<terminatingFiltersInfo numItems="2"\>
+
+>   \<item\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterId\>121165\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \</terminatingFiltersInfo\>
+
+\</internalFields\>
+
+\</netEvent\>
+
+## Case 5: UWP app cannot reach “Intranet” target address with Private Network capability
+
+In this example, the UWP app is unable to reach the Intranet target address,
+10.1.1.1, even though it has a Private Network capability token.
+
+**Classify Drop netEvent, Wfpdiag-Case-5.xml**
+
+\<netEvent\>
+
+>   \<header\>
+
+>   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
+
+>   \<flags numItems="9"\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+>   \</flags\>
+
+>   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+>   \<ipProtocol\>6\</ipProtocol\>
+
+>   \<localAddrV4\>10.216.117.17\</localAddrV4\>
+
+>   \<remoteAddrV4\>10.1.1.1\</remoteAddrV4\>
+
+>   \<localPort\>52956\</localPort\>
+
+>   \<remotePort\>53\</remotePort\>
+
+>   \<scopeId\>0\</scopeId\>
+
+>   \<appId\>	
+
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+>   \</appId\>
+
+>   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+
+>   \<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+>   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+>   \<enterpriseId/\>
+
+>   \<policyFlags\>0\</policyFlags\>
+
+>   \<effectiveName/\>
+
+\</header\>
+
+>   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+
+>   \<classifyDrop\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<layerId\>48\</layerId\>
+
+>   \<reauthReason\>0\</reauthReason\>
+
+>   \<originalProfile\>1\</originalProfile\>
+
+>   \<currentProfile\>1\</currentProfile\>
+
+>   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+
+>   \<isLoopback\>false\</isLoopback\>
+
+>   \<vSwitchId/\>
+
+>   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+
+>   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+
+>   \</classifyDrop\>
+
+>   \<internalFields\>
+
+>   \<internalFlags/\>
+
+>   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+>   \<capabilities numItems="1"\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+
+>   \</capabilities\>
+
+>   \<fqbnVersion\>0\</fqbnVersion\>
+
+>   \<fqbnName/\>
+
+>   \<terminatingFiltersInfo numItems="2"\>
+
+>   \<item\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterId\>121165\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \</terminatingFiltersInfo\>
+
+>   \</internalFields\>
+
+\</netEvent\>
+
+The following shows the filter that blocked the event:
+
+**Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
+
+\<item\>
+
+>   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>Block Outbound Default Rule\</name\>
+
+>   \<description\>Block Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>c029000000000000\</data\>
+
+>   \<asString\>.)......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="1"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_BLOCK\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>274877906944\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+
+If the target was in the private range, then it should have been allowed by a
+PrivateNetwork Outbound Default Rule filter.
+
+The following PrivateNetwork Outbound Default Rule filters have conditions for
+matching Intranet IP addresses. Since the expected Intranet target address,
+10.1.1.1, is not included in these filters it becomes clear that the address is
+not in the private range. Check the policies which configure the private range
+on the machine (MDM, GP, etc) and make sure it includes the private target
+address you wanted to reach.
+
+**PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
+
+\<item\>
+
+>   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>PrivateNetwork Outbound Default Rule\</name\>
+
+>   \<description\>PrivateNetwork Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>f22d000000000000\</data\>
+
+>   \<asString\>.-......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1.1.1.1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>129656\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>144115600392724416\</uint64\>
+
+>   \</effectiveWeight\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterKey\>{b11b4f8a-222e-49d6-8d69-02728681d8bc}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>PrivateNetwork Outbound Default Rule\</name\>
+
+>   \<description\>PrivateNetwork Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>f22d000000000000\</data\>
+
+>   \<asString\>.-......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_RANGE_TYPE\</type\>
+
+>   \<rangeValue\>
+
+>   \<valueLow\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>172.16.0.0\</uint32\>
+
+>   \</valueLow\>
+
+>   \<valueHigh\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>172.31.255.255\</uint32\>
+
+>   \</valueHigh\>
+
+>   \</rangeValue\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>129657\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>36029209335832512\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+
+\<item\>
+
+>   \<filterKey\>{21cd82bc-6077-4069-94bf-750e5a43ca23}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>PrivateNetwork Outbound Default Rule\</name\>
+
+>   \<description\>PrivateNetwork Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>f22d000000000000\</data\>
+
+>   \<asString\>.-......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_RANGE_TYPE\</type\>
+
+>   \<rangeValue\>
+
+>   \<valueLow\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>192.168.0.0\</uint32\>
+
+>   \</valueLow\>
+
+>   \<valueHigh\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>192.168.255.255\</uint32\>
+
+>   \</valueHigh\>
+
+>   \</rangeValue\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>129658\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>36029209335832512\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+
+# Debugging Past Drops 
+
+If you are debugging a network drop from the past or from a remote machine, you
+may have traces already collected from Feedback Hub, such as nettrace.etl and
+wfpstate.xml. Once nettrace.etl is converted, nettrace.txt will have the
+netEvents of the reproduced event, and wfpstate.xml will contain the filters
+that were present on the machine at the time.
+
+If you **do not** have a live repro or traces already collected, you can still
+collect traces after the UWP network connectivity issue has happened by running
+these commands in an Admin command prompt
+
+>   \<Run UWP app\>
+
+>   Netsh wfp show netevents
+
+>   Netsh wfp show state
+
+“Netsh wfp show netevents” will generate netevents.xml, which contains the past
+net events. “Netsh wfp show state” will generate wfpstate.xml, which contains
+the current filters present on the machine.
+
+Unfortunately, collecting traces after the UWP network connectivity issue is not
+always reliable.
+
+NetEvents on the machine are stored in a buffer. Once that buffer has reached
+max capacity, the buffer will overwrite older net events. Due to the buffer
+overwrite, it is possible that the collected netevents.xml will not contain the
+net event associated with the UWP network connectivity issue if it was
+overwritten. Additionally, filters on the machine can get deleted and re-added
+with different filterIds due to miscellaneous events on the machine. Because of
+this, a filterId from “netsh wfp show netevents” may not necessarily match any
+filter in “netsh wfp show state” because that filterId may be outdated.
+
+If you can reproduce the UWP network connectivity issue consistently, we would
+recommend using the commands from Debugging Live Drops instead.
+
+Additionally, you can still follow the examples from Debugging Live Drops
+section using the trace commands in this section, even if you do not have a live
+repro. The netEvents and filters are stored in one file in Debugging Live Drops
+as opposed to two separate files in the following Debugging Past Drops examples.
+
+## Case 7: Debugging Past Drop - UWP app cannot reach Internet target address and has no capabilities
+
+In this example, the UWP app is unable to connect to bing.com.
+
+Classify Drop Net Event, NetEvents-Case-7.xml
+
+\<item\>
+
+\<header\>
+
+\<timeStamp\>2020-05-04T22:04:07.039Z\</timeStamp\>
+
+\<flags numItems="9"\>
+
+\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+\</flags\>
+
+\<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+\<ipProtocol\>6\</ipProtocol\>
+
+\<localAddrV4\>10.195.36.30\</localAddrV4\>
+
+\<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
+
+\<localPort\>57062\</localPort\>
+
+\<remotePort\>443\</remotePort\>
+
+\<scopeId\>0\</scopeId\>
+
+\<appId\>
+
+\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+\</appId\>
+
+\<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
+
+\<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+\<enterpriseId/\>
+
+\<policyFlags\>0\</policyFlags\>
+
+\<effectiveName/\>
+
+\</header\>
+
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+
+\<classifyDrop\>
+
+\<filterId\>206064\</filterId\>
+
+\<layerId\>48\</layerId\>
+
+\<reauthReason\>0\</reauthReason\>
+
+\<originalProfile\>1\</originalProfile\>
+
+\<currentProfile\>1\</currentProfile\>
+
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+
+\<isLoopback\>false\</isLoopback\>
+
+\<vSwitchId/\>
+
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+
+\</classifyDrop\>
+
+\<internalFields\>
+
+\<internalFlags/\>
+
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+\<capabilities/\>
+
+\<fqbnVersion\>0\</fqbnVersion\>
+
+\<fqbnName/\>
+
+\<terminatingFiltersInfo numItems="2"\>
+
+\<item\>
+
+\<filterId\>206064\</filterId\>
+
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+
+\</item\>
+
+\<item\>
+
+\<filterId\>206049\</filterId\>
+
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+\</item\>
+
+\</terminatingFiltersInfo\>
+
+\</internalFields\>
+
+\</item\>
+
+The Internal fields lists no active capabilities, and the packet is dropped at
+filter 206064.
+
+This is a default block rule filter, meaning the packet passed through every
+filter that could have allowed it, but because conditions didn’t match for any
+those filters, the packet fell to the filter which blocks any packet that the
+Security Descriptor doesn’t match.
+
+**Block Outbound Default Rule Filter \#206064, FilterState-Case-7.xml**
+
+\<item\>
+
+\<filterKey\>{f138d1ad-9293-478f-8519-c3368e796711}\</filterKey\>
+
+\<displayData\>
+
+\<name\>Block Outbound Default Rule\</name\>
+
+\<description\>Block Outbound Default Rule\</description\>
+
+\</displayData\>
+
+\<flags/\>
+
+\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+\<providerData\>
+
+\<data\>2e65000000000000\</data\>
+
+\<asString\>.e......\</asString\>
+
+\</providerData\>
+
+\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+\<weight\>
+
+\<type\>FWP_EMPTY\</type\>
+
+\</weight\>
+
+\<filterCondition numItems="1"\>
+
+\<item\>
+
+\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+\<conditionValue\>
+
+\<type\>FWP_SID\</type\>
+
+\<sid\>S-1-0-0\</sid\>
+
+\</conditionValue\>
+
+\</item\>
+
+\</filterCondition\>
+
+\<action\>
+
+\<type\>FWP_ACTION_BLOCK\</type\>
+
+\<filterType/\>
+
+\</action\>
+
+\<rawContext\>0\</rawContext\>
+
+\<reserved/\>
+
+\<filterId\>206064\</filterId\>
+
+\<effectiveWeight\>
+
+\<type\>FWP_UINT64\</type\>
+
+\<uint64\>274877906944\</uint64\>
+
+\</effectiveWeight\>
+
+\</item\>
+
+## Case 8: Debugging Past Drop - UWP app connects to Internet target address with all capabilities
+
+In this example, the UWP app successfully connects to bing.com [204.79.197.200].
+
+**Classify Allow Net Event, NetEvents-Case-8.xml**
+
+\<item\>
+
+>   \<header\>
+
+>   \<timeStamp\>2020-05-04T18:49:55.101Z\</timeStamp\>
+
+>   \<flags numItems="9"\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+>   \</flags\>
+
+>   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+>   \<ipProtocol\>6\</ipProtocol\>
+
+>   \<localAddrV4\>10.195.36.30\</localAddrV4\>
+
+>   \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
+
+>   \<localPort\>61673\</localPort\>
+
+>   \<remotePort\>443\</remotePort\>
+
+>   \<scopeId\>0\</scopeId\>
+
+>   \<appId\>
+
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+>   \</appId\>
+
+>   \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
+
+>   \<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+>   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+>   \<enterpriseId/\>
+
+>   \<policyFlags\>0\</policyFlags\>
+
+>   \<effectiveName/\>
+
+>   \</header\>
+
+>   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
+
+>   \<classifyAllow\>
+
+>   \<filterId\>208757\</filterId\>
+
+>   \<layerId\>48\</layerId\>
+
+>   \<reauthReason\>0\</reauthReason\>
+
+>   \<originalProfile\>1\</originalProfile\>
+
+>   \<currentProfile\>1\</currentProfile\>
+
+>   \</classifyAllow\>
+
+>   \<internalFields\>
+
+>   \<internalFlags/\>
+
+>   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+>   \<capabilities numItems="3"\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+
+>   \</capabilities\>
+
+>   \<fqbnVersion\>0\</fqbnVersion\>
+
+>   \<fqbnName/\>
+
+>   \<terminatingFiltersInfo numItems="2"\>
+
+>   \<item\>
+
+>   \<filterId\>208757\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterId\>206049\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \</terminatingFiltersInfo\>
+
+>   \</internalFields\>
+
+\</item\>
+
+Important things to note: all capabilities are enabled and the resulting filter
+determining the flow of the packet is 208757.
+
+The filter stated above with action permit:
+
+**InternetClient Default Rule Filter \#208757, FilterState-Case-8.xml**
+
+				\<item\>
+
+					\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
+
+					\<displayData\>
+
+						\<name\>InternetClient Default Rule\</name\>
+
+						\<description\>InternetClient Default Rule\</description\>
+
+					\</displayData\>
+
+					\<flags/\>
+
+					\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+					\<providerData\>
+
+						\<data\>e167000000000000\</data\>
+
+						\<asString\>.g......\</asString\>
+
+					\</providerData\>
+
+					\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+					\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+					\<weight\>
+
+						\<type\>FWP_EMPTY\</type\>
+
+					\</weight\>
+
+					\<filterCondition numItems="5"\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_SID\</type\>
+
+								\<sid\>S-1-0-0\</sid\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_RANGE_TYPE\</type\>
+
+								\<rangeValue\>
+
+									\<valueLow\>
+
+										\<type\>FWP_UINT32\</type\>
+
+										\<uint32\>0.0.0.0\</uint32\>
+
+									\</valueLow\>
+
+									\<valueHigh\>
+
+										\<type\>FWP_UINT32\</type\>
+
+										\<uint32\>255.255.255.255\</uint32\>
+
+									\</valueHigh\>
+
+								\</rangeValue\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_UINT32\</type\>
+
+								\<uint32\>1\</uint32\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_UINT32\</type\>
+
+								\<uint32\>1\</uint32\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+								\<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+					\</filterCondition\>
+
+					\<action\>
+
+						\<type\>FWP_ACTION_PERMIT\</type\>
+
+						\<filterType/\>
+
+					\</action\>
+
+					\<rawContext\>0\</rawContext\>
+
+					\<reserved/\>
+
+					\<filterId\>208757\</filterId\>
+
+					\<effectiveWeight\>
+
+						\<type\>FWP_UINT64\</type\>
+
+						\<uint64\>412316868544\</uint64\>
+
+					\</effectiveWeight\>
+
+				\</item\>
+
+\*The capabilities field in a netEvent was added to the traces in the Windows 10
+May 2019 Update

From db87b515c2506dbf18ccf4aa6a60c9bb97527579 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 12 Aug 2020 16:11:04 -0700
Subject: [PATCH 07/66] move topics in toc

---
 .../threat-protection/windows-firewall/TOC.md | 99 ++++++++++++++-----
 1 file changed, 77 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index e3271818c1..791aa26a20 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -1,44 +1,54 @@
 # [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
-## [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
-## [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
-## [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
-## [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
+
+## [Plan/Design]()
+
+### [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
+
 ### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 ### [Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 #### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
+
 ### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 #### [Basic Design](basic-firewall-policy-design.md)
 #### [Domain Isolation Design](domain-isolation-policy-design.md)
 #### [Server Isolation Design](server-isolation-policy-design.md)
 #### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
+
 ### [Evaluating Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
 #### [Basic Design Example](firewall-policy-design-example.md)
 #### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
 #### [Server Isolation Design Example](server-isolation-policy-design-example.md)
 #### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+
 ### [Designing a Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
+
 #### [Gathering the Info You Need](gathering-the-information-you-need.md)
 ##### [Network](gathering-information-about-your-current-network-infrastructure.md)
 ##### [Active Directory](gathering-information-about-your-active-directory-deployment.md)
 ##### [Computers](gathering-information-about-your-devices.md)
 ##### [Other Relevant Information](gathering-other-relevant-information.md)
 #### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-devices.md)
+
 ### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
 #### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
+
 #### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
 ##### [Exemption List](exemption-list.md)
 ##### [Isolated Domain](isolated-domain.md)
 ##### [Boundary Zone](boundary-zone.md)
 ##### [Encryption Zone](encryption-zone.md)
 #### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
+
 #### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
 ##### [Documenting the Zones](documenting-the-zones.md)
+
 ##### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
 ###### [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
 ###### [Planning Network Access Groups](planning-network-access-groups.md)
+
 ###### [Planning the GPOs](planning-the-gpos.md)
 ####### [Firewall GPOs](firewall-gpos.md)
 ######## [GPO_DOMISO_Firewall](gpo-domiso-firewall.md)
@@ -50,25 +60,29 @@
 ####### [Encryption Zone GPOs](encryption-zone-gpos.md)
 ######## [GPO_DOMISO_Encryption](gpo-domiso-encryption.md)
 ####### [Server Isolation GPOs](server-isolation-gpos.md)
+
 ###### [Planning GPO Deployment](planning-gpo-deployment.md)
-### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-## [Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
-### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
-### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
-### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
-### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
-### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
-### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
-### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
-### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
-#### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
-#### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
-#### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
-### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-#### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
-### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
+
+
+## [Deployment guide]()
+### [Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
+#### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
+#### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+
+
+
+
+## [Best practices]()
+### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
+### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
+
+
+
+
+
+
+## [How-to]()
 ### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
 #### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
 #### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
@@ -108,3 +122,44 @@
 #### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
 #### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
 #### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+#### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+
+
+
+
+## [References]()
+### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
+### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
+### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
+### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
+### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
+### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+#### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
+#### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
+#### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
+#### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
+#### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+#### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+
+### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
+
+### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+
+
+
+## [Troubleshooting]()
+
+
+
+
+
+
+
+
+
+
+
+
+
+

From 847ebd5a2f280aa41bb1bfaac54ff7f143879238 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 12 Aug 2020 16:25:33 -0700
Subject: [PATCH 08/66] checking in formatting

---
 .../troubleshooting-uwp-firewall.md           | 518 +-----------------
 1 file changed, 13 insertions(+), 505 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index dbc2f8af22..4874e16c5e 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -196,163 +196,84 @@ allowed by Filter \#125918 which is from the InternetClient Default Rule.
 **InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
 ```
 \<item\>
-
 >   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>InternetClient Default Rule\</name\>
-
 >   \<description\>InternetClient Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>ad2b000000000000\</data\>
-
 >   \<asString\>.+......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_RANGE_TYPE\</type\>
-
 >   \<rangeValue\>
-
 >   \<valueLow\>
-
 >   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
-
 >   \<byteArray16\>::\</byteArray16\>
-
 >   \</valueLow\>
-
 >   \<valueHigh\>
-
 >   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
-
 >   \<byteArray16\>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\</byteArray16\>
-
 >   \</valueHigh\>
-
 >   \</rangeValue\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>125918\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>103079219136\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
 ```
 One condition is
@@ -360,19 +281,12 @@ One condition is
 **Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
 ```
 \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 \</item\>
 ```
 which is the condition for checking capabilities in this filter.
@@ -381,15 +295,12 @@ The important part of this condition is S-1-15-3-1, which is the capability SID
 for INTERNET_CLIENT privileges.
 
 From the netEvent’s capabilities section,
-```
+
 Capabilities from netEvent, Wfpdiag-Case-1.xml
-
+```
 \<capabilities numItems="3"\>				
-
 >   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-
 \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-
 \</capabilities\>
 ```
 it shows the packet came from an app with an Internet client token
@@ -665,842 +576,439 @@ In this example, the UWP app is unable to reach the Intranet target address,
 10.50.50.50, because it does not have a Private Network capability.
 
 **Classify Drop netEvent, Wfpdiag-Case-4.xml**
-
+```
 \<netEvent\>
-
 \<header\>
-
 >   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
-
 >   \<flags numItems="9"\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 >   \</flags\>
-
 >   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 >   \<ipProtocol\>6\</ipProtocol\>
-
 >   \<localAddrV4\>10.216.117.17\</localAddrV4\>
-
 >   \<remoteAddrV4\>10.50.50.50\</remoteAddrV4\>
-
 >   \<localPort\>52998\</localPort\>
-
 >   \<remotePort\>53\</remotePort\>
-
 >   \<scopeId\>0\</scopeId\>
-
 >   \<appId\>				
-
 >   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 >   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 >   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 >   \</appId\>
-
 >   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-
 >   \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 >   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 >   \<enterpriseId/\>
-
 >   \<policyFlags\>0\</policyFlags\>
-
 >   \<effectiveName/\>
-
 \</header\>
-
 >   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-
 >   \<classifyDrop\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<layerId\>48\</layerId\>
-
 >   \<reauthReason\>0\</reauthReason\>
-
 >   \<originalProfile\>1\</originalProfile\>
-
 >   \<currentProfile\>1\</currentProfile\>
-
 >   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-
 >   \<isLoopback\>false\</isLoopback\>
-
 >   \<vSwitchId/\>
-
 >   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-
 >   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-
 \</classifyDrop\>
-
 \<internalFields\>
-
 >   \<internalFlags/\>
-
 >   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 >   \<capabilities numItems="2"\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-
 >   \</capabilities\>
-
 >   \<fqbnVersion\>0\</fqbnVersion\>
-
 >   \<fqbnName/\>
-
 >   \<terminatingFiltersInfo numItems="2"\>
-
 >   \<item\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterId\>121165\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \</terminatingFiltersInfo\>
-
 \</internalFields\>
-
 \</netEvent\>
-
+```
 ## Case 5: UWP app cannot reach “Intranet” target address with Private Network capability
 
 In this example, the UWP app is unable to reach the Intranet target address,
 10.1.1.1, even though it has a Private Network capability token.
 
 **Classify Drop netEvent, Wfpdiag-Case-5.xml**
-
+```
 \<netEvent\>
-
 >   \<header\>
-
 >   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
-
 >   \<flags numItems="9"\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 >   \</flags\>
-
 >   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 >   \<ipProtocol\>6\</ipProtocol\>
-
 >   \<localAddrV4\>10.216.117.17\</localAddrV4\>
-
 >   \<remoteAddrV4\>10.1.1.1\</remoteAddrV4\>
-
 >   \<localPort\>52956\</localPort\>
-
 >   \<remotePort\>53\</remotePort\>
-
 >   \<scopeId\>0\</scopeId\>
-
 >   \<appId\>	
-
 >   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 >   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 >   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 >   \</appId\>
-
 >   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-
 >   \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 >   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 >   \<enterpriseId/\>
-
 >   \<policyFlags\>0\</policyFlags\>
-
 >   \<effectiveName/\>
-
 \</header\>
-
 >   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-
 >   \<classifyDrop\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<layerId\>48\</layerId\>
-
 >   \<reauthReason\>0\</reauthReason\>
-
 >   \<originalProfile\>1\</originalProfile\>
-
 >   \<currentProfile\>1\</currentProfile\>
-
 >   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-
 >   \<isLoopback\>false\</isLoopback\>
-
 >   \<vSwitchId/\>
-
 >   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-
 >   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-
 >   \</classifyDrop\>
-
 >   \<internalFields\>
-
 >   \<internalFlags/\>
-
 >   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 >   \<capabilities numItems="1"\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-
 >   \</capabilities\>
-
 >   \<fqbnVersion\>0\</fqbnVersion\>
-
 >   \<fqbnName/\>
-
 >   \<terminatingFiltersInfo numItems="2"\>
-
 >   \<item\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterId\>121165\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \</terminatingFiltersInfo\>
-
 >   \</internalFields\>
-
 \</netEvent\>
-
+```
 The following shows the filter that blocked the event:
 
 **Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
 
+```
 \<item\>
-
 >   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>Block Outbound Default Rule\</name\>
-
 >   \<description\>Block Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>c029000000000000\</data\>
-
 >   \<asString\>.)......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="1"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_BLOCK\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>274877906944\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
-
+```
 If the target was in the private range, then it should have been allowed by a
 PrivateNetwork Outbound Default Rule filter.
 
-The following PrivateNetwork Outbound Default Rule filters have conditions for
-matching Intranet IP addresses. Since the expected Intranet target address,
-10.1.1.1, is not included in these filters it becomes clear that the address is
-not in the private range. Check the policies which configure the private range
-on the machine (MDM, GP, etc) and make sure it includes the private target
-address you wanted to reach.
+The following PrivateNetwork Outbound Default Rule filters have conditions for matching Intranet IP addresses. Since the expected Intranet target address,
+10.1.1.1, is not included in these filters it becomes clear that the address isnot in the private range. Check the policies which configure the private range
+on the machine (MDM, GP, etc) and make sure it includes the private targetaddress you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
-
+```
 \<item\>
-
 >   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>PrivateNetwork Outbound Default Rule\</name\>
-
 >   \<description\>PrivateNetwork Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>f22d000000000000\</data\>
-
 >   \<asString\>.-......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1.1.1.1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>129656\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>144115600392724416\</uint64\>
-
 >   \</effectiveWeight\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterKey\>{b11b4f8a-222e-49d6-8d69-02728681d8bc}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>PrivateNetwork Outbound Default Rule\</name\>
-
 >   \<description\>PrivateNetwork Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>f22d000000000000\</data\>
-
 >   \<asString\>.-......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_RANGE_TYPE\</type\>
-
 >   \<rangeValue\>
-
 >   \<valueLow\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>172.16.0.0\</uint32\>
-
 >   \</valueLow\>
-
 >   \<valueHigh\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>172.31.255.255\</uint32\>
-
 >   \</valueHigh\>
-
 >   \</rangeValue\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>129657\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>36029209335832512\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
-
 \<item\>
-
 >   \<filterKey\>{21cd82bc-6077-4069-94bf-750e5a43ca23}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>PrivateNetwork Outbound Default Rule\</name\>
-
 >   \<description\>PrivateNetwork Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>f22d000000000000\</data\>
-
 >   \<asString\>.-......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_RANGE_TYPE\</type\>
-
 >   \<rangeValue\>
-
 >   \<valueLow\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>192.168.0.0\</uint32\>
-
 >   \</valueLow\>
-
 >   \<valueHigh\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>192.168.255.255\</uint32\>
-
 >   \</valueHigh\>
-
 >   \</rangeValue\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>129658\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>36029209335832512\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
-
+```
 # Debugging Past Drops 
 
 If you are debugging a network drop from the past or from a remote machine, you

From 8771fdd2ae4e44ffc834f3afca8252328b3a5f9b Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 12 Aug 2020 17:03:33 -0700
Subject: [PATCH 09/66] more formatting

---
 .../troubleshooting-uwp-firewall.md           | 300 ++----------------
 1 file changed, 30 insertions(+), 270 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index 4874e16c5e..fc7c29c60d 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -122,8 +122,8 @@ The following shows the allow netEvent of the app connecting to the target IP.
 The netEvent contains information about the packet including its local address,
 remote address, capabilities, etc.
 
-```**Classify Allow netEvent, Wfpdiag-Case-1.xml**
-
+**Classify Allow netEvent, Wfpdiag-Case-1.xml**
+```xml
 \<netEvent\>
 \<header\>
 >   \<timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
@@ -194,7 +194,7 @@ address according to the terminatingFiltersInfo in the netEvent. This packet was
 allowed by Filter \#125918 which is from the InternetClient Default Rule.
 
 **InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
-```
+```xml
 \<item\>
 >   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
 >   \<displayData\>
@@ -279,7 +279,7 @@ allowed by Filter \#125918 which is from the InternetClient Default Rule.
 One condition is
 
 **Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
-```
+```xml
 \<item\>
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
@@ -297,7 +297,7 @@ for INTERNET_CLIENT privileges.
 From the netEvent’s capabilities section,
 
 Capabilities from netEvent, Wfpdiag-Case-1.xml
-```
+```xml
 \<capabilities numItems="3"\>				
 >   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
 \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
@@ -321,7 +321,7 @@ The following is a drop netEvent that was captured in the traces during this
 repro.
 
 **Classify Drop netEvent, Wfpdiag-Case-2.xml**
-```
+```xml
 \<netEvent\>
 \<header\>
 \<timeStamp\>2020-03-30T23:53:09.720Z\</timeStamp\>
@@ -395,7 +395,7 @@ UWP app was not configured with any capability tokens to allow it to connect to
 a network.
 
 **Internal Fields from netEvent, Wfpdiag-Case-2.xml**
-```
+```xml
 \<internalFields\>
 \<internalFlags/\>
 \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
@@ -420,7 +420,7 @@ The netEvent also gives us information about the filter that explicitly dropped
 this packet, like the FilterId, listed under classify drop
 
 **Classify Drop from netEvent, Wfpdiag-Case-2.xml**
-```
+```xml
 \<classifyDrop\>
 **\<filterId\>68893\</filterId\>**
 \<layerId\>50\</layerId\>
@@ -439,7 +439,7 @@ the packet was dropped by a Block Outbound Default Rule filter.
 
 **Block Outbound Default Rule Filter \#68893, Wfpdiag-Case-2.xml**
 
-```
+```xml
 \<item\>
 >   \<filterKey\>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}\</filterKey\>
 >   \<displayData\>
@@ -499,7 +499,7 @@ Server). The app is trying to connect to an Internet resource (bing.com), but
 only has a private network token. Therefore, the packet will be dropped.
 
 **Classify Drop netEvent, Wfpdiag-Case-3.xml**
-```
+```xml
 \<netEvent\>
 \<header\>
 \<timeStamp\>2020-03-31T16:57:18.570Z\</timeStamp\>
@@ -576,7 +576,7 @@ In this example, the UWP app is unable to reach the Intranet target address,
 10.50.50.50, because it does not have a Private Network capability.
 
 **Classify Drop netEvent, Wfpdiag-Case-4.xml**
-```
+```xml
 \<netEvent\>
 \<header\>
 >   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
@@ -653,7 +653,7 @@ In this example, the UWP app is unable to reach the Intranet target address,
 10.1.1.1, even though it has a Private Network capability token.
 
 **Classify Drop netEvent, Wfpdiag-Case-5.xml**
-```
+```xml
 \<netEvent\>
 >   \<header\>
 >   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
@@ -727,7 +727,7 @@ The following shows the filter that blocked the event:
 
 **Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
 
-```
+```xml
 \<item\>
 >   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
 >   \<displayData\>
@@ -776,7 +776,7 @@ The following PrivateNetwork Outbound Default Rule filters have conditions for m
 on the machine (MDM, GP, etc) and make sure it includes the private targetaddress you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
-```
+```xml
 \<item\>
 >   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
 >   \<displayData\>
@@ -1021,11 +1021,11 @@ If you **do not** have a live repro or traces already collected, you can still
 collect traces after the UWP network connectivity issue has happened by running
 these commands in an Admin command prompt
 
+```xml
 >   \<Run UWP app\>
-
 >   Netsh wfp show netevents
-
 >   Netsh wfp show state
+```
 
 “Netsh wfp show netevents” will generate netevents.xml, which contains the past
 net events. “Netsh wfp show state” will generate wfpstate.xml, which contains
@@ -1057,136 +1057,74 @@ In this example, the UWP app is unable to connect to bing.com.
 
 Classify Drop Net Event, NetEvents-Case-7.xml
 
+```xml
 \<item\>
-
 \<header\>
-
 \<timeStamp\>2020-05-04T22:04:07.039Z\</timeStamp\>
-
 \<flags numItems="9"\>
-
 \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 \</flags\>
-
 \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 \<ipProtocol\>6\</ipProtocol\>
-
 \<localAddrV4\>10.195.36.30\</localAddrV4\>
-
 \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
-
 \<localPort\>57062\</localPort\>
-
 \<remotePort\>443\</remotePort\>
-
 \<scopeId\>0\</scopeId\>
-
 \<appId\>
-
 \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 \</appId\>
-
 \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
-
 \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 \<enterpriseId/\>
-
 \<policyFlags\>0\</policyFlags\>
-
 \<effectiveName/\>
-
 \</header\>
-
 \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-
 \<classifyDrop\>
-
 \<filterId\>206064\</filterId\>
-
 \<layerId\>48\</layerId\>
-
 \<reauthReason\>0\</reauthReason\>
-
 \<originalProfile\>1\</originalProfile\>
-
 \<currentProfile\>1\</currentProfile\>
-
 \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-
 \<isLoopback\>false\</isLoopback\>
-
 \<vSwitchId/\>
-
 \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-
 \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-
 \</classifyDrop\>
-
 \<internalFields\>
-
 \<internalFlags/\>
-
 \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 \<capabilities/\>
-
 \<fqbnVersion\>0\</fqbnVersion\>
-
 \<fqbnName/\>
-
 \<terminatingFiltersInfo numItems="2"\>
-
 \<item\>
-
 \<filterId\>206064\</filterId\>
-
 \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 \<actionType\>FWP_ACTION_BLOCK\</actionType\>
-
 \</item\>
-
 \<item\>
-
 \<filterId\>206049\</filterId\>
-
 \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 \</item\>
-
 \</terminatingFiltersInfo\>
-
 \</internalFields\>
-
 \</item\>
+```
 
 The Internal fields lists no active capabilities, and the packet is dropped at
 filter 206064.
@@ -1198,385 +1136,207 @@ Security Descriptor doesn’t match.
 
 **Block Outbound Default Rule Filter \#206064, FilterState-Case-7.xml**
 
+```xml
 \<item\>
-
 \<filterKey\>{f138d1ad-9293-478f-8519-c3368e796711}\</filterKey\>
-
 \<displayData\>
-
 \<name\>Block Outbound Default Rule\</name\>
-
 \<description\>Block Outbound Default Rule\</description\>
-
 \</displayData\>
-
 \<flags/\>
-
 \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 \<providerData\>
-
 \<data\>2e65000000000000\</data\>
-
 \<asString\>.e......\</asString\>
-
 \</providerData\>
-
 \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 \<weight\>
-
 \<type\>FWP_EMPTY\</type\>
-
 \</weight\>
-
 \<filterCondition numItems="1"\>
-
 \<item\>
-
 \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 \<conditionValue\>
-
 \<type\>FWP_SID\</type\>
-
 \<sid\>S-1-0-0\</sid\>
-
 \</conditionValue\>
-
 \</item\>
-
 \</filterCondition\>
-
 \<action\>
-
 \<type\>FWP_ACTION_BLOCK\</type\>
-
 \<filterType/\>
-
 \</action\>
-
 \<rawContext\>0\</rawContext\>
-
 \<reserved/\>
-
 \<filterId\>206064\</filterId\>
-
 \<effectiveWeight\>
-
 \<type\>FWP_UINT64\</type\>
-
 \<uint64\>274877906944\</uint64\>
-
 \</effectiveWeight\>
-
 \</item\>
-
+```
 ## Case 8: Debugging Past Drop - UWP app connects to Internet target address with all capabilities
 
 In this example, the UWP app successfully connects to bing.com [204.79.197.200].
 
 **Classify Allow Net Event, NetEvents-Case-8.xml**
 
+```xml
 \<item\>
-
 >   \<header\>
-
 >   \<timeStamp\>2020-05-04T18:49:55.101Z\</timeStamp\>
-
 >   \<flags numItems="9"\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 >   \</flags\>
-
 >   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 >   \<ipProtocol\>6\</ipProtocol\>
-
 >   \<localAddrV4\>10.195.36.30\</localAddrV4\>
-
 >   \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
-
 >   \<localPort\>61673\</localPort\>
-
 >   \<remotePort\>443\</remotePort\>
-
 >   \<scopeId\>0\</scopeId\>
-
 >   \<appId\>
-
 >   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 >   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 >   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 >   \</appId\>
-
 >   \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
-
 >   \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 >   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 >   \<enterpriseId/\>
-
 >   \<policyFlags\>0\</policyFlags\>
-
 >   \<effectiveName/\>
-
 >   \</header\>
-
 >   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
-
 >   \<classifyAllow\>
-
 >   \<filterId\>208757\</filterId\>
-
 >   \<layerId\>48\</layerId\>
-
 >   \<reauthReason\>0\</reauthReason\>
-
 >   \<originalProfile\>1\</originalProfile\>
-
 >   \<currentProfile\>1\</currentProfile\>
-
 >   \</classifyAllow\>
-
 >   \<internalFields\>
-
 >   \<internalFlags/\>
-
 >   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 >   \<capabilities numItems="3"\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-
 >   \</capabilities\>
-
 >   \<fqbnVersion\>0\</fqbnVersion\>
-
 >   \<fqbnName/\>
-
 >   \<terminatingFiltersInfo numItems="2"\>
-
 >   \<item\>
-
 >   \<filterId\>208757\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterId\>206049\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \</terminatingFiltersInfo\>
-
 >   \</internalFields\>
-
 \</item\>
-
+```
 Important things to note: all capabilities are enabled and the resulting filter
 determining the flow of the packet is 208757.
 
 The filter stated above with action permit:
 
 **InternetClient Default Rule Filter \#208757, FilterState-Case-8.xml**
-
-				\<item\>
-
-					\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
-
-					\<displayData\>
-
-						\<name\>InternetClient Default Rule\</name\>
-
-						\<description\>InternetClient Default Rule\</description\>
-
+```xml
+\<item\>
+	\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
+	\<displayData\>
+	\<name\>InternetClient Default Rule\</name\>
+		\<description\>InternetClient Default Rule\</description\>
 					\</displayData\>
-
 					\<flags/\>
-
 					\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 					\<providerData\>
-
 						\<data\>e167000000000000\</data\>
-
 						\<asString\>.g......\</asString\>
-
 					\</providerData\>
-
 					\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 					\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 					\<weight\>
-
 						\<type\>FWP_EMPTY\</type\>
-
 					\</weight\>
-
 					\<filterCondition numItems="5"\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_SID\</type\>
-
 								\<sid\>S-1-0-0\</sid\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_RANGE_TYPE\</type\>
-
 								\<rangeValue\>
-
 									\<valueLow\>
-
 										\<type\>FWP_UINT32\</type\>
-
 										\<uint32\>0.0.0.0\</uint32\>
-
 									\</valueLow\>
-
 									\<valueHigh\>
-
 										\<type\>FWP_UINT32\</type\>
-
 										\<uint32\>255.255.255.255\</uint32\>
-
 									\</valueHigh\>
-
 								\</rangeValue\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_UINT32\</type\>
-
 								\<uint32\>1\</uint32\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_UINT32\</type\>
-
 								\<uint32\>1\</uint32\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 								\<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 					\</filterCondition\>
-
 					\<action\>
-
 						\<type\>FWP_ACTION_PERMIT\</type\>
-
 						\<filterType/\>
-
 					\</action\>
-
 					\<rawContext\>0\</rawContext\>
-
 					\<reserved/\>
-
 					\<filterId\>208757\</filterId\>
-
 					\<effectiveWeight\>
-
 						\<type\>FWP_UINT64\</type\>
-
 						\<uint64\>412316868544\</uint64\>
-
 					\</effectiveWeight\>
-
 				\</item\>
-
-\*The capabilities field in a netEvent was added to the traces in the Windows 10
+```
+The capabilities field in a netEvent was added to the traces in the Windows 10
 May 2019 Update

From 8b2e9e237b9759ffa14b7df3cd3ab8dd1c0c2e08 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 12 Aug 2020 20:58:58 -0700
Subject: [PATCH 10/66] update

---
 windows/security/threat-protection/windows-firewall/TOC.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 791aa26a20..69bd3c156c 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -71,17 +71,12 @@
 
 
 
-
 ## [Best practices]()
 ### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
 ### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
 ### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
 
 
-
-
-
-
 ## [How-to]()
 ### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
 #### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)

From ae4db0dc4a240e2f2fc0a57dbea10d49b0fcf769 Mon Sep 17 00:00:00 2001
From: schmurky <maccruz@microsoft.com>
Date: Thu, 13 Aug 2020 12:47:29 +0800
Subject: [PATCH 11/66] Updated TOC

---
 .../threat-protection/windows-firewall/TOC.md | 120 +++++++++---------
 1 file changed, 57 insertions(+), 63 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 69bd3c156c..17d730be02 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -5,41 +5,36 @@
 ### [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
 
 ### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
-### [Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+
+### [Deployment Goals]()
+
+#### [Identify deployment goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 #### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
 
-### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+### [Deployment designs]()
+
+#### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 #### [Basic Design](basic-firewall-policy-design.md)
 #### [Domain Isolation Design](domain-isolation-policy-design.md)
 #### [Server Isolation Design](server-isolation-policy-design.md)
 #### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
 
-### [Evaluating Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
-#### [Basic Design Example](firewall-policy-design-example.md)
-#### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
-#### [Server Isolation Design Example](server-isolation-policy-design-example.md)
-#### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+### [Design plans]()
 
-### [Designing a Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
-
-#### [Gathering the Info You Need](gathering-the-information-you-need.md)
-##### [Network](gathering-information-about-your-current-network-infrastructure.md)
-##### [Active Directory](gathering-information-about-your-active-directory-deployment.md)
-##### [Computers](gathering-information-about-your-devices.md)
-##### [Other Relevant Information](gathering-other-relevant-information.md)
-#### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-devices.md)
-
-### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
+#### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
 #### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
 
-#### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
-##### [Exemption List](exemption-list.md)
-##### [Isolated Domain](isolated-domain.md)
-##### [Boundary Zone](boundary-zone.md)
-##### [Encryption Zone](encryption-zone.md)
+##### [Planning Domain Isolation Zones]()
+
+###### [Domain Isolation Zones](planning-domain-isolation-zones.md)
+###### [Exemption List](exemption-list.md)
+###### [Isolated Domain](isolated-domain.md)
+###### [Boundary Zone](boundary-zone.md)
+###### [Encryption Zone](encryption-zone.md)
+
 #### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
 
 #### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
@@ -65,7 +60,7 @@
 
 
 ## [Deployment guide]()
-### [Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
+
 #### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
 #### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
 
@@ -78,46 +73,45 @@
 
 
 ## [How-to]()
-### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
-#### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
-#### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
-#### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
-#### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
-#### [Configure Authentication Methods](configure-authentication-methods.md)
-#### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
-#### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-#### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
-#### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
-#### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
-#### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
-#### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
-#### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
-#### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
-#### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
-#### [Create a Group Policy Object](create-a-group-policy-object.md)
-#### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
-#### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
-#### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
-#### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
-#### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
-#### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
-#### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
-#### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
-#### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
-#### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
-#### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
-#### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
-#### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
-#### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
-#### [Modify GPO Filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
-#### [Open IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
-#### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
-#### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
-#### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
-#### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
-#### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
-#### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
-#### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
+### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
+### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
+### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
+### [Configure Authentication Methods](configure-authentication-methods.md)
+### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
+### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
+### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
+### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
+### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
+### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
+### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
+### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
+### [Create a Group Policy Object](create-a-group-policy-object.md)
+### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
+### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
+### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
+### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
+### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
+### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
+### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
+### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
+### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
+### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
+### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
+### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
+### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
+### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
+### [Modify GPO Filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+### [Open IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
+### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
+### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
+### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
+### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
+### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
+### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
 
 
 

From e8ad1713f727f4c34790d78dd11b12b9f22a4f42 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 13 Aug 2020 10:03:26 +0500
Subject: [PATCH 12/66] Update dg-readiness-tool.md

---
 .../identity-protection/credential-guard/dg-readiness-tool.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index ae96f09ed1..e609c9469d 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -657,7 +657,7 @@ function PrintHardwareReq
 {
     LogAndConsole "###########################################################################"
     LogAndConsole "OS and Hardware requirements for enabling Device Guard and Credential Guard"
-    LogAndConsole " 1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home"
+    LogAndConsole " 1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education and Enterprise IoT"
     LogAndConsole " 2. Hardware: Recent hardware that supports virtualization extension with SLAT"
     LogAndConsole "To learn more please visit: https://aka.ms/dgwhcr"
     LogAndConsole "########################################################################### `n"
@@ -735,7 +735,7 @@ function CheckOSSKU
     $osname = $((gwmi win32_operatingsystem).Name).ToLower()
     $_SKUSupported = 0
     Log "OSNAME:$osname"
-    $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server", "Pro", "Home")
+    $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server")
     $HLKAllowed = @("microsoft windows 10 pro")
     foreach ($SKUent in $SKUarray)
     {

From 6c6bb06926cb69a77e32d97bd6bc5e3f41302084 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 13 Aug 2020 13:12:40 -0700
Subject: [PATCH 13/66] Update TOC.md

---
 .../security/threat-protection/windows-firewall/TOC.md   | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 17d730be02..00296d4b2d 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -7,7 +7,6 @@
 ### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 
 ### [Deployment Goals]()
-
 #### [Identify deployment goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
@@ -15,7 +14,6 @@
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
 
 ### [Deployment designs]()
-
 #### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 #### [Basic Design](basic-firewall-policy-design.md)
 #### [Domain Isolation Design](domain-isolation-policy-design.md)
@@ -23,12 +21,9 @@
 #### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
 
 ### [Design plans]()
-
 #### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
 #### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
-
 ##### [Planning Domain Isolation Zones]()
-
 ###### [Domain Isolation Zones](planning-domain-isolation-zones.md)
 ###### [Exemption List](exemption-list.md)
 ###### [Isolated Domain](isolated-domain.md)
@@ -60,7 +55,6 @@
 
 
 ## [Deployment guide]()
-
 #### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
 #### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
 
@@ -113,9 +107,6 @@
 ### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
 ### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
 
-
-
-
 ## [References]()
 ### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
 ### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)

From 58cadb1af5084f78fcf02dea9cd36c8d1b989fb8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 13 Aug 2020 13:16:19 -0700
Subject: [PATCH 14/66] fix lines

---
 windows/security/threat-protection/windows-firewall/TOC.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 00296d4b2d..7861f11250 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -55,8 +55,8 @@
 
 
 ## [Deployment guide]()
-#### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
-#### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
+### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
 
 
 

From cef561ea53b63153a87c18d7bb65c9810df0cc74 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 13 Aug 2020 16:23:35 -0700
Subject: [PATCH 15/66] more fixin

---
 .../troubleshooting-uwp-firewall.md           | 210 +++++++++---------
 1 file changed, 100 insertions(+), 110 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index fc7c29c60d..bc17fd0a75 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -19,174 +19,164 @@ ms.topic: troubleshooting
 This document is intended to help network admins, support engineers, and developers to
 investigate UWP app network connectivity issues.
 
-# Introduction
+This document guides you through steps to debug  Universal Windows Platform (UWP) app network connectivity issues by providing practical examples.
 
-This document guides you through steps to debug different Universal Windows Platform (UWP) app network connectivity issues by providing practical case examples.
+## Typical causes of connectivity issues
 
-UWP app network connectivity issues typically stem from one of the following causes:
+UWP app network connectivity issues are typically caused by: 
 
-1. The UWP app was not permitted to receive loopback traffic (this must be configured as, by default, a UWP app is not allowed to receive loopback traffic).
+1. The UWP app was not permitted to receive loopback traffic. This must be configured. By default, UWP apps are not allowed to receive loopback traffic.
 2. The UWP app is missing the proper capability tokens.
-3. The private range is configured incorrectly (i.e. set incorrectly through GP/MDM policies, etc.)
+3. The private range is configured incorrectly. For example, the private ranges is set incorrectly through GP/MDM policies, etc.
 
-To understand these causes more thoroughly, there are several concepts that should be reviewed.
+To understand these causes more thoroughly, there are several concepts to review.
 
-The traffic of network packets (e.g. what's permitted and what’s not) on Windows is ultimately determined by the Windows Filtering Platform (WFP). When a UWP app
+The traffic of network packets (what's permitted and what’s not) on Windows is determined by the Windows Filtering Platform (WFP). When a UWP app
 or the private range is configured incorrectly, it affects how the UWP app’s network traffic will be processed by WFP.
 
-When a packet is processed by WFP, the characteristics of that packet must explicitly match all the conditions of a filter to either be permitted or dropped to its target address. Connectivity issues typically happen when the packet does not match the filter conditions of any filters, leading the packet to be dropped by a default block filter. The presence of the default block
-filters ensures network isolation for UWP applications. Specifically, it guarantees a network drop for a packet that does not have the correct capabilities for the resource it is trying to reach, ensuring the application’s granular access to each resource type and preventing the application from “escaping” its environment.
+When a packet is processed by WFP, the characteristics of that packet must explicitly match all the conditions of a filter to either be permitted or dropped to its target address. Connectivity issues typically happen when the packet does not match any of the filter conditions, leading the packet to be dropped by a default block filter. The presence of the default block
+filters ensures network isolation for UWP applications. Specifically, it guarantees a network drop for a packet that does not have the correct capabilities for the resource it is trying to reach. This ensures the application’s granular access to each resource type and preventing the application from escaping its environment.
 
 For more information on the filter arbitration algorithm and network isolation,
-please read [Filter
+see [Filter
 Arbitration](https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration)
 and
 [Isolation](https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation).
 
-The next sections will cover debugging case examples for loopback and
-non-loopback UWP app network connectivity issues.
+The following sections cover debugging case examples for loopback and non-loopback UWP app network connectivity issues.
 
 > [!NOTE] 
-> As improvements to debugging and diagnostics around the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
-traces collected on an older Windows build.
+> As improvements to debugging and diagnostics in the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
+traces collected on previous releases of Windows.
 
 # Debugging UWP App Loopback scenarios
 
-If you have a scenario where you are establishing a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
+If you need to establis a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
 
-To enable loopback for client outbound connections, run the following in a command prompt:
+To enable loopback for client outbound connections, run the following at a command prompt:
 
-`CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>`
+```dos
+CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>
+```
 
-To enable loopback for server inbound connections, please run the following in a
+To enable loopback for server inbound connections,  run the following at a
 command prompt:
+```dos
+CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>
+```
+You can ensure loopback is enabled by checking the appx manifests of both the sender and receiver.
 
-`CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>`
-
-You can ensure loopback is enabled by checking the appx manifests of both the
-sender and receiver.
-
-For more information about loopback scenarios, please read [Communicating with
+For more information about loopback scenarios, see [Communicating with
 localhost
 (loopback)](https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback)
 
 # Debugging Live Drops
 
-If the issue happened recently, but you find you are not able to reproduce the
-issue, go to Debugging Past Drops for the appropriate trace commands.
+If the issue happened recently, but you find you are not able to reproduce the issue, go to Debugging Past Drops for the appropriate trace commands.
 
-If you can consistently reproduce the issue, then you can run the following in
-an admin command prompt to gather a fresh trace:
+If you can consistently reproduce the issue, then you can run the following in an admin command prompt to gather a fresh trace:
 
-```
+```DOS
 Netsh wfp capture start keywords=19
 \<Run UWP app\>
 Netsh wfp capture stop
 ```
 
-The above commands will generate a wfpdiag.cab. Inside the .cab exists a
-wfpdiag.xml, which contains any allow or drop netEvents and filters that existed
-during that repro. Without “keywords=19”, the trace will only collect drop
-netEvents.
+These commands generate a wfpdiag.cab. Inside the .cab exists a wfpdiag.xml, which contains any allow or drop netEvents and filters that existed during that repro. Without “keywords=19”, the trace will only collect drop netEvents.
 
 Inside the wfpdiag.xml, search for netEvents which have
-FWPM_NET_EVENT_TYPE_CLASSIFY_DROP as the netEvent type. To find the relevant
-drop events, search for the drop events with matching destination IP address,
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP as the netEvent type. To find the relevant drop events, search for the drop events with matching destination IP address,
 package SID, or application ID name. The characters in the application ID name
 will be separated by periods:
-```
+
+```XML
 (ex) 					
 
-\<asString\>
-
+<asString\>
 \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
 
 \</asString\>
 ```
-The netEvent will have more information about the packet that was dropped
-including information about its capabilities, the filter that dropped the
-packet, and much more.
+
+The netEvent will have more information about the packet that was dropped including information about its capabilities, the filter that dropped the packet, and much more.
 
 ## Case 1: UWP app connects to Internet target address with all capabilities
 
 In this example, the UWP app successfully connects to bing.com
 [2620:1ec:c11::200].
 
-A packet from a UWP app needs the correct networking capability token for the
-resource it is trying to reach.
+A packet from a UWP app needs the correct networking capability token for the resource it is trying to reach.
 
-In this scenario, the app could successfully send a packet to the Internet
-target because it had an Internet capability token.
+In this scenario, the app could successfully send a packet to the Internet target because it had an Internet capability token.
 
-The following shows the allow netEvent of the app connecting to the target IP.
-The netEvent contains information about the packet including its local address,
+The following shows the allow netEvent of the app connecting to the target IP. The netEvent contains information about the packet including its local address,
 remote address, capabilities, etc.
 
 **Classify Allow netEvent, Wfpdiag-Case-1.xml**
 ```xml
-\<netEvent\>
-\<header\>
->   \<timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>				
->   \<localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-\<localPort\>52127\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>				
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-\<addressFamily\>FWP_AF_INET6\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
-\<classifyAllow\>
->   \<filterId\>125918\</filterId\>
->   \<layerId\>50\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
-\</classifyAllow\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-\<capabilities numItems="3"\>				
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-\</capabilities\>
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
->   \<item\>
-		\<filterId\>125918\</filterId\>					
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \<item\>
-		\<filterId\>121167\</filterId\>
-		\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-    \</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent\>
+<header\>
+    <timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
+    <flags numItems="9"\>
+    <item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
+    <item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+    </flags\>
+    <ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+    <ipProtocol\>6\</ipProtocol\>				
+    <localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+<localPort\>52127\</localPort\>
+<remotePort\>443\</remotePort\>
+<scopeId\>0\</scopeId\>
+<appId\>				
+    <data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+    <asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+       .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+</appId\>
+<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+<addressFamily\>FWP_AF_INET6\</addressFamily\>
+<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+<enterpriseId/\>
+<policyFlags\>0\</policyFlags\>
+<effectiveName/\>
+</header\>
+<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
+<classifyAllow\>
+    <filterId\>125918\</filterId\>
+    <layerId\>50\</layerId\>
+    <reauthReason\>0\</reauthReason\>
+    <originalProfile\>1\</originalProfile\>
+    <currentProfile\>1\</currentProfile\>
+</classifyAllow\>
+<internalFields\>
+<internalFlags/\>
+<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+<capabilities numItems="3"\>				
+    <item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+    <item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+</capabilities\>
+<fqbnVersion\>0\</fqbnVersion\>
+<fqbnName/\>
+<terminatingFiltersInfo numItems="2"\>
+    <item\>
+		<filterId\>125918\</filterId\>					
+    <subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+		<actionType\>FWP_ACTION_PERMIT\</actionType\>
+    </item\>
+    <item\>
+		<filterId\>121167\</filterId\>
+		<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+		<actionType\>FWP_ACTION_PERMIT\</actionType\>
+    </item\>
+</terminatingFiltersInfo\>
+</internalFields\>
+</netEvent\>
 ```
 
 The following is the filter that permitted the packet to be sent to the target

From 9aba80f3de8d2ec83e443b30afe63184a793c404 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 13 Aug 2020 18:09:28 -0700
Subject: [PATCH 16/66] so many

---
 .../troubleshooting-uwp-firewall.md           | 2124 ++++++++---------
 1 file changed, 1060 insertions(+), 1064 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index bc17fd0a75..fd79a67511 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -56,13 +56,13 @@ If you need to establis a TCP/IP connection between two processes on the same ho
 To enable loopback for client outbound connections, run the following at a command prompt:
 
 ```dos
-CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>
+CheckNetIsolation.exe LoopbackExempt -a -n=<AppContainer or Package Family>
 ```
 
 To enable loopback for server inbound connections,  run the following at a
 command prompt:
 ```dos
-CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>
+CheckNetIsolation.exe LoopbackExempt -is -n=<AppContainer or Package Family>
 ```
 You can ensure loopback is enabled by checking the appx manifests of both the sender and receiver.
 
@@ -78,7 +78,7 @@ If you can consistently reproduce the issue, then you can run the following in a
 
 ```DOS
 Netsh wfp capture start keywords=19
-\<Run UWP app\>
+<Run UWP app>
 Netsh wfp capture stop
 ```
 
@@ -92,10 +92,10 @@ will be separated by periods:
 ```XML
 (ex) 					
 
-<asString\>
+<asString>
 \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
 
-\</asString\>
+</asString>
 ```
 
 The netEvent will have more information about the packet that was dropped including information about its capabilities, the filter that dropped the packet, and much more.
@@ -114,187 +114,186 @@ remote address, capabilities, etc.
 
 **Classify Allow netEvent, Wfpdiag-Case-1.xml**
 ```xml
-<netEvent\>
-<header\>
-    <timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
-    <flags numItems="9"\>
-    <item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
-    <item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-    </flags\>
-    <ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
-    <ipProtocol\>6\</ipProtocol\>				
-    <localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-<localPort\>52127\</localPort\>
-<remotePort\>443\</remotePort\>
-<scopeId\>0\</scopeId\>
-<appId\>				
-    <data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-    <asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-       .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-</appId\>
-<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-<addressFamily\>FWP_AF_INET6\</addressFamily\>
-<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-<enterpriseId/\>
-<policyFlags\>0\</policyFlags\>
-<effectiveName/\>
-</header\>
-<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
-<classifyAllow\>
-    <filterId\>125918\</filterId\>
-    <layerId\>50\</layerId\>
-    <reauthReason\>0\</reauthReason\>
-    <originalProfile\>1\</originalProfile\>
-    <currentProfile\>1\</currentProfile\>
-</classifyAllow\>
-<internalFields\>
-<internalFlags/\>
-<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-<capabilities numItems="3"\>				
-    <item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-    <item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-</capabilities\>
-<fqbnVersion\>0\</fqbnVersion\>
-<fqbnName/\>
-<terminatingFiltersInfo numItems="2"\>
-    <item\>
-		<filterId\>125918\</filterId\>					
-    <subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-		<actionType\>FWP_ACTION_PERMIT\</actionType\>
-    </item\>
-    <item\>
-		<filterId\>121167\</filterId\>
-		<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-		<actionType\>FWP_ACTION_PERMIT\</actionType\>
-    </item\>
-</terminatingFiltersInfo\>
-</internalFields\>
-</netEvent\>
+<netEvent>
+    <header>
+    <timeStamp>2020-05-21T17:25:59.070Z</timeStamp>
+    <flags numItems="9">
+        <item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>	
+        <item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+    </flags>
+    <ipVersion>FWP_IP_VERSION_V6</ipVersion>
+    <ipProtocol>6</ipProtocol>				
+    <localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>	
+    <remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
+<localPort>52127</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>				
+    <data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+    <asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+       .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-2993214446-1947230185-131795049-1000</userId>
+<addressFamily>FWP_AF_INET6</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW</type>
+<classifyAllow>
+    <filterId>125918</filterId>
+    <layerId>50</layerId>
+    <reauthReason>0</reauthReason>
+    <originalProfile>1</originalProfile>
+    <currentProfile>1</currentProfile>
+</classifyAllow>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities numItems="3">				
+    <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
+    <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+    <item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+</capabilities>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+    <item>
+        <filterId>125918</filterId>
+        <subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+        <actionType>FWP_ACTION_PERMIT</actionType>
+    </item>
+    <item>
+		<filterId>121167</filterId>
+		<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+		<actionType>FWP_ACTION_PERMIT</actionType>
+    </item>
+</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
 
 The following is the filter that permitted the packet to be sent to the target
-address according to the terminatingFiltersInfo in the netEvent. This packet was
-allowed by Filter \#125918 which is from the InternetClient Default Rule.
+address according to the **terminatingFiltersInfo** in the **netEvent**. This packet was
+allowed by Filter #125918, from the InternetClient Default Rule.
 
-**InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
+**InternetClient Default Rule Filter #125918, Wfpdiag-Case-1.xml**
 ```xml
-\<item\>
->   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
->   \<displayData\>
->   \<name\>InternetClient Default Rule\</name\>
->   \<description\>InternetClient Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>ad2b000000000000\</data\>
->   \<asString\>.+......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_RANGE\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_RANGE_TYPE\</type\>
->   \<rangeValue\>
->   \<valueLow\>
->   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
->   \<byteArray16\>::\</byteArray16\>
->   \</valueLow\>
->   \<valueHigh\>
->   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
->   \<byteArray16\>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\</byteArray16\>
->   \</valueHigh\>
->   \</rangeValue\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>125918\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>103079219136\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+    <filterKey>{3389708e-f7ae-4ebc-a61a-f659065ab24e}</filterKey>
+    <displayData>
+    <name>InternetClient Default Rule</name>
+    <description>InternetClient Default Rule</description>
+    </displayData>
+    <flags/>
+    <providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+    <providerData>
+    <data>ad2b000000000000</data>
+    <asString>.+......</asString>
+    </providerData>
+    <layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V6</layerKey>
+    <subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey	 
+    <weight>
+    <type>FWP_EMPTY</type>
+    </weight>
+    <filterCondition numItems="5">
+    <item>
+    <fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+    <matchType>FWP_MATCH_NOT_EQUAL</matchType>
+    <conditionValue>
+    <type>FWP_SID</type>
+    <sid>S-1-0-0</sid>
+    </conditionValue>
+    </item>
+    <item>
+    <fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+ 	<matchType>FWP_MATCH_RANGE</matchType>
+ 	 <conditionValue>
+ 	 <type>FWP_RANGE_TYPE</type>
+ 	 <rangeValue>
+ 	<valueLow>
+    <type>FWP_BYTE_ARRAY16_TYPE</type>
+    <byteArray16>::</byteArray16>
+    </valueLow>
+    <valueHigh>
+    <type>FWP_BYTE_ARRAY16_TYPE</type>
+    <byteArray16>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</byteArray16>
+	</valueHigh>
+	</rangeValue>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID<fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID<fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>125918</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>103079219136</uint64>
+	</effectiveWeight>
+</item>
 ```
-One condition is
 
 **Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
 ```xml
-\<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
-\</item\>
+<item>
+    <fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+    <matchType>FWP_MATCH_EQUAL</matchType>
+    <conditionValue>
+    <type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+    <sd>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+    </conditionValue>
+</item>
 ```
-which is the condition for checking capabilities in this filter.
+This is the condition for checking capabilities in this filter.
 
-The important part of this condition is S-1-15-3-1, which is the capability SID
-for INTERNET_CLIENT privileges.
+The important part of this condition is **S-1-15-3-1**, which is the capability SID
+for **INTERNET_CLIENT** privileges.
 
-From the netEvent’s capabilities section,
-
-Capabilities from netEvent, Wfpdiag-Case-1.xml
+From the **netEvent** capabilities section,
+capabilities from netEvent, Wfpdiag-Case-1.xml.
 ```xml
-\<capabilities numItems="3"\>				
->   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-\</capabilities\>
+<capabilities numItems="3">				
+    <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>			<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+    <item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+</capabilities>
 ```
-it shows the packet came from an app with an Internet client token
-(FWP_CAPABILITIES_FLAG_INTERNET_CLIENT) which matches the capability SID in the
+This shows the packet came from an app with an Internet client token (**FWP_CAPABILITIES_FLAG_INTERNET_CLIENT**) which matches the capability SID in the
 filter. All the other conditions are also met for the filter, so the packet is
 allowed.
 
@@ -307,175 +306,173 @@ the packet having all capabilities.
 In this example, the UWP app is unable to connect to bing.com
 [2620:1ec:c11::200].
 
-The following is a drop netEvent that was captured in the traces during this
-repro.
+The following is a drop netEvent that was captured in the trace.
 
 **Classify Drop netEvent, Wfpdiag-Case-2.xml**
 ```xml
-\<netEvent\>
-\<header\>
-\<timeStamp\>2020-03-30T23:53:09.720Z\</timeStamp\>
-\<flags numItems="9"\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-\</flags\>
-\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
-\<ipProtocol\>6\</ipProtocol\>
-\<localAddrV6.byteArray16\>2001:4898:1a:1045:8469:3351:e6e2:543\</localAddrV6.byteArray16\>
-\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-\<localPort\>63187\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>
-\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0034002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...4...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
-\<addressFamily\>FWP_AF_INET6\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-\<classifyDrop\>
-\<filterId\>68893\</filterId\>
-\<layerId\>50\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-\<capabilities/\>
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>68893\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>68879\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent>
+<header>
+<timeStamp>2020-03-30T23:53:09.720Z</timeStamp>
+<flags numItems="9">
+    <item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+</flags>
+<ipVersion>FWP_IP_VERSION_V6</ipVersion>
+<ipProtocol>6</ipProtocol>
+<localAddrV6.byteArray16>2001:4898:1a:1045:8469:3351:e6e2:543</localAddrV6.byteArray16>
+<remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
+<localPort>63187</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>
+<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0034002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...4...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-2788718703-1626973220-3690764900-1000</userId>
+<addressFamily>FWP_AF_INET6</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+<classifyDrop>
+<filterId>68893</filterId>
+<layerId>50</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities/>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>68893</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>68879</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
-The first thing that should be checked in the netEvent is the capabilities
-field\*. In this example, the capabilities field is empty, indicating that the
+The first thing that you should check in the **netEvent** is the capabilities
+field. In this example, the capabilities field is empty, indicating that the
 UWP app was not configured with any capability tokens to allow it to connect to
 a network.
 
 **Internal Fields from netEvent, Wfpdiag-Case-2.xml**
 ```xml
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-**\<capabilities/\>**
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>68893\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>68879\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities/>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>68893</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>68879</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
 ```
-The netEvent also gives us information about the filter that explicitly dropped
-this packet, like the FilterId, listed under classify drop
+The **netEvent** also shows information about the filter that explicitly dropped this packet, like the **FilterId**, listed under classify drop.
 
 **Classify Drop from netEvent, Wfpdiag-Case-2.xml**
 ```xml
-\<classifyDrop\>
-**\<filterId\>68893\</filterId\>**
-\<layerId\>50\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
+<classifyDrop>
+<filterId>68893</filterId>
+<layerId>50</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
 ```
-If we search for that filter, \#68893, in Wfpdiag-Case2.xml, we will see that
+If you search for the filter #68893 in Wfpdiag-Case2.xml, you'll see that
 the packet was dropped by a Block Outbound Default Rule filter.
 
-**Block Outbound Default Rule Filter \#68893, Wfpdiag-Case-2.xml**
+**Block Outbound Default Rule Filter #68893, Wfpdiag-Case-2.xml**
 
 ```xml
-\<item\>
->   \<filterKey\>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}\</filterKey\>
->   \<displayData\>
->   \<name\>**Block Outbound Default Rule**\</name\>
->   \<description\>Block Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>{4b153735-1049-4480-aab4-d1b9bdc03710}\</providerKey\>
->   \<providerData\>
->   \<data\>b001000000000000\</data\>
->   \<asString\>........\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
->   \<subLayerKey\>{b3cdd441-af90-41ba-a745-7c6008ff2300}\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="1"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_BLOCK\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>68893\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>68719476736\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+	<filterKey>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}</filterKey>
+/t<displayData>
+	<name>**Block Outbound Default Rule**</name>
+	<description>Block Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>{4b153735-1049-4480-aab4-d1b9bdc03710}</providerKey>
+	<providerData>
+	<data>b001000000000000</data>
+	<asString>........</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V6</layerKey>
+	<subLayerKey>{b3cdd441-af90-41ba-a745-7c6008ff2300}</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="1">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_BLOCK</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>68893</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>68719476736</uint64>
+	</effectiveWeight>
+</item>
 ```
 
-A packet will reach a default block filter if the packet was unable to match any of the conditions of other filters, and thus not allowed by the other filters in
+A packet will reach a default block filter if the packet was unable to match any of the conditions of other filters, and not allowed by the other filters in
 the same sublayer.
 
 If the packet had the correct capability token,
-FWP_CAPABILITIES_FLAG_INTERNET_CLIENT, it would have matched a condition for a
+**FWP_CAPABILITIES_FLAG_INTERNET_CLIENT**, it would have matched a condition for a
 non-default block filter and would have been permitted to reach bing.com.
 Without the correct capability tokens, the packet will be explicitly dropped by
 a default block outbound filter.
@@ -490,74 +487,74 @@ only has a private network token. Therefore, the packet will be dropped.
 
 **Classify Drop netEvent, Wfpdiag-Case-3.xml**
 ```xml
-\<netEvent\>
-\<header\>
-\<timeStamp\>2020-03-31T16:57:18.570Z\</timeStamp\>
-\<flags numItems="9"\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-\</flags\>
-\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
-\<ipProtocol\>6\</ipProtocol\>
-\<localAddrV6.byteArray16\>2001:4898:1a:1045:9c65:7805:dd4a:cc4b\</localAddrV6.byteArray16\>
-\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-\<localPort\>64086\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>
-\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0035002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...5...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
-\<addressFamily\>FWP_AF_INET6\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-\<classifyDrop\>
-\<filterId\>68893\</filterId\>
-\<layerId\>50\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-**\<capabilities numItems="1"\>**
-**\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>**
-**\</capabilities\>**
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>68893\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>68879\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent>
+<header>
+<timeStamp>2020-03-31T16:57:18.570Z</timeStamp>
+<flags numItems="9">
+<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+</flags>
+<ipVersion>FWP_IP_VERSION_V6</ipVersion>
+<ipProtocol>6</ipProtocol>
+<localAddrV6.byteArray16>2001:4898:1a:1045:9c65:7805:dd4a:cc4b</localAddrV6.byteArray16>
+<remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
+<localPort>64086</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>
+<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0035002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...5...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-2788718703-1626973220-3690764900-1000</userId>
+<addressFamily>FWP_AF_INET6</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+<classifyDrop>
+<filterId>68893</filterId>
+<layerId>50</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+**<capabilities numItems="1">**
+**<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>**
+**</capabilities>**
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>68893</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>68879</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
 
 ## Case 4: UWP app cannot reach Intranet target address without Private Network capability
@@ -567,75 +564,75 @@ In this example, the UWP app is unable to reach the Intranet target address,
 
 **Classify Drop netEvent, Wfpdiag-Case-4.xml**
 ```xml
-\<netEvent\>
-\<header\>
->   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>
->   \<localAddrV4\>10.216.117.17\</localAddrV4\>
->   \<remoteAddrV4\>10.50.50.50\</remoteAddrV4\>
->   \<localPort\>52998\</localPort\>
->   \<remotePort\>53\</remotePort\>
->   \<scopeId\>0\</scopeId\>
->   \<appId\>				
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
->   \</appId\>
->   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
->   \<addressFamily\>FWP_AF_INET\</addressFamily\>
->   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
->   \<enterpriseId/\>
->   \<policyFlags\>0\</policyFlags\>
->   \<effectiveName/\>
-\</header\>
->   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
->   \<classifyDrop\>
->   \<filterId\>121180\</filterId\>
->   \<layerId\>48\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
->   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
->   \<isLoopback\>false\</isLoopback\>
->   \<vSwitchId/\>
->   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
->   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
->   \<internalFlags/\>
->   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
->   \<capabilities numItems="2"\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
->   \</capabilities\>
->   \<fqbnVersion\>0\</fqbnVersion\>
->   \<fqbnName/\>
->   \<terminatingFiltersInfo numItems="2"\>
->   \<item\>
->   \<filterId\>121180\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
->   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
->   \</item\>
->   \<item\>
->   \<filterId\>121165\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent>
+<header>
+	<timeStamp>2020-05-22T21:29:28.601Z</timeStamp>
+	<flags numItems="9">
+	<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+	</flags>
+	<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+	<ipProtocol>6</ipProtocol>
+	<localAddrV4>10.216.117.17</localAddrV4>
+	<remoteAddrV4>10.50.50.50</remoteAddrV4>
+	<localPort>52998</localPort>
+	<remotePort>53</remotePort>
+	<scopeId>0</scopeId>
+	<appId>				
+	<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+	<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+	.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+	</appId>
+	<userId>S-1-5-21-2993214446-1947230185-131795049-1000</userId>
+	<addressFamily>FWP_AF_INET</addressFamily>
+	<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+	<enterpriseId/>
+	<policyFlags>0</policyFlags>
+	<effectiveName/>
+</header>
+	<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+	<classifyDrop>
+	<filterId>121180</filterId>
+	<layerId>48</layerId>
+	<reauthReason>0</reauthReason>
+	<originalProfile>1</originalProfile>
+	<currentProfile>1</currentProfile>
+	<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+	<isLoopback>false</isLoopback>
+	<vSwitchId/>
+	<vSwitchSourcePort>0</vSwitchSourcePort>
+	<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+	<internalFlags/>
+	<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+	<capabilities numItems="2">
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+	</capabilities>
+	<fqbnVersion>0</fqbnVersion>
+	<fqbnName/>
+	<terminatingFiltersInfo numItems="2">
+	<item>
+	<filterId>121180</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+	<actionType>FWP_ACTION_BLOCK</actionType>
+	</item>
+	<item>
+	<filterId>121165</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
 ## Case 5: UWP app cannot reach “Intranet” target address with Private Network capability
 
@@ -644,360 +641,360 @@ In this example, the UWP app is unable to reach the Intranet target address,
 
 **Classify Drop netEvent, Wfpdiag-Case-5.xml**
 ```xml
-\<netEvent\>
->   \<header\>
->   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>
->   \<localAddrV4\>10.216.117.17\</localAddrV4\>
->   \<remoteAddrV4\>10.1.1.1\</remoteAddrV4\>
->   \<localPort\>52956\</localPort\>
->   \<remotePort\>53\</remotePort\>
->   \<scopeId\>0\</scopeId\>
->   \<appId\>	
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
->   \</appId\>
->   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
->   \<addressFamily\>FWP_AF_INET\</addressFamily\>
->   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
->   \<enterpriseId/\>
->   \<policyFlags\>0\</policyFlags\>
->   \<effectiveName/\>
-\</header\>
->   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
->   \<classifyDrop\>
->   \<filterId\>121180\</filterId\>
->   \<layerId\>48\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
->   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
->   \<isLoopback\>false\</isLoopback\>
->   \<vSwitchId/\>
->   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
->   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
->   \</classifyDrop\>
->   \<internalFields\>
->   \<internalFlags/\>
->   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
->   \<capabilities numItems="1"\>
->   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
->   \</capabilities\>
->   \<fqbnVersion\>0\</fqbnVersion\>
->   \<fqbnName/\>
->   \<terminatingFiltersInfo numItems="2"\>
->   \<item\>
->   \<filterId\>121180\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
->   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
->   \</item\>
->   \<item\>
->   \<filterId\>121165\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \</terminatingFiltersInfo\>
->   \</internalFields\>
-\</netEvent\>
+<netEvent>
+	<header>
+	<timeStamp>2020-05-22T20:54:53.499Z</timeStamp>
+	<flags numItems="9">
+	<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+	</flags>
+	<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+	<ipProtocol>6</ipProtocol>
+	<localAddrV4>10.216.117.17</localAddrV4>
+	<remoteAddrV4>10.1.1.1</remoteAddrV4>
+	<localPort>52956</localPort>
+	<remotePort>53</remotePort>
+	<scopeId>0</scopeId>
+	<appId>	
+	<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+	<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+	.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+	</appId>
+	<userId>S-1-5-21-2993214446-1947230185-131795049-1000</userId>
+	<addressFamily>FWP_AF_INET</addressFamily>
+	<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+	<enterpriseId/>
+	<policyFlags>0</policyFlags>
+	<effectiveName/>
+</header>
+	<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+	<classifyDrop>
+	<filterId>121180</filterId>
+	<layerId>48</layerId>
+	<reauthReason>0</reauthReason>
+	<originalProfile>1</originalProfile>
+	<currentProfile>1</currentProfile>
+	<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+	<isLoopback>false</isLoopback>
+	<vSwitchId/>
+	<vSwitchSourcePort>0</vSwitchSourcePort>
+	<vSwitchDestinationPort>0</vSwitchDestinationPort>
+	</classifyDrop>
+	<internalFields>
+	<internalFlags/>
+	<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+	<capabilities numItems="1">
+	<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+	</capabilities>
+	<fqbnVersion>0</fqbnVersion>
+	<fqbnName/>
+	<terminatingFiltersInfo numItems="2">
+	<item>
+	<filterId>121180</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+	<actionType>FWP_ACTION_BLOCK</actionType>
+	</item>
+	<item>
+	<filterId>121165</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	</terminatingFiltersInfo>
+	</internalFields>
+</netEvent>
 ```
 The following shows the filter that blocked the event:
 
 **Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
 
 ```xml
-\<item\>
->   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
->   \<displayData\>
->   \<name\>Block Outbound Default Rule\</name\>
->   \<description\>Block Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>c029000000000000\</data\>
->   \<asString\>.)......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="1"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_BLOCK\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>121180\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>274877906944\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+	<filterKey>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}</filterKey>
+	<displayData>
+	<name>Block Outbound Default Rule</name>
+	<description>Block Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>c029000000000000</data>
+	<asString>.)......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="1">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_BLOCK</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>121180</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>274877906944</uint64>
+	</effectiveWeight>
+</item>
 ```
 If the target was in the private range, then it should have been allowed by a
 PrivateNetwork Outbound Default Rule filter.
 
 The following PrivateNetwork Outbound Default Rule filters have conditions for matching Intranet IP addresses. Since the expected Intranet target address,
-10.1.1.1, is not included in these filters it becomes clear that the address isnot in the private range. Check the policies which configure the private range
-on the machine (MDM, GP, etc) and make sure it includes the private targetaddress you wanted to reach.
+10.1.1.1, is not included in these filters it becomes clear that the address is not in the private range. Check the policies that configure the private range
+on the device (MDM, Group Policy, etc) and make sure it includes the private targetaddress you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
 ```xml
-\<item\>
->   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
->   \<displayData\>
->   \<name\>PrivateNetwork Outbound Default Rule\</name\>
->   \<description\>PrivateNetwork Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>f22d000000000000\</data\>
->   \<asString\>.-......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1.1.1.1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>129656\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>144115600392724416\</uint64\>
->   \</effectiveWeight\>
->   \</item\>
->   \<item\>
->   \<filterKey\>{b11b4f8a-222e-49d6-8d69-02728681d8bc}\</filterKey\>
->   \<displayData\>
->   \<name\>PrivateNetwork Outbound Default Rule\</name\>
->   \<description\>PrivateNetwork Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>f22d000000000000\</data\>
->   \<asString\>.-......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_RANGE\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_RANGE_TYPE\</type\>
->   \<rangeValue\>
->   \<valueLow\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>172.16.0.0\</uint32\>
->   \</valueLow\>
->   \<valueHigh\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>172.31.255.255\</uint32\>
->   \</valueHigh\>
->   \</rangeValue\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>129657\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>36029209335832512\</uint64\>
->   \</effectiveWeight\>
-\</item\>
-\<item\>
->   \<filterKey\>{21cd82bc-6077-4069-94bf-750e5a43ca23}\</filterKey\>
->   \<displayData\>
->   \<name\>PrivateNetwork Outbound Default Rule\</name\>
->   \<description\>PrivateNetwork Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>f22d000000000000\</data\>
->   \<asString\>.-......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_RANGE\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_RANGE_TYPE\</type\>
->   \<rangeValue\>
->   \<valueLow\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>192.168.0.0\</uint32\>
->   \</valueLow\>
->   \<valueHigh\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>192.168.255.255\</uint32\>
->   \</valueHigh\>
->   \</rangeValue\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>129658\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>36029209335832512\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+	<filterKey>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}</filterKey>
+	<displayData>
+	<name>PrivateNetwork Outbound Default Rule</name>
+	<description>PrivateNetwork Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>f22d000000000000</data>
+	<asString>.-......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="5">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1.1.1.1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>129656</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>144115600392724416</uint64>
+	</effectiveWeight>
+	</item>
+	<item>
+	<filterKey>{b11b4f8a-222e-49d6-8d69-02728681d8bc}</filterKey>
+	<displayData>
+	<name>PrivateNetwork Outbound Default Rule</name>
+	<description>PrivateNetwork Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>f22d000000000000</data>
+	<asString>.-......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="5">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+	<matchType>FWP_MATCH_RANGE</matchType>
+	<conditionValue>
+	<type>FWP_RANGE_TYPE</type>
+	<rangeValue>
+	<valueLow>
+	<type>FWP_UINT32</type>
+	<uint32>172.16.0.0</uint32>
+	</valueLow>
+	<valueHigh>
+	<type>FWP_UINT32</type>
+	<uint32>172.31.255.255</uint32>
+	</valueHigh>
+	</rangeValue>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>129657</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>36029209335832512</uint64>
+	</effectiveWeight>
+</item>
+<item>
+	<filterKey>{21cd82bc-6077-4069-94bf-750e5a43ca23}</filterKey>
+	<displayData>
+	<name>PrivateNetwork Outbound Default Rule</name>
+	<description>PrivateNetwork Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>f22d000000000000</data>
+	<asString>.-......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="5">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+	<matchType>FWP_MATCH_RANGE</matchType>
+	<conditionValue>
+	<type>FWP_RANGE_TYPE</type>
+	<rangeValue>
+	<valueLow>
+	<type>FWP_UINT32</type>
+	<uint32>192.168.0.0</uint32>
+	</valueLow>
+	<valueHigh>
+	<type>FWP_UINT32</type>
+	<uint32>192.168.255.255</uint32>
+	</valueHigh>
+	</rangeValue>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>129658</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>36029209335832512</uint64>
+	</effectiveWeight>
+</item>
 ```
 # Debugging Past Drops 
 
@@ -1007,38 +1004,38 @@ wfpstate.xml. Once nettrace.etl is converted, nettrace.txt will have the
 netEvents of the reproduced event, and wfpstate.xml will contain the filters
 that were present on the machine at the time.
 
-If you **do not** have a live repro or traces already collected, you can still
+If you do not have a live repro or traces already collected, you can still
 collect traces after the UWP network connectivity issue has happened by running
-these commands in an Admin command prompt
+these commands in an admin command prompt
 
 ```xml
->   \<Run UWP app\>
->   Netsh wfp show netevents
->   Netsh wfp show state
+	<Run UWP app>
+	Netsh wfp show netevents
+	Netsh wfp show state
 ```
 
-“Netsh wfp show netevents” will generate netevents.xml, which contains the past
-net events. “Netsh wfp show state” will generate wfpstate.xml, which contains
+**Netsh wfp show netevents** creates netevents.xml, which contains the past
+net events. **Netsh wfp show state** creates wfpstate.xml, which contains
 the current filters present on the machine.
 
 Unfortunately, collecting traces after the UWP network connectivity issue is not
 always reliable.
 
-NetEvents on the machine are stored in a buffer. Once that buffer has reached
-max capacity, the buffer will overwrite older net events. Due to the buffer
+NetEvents on the device are stored in a buffer. Once that buffer has reached
+maximum capacity, the buffer will overwrite older net events. Due to the buffer
 overwrite, it is possible that the collected netevents.xml will not contain the
-net event associated with the UWP network connectivity issue if it was
-overwritten. Additionally, filters on the machine can get deleted and re-added
-with different filterIds due to miscellaneous events on the machine. Because of
-this, a filterId from “netsh wfp show netevents” may not necessarily match any
-filter in “netsh wfp show state” because that filterId may be outdated.
+net event associated with the UWP network connectivity issue. It could have been ov
+overwritten. Additionally, filters on the device can get deleted and re-added
+with different filterIds due to miscellaneous events on the device. Because of
+this, a **filterId** from **netsh wfp show netevents** may not necessarily match any
+filter in **netsh wfp show state** because that **filterId** may be outdated.
 
-If you can reproduce the UWP network connectivity issue consistently, we would
+If you can reproduce the UWP network connectivity issue consistently, we 
 recommend using the commands from Debugging Live Drops instead.
 
 Additionally, you can still follow the examples from Debugging Live Drops
 section using the trace commands in this section, even if you do not have a live
-repro. The netEvents and filters are stored in one file in Debugging Live Drops
+repro. The **netEvents** and filters are stored in one file in Debugging Live Drops
 as opposed to two separate files in the following Debugging Past Drops examples.
 
 ## Case 7: Debugging Past Drop - UWP app cannot reach Internet target address and has no capabilities
@@ -1048,72 +1045,72 @@ In this example, the UWP app is unable to connect to bing.com.
 Classify Drop Net Event, NetEvents-Case-7.xml
 
 ```xml
-\<item\>
-\<header\>
-\<timeStamp\>2020-05-04T22:04:07.039Z\</timeStamp\>
-\<flags numItems="9"\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-\</flags\>
-\<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-\<ipProtocol\>6\</ipProtocol\>
-\<localAddrV4\>10.195.36.30\</localAddrV4\>
-\<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
-\<localPort\>57062\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>
-\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
-\<addressFamily\>FWP_AF_INET\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-\<classifyDrop\>
-\<filterId\>206064\</filterId\>
-\<layerId\>48\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-\<capabilities/\>
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>206064\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>206049\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</item\>
+<item>
+<header>
+<timeStamp>2020-05-04T22:04:07.039Z</timeStamp>
+<flags numItems="9">
+<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+</flags>
+<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+<ipProtocol>6</ipProtocol>
+<localAddrV4>10.195.36.30</localAddrV4>
+<remoteAddrV4>204.79.197.200</remoteAddrV4>
+<localPort>57062</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>
+<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-1578316205-4060061518-881547182-1000</userId>
+<addressFamily>FWP_AF_INET</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+<classifyDrop>
+<filterId>206064</filterId>
+<layerId>48</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities/>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>206064</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>206049</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
+</item>
 ```
 
 The Internal fields lists no active capabilities, and the packet is dropped at
@@ -1127,45 +1124,45 @@ Security Descriptor doesn’t match.
 **Block Outbound Default Rule Filter \#206064, FilterState-Case-7.xml**
 
 ```xml
-\<item\>
-\<filterKey\>{f138d1ad-9293-478f-8519-c3368e796711}\</filterKey\>
-\<displayData\>
-\<name\>Block Outbound Default Rule\</name\>
-\<description\>Block Outbound Default Rule\</description\>
-\</displayData\>
-\<flags/\>
-\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-\<providerData\>
-\<data\>2e65000000000000\</data\>
-\<asString\>.e......\</asString\>
-\</providerData\>
-\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-\<weight\>
-\<type\>FWP_EMPTY\</type\>
-\</weight\>
-\<filterCondition numItems="1"\>
-\<item\>
-\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-\<conditionValue\>
-\<type\>FWP_SID\</type\>
-\<sid\>S-1-0-0\</sid\>
-\</conditionValue\>
-\</item\>
-\</filterCondition\>
-\<action\>
-\<type\>FWP_ACTION_BLOCK\</type\>
-\<filterType/\>
-\</action\>
-\<rawContext\>0\</rawContext\>
-\<reserved/\>
-\<filterId\>206064\</filterId\>
-\<effectiveWeight\>
-\<type\>FWP_UINT64\</type\>
-\<uint64\>274877906944\</uint64\>
-\</effectiveWeight\>
-\</item\>
+<item>
+<filterKey>{f138d1ad-9293-478f-8519-c3368e796711}</filterKey>
+<displayData>
+<name>Block Outbound Default Rule</name>
+<description>Block Outbound Default Rule</description>
+</displayData>
+<flags/>
+<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+<providerData>
+<data>2e65000000000000</data>
+<asString>.e......</asString>
+</providerData>
+<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+<weight>
+<type>FWP_EMPTY</type>
+</weight>
+<filterCondition numItems="1">
+<item>
+<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+<conditionValue>
+<type>FWP_SID</type>
+<sid>S-1-0-0</sid>
+</conditionValue>
+</item>
+</filterCondition>
+<action>
+<type>FWP_ACTION_BLOCK</type>
+<filterType/>
+</action>
+<rawContext>0</rawContext>
+<reserved/>
+<filterId>206064</filterId>
+<effectiveWeight>
+<type>FWP_UINT64</type>
+<uint64>274877906944</uint64>
+</effectiveWeight>
+</item>
 ```
 ## Case 8: Debugging Past Drop - UWP app connects to Internet target address with all capabilities
 
@@ -1174,159 +1171,158 @@ In this example, the UWP app successfully connects to bing.com [204.79.197.200].
 **Classify Allow Net Event, NetEvents-Case-8.xml**
 
 ```xml
-\<item\>
->   \<header\>
->   \<timeStamp\>2020-05-04T18:49:55.101Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>
->   \<localAddrV4\>10.195.36.30\</localAddrV4\>
->   \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
->   \<localPort\>61673\</localPort\>
->   \<remotePort\>443\</remotePort\>
->   \<scopeId\>0\</scopeId\>
->   \<appId\>
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
->   \</appId\>
->   \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
->   \<addressFamily\>FWP_AF_INET\</addressFamily\>
->   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
->   \<enterpriseId/\>
->   \<policyFlags\>0\</policyFlags\>
->   \<effectiveName/\>
->   \</header\>
->   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
->   \<classifyAllow\>
->   \<filterId\>208757\</filterId\>
->   \<layerId\>48\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
->   \</classifyAllow\>
->   \<internalFields\>
->   \<internalFlags/\>
->   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
->   \<capabilities numItems="3"\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
->   \</capabilities\>
->   \<fqbnVersion\>0\</fqbnVersion\>
->   \<fqbnName/\>
->   \<terminatingFiltersInfo numItems="2"\>
->   \<item\>
->   \<filterId\>208757\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \<item\>
->   \<filterId\>206049\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \</terminatingFiltersInfo\>
->   \</internalFields\>
-\</item\>
+<item>
+	<header>
+	<timeStamp>2020-05-04T18:49:55.101Z</timeStamp>
+	<flags numItems="9">
+	<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+	</flags>
+	<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+	<ipProtocol>6</ipProtocol>
+	<localAddrV4>10.195.36.30</localAddrV4>
+	<remoteAddrV4>204.79.197.200</remoteAddrV4>
+	<localPort>61673</localPort>
+	<remotePort>443</remotePort>
+	<scopeId>0</scopeId>
+	<appId>
+	<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+	<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+	.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+	</appId>
+	<userId>S-1-5-21-1578316205-4060061518-881547182-1000</userId>
+	<addressFamily>FWP_AF_INET</addressFamily>
+	<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+	<enterpriseId/>
+	<policyFlags>0</policyFlags>
+	<effectiveName/>
+	</header>
+	<type>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW</type>
+	<classifyAllow>
+	<filterId>208757</filterId>
+	<layerId>48</layerId>
+	<reauthReason>0</reauthReason>
+	<originalProfile>1</originalProfile>
+	<currentProfile>1</currentProfile>
+	</classifyAllow>
+	<internalFields>
+	<internalFlags/>
+	<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+	<capabilities numItems="3">
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+	<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+	</capabilities>
+	<fqbnVersion>0</fqbnVersion>
+	<fqbnName/>
+	<terminatingFiltersInfo numItems="2">
+	<item>
+	<filterId>208757</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	<item>
+	<filterId>206049</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	</terminatingFiltersInfo>
+	</internalFields>
+</item>
 ```
-Important things to note: all capabilities are enabled and the resulting filter
-determining the flow of the packet is 208757.
+All capabilities are enabled and the resulting filter determining the flow of the packet is 208757.
 
 The filter stated above with action permit:
 
 **InternetClient Default Rule Filter \#208757, FilterState-Case-8.xml**
 ```xml
-\<item\>
-	\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
-	\<displayData\>
-	\<name\>InternetClient Default Rule\</name\>
-		\<description\>InternetClient Default Rule\</description\>
-					\</displayData\>
-					\<flags/\>
-					\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-					\<providerData\>
-						\<data\>e167000000000000\</data\>
-						\<asString\>.g......\</asString\>
-					\</providerData\>
-					\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-					\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-					\<weight\>
-						\<type\>FWP_EMPTY\</type\>
-					\</weight\>
-					\<filterCondition numItems="5"\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_SID\</type\>
-								\<sid\>S-1-0-0\</sid\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-							\<matchType\>FWP_MATCH_RANGE\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_RANGE_TYPE\</type\>
-								\<rangeValue\>
-									\<valueLow\>
-										\<type\>FWP_UINT32\</type\>
-										\<uint32\>0.0.0.0\</uint32\>
-									\</valueLow\>
-									\<valueHigh\>
-										\<type\>FWP_UINT32\</type\>
-										\<uint32\>255.255.255.255\</uint32\>
-									\</valueHigh\>
-								\</rangeValue\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_UINT32\</type\>
-								\<uint32\>1\</uint32\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_UINT32\</type\>
-								\<uint32\>1\</uint32\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-								\<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-							\</conditionValue\>
-						\</item\>
-					\</filterCondition\>
-					\<action\>
-						\<type\>FWP_ACTION_PERMIT\</type\>
-						\<filterType/\>
-					\</action\>
-					\<rawContext\>0\</rawContext\>
-					\<reserved/\>
-					\<filterId\>208757\</filterId\>
-					\<effectiveWeight\>
-						\<type\>FWP_UINT64\</type\>
-						\<uint64\>412316868544\</uint64\>
-					\</effectiveWeight\>
-				\</item\>
+<item>
+	<filterKey>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}</filterKey>
+	<displayData>
+	<name>InternetClient Default Rule</name>
+		<description>InternetClient Default Rule</description>
+					</displayData>
+					<flags/>
+					<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+					<providerData>
+						<data>e167000000000000</data>
+						<asString>.g......</asString>
+					</providerData>
+					<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+					<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+					<weight>
+						<type>FWP_EMPTY</type>
+					</weight>
+					<filterCondition numItems="5">
+						<item>
+							<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+							<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_SID</type>
+								<sid>S-1-0-0</sid>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+							<matchType>FWP_MATCH_RANGE</matchType>
+							<conditionValue>
+								<type>FWP_RANGE_TYPE</type>
+								<rangeValue>
+									<valueLow>
+										<type>FWP_UINT32</type>
+										<uint32>0.0.0.0</uint32>
+									</valueLow>
+									<valueHigh>
+										<type>FWP_UINT32</type>
+										<uint32>255.255.255.255</uint32>
+									</valueHigh>
+								</rangeValue>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+							<matchType>FWP_MATCH_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_UINT32</type>
+								<uint32>1</uint32>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+							<matchType>FWP_MATCH_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_UINT32</type>
+								<uint32>1</uint32>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+							<matchType>FWP_MATCH_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+								<sd>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+							</conditionValue>
+						</item>
+					</filterCondition>
+					<action>
+						<type>FWP_ACTION_PERMIT</type>
+						<filterType/>
+					</action>
+					<rawContext>0</rawContext>
+					<reserved/>
+					<filterId>208757</filterId>
+					<effectiveWeight>
+						<type>FWP_UINT64</type>
+						<uint64>412316868544</uint64>
+					</effectiveWeight>
+				</item>
 ```
 The capabilities field in a netEvent was added to the traces in the Windows 10
-May 2019 Update
+May 2019 Update.

From 4fc5bf0a7578056c563da078292ac7791fe903f8 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 13 Aug 2020 18:19:38 -0700
Subject: [PATCH 17/66] fixing H1s

---
 .../windows-firewall/troubleshooting-uwp-firewall.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index fd79a67511..1ea6cce448 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -39,9 +39,9 @@ filters ensures network isolation for UWP applications. Specifically, it guarant
 
 For more information on the filter arbitration algorithm and network isolation,
 see [Filter
-Arbitration](https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration)
+Arbitration](https://docs.microsoft.com/windows/win32/fwp/filter-arbitration)
 and
-[Isolation](https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation).
+[Isolation](https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation).
 
 The following sections cover debugging case examples for loopback and non-loopback UWP app network connectivity issues.
 
@@ -49,7 +49,7 @@ The following sections cover debugging case examples for loopback and non-loopba
 > As improvements to debugging and diagnostics in the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
 traces collected on previous releases of Windows.
 
-# Debugging UWP App Loopback scenarios
+## Debugging UWP App Loopback scenarios
 
 If you need to establis a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
 
@@ -68,9 +68,9 @@ You can ensure loopback is enabled by checking the appx manifests of both the se
 
 For more information about loopback scenarios, see [Communicating with
 localhost
-(loopback)](https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback)
+(loopback)](https://docs.microsoft.com/windows/iot-core/develop-your-app/loopback)
 
-# Debugging Live Drops
+## Debugging Live Drops
 
 If the issue happened recently, but you find you are not able to reproduce the issue, go to Debugging Past Drops for the appropriate trace commands.
 
@@ -996,7 +996,7 @@ on the device (MDM, Group Policy, etc) and make sure it includes the private tar
 	</effectiveWeight>
 </item>
 ```
-# Debugging Past Drops 
+## Debugging Past Drops 
 
 If you are debugging a network drop from the past or from a remote machine, you
 may have traces already collected from Feedback Hub, such as nettrace.etl and

From ee0509798aa1fd5162d5f1967ff8503fe3515d6f Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 12:32:45 -0700
Subject: [PATCH 18/66] update toc add back topics

---
 .../threat-protection/windows-firewall/TOC.md | 104 ++++++++++++------
 .../firewall-policy-design-example.md         |   4 +-
 ...wall-with-advanced-security-design-plan.md |   2 +-
 ...with-advanced-security-deployment-guide.md |  12 +-
 ...windows-firewall-with-advanced-security.md |  19 ++--
 5 files changed, 84 insertions(+), 57 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 7861f11250..038232e7da 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -1,38 +1,51 @@
 # [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
 
-## [Plan/Design]()
+## [Plan deployment]()
 
-### [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
+### [Design guide](windows-firewall-with-advanced-security-design-guide.md)
 
-### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
+### [Design process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 
-### [Deployment Goals]()
-#### [Identify deployment goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+### [Implementation goals]()
+#### [Identify implementation goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 #### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
 
-### [Deployment designs]()
-#### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
-#### [Basic Design](basic-firewall-policy-design.md)
-#### [Domain Isolation Design](domain-isolation-policy-design.md)
-#### [Server Isolation Design](server-isolation-policy-design.md)
-#### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
+### [Implementation designs]()
+#### [Mapping goals to a design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
-### [Design plans]()
-#### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
-#### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
-##### [Planning Domain Isolation Zones]()
-###### [Domain Isolation Zones](planning-domain-isolation-zones.md)
-###### [Exemption List](exemption-list.md)
-###### [Isolated Domain](isolated-domain.md)
-###### [Boundary Zone](boundary-zone.md)
-###### [Encryption Zone](encryption-zone.md)
+#### [Basic design](basic-firewall-policy-design.md)
+##### [Basic Design Example](firewall-policy-design-example.md)
 
-#### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
 
-#### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
+#### [Domain isolation design](domain-isolation-policy-design.md)
+##### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
+
+
+#### [Server isolation design](server-isolation-policy-design.md)
+##### [Server Isolation Design Example](server-isolation-policy-design-example.md)
+
+
+#### [Certificate-based isolation design](certificate-based-isolation-policy-design.md)
+##### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+
+### [Design planning]()
+#### [Planning your design](planning-your-windows-firewall-with-advanced-security-design.md)
+
+#### [Planning settings for a basic firewall policy](planning-settings-for-a-basic-firewall-policy.md)
+
+#### [Planning domain isolation zones]()
+##### [Domain isolation zones](planning-domain-isolation-zones.md)
+##### [Exemption list](exemption-list.md)
+##### [Isolated domain](isolated-domain.md)
+##### [Boundary zone](boundary-zone.md)
+##### [Encryption zone](encryption-zone.md)
+
+#### [Planning server isolation zones](planning-server-isolation-zones.md)
+
+#### [Planning certificate-based authentication](planning-certificate-based-authentication.md)
 ##### [Documenting the Zones](documenting-the-zones.md)
 
 ##### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
@@ -54,9 +67,31 @@
 ###### [Planning GPO Deployment](planning-gpo-deployment.md)
 
 
+### [Planning to deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
+
+
 ## [Deployment guide]()
-### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
-### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+### [Deployment overview](windows-firewall-with-advanced-security-deployment-guide.md)
+
+### [Implementing your plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+
+### [Basic firewall deployment]()
+#### [Checklist: Implementing a basic firewall policy design](checklist-implementing-a-basic-firewall-policy-design.md)
+
+
+
+### [Domain isolation deployment]()
+#### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+
+
+
+### [Server isolation deployment]()
+#### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
+
+
+
+### [Certificate-based authentication]()
+#### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
 
 
@@ -109,20 +144,19 @@
 
 ## [References]()
 ### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
-### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
-### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
 ### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
 ### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
-### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
-#### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
-#### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
-#### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
-### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-#### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
+
+
+### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
+### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
+### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
+### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+
+### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
 
-### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
 ### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
 
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index 5127569bc4..ef30c1a5cd 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -1,5 +1,5 @@
 ---
-title: Firewall Policy Design Example (Windows 10)
+title: Basic Firewall Policy Design Example (Windows 10)
 description: Firewall Policy Design Example
 ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7
 ms.reviewer: 
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Firewall Policy Design Example
+# Basic Firewall Policy Design Example
 
 **Applies to**
 -   Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index c56fd15494..841c88ae5d 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -48,7 +48,7 @@ Use the following parent checklists in this section of the guide to become famil
 
 -   [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
 
--   [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+-   [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
 
 -   [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index d91723c3d2..dbfd48ddf6 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -1,6 +1,6 @@
 ---
-title: Deploy Windows Defender Firewall with Advanced Security (Windows 10)
-description: Windows Defender Firewall with Advanced Security Deployment Guide
+title: Windows Defender Firewall with Advanced Security deployment overview (Windows 10)
+description: Windows Defender Firewall with Advanced Security deployment overview
 ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
 ms.reviewer: 
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Windows Defender Firewall with Advanced Security Deployment Guide
+# Windows Defender Firewall with Advanced Security deployment overview
 
 **Applies to**
 -   Windows 10
@@ -61,10 +61,4 @@ This guide does not provide:
 
 -   Guidance for setting up certification authorities (CAs) to create certificates for certificate-based authentication.
 
-## Overview of Windows Defender Firewall with Advanced Security
-
-Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot be authenticated as a trusted device cannot communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
-
-The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
-
 For more information about Windows Defender Firewall with Advanced Security, see [Windows Defender Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md).
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 3261e0545f..37d4d64de1 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -25,10 +25,17 @@ ms.custom: asr
 
 This is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
 
+## Overview of Windows Defender Firewall with Advanced Security
+
+Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot be authenticated as a trusted device cannot communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
+
+The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
+
+
+
 ## Feature description
 
-Windows Defender Firewall with Advanced Security
-is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy.
+Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy.
 
 ## Practical applications
 
@@ -41,12 +48,4 @@ To help address your organizational network security challenges, Windows Defende
 
 -   **Extends the value of existing investments.**  Because Windows Defender Firewall is a host-based firewall that is included with the operating system, there is no additional hardware or software required. Windows Defender Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
 
-## In this section
 
-| Topic | Description
-| - | - |
-| [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md) | You can customize your Windows Defender Firewall configuration to isolate the network access of Microsoft Store apps that run on devices. |
-| [Securing End-to-End IPsec Connections by Using IKEv2](securing-end-to-end-ipsec-connections-by-using-ikev2.md) | You can use IKEv2 to help secure your end-to-end IPSec connections. |
-| [Windows Defender Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) | Learn more about using Windows PowerShell to manage the Windows Defender Firewall. |
-| [Windows Defender Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md) | Learn how to create a design for deploying Windows Defender Firewall with Advanced Security. |
-| [Windows Defender Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) |  Learn how to deploy Windows Defender Firewall with Advanced Security. |

From 110213ea267937f0ee3c91008021d880f7a9123e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 12:59:10 -0700
Subject: [PATCH 19/66] add troubleshooting topic

---
 windows/security/threat-protection/windows-firewall/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 038232e7da..874e91f06d 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -163,7 +163,7 @@
 
 
 ## [Troubleshooting]()
-
+### [Troubleshooting UWP App Connectivity Issues in Windows Firewall](troubleshooting-uwp-firewall.md)
 
 
 

From 774963624d0ed22ce68bc332e8615c39ec7705c3 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 13:28:18 -0700
Subject: [PATCH 20/66] cleannnnnnn up

---
 .../threat-protection/windows-firewall/TOC.md | 98 +++++++++----------
 ...with-advanced-security-deployment-goals.md | 17 ++--
 ...t-devices-from-unwanted-network-traffic.md |  4 +-
 ...restrict-access-to-only-trusted-devices.md |  6 +-
 ...all-with-advanced-security-design-guide.md |  7 +-
 5 files changed, 65 insertions(+), 67 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 874e91f06d..e8109bbb5d 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -48,23 +48,23 @@
 #### [Planning certificate-based authentication](planning-certificate-based-authentication.md)
 ##### [Documenting the Zones](documenting-the-zones.md)
 
-##### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
-###### [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
-###### [Planning Network Access Groups](planning-network-access-groups.md)
+##### [Planning group policy deployment for your isolation zones](planning-group-policy-deployment-for-your-isolation-zones.md)
+###### [Planning isolation groups for the zones](planning-isolation-groups-for-the-zones.md)
+###### [Planning network access groups](planning-network-access-groups.md)
 
 ###### [Planning the GPOs](planning-the-gpos.md)
 ####### [Firewall GPOs](firewall-gpos.md)
 ######## [GPO_DOMISO_Firewall](gpo-domiso-firewall.md)
-####### [Isolated Domain GPOs](isolated-domain-gpos.md)
+####### [Isolated domain GPOs](isolated-domain-gpos.md)
 ######## [GPO_DOMISO_IsolatedDomain_Clients](gpo-domiso-isolateddomain-clients.md)
 ######## [GPO_DOMISO_IsolatedDomain_Servers](gpo-domiso-isolateddomain-servers.md)
-####### [Boundary Zone GPOs](boundary-zone-gpos.md)
+####### [Boundary zone GPOs](boundary-zone-gpos.md)
 ######## [GPO_DOMISO_Boundary](gpo-domiso-boundary.md)
-####### [Encryption Zone GPOs](encryption-zone-gpos.md)
+####### [Encryption zone GPOs](encryption-zone-gpos.md)
 ######## [GPO_DOMISO_Encryption](gpo-domiso-encryption.md)
-####### [Server Isolation GPOs](server-isolation-gpos.md)
+####### [Server isolation GPOs](server-isolation-gpos.md)
 
-###### [Planning GPO Deployment](planning-gpo-deployment.md)
+###### [Planning GPO deployment](planning-gpo-deployment.md)
 
 
 ### [Planning to deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
@@ -102,68 +102,68 @@
 
 
 ## [How-to]()
-### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
-### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
-### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
-### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
-### [Configure Authentication Methods](configure-authentication-methods.md)
-### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
-### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
-### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
-### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
-### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
-### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
-### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
-### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
+### [Add Production devices to the membership group for a zone](add-production-devices-to-the-membership-group-for-a-zone.md)
+### [Add test devices to the membership group for a zone](add-test-devices-to-the-membership-group-for-a-zone.md)
+### [Assign security group filters to the GPO](assign-security-group-filters-to-the-gpo.md)
+### [Change rules from request to require mode](Change-Rules-From-Request-To-Require-Mode.Md)
+### [Configure authentication methods](Configure-authentication-methods.md)
+### [Configure data protection (Quick Mode) settings](configure-data-protection-quick-mode-settings.md)
+### [Configure Group Policy to autoenroll and deploy certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+### [Configure key exchange (main mode) settings](configure-key-exchange-main-mode-settings.md)
+### [Configure the rules to require encryption](configure-the-rules-to-require-encryption.md)
+### [Configure the Windows Firewall log](configure-the-windows-firewall-log.md)
+### [Configure the workstation authentication certificate template](configure-the-workstation-authentication-certificate-template.md)
+### [Configure Windows Firewall to suppress notifications when a program is blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+### [Confirm that certificates are deployed correctly](confirm-that-certificates-are-deployed-correctly.md)
+### [Copy a GPO to create a new GPO](copy-a-gpo-to-create-a-new-gpo.md)
 ### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
 ### [Create a Group Policy Object](create-a-group-policy-object.md)
-### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
-### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
-### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
-### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
-### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
-### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
-### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
-### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
-### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
+### [Create an authentication exemption list rule](create-an-authentication-exemption-list-rule.md)
+### [Create an authentication request rule](create-an-authentication-request-rule.md)
+### [Create an inbound ICMP rule](create-an-inbound-icmp-rule.md)
+### [Create an inbound port rule](create-an-inbound-port-rule.md)
+### [Create an inbound program or service rule](create-an-inbound-program-or-service-rule.md)
+### [Create an outbound port rule](create-an-outbound-port-rule.md)
+### [Create an outbound program or service rule](create-an-outbound-program-or-service-rule.md)
+### [Create inbound rules to support RPC](create-inbound-rules-to-support-rpc.md)
+### [Create WMI filters for the GPO](create-wmi-filters-for-the-gpo.md)
 ### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
-### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
-### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
-### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
-### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
-### [Modify GPO Filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
-### [Open IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
+### [Enable predefined inbound rules](enable-predefined-inbound-rules.md)
+### [Enable predefined outbound rules](enable-predefined-outbound-rules.md)
+### [Exempt ICMP from authentication](exempt-icmp-from-authentication.md)
+### [Link the GPO to the domain](link-the-gpo-to-the-domain.md)
+### [Modify GPO filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+### [Open IP security policies](open-the-group-policy-management-console-to-ip-security-policies.md)
 ### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
 ### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
 ### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
-### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
+### [Restrict server access](restrict-server-access-to-members-of-a-group-only.md)
 ### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
 ### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
-### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+
 
 ## [References]()
-### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
-### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
+### [Checklist: Creating Group Policy objects](checklist-creating-group-policy-objects.md)
+### [Checklist: Creating inbound firewall rules](checklist-creating-inbound-firewall-rules.md)
 ### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
 ### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
 
 
-### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
-### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
-### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
-### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+### [Checklist: Configuring rules for the isolated domain](checklist-configuring-rules-for-the-isolated-domain.md)
+### [Checklist: Configuring rules for the boundary zone](checklist-configuring-rules-for-the-boundary-zone.md)
+### [Checklist: Configuring rules for the encryption zone](checklist-configuring-rules-for-the-encryption-zone.md)
+### [Checklist: Configuring rules for an isolated server zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
 
-### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+### [Checklist: Configuring rules for servers in a standalone isolated server zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+### [Checklist: Creating rules for clients of a standalone isolated server zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
 
 
-### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+### [Appendix A: Sample GPO template files for settings used in this guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
 
 
 
 ## [Troubleshooting]()
-### [Troubleshooting UWP App Connectivity Issues in Windows Firewall](troubleshooting-uwp-firewall.md)
+### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md)
 
 
 
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 5e3a16c452..96725d8ff3 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -1,6 +1,6 @@
 ---
-title: Identify Goals for your WFAS Deployment (Windows 10)
-description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) Deployment Goals
+title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows 10)
+description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) implementation goals
 ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba
 ms.reviewer: 
 ms.author: dansimp
@@ -17,22 +17,21 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals
-
+# Identifying Windows Defender Firewall with Advanced Security implementation goals 
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 
-Correctly identifying your Windows Defender Firewall with Advanced Security deployment goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your deployment goals. Prioritize and, if possible, combine your deployment goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall deployment goals presented in this guide that are relevant to your scenarios.
+Correctly identifying your Windows Defender Firewall with Advanced Security implementation goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your implementation goals. Prioritize and, if possible, combine your implementation goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall implementation goals presented in this guide that are relevant to your scenarios.
 
-The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Defender Firewall deployment goals:
+The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Defender Firewall implementation goals:
 
 
 |                                                                                            Deployment goal tasks                                                                                             |                                                                                                                                                                                                                                                                  Reference links                                                                                                                                                                                                                                                                   |
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Evaluate predefined Windows Defender Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined deployment goals:  <p><ul><li>[Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)</li><p><li>[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)</li> <p><li>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</li> <p><li>[Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)</li></ul> |
-|                                   Map one goal or a combination of the predefined deployment goals to an existing Windows Defender Firewall with Advanced Security design.                                   |                                                                                                                                                                        <ul><li>[Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                                                                        |
-|                 Based on the status of your current infrastructure, document your deployment goals for your Windows Defender Firewall with Advanced Security design into a deployment plan.                  |                                                                                                                              <ul><li>[Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)</li> <p><li>[Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                              |
+| Evaluate predefined Windows Defender Firewall with Advanced Security implementation goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined implementation goals:  <p><ul><li>[Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)</li><p><li>[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)</li> <p><li>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</li> <p><li>[Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)</li></ul> |
+|                                   Map one goal or a combination of the predefined implementation goals to an existing Windows Defender Firewall with Advanced Security design.                                   |                                                                                                                                                                        <ul><li>[Mapping Your implementation goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                                                                        |
+|                 Based on the status of your current infrastructure, document your implementation goals for your Windows Defender Firewall with Advanced Security design into a deployment plan.                  |                                                                                                                              <ul><li>[Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)</li> <p><li>[Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                              |
 
 <br />
 
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index a3ca3c4b6e..76364690ae 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -1,5 +1,5 @@
 ---
-title: Protect Devices from Unwanted Network Traffic (Windows 10)
+title: Protect devices from unwanted network traffic (Windows 10)
 description: Protect Devices from Unwanted Network Traffic
 ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
 ms.reviewer: 
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 04/19/2017
 ---
 
-# Protect Devices from Unwanted Network Traffic
+# Protect devices from unwanted network traffic 
 
 **Applies to**
 -   Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index cbdd8e51d9..56b9898e53 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,6 +1,6 @@
 ---
-title: Restrict Access to Only Trusted Devices (Windows 10)
-description: Restrict Access to Only Trusted Devices
+title: Restrict access to only trusted devices (Windows 10)
+description: estrict access to only trusted devices
 ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
 ms.reviewer: 
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Restrict Access to Only Trusted Devices
+# Restrict access to only trusted devices
 
 **Applies to**
 -   Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 70c8912478..0cda980c2c 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10)
-description: Windows Defender Firewall with Advanced Security Design Guide
+title: Windows Defender Firewall with Advanced Security design guide (Windows 10)
+description: Windows Defender Firewall with Advanced Security design guide
 ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
 ms.reviewer: 
 ms.author: dansimp
@@ -17,8 +17,7 @@ ms.topic: conceptual
 ms.date: 10/05/2017
 ---
 
-# Windows Defender Firewall with Advanced Security
-Design Guide
+# Windows Defender Firewall with Advanced Security design guide
 
 **Applies to**
 -   Windows 10

From d3f75c7897da0ed2e7e2892dc073c42e5fb71e2c Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 13:46:54 -0700
Subject: [PATCH 21/66] more clean up

---
 .../threat-protection/windows-firewall/TOC.md | 22 +++++++++----------
 ...rtificate-based-isolation-policy-design.md |  6 ++---
 ...rtificate-based-isolation-policy-design.md |  2 +-
 ...enting-a-domain-isolation-policy-design.md |  2 +-
 ...andalone-server-isolation-policy-design.md |  2 +-
 .../domain-isolation-policy-design.md         |  2 +-
 ...-firewall-with-advanced-security-design.md | 10 ++++-----
 .../server-isolation-policy-design.md         |  2 +-
 ...l-with-advanced-security-design-process.md |  7 +++---
 ...all-with-advanced-security-design-guide.md |  7 +++---
 10 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index e8109bbb5d..e5edff503e 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -8,28 +8,28 @@
 
 ### [Implementation goals]()
 #### [Identify implementation goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-#### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
-#### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
-#### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
-#### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
+#### [Protect devices from unwanted network traffic](protect-devices-from-unwanted-network-traffic.md)
+#### [Restrict access to only trusted devices](restrict-access-to-only-trusted-devices.md)
+#### [Require encryption](require-encryption-when-accessing-sensitive-network-resources.md)
+#### [Restrict access](restrict-access-to-only-specified-users-or-devices.md)
 
 ### [Implementation designs]()
 #### [Mapping goals to a design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
-#### [Basic design](basic-firewall-policy-design.md)
-##### [Basic Design Example](firewall-policy-design-example.md)
+#### [Basic firewall design](basic-firewall-policy-design.md)
+##### [Basic firewall design example](firewall-policy-design-example.md)
 
 
 #### [Domain isolation design](domain-isolation-policy-design.md)
-##### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
+##### [Domain isolation design example](domain-isolation-policy-design-example.md)
 
 
 #### [Server isolation design](server-isolation-policy-design.md)
-##### [Server Isolation Design Example](server-isolation-policy-design-example.md)
+##### [Server Isolation design example](server-isolation-policy-design-example.md)
 
 
 #### [Certificate-based isolation design](certificate-based-isolation-policy-design.md)
-##### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+##### [Certificate-based Isolation design example](certificate-based-isolation-policy-design-example.md)
 
 ### [Design planning]()
 #### [Planning your design](planning-your-windows-firewall-with-advanced-security-design.md)
@@ -145,8 +145,8 @@
 ## [References]()
 ### [Checklist: Creating Group Policy objects](checklist-creating-group-policy-objects.md)
 ### [Checklist: Creating inbound firewall rules](checklist-creating-inbound-firewall-rules.md)
-### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
-### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
+### [Checklist: Creating outbound firewall rules](checklist-creating-outbound-firewall-rules.md)
+### [Checklist: Configuring basic firewall settings](checklist-configuring-basic-firewall-settings.md)
 
 
 ### [Checklist: Configuring rules for the isolated domain](checklist-configuring-rules-for-the-isolated-domain.md)
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index 71775ab476..38ec0654bb 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Certificate-based Isolation Policy Design
+# Certificate-based isolation policy design
 
 **Applies to**
 -   Windows 10
@@ -35,7 +35,7 @@ For Windows devices that are part of an Active Directory domain, you can use Gro
 
 For more info about this design:
 
--   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md).
 
@@ -45,4 +45,4 @@ For more info about this design:
 
 -   For a list of tasks that you can use to deploy your certificate-based policy design, see [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md).
 
-**Next:** [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
+
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 4d6b02ef58..573b76aa96 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -31,7 +31,7 @@ This parent checklist includes cross-reference links to important concepts about
 
 | Task | Reference |
 | - | - |
-| Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)<br/>[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)<br/>[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
+| Review important concepts and examples for certificate-based authentication to determine if this design meets your implementation goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)<br/>[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)<br/>[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
 | Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| |
 | Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)| 
 | Configure Group Policy to automatically deploy certificates based on your template to workstation devices. | [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)| 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index 139618cb53..d946ecab9e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -33,7 +33,7 @@ The procedures in this section use the Group Policy MMC snap-ins to configure th
 
 | Task | Reference |
 | - | - |
-| Review important concepts and examples for the domain isolation policy design, determine your Windows Defender Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Domain Isolation Policy Design](domain-isolation-policy-design.md)<br/>[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)<br/>[Planning Domain Isolation Zones](planning-domain-isolation-zones.md) |
+| Review important concepts and examples for the domain isolation policy design, determine your Windows Defender Firewall with Advanced Security implementation goals, and customize this design to meet the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Domain Isolation Policy Design](domain-isolation-policy-design.md)<br/>[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)<br/>[Planning Domain Isolation Zones](planning-domain-isolation-zones.md) |
 | Create the GPOs and connection security rules for the isolated domain.| [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)| 
 | Create the GPOs and connection security rules for the boundary zone.| [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)| 
 | Create the GPOs and connection security rules for the encryption zone.| [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)| 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 05aad0007e..2ed1fd1e5e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -33,7 +33,7 @@ This parent checklist includes cross-reference links to important concepts about
 
 | Task | Reference |
 | - | - |
-| Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Server Isolation Policy Design](server-isolation-policy-design.md)<br/>[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)<br/>[Planning Server Isolation Zones](planning-server-isolation-zones.md) |
+| Review important concepts and examples for the server isolation policy design to determine if this design meets your implementation goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Server Isolation Policy Design](server-isolation-policy-design.md)<br/>[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)<br/>[Planning Server Isolation Zones](planning-server-isolation-zones.md) |
 | Create the GPOs and connection security rules for isolated servers.| [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)| 
 | Create the GPOs and connection security rules for the client devices that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)| 
 | Verify that the connection security rules are protecting network traffic on your test devices. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index 948932fb53..b618fe6d2d 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -59,7 +59,7 @@ In order to expand the isolated domain to include Devices that cannot be part of
 
 For more info about this design:
 
--   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 9c73c224b9..6f6cd2d1a1 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -1,6 +1,6 @@
 ---
-title: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design (Windows 10)
-description: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows 10)
+description:  Mapping your implementation goals to a Windows Firewall with Advanced Security design
 ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22
 ms.reviewer: 
 ms.author: dansimp
@@ -17,17 +17,17 @@ ms.topic: conceptual
 ms.date: 04/19/2017
 ---
 
-# Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+#  Mapping your implementation goals to a Windows Firewall with Advanced Security design
 
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 
-After you finish reviewing the existing Windows Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
+After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
 
 >**Important:**  The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
 
-Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security deployment goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security deployment goals to meet the needs of your organization.
+Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security implementation goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security implementation goals to meet the needs of your organization.
 
 | Deployment Goals | Basic Firewall Policy Design | Domain Isolation Policy Design | Server Isolation Policy Design | Certificate-based Isolation Policy Design |
 | - |- | - | - | - |
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 1eeea3dc76..23a6808219 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -49,7 +49,7 @@ This design can be applied to devices that are part of an Active Directory fores
 
 For more info about this design:
 
--   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 26796b6814..0449d6b01f 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -20,13 +20,12 @@ ms.author: dansimp
 
 Designing any deployment starts by performing several important tasks:
 
--   [Identifying Your Windows Defender Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+-   [Identifying your windows defender firewall with advanced security design goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 
--   [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+-   [Mapping your implementation goals to a Windows Defender Firewall with Advanced Security design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
--   [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
 
-After you identify your deployment goals and map them to a Windows Defender Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
+After you identify your implementation goals and map them to a Windows Defender Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
 
 -   [Designing A Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 0cda980c2c..58bc8e79a9 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -39,7 +39,7 @@ Windows Defender Firewall should be part of a comprehensive security solution th
 
 To successfully use this guide, you need a good understanding of both the capabilities provided by Windows Defender Firewall, and how to deliver configuration settings to your managed devices by using Group Policy in Active Directory.
 
-You can use the deployment goals to form one of these Windows Defender Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
+You can use the implementation goals to form one of these Windows Defender Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
 
 -   **Basic firewall policy design**. Restricts network traffic in and out of your devices to only that which is needed and authorized.
 
@@ -67,9 +67,8 @@ Deployment Guide at these locations:
 | Topic | Description
 | - | - |
 | [Understanding the Windows Defender Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md) | Learn how to get started with the Windows Defender Firewall with Advanced Security design process. |
-| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) | Learn how to identify your Windows Defender Firewall with Advanced Security deployment goals. |
-| [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) | After you finish reviewing the existing Windows Defender Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Defender Firewall with Advanced Security design. |
-| [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) | Learn how to use Windows Defender Firewall to improve the security of the computers connected to the network. |
+| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) | Learn how to identify your Windows Defender Firewall with Advanced Security implementation goals. |
+| [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) | After you finish reviewing the existing Windows Defender Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Defender Firewall with Advanced Security design. |
 | [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) | To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. |
 | [Planning Your Windows Defender Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) | After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs. |
 | [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) | You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC). |

From 0813a2dd0179ebd2da84f4ed8a409e8ab5773354 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 21:15:21 -0700
Subject: [PATCH 22/66] Updated short descriptions for SEO improvement

---
 windows/client-management/mdm/cm-proxyentries-csp.md        | 2 +-
 windows/client-management/mdm/customdeviceui-csp.md         | 2 +-
 windows/client-management/mdm/customdeviceui-ddf.md         | 2 +-
 windows/client-management/mdm/defender-csp.md               | 2 +-
 windows/client-management/mdm/defender-ddf.md               | 2 +-
 windows/client-management/mdm/devdetail-csp.md              | 2 +-
 windows/client-management/mdm/devdetail-ddf-file.md         | 2 +-
 windows/client-management/mdm/deviceinstanceservice-csp.md  | 2 +-
 windows/client-management/mdm/devicelock-csp.md             | 2 +-
 windows/client-management/mdm/devicelock-ddf-file.md        | 2 +-
 windows/client-management/mdm/devinfo-ddf-file.md           | 2 +-
 windows/client-management/mdm/diagnosticlog-csp.md          | 2 +-
 windows/client-management/mdm/diagnosticlog-ddf.md          | 2 +-
 windows/client-management/mdm/dmacc-csp.md                  | 2 +-
 windows/client-management/mdm/dmacc-ddf-file.md             | 2 +-
 windows/client-management/mdm/dmclient-ddf-file.md          | 2 +-
 windows/client-management/mdm/dmprocessconfigxmlfiltered.md | 2 +-
 windows/client-management/mdm/dmsessionactions-csp.md       | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md
index 828700b85a..816b5c188b 100644
--- a/windows/client-management/mdm/cm-proxyentries-csp.md
+++ b/windows/client-management/mdm/cm-proxyentries-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CM\_ProxyEntries CSP
-description: Configure proxy connections on mobile devices using CM\_ProxyEntries CSP.
+description: Learn how the CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device.
 ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 05add93e6a..17b165ed51 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CustomDeviceUI CSP
-description: CustomDeviceUI CSP
+description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
 ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 12b590ef8c..7623b155f2 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: CustomDeviceUI DDF
-description: CustomDeviceUI DDF
+description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
 ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index cb96fa1fb1..da9959c0a2 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Defender CSP
-description: See how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
+description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
 ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 508d2f5d0d..a63f4dec92 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: Defender DDF file
-description: See how the OMA DM device description framework (DDF) for the **Defender** configuration service provider is used.
+description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
 ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 285d96ddf8..11ab51bf9e 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DevDetail CSP
-description: DevDetail CSP
+description: Learn how the DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server.
 ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 0ab07220b6..25be11c21b 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DevDetail DDF file
-description: DevDetail DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
 ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
index 09d6af05e4..d7b8e34afb 100644
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ b/windows/client-management/mdm/deviceinstanceservice-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceInstanceService CSP
-description: DeviceInstanceService CSP
+description: Learn how the he DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
 ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 246408076e..cef65071ec 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceLock CSP
-description: DeviceLock CSP
+description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
 ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index 545ebcdb9b..eb63ef11fe 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceLock DDF file
-description: DeviceLock DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
 ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index b81a21b82e..aec2b4cc91 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DevInfo DDF file
-description: DevInfo DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
 ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 2f00912ad8..2c49067d90 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DiagnosticLog CSP
-description: DiagnosticLog CSP
+description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
 ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 8bedac1205..f635ed44c6 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: DiagnosticLog DDF
-description: DiagnosticLog DDF
+description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
 ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index aa61f9d50b..4a45bf4eb2 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DMAcc CSP
-description: DMAcc CSP
+description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
 ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 232f5672cd..b10dcad38a 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DMAcc DDF file
-description: DMAcc DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
 ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 44ff431b60..c5ba87da90 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DMClient DDF file
-description: DMClient DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
 ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 2e1b590d91..b9ed5780d0 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -1,6 +1,6 @@
 ---
 title: DMProcessConfigXMLFiltered function
-description: Configures phone settings by using OMA Client Provisioning XML.
+description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML.
 Search.Refinement.TopicID: 184
 ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F
 ms.reviewer: 
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index b395c7c3ba..65aeb1a961 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DMSessionActions CSP
-description: DMSessionActions CSP
+description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low power state.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From c80831853eb10c32e2a398ff68dc709a653b2da2 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 21:35:31 -0700
Subject: [PATCH 23/66] Updated short descriptions for SEO improvement

---
 windows/client-management/mdm/dmsessionactions-ddf.md  | 2 +-
 windows/client-management/mdm/dynamicmanagement-csp.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index aef1210842..61b4b4754a 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: DMSessionActions DDF file
-description: DMSessionActions DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index e7d55aedc0..b6fe50d931 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DynamicManagement CSP
-description: DynamicManagement CSP
+description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From feee20e4a08b8023437b6a2fe1988997e16520de Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 23:07:55 -0700
Subject: [PATCH 24/66] Updated short descriptions for SEO improvement

---
 windows/client-management/mdm/dynamicmanagement-ddf.md          | 2 +-
 windows/client-management/mdm/email2-csp.md                     | 2 +-
 windows/client-management/mdm/email2-ddf-file.md                | 2 +-
 .../client-management/mdm/enable-admx-backed-policies-in-mdm.md | 2 +-
 ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +-
 .../client-management/mdm/enrollmentstatustracking-csp-ddf.md   | 2 +-
 windows/client-management/mdm/enterpriseapn-ddf.md              | 2 +-
 windows/client-management/mdm/enterpriseappvmanagement-csp.md   | 2 +-
 windows/client-management/mdm/enterpriseappvmanagement-ddf.md   | 2 +-
 windows/client-management/mdm/enterpriseassignedaccess-csp.md   | 2 +-
 windows/client-management/mdm/enterpriseext-csp.md              | 2 +-
 windows/client-management/mdm/enterpriseext-ddf.md              | 2 +-
 windows/client-management/mdm/enterpriseextfilesystem-ddf.md    | 2 +-
 .../client-management/mdm/enterprisemodernappmanagement-csp.md  | 2 +-
 .../client-management/mdm/enterprisemodernappmanagement-ddf.md  | 2 +-
 .../client-management/mdm/enterprisemodernappmanagement-xsd.md  | 2 +-
 windows/client-management/mdm/esim-enterprise-management.md     | 2 +-
 windows/client-management/mdm/euiccs-csp.md                     | 2 +-
 windows/client-management/mdm/euiccs-ddf-file.md                | 2 +-
 windows/client-management/mdm/filesystem-csp.md                 | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 3439bf646a..2690fa4e23 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: DynamicManagement DDF file
-description: DynamicManagement DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
 ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index ddb14a8d3f..844fc1be39 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EMAIL2 CSP
-description: EMAIL2 CSP
+description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
 ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index f24a64e3e3..4f11b5b64d 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: EMAIL2 DDF file
-description: EMAIL2 DDF file
+description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
 ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 1f420a71c4..805f9ee481 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -1,6 +1,6 @@
 ---
 title: Enable ADMX-backed policies in MDM
-description: Use this is a step-by-step guide to configuring ADMX-backed policies in MDM.
+description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX-backed policies) in Mobile Device Management (MDM).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index f45e20d377..349687ed6c 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,6 +1,6 @@
 ---
 title: Enroll a Windows 10 device automatically using Group Policy
-description: Enroll a Windows 10 device automatically using Group Policy
+description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index e70eed0ce5..98739efcb1 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnrollmentStatusTracking DDF
-description: View the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 319356f336..5e7af9b60d 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAPN DDF
-description: EnterpriseAPN DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
 ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 22445122ec..272f60f44f 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAppVManagement CSP
-description: Examine the tree format for EnterpriseAppVManagement configuration service provider (CSP) to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions). 
+description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions). 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 626981e0ff..8cf951cf55 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAppVManagement DDF file
-description: EnterpriseAppVManagement DDF file
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
index 2df97c9bf4..45d11904d5 100644
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAssignedAccess CSP
-description: Use the EnterpriseAssignedAccess CSP to configure custom layouts on a device. 
+description: Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device. 
 ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md
index 782bc735ed..24cadf3270 100644
--- a/windows/client-management/mdm/enterpriseext-csp.md
+++ b/windows/client-management/mdm/enterpriseext-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseExt CSP
-description: EnterpriseExt CSP
+description: Learn how the EnterpriseExt CSP allows OEMs to set their own unique ID for their devices, set display brightness values, and set the LED behavior.
 ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md
index e30ceeb37f..4b3d4b0afd 100644
--- a/windows/client-management/mdm/enterpriseext-ddf.md
+++ b/windows/client-management/mdm/enterpriseext-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseExt DDF
-description: EnterpriseExt DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExt configuration service provider (CSP).
 ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
index 997493aee9..7efb54af20 100644
--- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
+++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseExtFileSystem DDF
-description: EnterpriseExtFileSystem DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExtFileSystem configuration service provider (CSP).
 ms.assetid: 2D292E4B-15EE-4AEB-8884-6FEE8B92D2D1
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 5384ce0168..77b6e72ff9 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseModernAppManagement CSP
-description: EnterpriseModernAppManagement CSP
+description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
 ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index aa2cdb680b..237000b2f0 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseModernAppManagement DDF
-description: EnterpriseModernAppManagement DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
 ms.assetid: 
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index f7544b10a4..f8b15504cc 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseModernAppManagement XSD
-description: Use the EnterpriseModernAppManagement XSD for set application parameters.
+description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
 ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 9251f6a755..79545b45cc 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -1,6 +1,6 @@
 ---
 title: eSIM Enterprise Management
-description: Managing eSIM devices in an enterprise
+description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
 keywords: eSIM enterprise management
 ms.prod: w10
 ms.mktglfcycl:
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 43626310a0..1f42e3e43d 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -1,6 +1,6 @@
 ---
 title: eUICCs CSP
-description: eUICCs CSP
+description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 3f3e71df8d..38bb8e5f6f 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: eUICCs DDF file
-description: eUICCs DDF file
+description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
 ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
index 653b03b527..9bad3fe712 100644
--- a/windows/client-management/mdm/filesystem-csp.md
+++ b/windows/client-management/mdm/filesystem-csp.md
@@ -1,6 +1,6 @@
 ---
 title: FileSystem CSP
-description: FileSystem CSP
+description: Learn how the FileSystem CSP is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device.
 ms.assetid: 9117ee16-ca7a-4efa-9270-c9ac8547e541
 ms.reviewer: 
 manager: dansimp

From 997d2746a6b57db50732abf4e72e6fa1f6b93944 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 23:19:55 -0700
Subject: [PATCH 25/66] Update deviceinstanceservice-csp.md

---
 windows/client-management/mdm/deviceinstanceservice-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
index d7b8e34afb..f24564545c 100644
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ b/windows/client-management/mdm/deviceinstanceservice-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceInstanceService CSP
-description: Learn how the he DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
+description: Learn how the DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
 ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
 ms.reviewer: 
 manager: dansimp

From bc3408a7774262f169d56d9b7f384bd4b4f73f73 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 20:59:48 -0700
Subject: [PATCH 26/66] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/healthattestation-csp.md          | 2 +-
 windows/client-management/mdm/healthattestation-ddf.md          | 2 +-
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md  | 2 +-
 windows/client-management/mdm/messaging-csp.md                  | 2 +-
 windows/client-management/mdm/multisim-csp.md                   | 2 +-
 windows/client-management/mdm/nap-csp.md                        | 2 +-
 windows/client-management/mdm/napdef-csp.md                     | 2 +-
 windows/client-management/mdm/networkproxy-csp.md               | 2 +-
 windows/client-management/mdm/networkqospolicy-ddf.md           | 2 +-
 windows/client-management/mdm/nodecache-ddf-file.md             | 2 +-
 windows/client-management/mdm/personalization-ddf.md            | 2 +-
 .../mdm/policy-configuration-service-provider.md                | 2 +-
 windows/client-management/mdm/policy-csp-abovelock.md           | 2 +-
 windows/client-management/mdm/policy-csp-accounts.md            | 2 +-
 windows/client-management/mdm/policy-csp-activexcontrols.md     | 2 +-
 windows/client-management/mdm/policy-csp-applicationdefaults.md | 2 +-
 .../client-management/mdm/policy-csp-applicationmanagement.md   | 2 +-
 windows/client-management/mdm/policy-csp-appruntime.md          | 2 +-
 windows/client-management/mdm/policy-csp-appvirtualization.md   | 2 +-
 windows/client-management/mdm/policy-csp-attachmentmanager.md   | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index e24210c9e0..0124df555f 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Device HealthAttestation CSP
-description: Device HealthAttestation CSP
+description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
 ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 21934f6452..d7209b1cf2 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: HealthAttestation DDF
-description: HealthAttestation DDF
+description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
 ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 7b8e606d40..1c9ca9aba5 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -1,6 +1,6 @@
 ---
 title: MDM enrollment of Windows 10-based devices
-description: MDM enrollment of Windows 10-based devices
+description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organization’s resources.
 MS-HAID:
 - 'p\_phdevicemgmt.enrollment\_ui'
 - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md
index cc739605f3..e9383e871f 100644
--- a/windows/client-management/mdm/messaging-csp.md
+++ b/windows/client-management/mdm/messaging-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Messaging CSP
-description: Use the Messaging CSP to configure the ability to get text messages audited on a mobile device.
+description: Use the Messaging configuration service provider (CSP) to configure the ability to get text messages audited on a mobile device.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index 7d719b40aa..3597ffa5fe 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -1,6 +1,6 @@
 ---
 title: MultiSIM CSP
-description: MultiSIM CSP allows the enterprise to manage devices with dual SIM single active configuration.
+description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index c4dbd6410a..dcaef76767 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -1,6 +1,6 @@
 ---
 title: NAP CSP
-description: NAP CSP
+description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections.
 ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index 80a87e53d1..1b5f5ecdd4 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -1,6 +1,6 @@
 ---
 title: NAPDEF CSP
-description: NAPDEF CSP
+description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs).
 ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index c82e246263..43aff61d37 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -1,6 +1,6 @@
 ---
 title: NetworkProxy CSP
-description: NetworkProxy CSP
+description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 7535a3ce20..c2d3ea4a5e 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: NetworkQoSPolicy DDF
-description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML
+description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.assetid:
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 7d58ebbea3..06a74f2979 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: NodeCache DDF file
-description: NodeCache DDF file
+description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP).
 ms.assetid: d7605098-12aa-4423-89ae-59624fa31236
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index eef4903c8c..5a9ac5cc69 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: Personalization DDF file
-description: Learn how to set the OMA DM device description framework (DDF) for the **Personalization** configuration service provider. 
+description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP). 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 5e23762281..d7f6716dcc 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP
-description: Policy CSP
+description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10.
 ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index ebc28b415c..23c1bb8142 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AboveLock
-description: Learn the various AboveLock Policy CSP for Windows editions of Home, Pro, Business, and more. 
+description: Learn the various AboveLock Policy configuration service provider (CSP) for Windows editions of Home, Pro, Business, and more. 
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index fad4a74ad7..4367ed3ed6 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Accounts
-description: Policy CSP - Accounts
+description: Learn about the Policy configuration service provider (CSP). This articles describes account policies. 
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 9c2b674cee..d760021b1e 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ActiveXControls
-description: Learn the ins and outs of various Policy CSP - ActiveXControls settings, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service provider (CSP) - ActiveXControls settings, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index ccc641c6a3..eb4a7086d1 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ApplicationDefaults
-description: Policy CSP - ApplicationDefaults
+description: Learn about various Policy configuration service provider (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 6b55aa34e3..1f128f9b64 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ApplicationManagement
-description: Policy CSP - ApplicationManagement
+description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 6e15e10e88..2a224f8bfe 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AppRuntime
-description: Control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.Policy CSP - AppRuntime.
+description: Learn how the Policy CSP - AppRuntime setting controls whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 29788ea127..63cdb4036d 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AppVirtualization
-description: Policy CSP - AppVirtualization
+description: Learn how the Policy CSP - AppVirtualization setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index cb2130e778..cf8e105de8 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AttachmentManager
-description: Manage Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local).
+description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, Internet, intranet, local.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From d21e60247429dd067d8812fa00b9df9f315e1178 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 21:14:51 -0700
Subject: [PATCH 27/66] Update policy-csp-attachmentmanager.md

---
 windows/client-management/mdm/policy-csp-attachmentmanager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index cf8e105de8..e808f11e13 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AttachmentManager
-description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, Internet, intranet, local.
+description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 286b8fa706326ed5598e5d5ce0e5b7190768f5bb Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 22:39:27 -0700
Subject: [PATCH 28/66] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/policy-csp-audit.md               | 2 +-
 windows/client-management/mdm/policy-csp-authentication.md      | 2 +-
 windows/client-management/mdm/policy-csp-autoplay.md            | 2 +-
 windows/client-management/mdm/policy-csp-bluetooth.md           | 2 +-
 windows/client-management/mdm/policy-csp-browser.md             | 2 +-
 windows/client-management/mdm/policy-csp-camera.md              | 2 +-
 windows/client-management/mdm/policy-csp-cellular.md            | 2 +-
 windows/client-management/mdm/policy-csp-connectivity.md        | 2 +-
 .../client-management/mdm/policy-csp-controlpolicyconflict.md   | 2 +-
 windows/client-management/mdm/policy-csp-credentialproviders.md | 2 +-
 .../client-management/mdm/policy-csp-credentialsdelegation.md   | 2 +-
 windows/client-management/mdm/policy-csp-credentialsui.md       | 2 +-
 windows/client-management/mdm/policy-csp-cryptography.md        | 2 +-
 windows/client-management/mdm/policy-csp-dataprotection.md      | 2 +-
 windows/client-management/mdm/policy-csp-datausage.md           | 2 +-
 windows/client-management/mdm/policy-csp-defender.md            | 2 +-
 .../client-management/mdm/policy-csp-deliveryoptimization.md    | 2 +-
 windows/client-management/mdm/policy-csp-desktop.md             | 2 +-
 windows/client-management/mdm/policy-csp-deviceguard.md         | 2 +-
 .../client-management/mdm/policy-csp-devicehealthmonitoring.md  | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index ffd4519182..7d0997f275 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Audit
-description: Policy CSP - Audit
+description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't log on to a computer because the account is locked out.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 96f9787790..51f56ffbbb 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Authentication
-description: Policy CSP - Authentication
+description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign in screen.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 36a05de8df..15b769497e 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Autoplay
-description: Policy CSP - Autoplay
+description: Learn how the Policy CSP - Autoplay setting disallows AutoPlay for MTP devices like cameras or phones.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 28123a7dc0..6426fba5e8 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Bluetooth
-description: Policy CSP - Bluetooth
+description: Learn how the Policy CSP - Bluetooth setting specifies whether the device can send out Bluetooth advertisements.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 206e99f3db..d2c9190e0b 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Browser
-description: Learn how to set the Policy CSP - Browser settings for Microsoft Edge, version 45 and earlier.
+description: Learn how to use the Policy CSP - Browser settings so you can configure Microsoft Edge browser, version 45 and earlier.
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 0def6900f0..93e5c5d6cf 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Camera
-description: Policy CSP - Camera
+description: Learn how to use the Policy CSP - Camera setting so that you can configure it to disable or enable the camera.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 3d156b1c89..ccd0ab26c1 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Cellular
-description: Policy CSP - Cellular
+description: Learn how to use the Policy CSP - Cellular setting so you can specify whether Windows apps can access cellular data.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index ee83ad3d00..503ee130bc 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Connectivity
-description: Policy CSP - Connectivity
+description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index a822c7a831..9a867b0778 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ControlPolicyConflict
-description: Policy CSP - ControlPolicyConflict
+description: Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 425fcf361a..89e4817ce7 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - CredentialProviders
-description: Learn the policy CSP for credential provider  set up, sign in, PIN requests and so on. 
+description: Learn how to use the policy CSP for credential provider so you can control whether a domain user can sign in using a convenience PIN.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index c8416c3bb9..71447f45ab 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - CredentialsDelegation
-description: Policy CSP - CredentialsDelegation
+description: Learn how to use the Policy CSP - CredentialsDelegation setting so that remote host can allow delegation of non-exportable credentials.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 349800035d..5ccf34a12e 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - CredentialsUI
-description: Policy CSP - CredentialsUI
+description: Learn how to use the Policy CSP - CredentialsUI setting to configure the display of the password reveal button in password entry user experiences.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 55ceb74581..b141d4387b 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Cryptography
-description: Policy CSP - Cryptography
+description: Learn how to use the Policy CSP - Cryptography setting to allow or disallow the Federal Information Processing Standard (FIPS) policy.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 4c71a876a5..9da8c6ce2c 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DataProtection
-description: Policy CSP - DataProtection
+description: Use the Policy CSP - DataProtection setting to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 28f919ead9..cb540b3415 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DataUsage
-description: Policy CSP - DataUsage
+description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index c2fb83fe51..79fe896cdf 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Defender
-description: Policy CSP - Defender
+description: Learn how to use the Policy CSP - Defender setting so you can allow or disallow scanning of archives.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index bdf3985bb6..4061074c76 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeliveryOptimization
-description: Policy CSP - DeliveryOptimization
+description: Learn how to use the Policy CSP - DeliveryOptimization setting to configure one or more Microsoft Connected Cache servers to be used by Delivery Optimization.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 0ade992a1d..dfbed26745 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Desktop
-description: Policy CSP - Desktop
+description: Learn how to use the Policy CSP - Desktop setting to prevent users from changing the path to their profile folders.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 163655f59f..842a8a3eff 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeviceGuard
-description: Policy CSP - DeviceGuard
+description: Learn how to use the Policy CSP - DeviceGuard policy to allow the IT admin to configure the launch of System Guard.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 8277ae0425..60d4832fae 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeviceHealthMonitoring
-description: Learn which DeviceHealthMonitoring policies are supported for your edition of Windows.
+description: Learn how the Policy CSP - DeviceHealthMonitoring setting is used as an opt-in health monitoring connection between the device and Microsoft.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 6f599b8d6f8d371c58c1d5a0a26bf971f94f7d90 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 22:42:11 -0700
Subject: [PATCH 29/66] Update policy-csp-deviceguard.md

---
 windows/client-management/mdm/policy-csp-deviceguard.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 842a8a3eff..9512ffde73 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeviceGuard
-description: Learn how to use the Policy CSP - DeviceGuard policy to allow the IT admin to configure the launch of System Guard.
+description: Learn how to use the Policy CSP - DeviceGuard setting to allow the IT admin to configure the launch of System Guard.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 44bbb3d9e0004ee0a026b98f25e333b55191fe96 Mon Sep 17 00:00:00 2001
From: Kelly Baker <v-kbaker@microsoft.com>
Date: Mon, 17 Aug 2020 10:29:10 -0700
Subject: [PATCH 30/66] Update provisioning-create-package.md

---
 .../provisioning-create-package.md            | 50 ++++++++++---------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 3c75f63d1f..f9816492d7 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,6 +1,6 @@
 ---
 title: Create a provisioning package (Windows 10)
-description: Learn how to create a provisioning package for Windows 10. Provisioning packages let you quickly configure a device without having to install a new image.
+description: Learn how to create a provisioning package for Windows 10, which lets you quickly configure a device without having to install a new image.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,39 +26,41 @@ You can use Windows Configuration Designer to create a provisioning package (.pp
 >[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
 
 > [!TIP]
-> We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.
+> We recommend creating a local admin account when you develop and test your provisioning package. We also recommend using a *least privileged* domain user account to join devices to the Active Directory domain.
 
 ## Start a new project
 
 1. Open Windows Configuration Designer:
-   - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, 
+   - From either the Start screen or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut. 
 
      or
 
-   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then select **ICD.exe**.
 
 2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
 
     ![Configuration Designer wizards](../images/icd-create-options-1703.png)
 
-    - The wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices. Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizardS](provisioning-packages.md#configuration-designer-wizards). 
+    - The following wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices: 
 
         - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
         - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
         - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
         - [Instructions for HoloLens wizard](https://technet.microsoft.com/itpro/hololens/hololens-provisioning)
         - [Instructions for Surface Hub wizard](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub)
+        
+      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
 
-    - The **Advanced provisioning** option opens a new project with all **Runtime settings** available. *The rest of this procedure uses advanced provisioning.*
+    - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
 
         >[!TIP]
         > You can start a project in the simple wizard editor and then switch the project to the advanced editor.
         >
         > ![Switch to advanced editor](../images/icd-switch.png)
 
-3. Enter a name for your project, and then click **Next**.
+3. Enter a name for your project, and then select **Next**.
 
-4. Select the settings you want to configure, based on the type of device, and then click **Next**. The following table describes the options.
+4. Select the settings you want to configure, based on the type of device, and then select **Next**. The following table describes the options.
 
 
    |          Windows edition          |              Settings available for customization               |                                              Provisioning package can apply to                                              |
@@ -71,12 +73,12 @@ You can use Windows Configuration Designer to create a provisioning package (.pp
    | Common to Windows 10 Team edition |    Common settings and settings specific to Windows 10 Team     | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) |
 
 
-5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then click **Finish**.
+5. On the **Import a provisioning package (optional)** page, you can select **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then select **Finish**.
 
 >[!TIP]
->**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly.
+>**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages that you create so you don't have to reconfigure those common settings repeatedly.
 
-After you click **Finish**, Windows Configuration Designer will open the **Available customizations** pane and you can then configure settings for the package. 
+6. In the **Available customizations** pane, you can now configure settings for the package. 
 
 
 
@@ -94,7 +96,7 @@ The process for configuring settings is similar for all settings. The following
 <table>
 <tr><td><img src="../images/one.png" alt="step one"/></br>Expand a category.</td><td><img src="../images/icd-step1.png" alt="Expand Certificates category"/></td></tr>
 <tr><td><img src="../images/two.png" alt="step two"/></br>Select a setting.</td><td><img src="../images/icd-step2.png" alt="Select ClientCertificates"/></td></tr>
-<tr><td><img src="../images/three.png" alt="step three"/></br>Enter a value for the setting. Click <strong>Add</strong> if the button is displayed.</td><td><img src="../images/icd-step3.png" alt="Enter a name for the certificate"/></td></tr>
+<tr><td><img src="../images/three.png" alt="step three"/></br>Enter a value for the setting. Select <strong>Add</strong> if the button is displayed.</td><td><img src="../images/icd-step3.png" alt="Enter a name for the certificate"/></td></tr>
 <tr><td><img src="../images/four.png" alt="step four"/></br>Some settings, such as this example, require additional information. In <strong>Available customizations</strong>, select the value you just created, and additional settings are displayed.</td><td><img src="../images/icd-step4.png" alt="Additional settings for client certificate"/></td></tr> 
 <tr><td><img src="../images/five.png" alt="step five"/></br>When the setting is configured, it is displayed in the <strong>Selected customizations</strong> pane.</td><td><img src="../images/icd-step5.png" alt="Selected customizations pane"/></td></tr>
 </table>
@@ -106,39 +108,39 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
  ## Build package
 
-1. After you're done configuring your customizations, click **Export** and select **Provisioning Package**.
+1. After you're done configuring your customizations, select **Export**, and then select **Provisioning Package**.
 
     ![Export on top bar](../images/icd-export-menu.png)
 
-2. In the **Describe the provisioning package** window, enter the following information, and then click **Next**:
+2. In the **Describe the provisioning package** window, enter the following information, and then select **Next**:
     - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
-    - **Version (in Major.Minor format** - - Optional. You can change the default package version by specifying a new value in the **Version** field. 
+    - **Version (in Major.Minor format** - Optional. You can change the default package version by specifying a new value in the **Version** field. 
     - **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages).
     - **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
 
-3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click **Next** after you make your selections.
+3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate, and then select **Next**. Both selections are optional:
 
    - **Encrypt package** -  If you select this option, an auto-generated password will be shown on the screen.
-   - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
+   - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
 
      >[!NOTE]
-     >You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. 
+     >You should only configure provisioning package security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. 
      >
      >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
 
-4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then click **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
+4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then select **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
 
-5. In the **Build the provisioning package** window, click **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. 
+5. In the **Build the provisioning package** window, select **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. 
 
-    If you need to cancel the build, click Cancel. This cancels the current build process, closes the wizard, and takes you back to the Customizations Page.
+    If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations** page.
 
-6. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+6. If your build fails, an error message will appear that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
 
     If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. 
 
-    If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+    If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
 
-7. When you are done, click **Finish** to close the wizard and go back to the Customizations page.
+7. When you are done, select **Finish** to close the wizard and go back to the Customizations page.
 
 **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
 

From a207eb23d463d023f39e1325c8042a565c7ee559 Mon Sep 17 00:00:00 2001
From: Kelly Baker <v-kbaker@microsoft.com>
Date: Mon, 17 Aug 2020 10:36:39 -0700
Subject: [PATCH 31/66] Update provisioning-create-package.md

---
 .../provisioning-packages/provisioning-create-package.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index f9816492d7..5b464073a9 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -140,7 +140,7 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
     If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
 
-7. When you are done, select **Finish** to close the wizard and go back to the Customizations page.
+7. When you are done, select **Finish** to close the wizard and go back to the **Customizations** page.
 
 **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
 

From 09de6decc31bafdf1e54960adfd6128db1a5ba3b Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Mon, 17 Aug 2020 16:36:28 -0700
Subject: [PATCH 32/66] ADMX policy CSP-ciphersuiteorder

---
 .../mdm/policy-csp-admx-addremoveprograms.md  |  954 +++++++++
 .../mdm/policy-csp-admx-appcompat.md          |  744 +++++++
 .../mdm/policy-csp-admx-auditsettings.md      |  119 ++
 .../mdm/policy-csp-admx-ciphersuiteorder.md   |  203 ++
 .../mdm/policy-csp-admx-dnsclient.md          | 1725 +++++++++++++++++
 .../mdm/policy-csp-admx-eventforwarding.md    |  200 ++
 6 files changed, 3945 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-appcompat.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-auditsettings.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-dnsclient.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-eventforwarding.md

diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
new file mode 100644
index 0000000000..37cf49d46f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -0,0 +1,954 @@
+---
+title: Policy CSP - ADMX_AddRemovePrograms
+description: Policy CSP - ADMX_AddRemovePrograms 
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 08/13/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AddRemovePrograms
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## Policy CSP - ADMX_AddRemovePrograms  
+
+<dl>
+  <dd>
+    <a href="#admx-addremoveprograms-defaultcategory">ADMX_AddRemovePrograms/DefaultCategory</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-noaddfromcdorfloppy">ADMX_AddRemovePrograms/NoAddFromCDorFloppy</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-noaddfrominternet">ADMX_AddRemovePrograms/NoAddFromInternet</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-noaddfromnetwork">ADMX_AddRemovePrograms/NoAddFromNetwork</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-noaddpage">ADMX_AddRemovePrograms/NoAddPage</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-noaddremoveprograms">ADMX_AddRemovePrograms/NoAddRemovePrograms</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-nochooseprogramspage">ADMX_AddRemovePrograms/NoChooseProgramsPage</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-noremovepage">ADMX_AddRemovePrograms/NoRemovePage</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-noservices">ADMX_AddRemovePrograms/NoServices</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-nosupportinfo">ADMX_AddRemovePrograms/NoSupportInfo</a>
+  </dd>
+  <dd>
+    <a href="#admx-addremoveprograms-nowindowssetuppage">ADMX_AddRemovePrograms/NoWindowsSetupPage</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-defaultcategory"></a>**ADMX_AddRemovePrograms/DefaultCategory**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
+
+To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
+
+If you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens. You can use this setting to direct users to the programs they are most likely to need. 
+
+> [!NOTE]
+> This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Specify default category for Add New Programs*
+- GP name: *DefaultCategory*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-noaddfromcdorfloppy"></a>**ADMX_AddRemovePrograms/NoAddFromCDorFloppy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
+
+If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components.
+
+> [!NOTE]
+> If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Hide the "Add a program from CD-ROM or floppy disk" option*
+- GP name: *NoAddFromCDorFloppy*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-noaddfrominternet"></a>**ADMX_AddRemovePrograms/NoAddFromInternet**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
+
+If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update.
+
+> [!NOTE]
+> If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Hide the "Add programs from Microsoft" option*
+- GP name: *NoAddFromInternet*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-noaddfromnetwork"></a>**ADMX_AddRemovePrograms/NoAddFromNetwork**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
+
+If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. 
+
+If you disable this setting or do not configure it, "Add programs from your network" is available to all users.
+
+> [!NOTE]
+> If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Hide the "Add programs from your network" option*
+- GP name: *NoAddFromNetwork*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-noaddpage"></a>**ADMX_AddRemovePrograms/NoAddPage**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
+
+If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Hide Add New Programs page*
+- GP name: *NoAddPage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-noaddremoveprograms"></a>**ADMX_AddRemovePrograms/NoAddRemovePrograms**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
+
+If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Remove Add or Remove Programs*
+- GP name: *NoAddRemovePrograms*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-nochooseprogramspage"></a>**ADMX_AddRemovePrograms/NoChooseProgramsPage**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
+
+If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
+
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Hide the Set Program Access and Defaults page*
+- GP name: *NoChooseProgramsPage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-noremovepage"></a>**ADMX_AddRemovePrograms/NoRemovePage**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
+
+If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Hide Change or Remove Programs page*
+- GP name: *NoRemovePage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-noservices"></a>**ADMX_AddRemovePrograms/NoServices**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
+
+If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services.
+
+> [!NOTE]
+> When "Set up services" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Go directly to Components Wizard*
+- GP name: *NoServices*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-nosupportinfo"></a>**ADMX_AddRemovePrograms/NoSupportInfo**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
+
+If you disable this setting or do not configure it, the Support Info hyperlink appears.
+
+> [!NOTE]
+> Not all programs provide a support information hyperlink.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Remove Support Information*
+- GP name: *NoSupportInfo*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-addremoveprograms-nowindowssetuppage"></a>**ADMX_AddRemovePrograms/NoWindowsSetupPage**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
+
+If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+- GP English name: *Hide Add/Remove Windows Components page*
+- GP name: *NoWindowsSetupPage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
new file mode 100644
index 0000000000..da013a6e46
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -0,0 +1,744 @@
+---
+title: Policy CSP - ADMX_AppCompat
+description: Policy CSP - ADMX_AppCompat
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 08/10/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AppCompat
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## Policy CSP - ADMX_AppCompat  
+
+<dl>
+  <dd>
+    <a href="#admx_appcompat-appcompatprevent16bitmach">ADMX_AppCompat/AppCompatPrevent16BitMach
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatremoveprogramcompatproppage">ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatturnoffapplicationimpacttelemetry">ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatturnoffswitchback">ADMX_AppCompat/AppCompatTurnOffSwitchBack
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatturnoffengine">ADMX_AppCompat/AppCompatTurnOffEngine
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatturnoffprogramcompatibilityassistant_1">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatturnoffprogramcompatibilityassistant_2">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatturnoffuseractionrecord">ADMX_AppCompat/AppCompatTurnOffUserActionRecord
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx_appcompat-appcompatturnoffprograminventory">ADMX_AppCompat/AppCompatTurnOffProgramInventory
+    </a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatprevent16bitmach"></a>**ADMX_AppCompat/AppCompatPrevent16BitMach**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
+
+You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.
+
+If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.
+
+If the status is set to Disabled, the MS-DOS subsystem runs for all users on this computer.
+
+If the status is set to Not Configured, the OS falls back on a local policy set by the registry DWORD value **HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault**. If that value is non-0, this prevents all 16-bit applications from running. If that value is 0, 16-bit applications are allowed to run. If that value is also not present, on Windows 10 and above, the OS will launch the 16-bit application support control panel to allow an elevated administrator to make the decision; on Windows 7 and down-level, the OS will allow 16-bit applications to run.
+
+> [!NOTE]
+> This setting appears only in Computer Configuration.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent access to 16-bit applications*
+-   GP name: *AppCompatPrevent16BitMach*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatremoveprogramcompatproppage"></a>**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
+
+The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications.
+
+Enabling this policy setting removes the property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Remove Program Compatibility Property Page*
+-   GP name: *AppCompatRemoveProgramCompatPropPage*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatturnoffapplicationimpacttelemetry"></a>**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Application Telemetry engine in the system.
+
+Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
+
+Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.
+
+If the customer Experience Improvement program is turned off, Application Telemetry will be turned off regardless of how this policy is set.
+
+Disabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection has stopped for all applications, please reboot your machine.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Application Telemetry*
+-   GP name: *AppCompatTurnOffApplicationImpactTelemetry*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatturnoffswitchback"></a>**ADMX_AppCompat/AppCompatTurnOffSwitchBack**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Switchback compatibility engine in the system.
+
+Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.
+
+Switchback is on by default.
+
+If you enable this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they are using.
+
+If you disable or do not configure this policy setting, the Switchback will be turned on.
+
+Reboot the system after changing the setting to ensure that your system accurately reflects those changes.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off SwitchBack Compatibility Engine*
+-   GP name: *AppCompatTurnOffSwitchBack*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatturnoffengine"></a>**ADMX_AppCompat/AppCompatTurnOffEngine**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the application compatibility engine in the system.
+
+The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.
+
+Turning off the application compatibility engine will boost system performance.  However, this will degrade the compatibility of many popular legacy applications, and will not block known incompatible applications from installing. For example, this may result in a blue screen if an old anti-virus application is installed.
+
+The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installers and these applications may fail to install or run properly.
+
+This option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using.  It is particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential.
+
+> [!NOTE]
+> Many system processes cache the value of this setting for performance reasons. If you make changes to this setting, reboot to ensure that your system accurately reflects those changes.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Application Compatibility Engine*
+-   GP name: *AppCompatTurnOffEngine*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatturnoffprogramcompatibilityassistant_1"></a>**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Program Compatibility Assistant*
+-   GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatturnoffprogramcompatibilityassistant_2"></a>**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+
+If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
+
+If you disable or do not configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.  
+
+> [!NOTE]
+> The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Program Compatibility Assistant*
+-   GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatturnoffuseractionrecord"></a>**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of Steps Recorder.
+
+Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screen shots.  Steps Recorder includes an option to turn on and off data collection.
+
+If you enable this policy setting, Steps Recorder will be disabled.
+
+If you disable or do not configure this policy setting, Steps Recorder will be enabled.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Steps Recorder*
+-   GP name: *AppCompatTurnOffUserActionRecord*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_appcompat-appcompatturnoffprograminventory"></a>**ADMX_AppCompat/AppCompatTurnOffProgramInventory**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Inventory Collector. 
+
+The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
+
+If you enable this policy setting, the Inventory Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled.
+
+If you disable or do not configure this policy setting, the Inventory Collector will be turned on.
+
+> [!NOTE]
+> This policy setting has no effect if the Customer Experience Improvement Program is turned off. The Inventory Collector will be off.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Inventory Collector*
+-   GP name: *AppCompatTurnOffProgramInventory*
+-   GP path: *Windows Components/Application Compatibility*
+-   GP ADMX file name: *AppCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
new file mode 100644
index 0000000000..2f91449316
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -0,0 +1,119 @@
+---
+title: Policy CSP - ADMX_AuditSettings
+description: Policy CSP - ADMX_AuditSettings
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/13/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AuditSettings
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_AuditSettings policies  
+
+<dl>
+  <dd>
+    <a href="#admx-auditsettings-includecmdline">ADMX_AuditSettings/IncludeCmdLine</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-auditsettings-includecmdline"></a>**ADMX_AuditSettings/IncludeCmdLine**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+
+If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+
+If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.  
+
+Default is Not configured.
+
+> [!NOTE]
+> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Include command line in process creation events*
+-   GP name: *IncludeCmdLine*
+-   GP path: *System/Audit Process Creation*
+-   GP ADMX file name: *AuditSettings.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
new file mode 100644
index 0000000000..3e28f47950
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -0,0 +1,203 @@
+---
+title: Policy CSP - ADMX_CipherSuiteOrder
+description: Policy CSP - ADMX_CipherSuiteOrder
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/17/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_CipherSuiteOrder
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_CipherSuiteOrder policies  
+
+<dl>
+  <dd>
+    <a href="#admx_ciphersuiteorder-sslciphersuiteorder">ADMX_CipherSuiteOrder/SSLCipherSuiteOrder</a>
+  </dd>
+  <dd>
+    <a href="#admx_ciphersuiteorder-sslcurveorder">ADMX_CipherSuiteOrder/SSLCurveOrder</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_ciphersuiteorder-sslciphersuiteorder"></a>**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
+
+If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
+
+If you disable or do not configure this policy setting, default cipher suite order is used.
+
+For information about supported cipher Suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](http://go.microsoft.com/fwlink/?LinkId=517265).
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *SSL Cipher Suite Order*
+-   GP name: *Functions*
+-   GP path: *Network/SSL Configuration Settings*
+-   GP ADMX file name: *CipherSuiteOrder.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_ciphersuiteorder-sslcurveorder"></a>**ADMX_CipherSuiteOrder/SSLCurveOrder**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
+
+If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.
+
+If you disable or do not configure this policy setting, the default ECC curve order is used.
+
+The default curve order is as follows:
+
+- curve25519
+- NistP256
+- NistP384
+
+To see all the curves supported on the system, enter the following command:
+
+``` cmd
+CertUtil.exe -DisplayEccCurve
+```
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *ECC Curve Order*
+-   GP name: *EccCurves*
+-   GP path: *Network/SSL Configuration Settings*
+-   GP ADMX file name: *CipherSuiteOrder.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
new file mode 100644
index 0000000000..0c26d32f23
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -0,0 +1,1725 @@
+---
+title: Policy CSP - ADMX_DnsClient
+description: Policy CSP - ADMX_DnsClient
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/12/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DnsClient
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DnsClient policies  
+
+<dl>
+  <dd>
+    <a href="#admx-dnsclient-dns-allowfqdnnetbiosqueries">ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-appendtomultilabelname">ADMX_DnsClient/DNS_AppendToMultiLabelName</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-domain">ADMX_DnsClient/DNS_Domain</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-domainnamedevolutionlevel">ADMX_DnsClient/DNS_DomainNameDevolutionLevel</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-idnencoding">ADMX_DnsClient/DNS_IdnEncoding</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-idnmapping">ADMX_DnsClient/DNS_IdnMapping</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-nameserver">ADMX_DnsClient/DNS_NameServer</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-preferlocalresponsesoverlowerorderdns">ADMX_DnsClient/DNS_PreferLocalResponsesOverLowerOrderDns</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-primarydnssuffix">ADMX_DnsClient/DNS_PrimaryDnsSuffix</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-registeradaptername">ADMX_DnsClient/DNS_RegisterAdapterName</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-registerreverselookup">ADMX_DnsClient/DNS_RegisterReverseLookup</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-registrationenabled">ADMX_DnsClient/DNS_RegistrationEnabled</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-registrationoverwritesinconflict">ADMX_DnsClient/DNS_RegistrationOverwritesInConflict</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-registrationrefreshinterval">ADMX_DnsClient/DNS_RegistrationRefreshInterval</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-registrationttl">ADMX_DnsClient/DNS_RegistrationTtl</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-searchlist">ADMX_DnsClient/DNS_SearchList</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-smartmultihomednameresolution">ADMX_DnsClient/DNS_SmartMultiHomedNameResolution</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-smartprotocolreorder">ADMX_DnsClient/DNS_SmartProtocolReorder</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-updatesecuritylevel">ADMX_DnsClient/DNS_UpdateSecurityLevel</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-updatetopleveldomainzones">ADMX_DnsClient/DNS_UpdateTopLevelDomainZones</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-dns-usedomainnamedevolution">ADMX_DnsClient/DNS_UseDomainNameDevolution</a>
+  </dd>
+  <dd>
+    <a href="#admx-dnsclient-turn-Offmulticast">ADMX_DnsClient/Turn_Off_Multicast</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-allowfqdnnetbiosqueries"></a>**ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries**  
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names.
+
+If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names, such as "www.example.com" in addition to single-label names.
+
+If you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow NetBT queries for fully qualified domain names*
+-   GP name: *DNS_AllowFQDNNetBiosQueries*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-appendtomultilabelname"></a>**ADMX_DnsClient/DNS_AppendToMultiLabelName**  
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
+
+A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot.
+
+For example, if attaching suffixes is allowed, an unqualified multi-label name query for "server.corp" will be queried by the DNS client first. If the query succeeds, the response is returned to the client. If the query fails, the unqualified multi-label name is appended with DNS suffixes. These suffixes can be derived from a combination of the local DNS client's primary domain suffix, a connection-specific domain suffix, and a DNS suffix search list.
+
+If attaching suffixes is allowed, and a DNS client with a primary domain suffix of "contoso.com" performs a query for "server.corp" the DNS client will send a query for "server.corp" first, and then a query for "server.corp.contoso.com." second if the first query fails.
+
+If you enable this policy setting, suffixes are allowed to be appended to an unqualified multi-label name if the original name query fails.
+
+If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails.
+
+If you do not configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow DNS suffix appending to unqualified multi-label name queries*
+-   GP name: *DNS_AppendToMultiLabelName*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-domain"></a>**ADMX_DnsClient/DNS_Domain**  
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
+
+If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.  
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Connection-specific DNS suffix*
+-   GP name: *DNS_Domain*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-domainnamedevolutionlevel"></a>**ADMX_DnsClient/DNS_DomainNameDevolutionLevel**  
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.
+
+With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
+
+The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
+
+Devolution is not enabled if a global suffix search list is configured using Group Policy.
+
+If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:  
+
+- The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
+- Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
+
+For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
+
+If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+
+For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
+
+If you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify.
+
+If you disable this policy setting or do not configure it, DNS clients use the default devolution level of two provided that DNS devolution is enabled.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Primary DNS suffix devolution level*
+-   GP name: *DNS_DomainNameDevolutionLevel*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-idnencoding"></a>**ADMX_DnsClient/DNS_IdnEncoding**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
+
+If this policy setting is enabled, IDNs are not converted to Punycode.
+
+If this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off IDN encoding*
+-   GP name: *DNS_IdnEncoding*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-idnmapping"></a>**ADMX_DnsClient/DNS_IdnMapping**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.
+
+If this policy setting is enabled, IDNs are converted to the Nameprep form.
+
+If this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *IDN mapping*
+-   GP name: *DNS_IdnMapping*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-nameserver"></a>**ADMX_DnsClient/DNS_NameServer**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
+
+To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
+
+If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. 
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *DNS servers*
+-   GP name: *DNS_NameServer*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-preferlocalresponsesoverlowerorderdns"></a>**ADMX_DnsClient/DNS_PreferLocalResponsesOverLowerOrderDns**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
+
+If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order.
+
+If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.
+
+> [!NOTE]
+> This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prefer link local responses over DNS when received over a network with higher precedence*
+-   GP name: *DNS_PreferLocalResponsesOverLowerOrderDns*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-primarydnssuffix"></a>**ADMX_DnsClient/DNS_PrimaryDnsSuffix**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
+
+To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.
+
+> [!IMPORTANT]
+> In order for changes to this policy setting to be applied on computers that receive it, you must restart Windows.
+
+If you enable this policy setting, it supersedes the primary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel.
+
+You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.
+
+If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Primary DNS suffix*
+-   GP name: *DNS_PrimaryDnsSuffix*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-registeradaptername"></a>**ADMX_DnsClient/DNS_RegisterAdapterName**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
+
+By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.
+
+If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting.
+
+For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
+
+Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
+
+If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR resource records using a connection-specific DNS suffix.
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Register DNS records with connection-specific DNS suffix*
+-   GP name: *DNS_RegisterAdapterName*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-registerreverselookup"></a>**ADMX_DnsClient/DNS_RegisterReverseLookup**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS client computers will register PTR resource records.
+
+By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.
+
+If you enable this policy setting, registration of PTR records will be determined by the option that you choose under Register PTR records.
+
+To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
+
+- Do not register: Computers will not attempt to register PTR resource records
+- Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records was not successful.
+- Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured settings.
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Register PTR records*
+-   GP name: *DNS_RegisterReverseLookup*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-registrationenabled"></a>**ADMX_DnsClient/DNS_RegistrationEnabled**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
+
+If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.
+
+If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Dynamic update*
+-   GP name: *DNS_RegistrationEnabled*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-registrationoverwritesinconflict"></a>**ADMX_DnsClient/DNS_RegistrationOverwritesInConflict**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
+
+This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.
+
+During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
+
+If you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
+
+If you disable this policy setting, existing A resource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event Viewer.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Replace addresses in conflicts*
+-   GP name: *DNS_RegistrationOverwritesInConflict*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-registrationrefreshinterval"></a>**ADMX_DnsClient/DNS_RegistrationRefreshInterval**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
+
+Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records.
+
+> [!WARNING]
+> If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.
+
+To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 seconds is 30 minutes.
+
+If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Registration refresh interval*
+-   GP name: *DNS_RegistrationRefreshInterval*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-registrationttl"></a>**ADMX_DnsClient/DNS_RegistrationTtl**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
+
+To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).
+
+If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *TTL value for A and PTR records*
+-   GP name: *DNS_RegistrationTtl*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-searchlist"></a>**ADMX_DnsClient/DNS_SearchList**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.
+
+An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."
+
+Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com."
+
+To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes.
+
+If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried.
+
+If you disable this policy setting, or if you do not configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *DNS suffix search list*
+-   GP name: *DNS_SearchList*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-smartmultihomednameresolution"></a>**ADMX_DnsClient/DNS_SmartMultiHomedNameResolution**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.
+
+If you enable this policy setting, the DNS client will not perform any optimizations.  DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.
+
+If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off smart multi-homed name resolution*
+-   GP name: *DNS_SmartMultiHomedNameResolution*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-smartprotocolreorder"></a>**ADMX_DnsClient/DNS_SmartProtocolReorder**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
+
+If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.  
+
+If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. 
+
+> [!NOTE]
+> This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off smart protocol reordering*
+-   GP name: *DNS_SmartProtocolReorder*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-updatesecuritylevel"></a>**ADMX_DnsClient/DNS_UpdateSecurityLevel**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the security level for dynamic DNS updates.
+
+To use this policy setting, click Enabled and then select one of the following values:
+
+- Unsecure followed by secure - computers send secure dynamic updates only when nonsecure dynamic updates are refused.
+- Only unsecure - computers send only nonsecure dynamic updates.
+- Only secure - computers send only secure dynamic updates.
+
+If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Update security level*
+-   GP name: *DNS_UpdateSecurityLevel*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-updatetopleveldomainzones"></a>**ADMX_DnsClient/DNS_UpdateTopLevelDomainZones**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com."
+
+By default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.
+
+If you enable this policy setting, computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Update top level domain zones*
+-   GP name: *DNS_UpdateTopLevelDomainZones*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-dns-usedomainnamedevolution"></a>**ADMX_DnsClient/DNS_UseDomainNameDevolution**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.
+
+With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
+
+The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
+
+Devolution is not enabled if a global suffix search list is configured using Group Policy.
+
+If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
+
+The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
+
+Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
+
+For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
+
+If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+
+For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.
+
+If you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+
+If you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Primary DNS suffix devolution*
+-   GP name: *DNS_UseDomainNameDevolution*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dnsclient-turn-Offmulticast"></a>**ADMX_DnsClient/Turn_Off_Multicast**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
+
+LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.
+
+If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.
+
+If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off multicast name resolution*
+-   GP name: *Turn_Off_Multicast*
+-   GP path: *Network/DNS Client*
+-   GP ADMX file name: *DnsClient.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
new file mode 100644
index 0000000000..b964fbde10
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -0,0 +1,200 @@
+---
+title: Policy CSP - ADMX_EventForwarding
+description: Policy CSP - ADMX_EventForwarding
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/17/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_EventForwarding
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_EventForwarding policies  
+
+<dl>
+  <dd>
+    <a href="#admx_eventforwarding-forwarderresourceusage">ADMX_EventForwarding/ForwarderResourceUsage</a>
+  </dd>
+  <dd>
+    <a href="#admx_eventforwarding-subscriptionmanager">ADMX_EventForwarding/SubscriptionManager</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_eventforwarding-forwarderresourceusage"></a>**ADMX_EventForwarding/ForwarderResourceUsage**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
+
+If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.
+
+If you disable or do not configure this policy setting, forwarder resource usage is not specified.
+
+This setting applies across all subscriptions for the forwarder (source computer).
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure forwarder resource usage*
+-   GP name: *MaxForwardingRate*
+-   GP path: *Windows Components/Event Forwarding*
+-   GP ADMX file name: *EventForwarding.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx_eventforwarding-subscriptionmanager"></a>**ADMX_EventForwarding/SubscriptionManager**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
+
+If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
+
+Use the following syntax when using the HTTPS protocol:  
+
+``` syntax
+
+Server=https://<FQDN of the collector>:5986/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>,IssuerCA=<Thumb print of the client authentication certificate>.
+```
+
+When using the HTTP protocol, use port 5985.
+
+If you disable or do not configure this policy setting, the Event Collector computer will not be specified.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure target Subscription Manager*
+-   GP name: *SubscriptionManager*
+-   GP path: *Windows Components/Event Forwarding*
+-   GP ADMX file name: *EventForwarding.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

From dc77103db01606a2f07e39866930192be66bad27 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Mon, 17 Aug 2020 16:41:24 -0700
Subject: [PATCH 33/66] Fixed build warning

---
 .../client-management/mdm/policy-csp-admx-ciphersuiteorder.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 3e28f47950..7c64c3a7a9 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -84,7 +84,7 @@ If you enable this policy setting, SSL cipher suites are prioritized in the orde
 
 If you disable or do not configure this policy setting, default cipher suite order is used.
 
-For information about supported cipher Suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](http://go.microsoft.com/fwlink/?LinkId=517265).
+For information about supported cipher Suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](https://go.microsoft.com/fwlink/?LinkId=517265).
 
 <!--/Description-->
 > [!TIP]

From 072f857ec90fd3708c021b5d704f5f3732601b28 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Mon, 17 Aug 2020 16:46:35 -0700
Subject: [PATCH 34/66] minor update

---
 .../client-management/mdm/policy-csp-admx-ciphersuiteorder.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 7c64c3a7a9..3088951d88 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -84,7 +84,7 @@ If you enable this policy setting, SSL cipher suites are prioritized in the orde
 
 If you disable or do not configure this policy setting, default cipher suite order is used.
 
-For information about supported cipher Suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](https://go.microsoft.com/fwlink/?LinkId=517265).
+For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](https://go.microsoft.com/fwlink/?LinkId=517265).
 
 <!--/Description-->
 > [!TIP]

From 856f2226cbf920aaa9c745c8402573eac1cf8854 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Mon, 17 Aug 2020 22:29:17 -0700
Subject: [PATCH 35/66] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/policy-csp-taskmanager.md         | 2 +-
 windows/client-management/mdm/policy-csp-taskscheduler.md       | 2 +-
 windows/client-management/mdm/policy-csp-textinput.md           | 2 +-
 .../client-management/mdm/policy-csp-timelanguagesettings.md    | 2 +-
 windows/client-management/mdm/policy-csp-troubleshooting.md     | 2 +-
 windows/client-management/mdm/policy-csp-update.md              | 2 +-
 windows/client-management/mdm/policy-csp-userrights.md          | 2 +-
 windows/client-management/mdm/policy-csp-wifi.md                | 2 +-
 .../mdm/policy-csp-windowsconnectionmanager.md                  | 2 +-
 .../mdm/policy-csp-windowsdefendersecuritycenter.md             | 2 +-
 windows/client-management/mdm/policy-csp-windowsinkworkspace.md | 2 +-
 windows/client-management/mdm/policy-csp-windowslogon.md        | 2 +-
 windows/client-management/mdm/policy-csp-windowspowershell.md   | 2 +-
 windows/client-management/mdm/policy-csp-wirelessdisplay.md     | 2 +-
 windows/client-management/mdm/policy-ddf-file.md                | 2 +-
 windows/client-management/mdm/policymanager-csp.md              | 2 +-
 windows/client-management/mdm/proxy-csp.md                      | 2 +-
 windows/client-management/mdm/reboot-csp.md                     | 2 +-
 windows/client-management/mdm/registry-csp.md                   | 2 +-
 windows/client-management/mdm/registry-ddf-file.md              | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 9787467c21..ce84398393 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TaskManager
-description: Policy CSP - TaskManager
+description: Learn how to use the Policy CSP - TaskManager setting to determine whether non-administrators can use Task Manager to end tasks.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 44a8f08bdd..ab6ec4d46c 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TaskScheduler
-description: Policy CSP - TaskScheduler
+description: Learn how to use the Policy CSP - TaskScheduler setting to determine whether the specific task is enabled (1) or disabled (0).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index e1799a0c16..99360d692b 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TextInput
-description: Policy CSP - TextInput
+description: The Policy CSP - TextInput setting allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index d029929145..8ef9349148 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TimeLanguageSettings
-description: Learn which TimeLanguageSettings policies are supported for your edition of Windows.
+description: Learn to use the Policy CSP - TimeLanguageSettings setting to specify the time zone to be applied to the device.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index 881b9b3a43..c7862d0866 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Troubleshooting
-description: Policy CSP - Troubleshooting
+description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index d9187a1854..38e9dd4066 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Update
-description: Manage a range of active hours for when update reboots are not scheduled.
+description: The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 73f3dfd843..df12efd32b 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - UserRights
-description: Policy CSP - UserRights
+description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 770316e0bc..db63da7a5a 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Wifi
-description: Policy CSP - Wifi
+description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 4cbed0f5f3..4f89b78bcf 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsConnectionManager
-description: Policy CSP - WindowsConnectionManager
+description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain based network and a non-domain based network simultaneously.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index d2c74ba941..a4cd3536f0 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsDefenderSecurityCenter
-description: Policy CSP - WindowsDefenderSecurityCenter
+description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index bc97e2e774..e60269d795 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsInkWorkspace
-description: Policy CSP - WindowsInkWorkspace
+description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index d3793a4bb7..c7ccb54106 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsLogon
-description: Policy CSP - WindowsLogon
+description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index cc4f87b917..b60def1361 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsPowerShell
-description: Policy CSP - WindowsPowerShell
+description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index eb74f99772..3aff9aac6c 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WirelessDisplay
-description: Policy CSP - WirelessDisplay
+description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 7a522ee312..27c1aceaf0 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Policy DDF file
-description: Policy DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
 ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md
index ad4bb24be7..656e292b4e 100644
--- a/windows/client-management/mdm/policymanager-csp.md
+++ b/windows/client-management/mdm/policymanager-csp.md
@@ -1,6 +1,6 @@
 ---
 title: PolicyManager CSP
-description: PolicyManager CSP
+description: Learn how PolicyManager CSP is deprecated. For Windows 10 devices you should use Policy CSP, which replaces PolicyManager CSP.
 ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md
index cced09bc2b..c1d9034fe8 100644
--- a/windows/client-management/mdm/proxy-csp.md
+++ b/windows/client-management/mdm/proxy-csp.md
@@ -1,6 +1,6 @@
 ---
 title: PROXY CSP
-description: PROXY CSP
+description: Learn how the PROXY configuration service provider (CSP) is used to configure proxy connections.
 ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index e7cb92b9c4..d906bca3da 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Reboot CSP
-description: Reboot CSP
+description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings.
 ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md
index 38bd56ba6d..4978cc70e0 100644
--- a/windows/client-management/mdm/registry-csp.md
+++ b/windows/client-management/mdm/registry-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Registry CSP
-description: Registry CSP
+description: In this article, learn how to use the Registry configuration service provider (CSP) to update registry settings.
 ms.assetid: 2307e3fd-7b61-4f00-94e1-a639571f2c9d
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md
index 164f8d4a66..6b6bc9c191 100644
--- a/windows/client-management/mdm/registry-ddf-file.md
+++ b/windows/client-management/mdm/registry-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Registry DDF file
-description: Registry DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Registry configuration service provider (CSP).
 ms.assetid: 29b5cc07-f349-4567-8a77-387d816a9d15
 ms.reviewer: 
 manager: dansimp

From 76422150f356a700dec97db7923904bb1d984f78 Mon Sep 17 00:00:00 2001
From: TimShererWithAquent <v-tishe@microsoft.com>
Date: Tue, 18 Aug 2020 15:22:58 -0700
Subject: [PATCH 36/66] Edit descriptions for SEO.

---
 .../windows-firewall/planning-domain-isolation-zones.md         | 2 +-
 .../windows-firewall/planning-gpo-deployment.md                 | 2 +-
 ...planning-group-policy-deployment-for-your-isolation-zones.md | 2 +-
 .../windows-firewall/planning-network-access-groups.md          | 2 +-
 .../windows-firewall/planning-server-isolation-zones.md         | 2 +-
 .../planning-settings-for-a-basic-firewall-policy.md            | 2 +-
 .../threat-protection/windows-firewall/planning-the-gpos.md     | 2 +-
 ...nning-your-windows-firewall-with-advanced-security-design.md | 2 +-
 .../windows-firewall/procedures-used-in-this-guide.md           | 2 +-
 .../protect-devices-from-unwanted-network-traffic.md            | 2 +-
 ...ire-encryption-when-accessing-sensitive-network-resources.md | 2 +-
 .../windows-firewall/restrict-access-to-only-trusted-devices.md | 2 +-
 .../threat-protection/windows-firewall/server-isolation-gpos.md | 2 +-
 .../windows-firewall/server-isolation-policy-design-example.md  | 2 +-
 .../windows-firewall/server-isolation-policy-design.md          | 2 +-
 .../verify-that-network-traffic-is-authenticated.md             | 2 +-
 .../windows-firewall-with-advanced-security-deployment-guide.md | 2 +-
 .../windows-firewall-with-advanced-security-design-guide.md     | 2 +-
 windows/whats-new/get-started-with-1709.md                      | 2 +-
 windows/whats-new/whats-new-windows-10-version-1809.md          | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
index f37a7ebdea..5a7fcb44a2 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Domain Isolation Zones (Windows 10)
-description: Planning Domain Isolation Zones
+description: Learn how to use information you have gathered to make decisions about isolation zones for your environment in Windows Defender Firewall with Advanced Security.
 ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index 188f4f2556..f9140ddefd 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: Planning GPO Deployment (Windows 10)
-description: Planning GPO Deployment
+description: Learn how to use a combination of security group filtering and WMI filtering to provide the most flexible options for applying GPOs devices in Active Directory.
 ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 991bdcec0d..001626eb9e 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10)
-description: Planning Group Policy Deployment for Your Isolation Zones
+description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design of your isolation environment.
 ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
index 3043878e04..5cb6ff075c 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Network Access Groups (Windows 10)
-description: Planning Network Access Groups
+description: Learn how to implement a network access group for users and devices that can access an isolated server in Windows Defender Firewall with Advanced Security.
 ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
index f42eca057b..b1af014fa5 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Server Isolation Zones (Windows 10)
-description: Planning Server Isolation Zones
+description: Learn how to restrict access to a server to approved users by using a server isolation zone in Windows Defender Firewall with Advanced Security.
 ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index 8138bd8ee1..5a8cd1a017 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Settings for a Basic Firewall Policy (Windows 10)
-description: Planning Settings for a Basic Firewall Policy
+description: Learn how to design a basic policy for Windows Defender Firewall with Advanced Security, the settings and rules that enforce your requirements on devices.
 ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
index 78c49adcca..80b776ca44 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
@@ -1,6 +1,6 @@
 ---
 title: Planning the GPOs (Windows 10)
-description: Planning the GPOs
+description: Learn about planning Group Policy Objects for your isolation zones in Windows Defender Firewall with Advanced Security, after you design the zone layout.
 ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 6992965186..2caa25566a 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows 10)
-description: Planning Your Windows Defender Firewall with Advanced Security Design
+description: After you gather the relevant information, select the design or combination of designs for Windows Defender Firewall with Advanced Security in your environment.
 ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
index 2d37487be2..643f41ab14 100644
--- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Procedures Used in This Guide (Windows 10)
-description: Procedures Used in This Guide
+description: Refer to this summary of procedures for Windows Defender Firewall with Advanced Security from checklists in this guide.
 ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index a3ca3c4b6e..9f6879ad17 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -1,6 +1,6 @@
 ---
 title: Protect Devices from Unwanted Network Traffic (Windows 10)
-description: Protect Devices from Unwanted Network Traffic
+description: Learn how running a host-based firewall on every device in your organization can help protect against attacks as part of a defense-in-depth security strategy.
 ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index 4f5c2b1cb0..a79aedce9d 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -1,6 +1,6 @@
 ---
 title: Require Encryption When Accessing Sensitive Network Resources (Windows 10)
-description: Require Encryption When Accessing Sensitive Network Resources
+description: Windows Defender Firewall with Advanced Security allows you to require that all network traffic in an isolated domain be encrypted.
 ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index cbdd8e51d9..1204db7e48 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,6 +1,6 @@
 ---
 title: Restrict Access to Only Trusted Devices (Windows 10)
-description: Restrict Access to Only Trusted Devices
+description: Windows Defender Firewall with Advanced Security enables you to isolate devices you trust and restrict access of untrusted devices to trusted devices.
 ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
index dbffb1b8f1..8286d47f26 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
@@ -1,6 +1,6 @@
 ---
 title: Server Isolation GPOs (Windows 10)
-description: Server Isolation GPOs
+description: Learn about required GPOs for isolation zones and how many server isolation zones you need in Windows Defender Firewall with Advanced Security.
 ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
index b93e884682..daba2b5e2c 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
@@ -1,6 +1,6 @@
 ---
 title: Server Isolation Policy Design Example (Windows 10)
-description: Server Isolation Policy Design Example
+description: Learn about server isolation policy design in Windows Defender Firewall with Advanced Security by referring to this example of a fictitious company.
 ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 1eeea3dc76..68a19552fd 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -1,6 +1,6 @@
 ---
 title: Server Isolation Policy Design (Windows 10)
-description: Server Isolation Policy Design
+description: Learn about server isolation policy design, where you assign servers to a zone that allows access only to members of an approved network access group.
 ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
index 7cbeb23689..a7178f39fe 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -1,6 +1,6 @@
 ---
 title: Verify That Network Traffic Is Authenticated (Windows 10)
-description: Verify That Network Traffic Is Authenticated
+description: Learn how to confirm that network traffic is being protected by IPsec authentication after you configure your domain isolation rule to require authentication.
 ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index d91723c3d2..c476c2ea19 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy Windows Defender Firewall with Advanced Security (Windows 10)
-description: Windows Defender Firewall with Advanced Security Deployment Guide
+description: Learn how to use the Windows Defender Firewall with Advanced Security MMC snap-in to control access to the device from the network.
 ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 70c8912478..fc1efb0573 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10)
-description: Windows Defender Firewall with Advanced Security Design Guide
+description: Learn about common goals for using Windows Defender Firewall with Advanced Security to choose or create a design for deploying the firewall in your enterprise.
 ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md
index 2b22a606de..4a419e9cd1 100644
--- a/windows/whats-new/get-started-with-1709.md
+++ b/windows/whats-new/get-started-with-1709.md
@@ -1,6 +1,6 @@
 ---
 title: Get started with Windows 10, version 1709
-description: Learn the dos and don'ts for getting started with Windows 10, version 1709.
+description: Learn about features, review requirements, and plan your deployment Windows 10, version 1709, including IT Pro content, release information, and update history.
 keywords: ["get started", "windows 10", "fall creators update", "1709"]
 ms.prod: w10
 ms.mktglfcycl: deploy
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index ba0090d559..309ce421df 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -1,7 +1,7 @@
 ---
 title: What's new in Windows 10, version 1809
 ms.reviewer: 
-description: New and updated features in Windows 10, version 1809
+description: Learn about features for Windows 10, version 1809, including features and fixes included in previous cumulative updates to Windows 10, version 1803.
 keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 October 2018 Update"]
 ms.prod: w10
 ms.mktglfcycl: deploy

From 714509b135149044db52e9c1aadb5ab6654fe217 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Tue, 18 Aug 2020 17:19:05 -0700
Subject: [PATCH 37/66] Added Conf policies

---
 .../mdm/policy-csp-admx-appcompat.md          |   36 +-
 .../mdm/policy-csp-admx-ciphersuiteorder.md   |    8 +-
 .../mdm/policy-csp-admx-com.md                |  197 ++
 .../mdm/policy-csp-admx-conf.md               | 2431 +++++++++++++++++
 4 files changed, 2650 insertions(+), 22 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-com.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-conf.md

diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index da013a6e46..cd7a091fd2 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -24,39 +24,39 @@ manager: dansimp
 
 <dl>
   <dd>
-    <a href="#admx_appcompat-appcompatprevent16bitmach">ADMX_AppCompat/AppCompatPrevent16BitMach
+    <a href="#admx-appcompat-appcompatprevent16bitmach">ADMX_AppCompat/AppCompatPrevent16BitMach
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatremoveprogramcompatproppage">ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage
+    <a href="#admx-appcompat-appcompatremoveprogramcompatproppage">ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatturnoffapplicationimpacttelemetry">ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry
+    <a href="#admx-appcompat-appcompatturnoffapplicationimpacttelemetry">ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatturnoffswitchback">ADMX_AppCompat/AppCompatTurnOffSwitchBack
+    <a href="#admx-appcompat-appcompatturnoffswitchback">ADMX_AppCompat/AppCompatTurnOffSwitchBack
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatturnoffengine">ADMX_AppCompat/AppCompatTurnOffEngine
+    <a href="#admx-appcompat-appcompatturnoffengine">ADMX_AppCompat/AppCompatTurnOffEngine
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatturnoffprogramcompatibilityassistant_1">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1
+    <a href="#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_1">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatturnoffprogramcompatibilityassistant_2">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2
+    <a href="#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_2">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatturnoffuseractionrecord">ADMX_AppCompat/AppCompatTurnOffUserActionRecord
+    <a href="#admx-appcompat-appcompatturnoffuseractionrecord">ADMX_AppCompat/AppCompatTurnOffUserActionRecord
     </a>
   </dd>
   <dd>
-    <a href="#admx_appcompat-appcompatturnoffprograminventory">ADMX_AppCompat/AppCompatTurnOffProgramInventory
+    <a href="#admx-appcompat-appcompatturnoffprograminventory">ADMX_AppCompat/AppCompatTurnOffProgramInventory
     </a>
   </dd>
 </dl>
@@ -65,7 +65,7 @@ manager: dansimp
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatprevent16bitmach"></a>**ADMX_AppCompat/AppCompatPrevent16BitMach**  
+<a href="" id="admx-appcompat-appcompatprevent16bitmach"></a>**ADMX_AppCompat/AppCompatPrevent16BitMach**  
 
 <!--SupportedSKUs-->
 <table>
@@ -142,7 +142,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatremoveprogramcompatproppage"></a>**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**  
+<a href="" id="admx-appcompat-appcompatremoveprogramcompatproppage"></a>**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**  
 
 <!--SupportedSKUs-->
 <table>
@@ -213,7 +213,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatturnoffapplicationimpacttelemetry"></a>**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**  
+<a href="" id="admx-appcompat-appcompatturnoffapplicationimpacttelemetry"></a>**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**  
 
 <!--SupportedSKUs-->
 <table>
@@ -288,7 +288,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatturnoffswitchback"></a>**ADMX_AppCompat/AppCompatTurnOffSwitchBack**  
+<a href="" id="admx-appcompat-appcompatturnoffswitchback"></a>**ADMX_AppCompat/AppCompatTurnOffSwitchBack**  
 
 <!--SupportedSKUs-->
 <table>
@@ -364,7 +364,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatturnoffengine"></a>**ADMX_AppCompat/AppCompatTurnOffEngine**  
+<a href="" id="admx-appcompat-appcompatturnoffengine"></a>**ADMX_AppCompat/AppCompatTurnOffEngine**  
 
 <!--SupportedSKUs-->
 <table>
@@ -442,7 +442,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatturnoffprogramcompatibilityassistant_1"></a>**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**  
+<a href="" id="admx-appcompat-appcompatturnoffprogramcompatibilityassistant_1"></a>**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**  
 
 <!--SupportedSKUs-->
 <table>
@@ -509,7 +509,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatturnoffprogramcompatibilityassistant_2"></a>**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**  
+<a href="" id="admx-appcompat-appcompatturnoffprogramcompatibilityassistant_2"></a>**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**  
 
 <!--SupportedSKUs-->
 <table>
@@ -583,7 +583,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatturnoffuseractionrecord"></a>**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**  
+<a href="" id="admx-appcompat-appcompatturnoffuseractionrecord"></a>**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**  
 
 <!--SupportedSKUs-->
 <table>
@@ -656,7 +656,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_appcompat-appcompatturnoffprograminventory"></a>**ADMX_AppCompat/AppCompatTurnOffProgramInventory**  
+<a href="" id="admx-appcompat-appcompatturnoffprograminventory"></a>**ADMX_AppCompat/AppCompatTurnOffProgramInventory**  
 
 <!--SupportedSKUs-->
 <table>
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 3088951d88..306231cdcf 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -24,10 +24,10 @@ manager: dansimp
 
 <dl>
   <dd>
-    <a href="#admx_ciphersuiteorder-sslciphersuiteorder">ADMX_CipherSuiteOrder/SSLCipherSuiteOrder</a>
+    <a href="#admx-ciphersuiteorder-sslciphersuiteorder">ADMX_CipherSuiteOrder/SSLCipherSuiteOrder</a>
   </dd>
   <dd>
-    <a href="#admx_ciphersuiteorder-sslcurveorder">ADMX_CipherSuiteOrder/SSLCurveOrder</a>
+    <a href="#admx-ciphersuiteorder-sslcurveorder">ADMX_CipherSuiteOrder/SSLCurveOrder</a>
   </dd>
 </dl>
 
@@ -35,7 +35,7 @@ manager: dansimp
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_ciphersuiteorder-sslciphersuiteorder"></a>**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**  
+<a href="" id="admx-ciphersuiteorder-sslciphersuiteorder"></a>**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**  
 
 <!--SupportedSKUs-->
 <table>
@@ -108,7 +108,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx_ciphersuiteorder-sslcurveorder"></a>**ADMX_CipherSuiteOrder/SSLCurveOrder**  
+<a href="" id="admx-ciphersuiteorder-sslcurveorder"></a>**ADMX_CipherSuiteOrder/SSLCurveOrder**  
 
 <!--SupportedSKUs-->
 <table>
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
new file mode 100644
index 0000000000..ff361f80d2
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -0,0 +1,197 @@
+---
+title: Policy CSP - ADMX_COM
+description: Policy CSP - ADMX_COM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/18/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_COM
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_COM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-com-appmgmt-com-searchforclsid-1">ADMX_COM/AppMgmt_COM_SearchForCLSID_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-com-appmgmt-com-searchforclsid-2">ADMX_COM/AppMgmt_COM_SearchForCLSID_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-com-appmgmt-com-searchforclsid-1"></a>**ADMX_COM/AppMgmt_COM_SearchForCLSID_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+
+Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
+
+If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.
+
+If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
+
+This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Download missing COM components*
+-   GP name: *COMClassStore*
+-   GP path: *System*
+-   GP ADMX file name: *COM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-com-appmgmt-com-searchforclsid-2"></a>**ADMX_COM/AppMgmt_COM_SearchForCLSID_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+
+Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
+
+If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.
+
+If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
+
+This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Download missing COM components*
+-   GP name: *COMClassStore*
+-   GP path: *System*
+-   GP ADMX file name: *COM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-admx-conf.md b/windows/client-management/mdm/policy-csp-admx-conf.md
new file mode 100644
index 0000000000..931927fe44
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-conf.md
@@ -0,0 +1,2431 @@
+---
+title: Policy CSP - ADMX_Conf
+description: Policy CSP - ADMX_Conf
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 08/18/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Conf
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## Policy CSP - ADMX_Conf  
+
+<dl>
+  <dd>
+    <a href="#admx-conf-allowpersistautoacceptcalls">ADMX_Conf/AllowPersistAutoAcceptCalls
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disableadvcallingbutton">ADMX_Conf/DisableAdvCallingButton
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disableappsharing">ADMX_Conf/DisableAppSharing
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disableaudiopage">ADMX_Conf/DisableAudioPage
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disablechat">ADMX_Conf/DisableChat
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disablegeneralpage">ADMX_Conf/DisableGeneralPage
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disablenewwhiteboard">ADMX_Conf/DisableNewWhiteboard
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disableoldwhiteboard">ADMX_Conf/DisableOldWhiteboard
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disablerds">ADMX_Conf/DisableRDS
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disablesecuritypage">ADMX_Conf/DisableSecurityPage
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-disablevideopage">ADMX_Conf/DisableVideoPage
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-enableautoconfiguration">ADMX_Conf/EnableAutoConfiguration
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventaddingnewils">ADMX_Conf/PreventAddingNewILS
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventaudio">ADMX_Conf/PreventAudio
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventautoaccept">ADMX_Conf/PreventAutoAccept
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventchangedirectsound">ADMX_Conf/PreventChangeDirectSound
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventchangingcallmode">ADMX_Conf/PreventChangingCallMode
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventdirectoryservices">ADMX_Conf/PreventDirectoryServices
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventfullduplex">ADMX_Conf/PreventFullDuplex
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventgrantingcontrol">ADMX_Conf/PreventGrantingControl
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventreceivingfiles">ADMX_Conf/PreventReceivingFiles
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventreceivingvideo">ADMX_Conf/PreventReceivingVideo
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventsendingfiles">ADMX_Conf/PreventSendingFiles
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventsendingvideo">ADMX_Conf/PreventSendingVideo
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventsharing">ADMX_Conf/PreventSharing
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventsharingcmdprompt">ADMX_Conf/PreventSharingCMDPrompt
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventsharingdesktop">ADMX_Conf/PreventSharingDesktop
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventsharingexplorer">ADMX_Conf/PreventSharingExplorer
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventsharingtruecolor">ADMX_Conf/PreventSharingTrueColor
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-preventwebdirectory">ADMX_Conf/PreventWebDirectory
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-restrictftsendsize">ADMX_Conf/RestrictFTSendSize
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-setavthroughput">ADMX_Conf/SetAVThroughput
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-setintranetsupport">ADMX_Conf/SetIntranetSupport
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-conf-setsecurityoptions">ADMX_Conf/SetSecurityOptions
+    </a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-allowpersistautoacceptcalls"></a>**ADMX_Conf/AllowPersistAutoAcceptCalls**  
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting makes the automatic acceptance of incoming calls persistent.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow persisting automatic acceptance of Calls*
+-   GP name: *PersistAutoAcceptCalls*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disableadvcallingbutton"></a>**ADMX_Conf/DisableAdvCallingButton**  
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable the Advanced Calling button*
+-   GP name: *NoAdvancedCalling*
+-   GP path: *Windows Components/NetMeeting/Options Page*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disableappsharing"></a>**ADMX_Conf/DisableAppSharing**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable application Sharing*
+-   GP name: *NoAppSharing*
+-   GP path: *Windows Components/NetMeeting/Application Sharing*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disableaudiopage"></a>**ADMX_Conf/DisableAudioPage**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Hide the Audio page*
+-   GP name: *NoAudioPage*
+-   GP path: *Windows Components/NetMeeting/Options Page*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disablechat"></a>**ADMX_Conf/DisableChat**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Chat feature of NetMeeting.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable Chat*
+-   GP name: *NoChat*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disablegeneralpage"></a>**ADMX_Conf/DisableGeneralPage**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Hide the General page*
+-   GP name: *NoGeneralPage*
+-   GP path: *Windows Components/NetMeeting/Options Page*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disablenewwhiteboard"></a>**ADMX_Conf/DisableNewWhiteboard**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the T.126 whiteboard feature of NetMeeting.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable Whiteboard*
+-   GP name: *NoNewWhiteBoard*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disableoldwhiteboard"></a>**ADMX_Conf/DisableOldWhiteboard**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the 2.x whiteboard feature of NetMeeting.
+
+The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.
+
+Deployers who do not need it can save bandwidth by disabling it.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable NetMeeting 2.x Whiteboard*
+-   GP name: *NoOldWhiteBoard*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disablerds"></a>**ADMX_Conf/DisableRDS**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable remote Desktop Sharing*
+-   GP name: *NoRDS*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disablesecuritypage"></a>**ADMX_Conf/DisableSecurityPage**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Hide the Security page*
+-   GP name: *NoSecurityPage*
+-   GP path: *Windows Components/NetMeeting/Options Page*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-disablevideopage"></a>**ADMX_Conf/DisableVideoPage**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Hide the Video page*
+-   GP name: *NoVideoPage*
+-   GP path: *Windows Components/NetMeeting/Options Page*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-enableautoconfiguration"></a>**ADMX_Conf/EnableAutoConfiguration**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures NetMeeting to download settings for users each time it starts.
+
+The settings are downloaded from the URL listed in the "Configuration URL:" text box.
+
+Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Automatic Configuration*
+-   GP name: *Use AutoConfig*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventaddingnewils"></a>**ADMX_Conf/PreventAddingNewILS**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent adding Directory servers*
+-   GP name: *NoAddingDirectoryServers*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventaudio"></a>**ADMX_Conf/PreventAudio**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the audio feature of NetMeeting. Users will not be able to send or receive audio.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable Audio*
+-   GP name: *NoAudio*
+-   GP path: *Windows Components/NetMeeting/Audio & Video*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventautoaccept"></a>**ADMX_Conf/PreventAutoAccept**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from turning on automatic acceptance of incoming calls.
+
+This ensures that others cannot call and connect to NetMeeting when the user is not present.
+
+This policy is recommended when deploying NetMeeting to run always.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent automatic acceptance of Calls*
+-   GP name: *NoAutoAcceptCalls*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventchangedirectsound"></a>**ADMX_Conf/PreventChangeDirectSound**
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents user from changing the DirectSound audio setting.  
+
+DirectSound provides much better audio quality, but older audio hardware may not support it.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent changing DirectSound Audio setting*
+-   GP name: *NoChangeDirectSound*
+-   GP path: *Windows Components/NetMeeting/Audio & Video*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventchangingcallmode"></a>**ADMX_Conf/PreventChangingCallMode**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents users from changing the way calls are placed, either directly or via a gatekeeper server.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent changing Call placement method*
+-   GP name: *NoChangingCallMode*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventdirectoryservices"></a>**ADMX_Conf/PreventDirectoryServices**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables the directory feature of NetMeeting.
+
+Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.
+
+This policy is for deployers who have their own location or calling schemes such as a Web site or an address book.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable Directory services*
+-   GP name: *NoDirectoryServices*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventfullduplex"></a>**ADMX_Conf/PreventFullDuplex**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable full duplex Audio*
+-   GP name: *NoFullDuplex*
+-   GP path: *Windows Components/NetMeeting/Audio & Video*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventgrantingcontrol"></a>**ADMX_Conf/PreventGrantingControl**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Control*
+-   GP name: *NoAllowControl*
+-   GP path: *Windows Components/NetMeeting/Application Sharing*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventreceivingfiles"></a>**ADMX_Conf/PreventReceivingFiles**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving files from others in a conference.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent receiving files*
+-   GP name: *NoReceivingFiles*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventreceivingvideo"></a>**ADMX_Conf/PreventReceivingVideo**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving video. Users will still be able to send video provided they have the hardware.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent receiving Video*
+-   GP name: *NoReceivingVideo*
+-   GP path: *Windows Components/NetMeeting/Audio & Video*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventsendingfiles"></a>**ADMX_Conf/PreventSendingFiles**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending files to others in a conference.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent sending files*
+-   GP name: *NoSendingFiles*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventsendingvideo"></a>**ADMX_Conf/PreventSendingVideo**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending video if they have the hardware. Users will still be able to receive video from others.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent sending Video*
+-   GP name: *NoSendingVideo*
+-   GP path: *Windows Components/NetMeeting/Audio & Video*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventsharing"></a>**ADMX_Conf/PreventSharing**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Sharing*
+-   GP name: *NoSharing*
+-   GP path: *Windows Components/NetMeeting/Application Sharing*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventsharingcmdprompt"></a>**ADMX_Conf/PreventSharingCMDPrompt**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Sharing Command Prompts*
+-   GP name: *NoSharingDosWindows*
+-   GP path: *Windows Components/NetMeeting/Application Sharing*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventsharingdesktop"></a>**ADMX_Conf/PreventSharingDesktop**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing the whole desktop. They will still be able to share individual applications.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Desktop Sharing*
+-   GP name: *NoSharingDesktop*
+-   GP path: *Windows Components/NetMeeting/Application Sharing*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventsharingexplorer"></a>**ADMX_Conf/PreventSharingExplorer**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Sharing Explorer windows*
+-   GP name: *NoSharingExplorer*
+-   GP path: *Windows Components/NetMeeting/Application Sharing*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventsharingtruecolor"></a>**ADMX_Conf/PreventSharingTrueColor**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing applications in true color.  True color sharing uses more bandwidth in a conference.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Application Sharing in true color*
+-   GP name: *NoTrueColorSharing*
+-   GP path: *Windows Components/NetMeeting/Application Sharing*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-preventwebdirectory"></a>**ADMX_Conf/PreventWebDirectory**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing directories as Web pages in a browser.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent viewing Web directory*
+-   GP name: *NoWebDirectory*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-restrictftsendsize"></a>**ADMX_Conf/RestrictFTSendSize**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting limits the size of files users can send to others in a conference.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Limit the size of sent files*
+-   GP name: *MaxFileSendSize*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-setavthroughput"></a>**ADMX_Conf/SetAVThroughput**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Limit the bandwidth of Audio and Video*
+-   GP name: *MaximumBandwidth*
+-   GP path: *Windows Components/NetMeeting/Audio & Video*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-setintranetsupport"></a>**ADMX_Conf/SetIntranetSupport**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting sets the URL NetMeeting will display when the user chooses the Help Online Support command.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set the intranet support Web page*
+-   GP name: *IntranetSupportURL*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-conf-setsecurityoptions"></a>**ADMX_Conf/SetSecurityOptions**
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting sets the level of security for both outgoing and incoming NetMeeting calls.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set Call Security options*
+-   GP name: *CallSecurity*
+-   GP path: *Windows Components/NetMeeting*
+-   GP ADMX file name: *Conf.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
\ No newline at end of file

From ebed1692a4eab7fd4d403e68a1a6d96a9047584a Mon Sep 17 00:00:00 2001
From: TimShererWithAquent <v-tishe@microsoft.com>
Date: Wed, 19 Aug 2020 07:49:35 -0700
Subject: [PATCH 38/66] Additional edits.

---
 .../windows-firewall/planning-gpo-deployment.md                 | 2 +-
 ...planning-group-policy-deployment-for-your-isolation-zones.md | 2 +-
 .../windows-firewall-with-advanced-security-deployment-guide.md | 2 +-
 windows/whats-new/get-started-with-1709.md                      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index f9140ddefd..831200cf48 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: Planning GPO Deployment (Windows 10)
-description: Learn how to use a combination of security group filtering and WMI filtering to provide the most flexible options for applying GPOs devices in Active Directory.
+description: Learn how to use security group filtering and WMI filtering to provide the most flexible options for applying GPOs to devices in Active Directory.
 ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 001626eb9e..22f031c902 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10)
-description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design of your isolation environment.
+description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design for your isolation environment.
 ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index c476c2ea19..0509ef4e2e 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy Windows Defender Firewall with Advanced Security (Windows 10)
-description: Learn how to use the Windows Defender Firewall with Advanced Security MMC snap-in to control access to the device from the network.
+description: Use this guide to deploy Windows Defender Firewall with Advanced Security for your enterprise to help protect devices and data that they share across a network.
 ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md
index 4a419e9cd1..c2522f3e4c 100644
--- a/windows/whats-new/get-started-with-1709.md
+++ b/windows/whats-new/get-started-with-1709.md
@@ -1,6 +1,6 @@
 ---
 title: Get started with Windows 10, version 1709
-description: Learn about features, review requirements, and plan your deployment Windows 10, version 1709, including IT Pro content, release information, and update history.
+description: Learn about features, review requirements, and plan your deployment of Windows 10, version 1709, including IT Pro content, release information, and history.
 keywords: ["get started", "windows 10", "fall creators update", "1709"]
 ms.prod: w10
 ms.mktglfcycl: deploy

From e458ac527235d1c3f285e594a8fbeca0834e13d2 Mon Sep 17 00:00:00 2001
From: Caroline Gitonga <carolgitonga@outlook.com>
Date: Wed, 19 Aug 2020 23:42:15 +0300
Subject: [PATCH 39/66] Add adl.windows.com

---
 windows/privacy/manage-windows-1909-endpoints.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
index 92f03d2111..791d04718c 100644
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@@ -117,6 +117,7 @@ The following methodology was used to derive these network endpoints:
 |||HTTP|*.windowsupdate.com|
 ||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTP|*.delivery.mp.microsoft.com|
 |||HTTPS/TLS v1.2|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
 ||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS/TLS v1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
 ## Other Windows 10 editions
 

From e3916033d246fec61ac98b3a6911f5a662d7c256 Mon Sep 17 00:00:00 2001
From: Caroline Gitonga <carolgitonga@outlook.com>
Date: Wed, 19 Aug 2020 23:50:21 +0300
Subject: [PATCH 40/66] Add - windows.policies.live.net

---
 windows/privacy/manage-windows-1909-endpoints.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
index 92f03d2111..ba34b2d47b 100644
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@@ -96,6 +96,7 @@ The following methodology was used to derive these network endpoints:
 |||TLS v1.2|*g.live.com|
 |||HTTPS|oneclient.sfx.ms|
 |||HTTPS| logincdn.msauth.net|
+|||HTTP| windows.policies.live.net|
 |Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
 |||TLS v1.2|settings-win.data.microsoft.com|
 |Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
@@ -117,6 +118,7 @@ The following methodology was used to derive these network endpoints:
 |||HTTP|*.windowsupdate.com|
 ||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTP|*.delivery.mp.microsoft.com|
 |||HTTPS/TLS v1.2|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
 ||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS/TLS v1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
 ## Other Windows 10 editions
 

From 0820f6e01fb3960b91a48de18f8775cdf11e933c Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Thu, 20 Aug 2020 17:03:05 +0300
Subject: [PATCH 41/66] Update configure-endpoints-vdi.md

Minor modification to ensure customers don't miss the step.
I've seen cases where customers did not copy the CMD file and only pasted in the PS1 file and this caused onboarding to fial.
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 32e7e448f6..771c2b866b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -63,7 +63,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 
     1. Click **Download package** and save the .zip file.
 
-2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
+2. Copy all the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
 
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.

From a5cbd9f97a20c25200ea1ea4f4a1077e5313fb3a Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greg.lindsay@microsoft.com>
Date: Thu, 20 Aug 2020 10:37:15 -0700
Subject: [PATCH 42/66] network section added

---
 windows/whats-new/whats-new-windows-10-version-2004.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index 8518f5c4af..c9092135cd 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -124,6 +124,12 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym
 - Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds.
 - Update less: Last year, we [changed update installation policies](https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency/#l2jH7KMkOkfcWdBs.97) for Windows 10 to only target devices running a feature update version that is nearing end of service. As a result, many devices are only updating once a year. To enable all devices to make the most of this policy change, and to prevent confusion, we have removed deferrals from the Windows Update settings **Advanced Options** page starting on Windows 10, version 2004. If you wish to continue leveraging deferrals, you can use local Group Policy (**Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview builds and Feature Updates are received** or **Select when Quality Updates are received**). For more information about this change, see [Simplified Windows Update settings for end users](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplified-windows-update-settings-for-end-users/ba-p/1497215).
 
+## Networking
+
+Windows now supports the latest Wi-Fi standards with [Wi-Fi 6 and WPA3](https://support.microsoft.com/help/4562575/windows-10-faster-more-secure-wifi). Wi-Fi 6 gives you better wireless coverage and performance with added security. WPA3 provides improved Wi-Fi security and secures open networks. 
+
+In this release, Tunnel Extensible Authentication Protocol (TEAP) has been added as an authentication method to allow chaining together multiple credentials into a single EAP transaction. TEAP networks can be configured by [enterprise policy](https://docs.microsoft.com/openspecs/windows_protocols/ms-gpwl/94cf6896-c28e-4865-b12a-d83ee38cd3ea).   
+
 ## Virtualization
 
 ### Windows Sandbox

From 4aec4bc09db7027e419a464fa1ed12b31631f71f Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 20 Aug 2020 10:45:39 -0700
Subject: [PATCH 43/66] <strong> tags causing loc issues. replacing w <b>

---
 .../active-directory-accounts.md              |    8 +-
 .../access-control/local-accounts.md          |   14 +-
 .../credential-guard-requirements.md          |    4 +-
 .../hello-feature-pin-reset.md                |    2 +-
 .../hello-how-it-works-provisioning.md        |    2 +-
 .../hello-hybrid-aadj-sso-base.md             |    4 +-
 .../remote-credential-guard.md                |    2 +-
 .../how-user-account-control-works.md         |    2 +-
 .../bitlocker/bitlocker-basic-deployment.md   |   30 +-
 .../bitlocker-group-policy-settings.md        |  734 +++----
 ...ve-encryption-tools-to-manage-bitlocker.md |   28 +-
 ...nd-storage-area-networks-with-bitlocker.md |   38 +-
 .../app-behavior-with-wip.md                  |   14 +-
 .../create-wip-policy-using-configmgr.md      |   20 +-
 .../enlightened-microsoft-apps-and-wip.md     |    2 +-
 .../limitations-with-wip.md                   |   26 +-
 .../testing-scenarios-for-wip.md              |   56 +-
 .../threat-protection/auditing/event-4626.md  |    2 +-
 .../threat-protection/auditing/event-4670.md  |    2 +-
 .../threat-protection/auditing/event-4672.md  |    2 +-
 .../threat-protection/auditing/event-4673.md  |   62 +-
 .../threat-protection/auditing/event-4674.md  |   66 +-
 .../threat-protection/auditing/event-4688.md  |    4 +-
 .../threat-protection/auditing/event-4741.md  |    2 +-
 .../threat-protection/auditing/event-4742.md  |    2 +-
 .../threat-protection/auditing/event-4907.md  |    2 +-
 .../threat-protection/auditing/event-5140.md  |    2 +-
 .../threat-protection/auditing/event-5142.md  |    2 +-
 .../threat-protection/auditing/event-5143.md  |    2 +-
 .../threat-protection/auditing/event-5144.md  |    2 +-
 ...tion-based-protection-of-code-integrity.md |    4 +-
 .../threat-protection/fips-140-validation.md  | 1876 ++++++++---------
 .../intelligence/support-scams.md             |    2 +-
 .../configure-arcsight.md                     |    6 +-
 .../event-error-codes.md                      |    6 +-
 ...defender-smartscreen-available-settings.md |   96 +-
 ...iew-of-threat-mitigations-in-windows-10.md |    6 +-
 ...-the-health-of-windows-10-based-devices.md |    4 +-
 .../create-a-rule-for-packaged-apps.md        |   20 +-
 .../document-your-application-list.md         |    4 +-
 .../plan-for-applocker-policy-management.md   |    2 +-
 ...ements-for-deploying-applocker-policies.md |    4 +-
 ...stand-applocker-policy-design-decisions.md |    2 +-
 .../applocker/what-is-applocker.md            |    4 +-
 44 files changed, 1587 insertions(+), 1587 deletions(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md
index dabc7f749b..2ae163cea6 100644
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@@ -470,7 +470,7 @@ Each default local account in Active Directory has a number of account settings
 </tr>
 <tr class="odd">
 <td><p>Account is trusted for delegation</p></td>
-<td><p>Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the <strong>Delegation</strong> tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the <strong>setspn</strong> command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.</p></td>
+<td><p>Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the <b>Delegation</b> tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the <b>setspn</b> command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.</p></td>
 </tr>
 <tr class="even">
 <td><p>Account is sensitive and cannot be delegated</p></td>
@@ -480,7 +480,7 @@ Each default local account in Active Directory has a number of account settings
 <td><p>Use DES encryption types for this account</p></td>
 <td><p>Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption, including Microsoft Point-to-Point Encryption (MPPE) Standard (40-bit and 56-bit), MPPE standard (56-bit), MPPE Strong (128-bit), Internet Protocol security (IPSec) DES (40-bit), IPSec 56-bit DES, and IPSec Triple DES (3DES).</p>
 <div class="alert">
-<strong>Note</strong><br/><p>DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see <a href="https://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx" data-raw-source="[Hunting down DES in order to securely deploy Kerberos](https://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx)">Hunting down DES in order to securely deploy Kerberos</a>.</p>
+<b>Note</b><br/><p>DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see <a href="https://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx" data-raw-source="[Hunting down DES in order to securely deploy Kerberos](https://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx)">Hunting down DES in order to securely deploy Kerberos</a>.</p>
 </div>
 <div>
 
@@ -656,8 +656,8 @@ In this procedure, the workstations are dedicated to domain administrators. By s
         </colgroup>
         <tbody>
         <tr class="odd">
-        <td><p><strong>Windows Update Setting</strong></p></td>
-        <td><p><strong>Configuration</strong></p></td>
+        <td><p><b>Windows Update Setting</b></p></td>
+        <td><p><b>Configuration</b></p></td>
         </tr>
         <tr class="even">
         <td><p>Allow Automatic Updates immediate installation</p></td>
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 7e7c2236cd..56e4f2edf2 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -297,9 +297,9 @@ The following table shows the Group Policy and registry settings that are used t
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><p><strong>No.</strong></p></td>
-<td><p><strong>Setting</strong></p></td>
-<td><p><strong>Detailed Description</strong></p></td>
+<td><p><b>No.</b></p></td>
+<td><p><b>Setting</b></p></td>
+<td><p><b>Detailed Description</b></p></td>
 </tr>
 <tr class="even">
 <td><p></p></td>
@@ -334,7 +334,7 @@ The following table shows the Group Policy and registry settings that are used t
 <tr class="even">
 <td><p>3</p></td>
 <td><p>Registry key</p></td>
-<td><p><strong>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</strong></p></td>
+<td><p><b>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</b></p></td>
 </tr>
 <tr class="odd">
 <td><p></p></td>
@@ -444,9 +444,9 @@ The following table shows the Group Policy settings that are used to deny networ
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><p><strong>No.</strong></p></td>
-<td><p><strong>Setting</strong></p></td>
-<td><p><strong>Detailed Description</strong></p></td>
+<td><p><b>No.</b></p></td>
+<td><p><b>Setting</b></p></td>
+<td><p><b>Detailed Description</b></p></td>
 </tr>
 <tr class="even">
 <td><p></p></td>
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 7f5c4ffe62..25d125585e 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -98,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve
 | Hardware: **Trusted Platform Module (TPM)**  |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.<br>[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**  | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><strong>Important:</strong><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
+| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
 
 > [!IMPORTANT]
 > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide.
@@ -133,5 +133,5 @@ The following table lists qualifications for Windows 10, version 1703, which are
 
 | Protections for Improved Security  | Description  | Security Benefits
 |---|---|---|
-| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:<br>• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.<br>• UEFI runtime service must meet these requirements: <br>&nbsp;&nbsp;&nbsp;&nbsp;- Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. <br>&nbsp;&nbsp;&nbsp;&nbsp;- PE sections need to be page-aligned in memory (not required for in non-volatile storage).<br>&nbsp;&nbsp;&nbsp;&nbsp;- The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. <br><blockquote><p><strong>Notes:</strong><br>• This only applies to UEFI runtime service memory, and not UEFI boot service memory. <br>• This protection is applied by VBS on OS page tables.</p></blockquote><br> Please also note the following: <br>• Do not use sections that are both writeable and executable<br>• Do not attempt to directly modify executable system memory<br>• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.     |
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:<br>• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.<br>• UEFI runtime service must meet these requirements: <br>&nbsp;&nbsp;&nbsp;&nbsp;- Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. <br>&nbsp;&nbsp;&nbsp;&nbsp;- PE sections need to be page-aligned in memory (not required for in non-volatile storage).<br>&nbsp;&nbsp;&nbsp;&nbsp;- The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. <br><blockquote><p><b>Notes:</b><br>• This only applies to UEFI runtime service memory, and not UEFI boot service memory. <br>• This protection is applied by VBS on OS page tables.</p></blockquote><br> Please also note the following: <br>• Do not use sections that are both writeable and executable<br>• Do not attempt to directly modify executable system memory<br>• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.     |
 | Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features. |  • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.<br>• Blocks additional security attacks against SMM. |
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index 33a9c450e1..7a92ed864a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -84,7 +84,7 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
 1. In the **Custom OMA-URI Settings** blade, Click **Add**.
 1. In the **Add Row** blade, type **PIN Reset Settings** in the **Name** field. In the **OMA-URI** field, type **./Device/Vendor/MSFT/PassportForWork/*tenant ID*/Policies/EnablePinRecovery** where <b>*tenant ID*</b> is your Azure Active Directory tenant ID from step 2.
 1. Select **Boolean** from the **Data type** list and select **True** from the **Value** list.
-1. Click **OK** to save the row configuration. Click **OK** to close the <strong>Custom OMA-URI Settings blade.  Click **Create</strong> to save the profile.
+1. Click **OK** to save the row configuration. Click **OK** to close the <b>Custom OMA-URI Settings blade.  Click **Create</b> to save the profile.
  
 #### Assign the PIN Reset Device configuration profile using Microsoft Intune
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index f220db21f6..0fb161ccb5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -17,7 +17,7 @@ ms.reviewer:
 ---
 # Windows Hello for Business Provisioning
 <span id="windows-hello-for-business-provisioning" />
-<strong>Applies to:</strong>
+<b>Applies to:</b>
 -   Windows 10
 
 Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication.  Provisioning experience vary based on:
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index ae11903279..8ea5343d35 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -187,7 +187,7 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 1. On the issuing certificate authority, sign-in as a local administrator.  Start the **Certificate Authority** console from **Administrative Tools**. 
 2. In the navigation pane, right-click the name of the certificate authority and click **Properties**
 3. Click **Extensions**.  On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
-4. On the **Extensions** tab, click **Add**. Type <strong>http://crl.[domainname]/cdp/</strong> in **location**.  For example, *<http://crl.corp.contoso.com/cdp/>* or *<http://crl.contoso.com/cdp/>* (do not forget the trailing forward slash). 
+4. On the **Extensions** tab, click **Add**. Type <b>http://crl.[domainname]/cdp/</b> in **location**.  For example, *<http://crl.corp.contoso.com/cdp/>* or *<http://crl.contoso.com/cdp/>* (do not forget the trailing forward slash). 
    ![CDP New Location dialog box](images/aadj/cdp-extension-new-location.png)
 5. Select **\<CaName>** from the **Variable** list and click **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and click **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and click **Insert**.
 6. Type **.crl** at the end of the text in **Location**. Click **OK**.
@@ -225,7 +225,7 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 
 Validate your new CRL distribution point is working. 
 
-1. Open a web browser.  Navigate to <strong>http://crl.[yourdomain].com/cdp</strong>.  You should see two files created from publishing your new CRL.
+1. Open a web browser.  Navigate to <b>http://crl.[yourdomain].com/cdp</b>.  You should see two files created from publishing your new CRL.
    ![Validate the new CRL](images/aadj/validate-cdp-using-browser.png)
 
 ### Reissue domain controller certificates
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 4e95da0531..373339ebcd 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -58,7 +58,7 @@ Use the following table to compare different Remote Desktop connection security
 |                                                 **Protection benefits**                                                  |                                Credentials on the server are not protected from Pass-the-Hash attacks.                                 |  User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing   |                                                                                  User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server                                                                                   |
 |                                                   **Version support**                                                    |                                        The remote computer can run any Windows operating system                                        | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**. <br /><br />For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). |
 | **Helps prevent**   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; |                             &nbsp;&nbsp;&nbsp;&nbsp; N/A &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                              |                   <ul><li> Pass-the-Hash</li> <li>Use of a credential after disconnection </li></ul>                   |                                                                                                                <ul><li> Pass-the-Hash</li> <li>Use of domain identity during connection </li></ul>                                                                                                                |
-|                             **Credentials supported from the remote desktop client device**                              | <ul><li><strong>Signed on</strong> credentials <li> <strong>Supplied</strong> credentials<li> <strong>Saved</strong> credentials </ul> |                                  <ul><li> <strong>Signed on</strong> credentials only                                  |                                                                                        <ul><li><strong>Signed on</strong> credentials<li><strong>Supplied</strong> credentials<li><strong>Saved</strong> credentials</ul>                                                                                         |
+|                             **Credentials supported from the remote desktop client device**                              | <ul><li><b>Signed on</b> credentials <li> <b>Supplied</b> credentials<li> <b>Saved</b> credentials </ul> |                                  <ul><li> <b>Signed on</b> credentials only                                  |                                                                                        <ul><li><b>Signed on</b> credentials<li><b>Supplied</b> credentials<li><b>Saved</b> credentials</ul>                                                                                         |
 |                                                        **Access**                                                        |                           **Users allowed**, that is, members of Remote Desktop Users group of remote host.                            |                      **Users allowed**, that is, members of Remote Desktop Users of remote host.                       |                                                                                                              **Administrators only**, that is, only members of Administrators group of remote host.                                                                                                               |
 |                                                   **Network identity**                                                   |                               Remote Desktop session **connects to other resources as signed-in user**.                                |                       Remote Desktop session **connects to other resources as signed-in user**.                        |                                                                                                                 Remote Desktop session **connects to other resources as remote host’s identity**.                                                                                                                 |
 |                                                      **Multi-hop**                                                       |                        From the remote desktop, **you can connect through Remote Desktop to another computer**                         |                From the remote desktop, you **can connect through Remote Desktop to another computer**.                |                                                                                                                      Not allowed for user as the session is running as a local host account                                                                                                                       |
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 4a92507705..560f4b240c 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -270,7 +270,7 @@ To better understand each component, review the table below:
 </tr>
 </table>
  
-The slider will never turn UAC completely off. If you set it to <strong>Never notify</strong>, it will:
+The slider will never turn UAC completely off. If you set it to <b>Never notify</b>, it will:
 
 -   Keep the UAC service running.
 -   Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index 96fc9bd8c2..405ffb126f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -252,11 +252,11 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Name</strong></p></td>
-<td align="left"><p><strong>Parameters</strong></p></td>
+<td align="left"><p><b>Name</b></p></td>
+<td align="left"><p><b>Parameters</b></p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Add-BitLockerKeyProtector</strong></p></td>
+<td align="left"><p><b>Add-BitLockerKeyProtector</b></p></td>
 <td align="left"><p>-ADAccountOrGroup</p>
 <p>-ADAccountOrGroupProtector</p>
 <p>-Confirm</p>
@@ -278,26 +278,26 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Backup-BitLockerKeyProtector</strong></p></td>
+<td align="left"><p><b>Backup-BitLockerKeyProtector</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-KeyProtectorId</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Disable-BitLocker</strong></p></td>
+<td align="left"><p><b>Disable-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Disable-BitLockerAutoUnlock</strong></p></td>
+<td align="left"><p><b>Disable-BitLockerAutoUnlock</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Enable-BitLocker</strong></p></td>
+<td align="left"><p><b>Enable-BitLocker</b></p></td>
 <td align="left"><p>-AdAccountOrGroup</p>
 <p>-AdAccountOrGroupProtector</p>
 <p>-Confirm</p>
@@ -322,44 +322,44 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Enable-BitLockerAutoUnlock</strong></p></td>
+<td align="left"><p><b>Enable-BitLockerAutoUnlock</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Get-BitLockerVolume</strong></p></td>
+<td align="left"><p><b>Get-BitLockerVolume</b></p></td>
 <td align="left"><p>-MountPoint</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Lock-BitLocker</strong></p></td>
+<td align="left"><p><b>Lock-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-ForceDismount</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Remove-BitLockerKeyProtector</strong></p></td>
+<td align="left"><p><b>Remove-BitLockerKeyProtector</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-KeyProtectorId</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Resume-BitLocker</strong></p></td>
+<td align="left"><p><b>Resume-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Suspend-BitLocker</strong></p></td>
+<td align="left"><p><b>Suspend-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-RebootCount</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Unlock-BitLocker</strong></p></td>
+<td align="left"><p><b>Unlock-BitLocker</b></p></td>
 <td align="left"><p>-AdAccountOrGroup</p>
 <p>-Confirm</p>
 <p>-MountPoint</p>
@@ -374,7 +374,7 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
  
 Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets.
 A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the <code>Get-BitLocker</code> volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information.
-Occasionally, all protectors may not be shown when using <strong>Get-BitLockerVolume</strong> due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors.
+Occasionally, all protectors may not be shown when using <b>Get-BitLockerVolume</b> due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors.
 
 > **Note:**  In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For volumes with more than four protectors, use the method described in the section below to generate a listing of all protectors with protector ID.
  
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index 436ef15fe7..be8ab9ed7b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -106,39 +106,39 @@ This policy setting allows users on devices that are compliant with Modern Stand
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can allow TPM-only protection for newer, more secure devices, such as devices that support Modern Standby or HSTI, while requiring PIN on older devices.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows 10, version 1703</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>This setting overrides the <b>Require startup PIN with TPM</b> option of the <a href="#bkmk-unlockpol1" data-raw-source="[Require additional authentication at startup](#bkmk-unlockpol1)">Require additional authentication at startup</a> policy on compliant hardware.
 
 </p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Users on Modern Standby and HSTI compliant devices will have the choice to turn on BitLocker without preboot authentication.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The options of the <a href="#bkmk-unlockpol1" data-raw-source="[Require additional authentication at startup](#bkmk-unlockpol1)">Require additional authentication at startup</a> policy apply.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 The preboot authentication option <b>Require startup PIN with TPM</b> of the [Require additional authentication at startup](#bkmk-unlockpol1) policy is often enabled to help ensure security for older devices that do not support Modern Standby.
 But visually impaired users have no audible way to know when to enter a PIN.
@@ -156,37 +156,37 @@ This policy is used in addition to the BitLocker Drive Encryption Network Unlock
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control whether a BitLocker-protected computer that is connected to a trusted local area network and joined to a domain can create and use network key protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Clients configured with a BitLocker Network Unlock certificate can create and use Network Key Protectors.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>Clients cannot create and use Network Key Protectors</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 To use a network key protector to unlock the computer, the computer and the server that hosts BitLocker Drive Encryption Network Unlock must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create a network key protector and to protect the information exchange with the server to unlock the computer. You can use the Group Policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate** on the domain controller to distribute this certificate to computers in your organization. This unlock method uses the TPM on the computer, so computers that do not have a TPM cannot create network key protectors to automatically unlock by using Network Unlock.
 
@@ -205,39 +205,39 @@ This policy setting is used to control which unlock options are available for op
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>If one authentication method is required, the other methods cannot be allowed.</p>
-<p>Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the <strong>Deny write access to removable drives not protected by BitLocker</strong> policy setting is enabled.</p></td>
+<p>Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the <b>Deny write access to removable drives not protected by BitLocker</b> policy setting is enabled.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Users can configure advanced startup options in the BitLocker Setup Wizard.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>Users can configure only basic options on computers with a TPM.</p>
 <p>Only one of the additional authentication options can be required at startup; otherwise, a policy error occurs.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 If you want to use BitLocker on a computer without a TPM, select **Allow BitLocker without a compatible TPM**. In this mode, a password or USB drive is required for startup. The USB drive stores the startup key that is used to encrypt the drive. When the USB drive is inserted, the startup key is authenticated and the operating system drive is accessible. If the USB drive is lost or unavailable, BitLocker recovery is required to access the drive.
 
@@ -282,31 +282,31 @@ This policy setting permits the use of enhanced PINs when you use an unlock meth
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure whether enhanced startup PINs are used with BitLocker.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>All new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs are not affected.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>Enhanced PINs will not be used.</p></td>
 </tr>
 </tbody>
@@ -330,37 +330,37 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure a minimum length for a TPM startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits, and it can have a maximum length of 20 digits. By default, the minimum PIN length is 6.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can require that startup PINs set by users must have a minimum length you choose that is between 4 and 20 digits.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>Users can configure a startup PIN of any length between 6 and 20 digits.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
@@ -413,31 +413,31 @@ This policy setting allows you to configure whether standard users are allowed t
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure whether standard users are allowed to change the PIN or password used to protect the operating system drive.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Standard users are not allowed to change BitLocker PINs or passwords.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>Standard users are permitted to change BitLocker PINs or passwords.</p></td>
 </tr>
 </tbody>
@@ -459,37 +459,37 @@ This policy controls how non-TPM based systems utilize the password protector. U
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can specify the constraints for passwords that are used to unlock operating system drives that are protected with BitLocker.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>Passwords cannot be used if FIPS-compliance is enabled.</p>
 <div class="alert">
-<strong>Note</strong><br/><p>The <strong>System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing</strong> policy setting, which is located at <strong>Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options</strong> specifies whether FIPS-compliance is enabled.</p>
+<b>Note</b><br/><p>The <b>System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing</b> policy setting, which is located at <b>Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options</b> specifies whether FIPS-compliance is enabled.</p>
 </div>
 <div>
 
 </div></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>Users can configure a password that meets the requirements you define. To enforce complexity requirements for the password, select <strong>Require complexity</strong>.</p></td>
+<td align="left"><p><b>When enabled</b></p></td>
+<td align="left"><p>Users can configure a password that meets the requirements you define. To enforce complexity requirements for the password, select <b>Require complexity</b>.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The default length constraint of 8 characters will apply to operating system drive passwords and no complexity checks will occur.</p></td>
 </tr>
 </tbody>
@@ -522,37 +522,37 @@ This policy setting is used to control what unlock options are available for com
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control whether the BitLocker Setup Wizard on computers running Windows Vista or Windows Server 2008 can set up an additional authentication method that is required each time the computer starts.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 and Windows Vista</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives (Windows Server 2008 and Windows Vista)</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>If you choose to require an additional authentication method, other authentication methods cannot be allowed.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>The BitLocker Setup Wizard displays the page that allows the user to configure advanced startup options for BitLocker. You can further configure setting options for computers with or without a TPM.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The BitLocker Setup Wizard displays basic steps that allow users to enable BitLocker on computers with a TPM. In this basic wizard, no additional startup key or startup PIN can be configured.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 6-digit to 20-digit startup PIN.
 
@@ -586,41 +586,41 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>To use smart cards with BitLocker, you may also need to modify the object identifier setting in the <strong>Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance</strong> policy setting to match the object identifier of your smart card certificates.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>To use smart cards with BitLocker, you may also need to modify the object identifier setting in the <b>Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance</b> policy setting to match the object identifier of your smart card certificates.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the <strong>Require use of smart cards on fixed data drives</strong> check box.</p></td>
+<td align="left"><p><b>When enabled</b></p></td>
+<td align="left"><p>Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the <b>Require use of smart cards on fixed data drives</b> check box.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>Users cannot use smart cards to authenticate their access to BitLocker-protected fixed data drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>Smart cards can be used to authenticate user access to a BitLocker-protected drive.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 >**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive by using any of the protectors that are available on the drive.
 
@@ -635,41 +635,41 @@ This policy setting is used to require, allow, or deny the use of passwords with
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can specify whether a password is required to unlock BitLocker-protected fixed data drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>To use password complexity, the <strong>Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements</strong> policy setting must also be enabled.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>To use password complexity, the <b>Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements</b> policy setting must also be enabled.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>Users can configure a password that meets the requirements you define. To require the use of a password, select <strong>Require password for fixed data drive</strong>. To enforce complexity requirements on the password, select <strong>Require complexity</strong>.</p></td>
+<td align="left"><p><b>When enabled</b></p></td>
+<td align="left"><p>Users can configure a password that meets the requirements you define. To require the use of a password, select <b>Require password for fixed data drive</b>. To enforce complexity requirements on the password, select <b>Require complexity</b>.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>The user is not allowed to use a password.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 When set to **Require complexity**, a connection to a domain controller is necessary to validate the complexity of the password when BitLocker is enabled.
 
@@ -699,41 +699,41 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>To use smart cards with BitLocker, you may also need to modify the object identifier setting in the <strong>Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance</strong> policy setting to match the object identifier of your smart card certificates.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>To use smart cards with BitLocker, you may also need to modify the object identifier setting in the <b>Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance</b> policy setting to match the object identifier of your smart card certificates.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the <strong>Require use of smart cards on removable data drives</strong> check box.</p></td>
+<td align="left"><p><b>When enabled</b></p></td>
+<td align="left"><p>Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the <b>Require use of smart cards on removable data drives</b> check box.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>Users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>Smart cards are available to authenticate user access to a BitLocker-protected removable data drive.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 >**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
 
@@ -748,41 +748,41 @@ This policy setting is used to require, allow, or deny the use of passwords with
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can specify whether a password is required to unlock BitLocker-protected removable data drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>To use password complexity, the <strong>Password must meet complexity requirements</strong> policy setting, which is located at <strong>Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy</strong> must also be enabled.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>To use password complexity, the <b>Password must meet complexity requirements</b> policy setting, which is located at <b>Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy</b> must also be enabled.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>Users can configure a password that meets the requirements you define. To require the use of a password, select <strong>Require password for removable data drive</strong>. To enforce complexity requirements on the password, select <strong>Require complexity</strong>.</p></td>
+<td align="left"><p><b>When enabled</b></p></td>
+<td align="left"><p>Users can configure a password that meets the requirements you define. To require the use of a password, select <b>Require password for removable data drive</b>. To enforce complexity requirements on the password, select <b>Require complexity</b>.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>The user is not allowed to use a password.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 If you choose to allow the use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective, the Group Policy setting **Password must meet complexity requirements**, which is located at
 **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy** must also be enabled.
@@ -812,37 +812,37 @@ This policy setting is used to determine what certificate to use with BitLocker.
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can associate an object identifier from a smart card certificate to a BitLocker-protected drive.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed and removable data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>The object identifier that is specified in the <strong>Object identifier</strong> setting must match the object identifier in the smart card certificate.</p></td>
+<td align="left"><p><b>When enabled</b></p></td>
+<td align="left"><p>The object identifier that is specified in the <b>Object identifier</b> setting must match the object identifier in the smart card certificate.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The default object identifier is used.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -863,37 +863,37 @@ This policy setting allows users to enable authentication options that require u
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can allow users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drive</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drive</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Devices must have an alternative means of preboot input (such as an attached USB keyboard).</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The Windows Recovery Environment must be enabled on tablets to support entering the BitLocker recovery password.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 The Windows touch keyboard (such as used by tablets) is not available in the preboot environment where BitLocker requires additional information, such as a PIN or password.
 
@@ -918,37 +918,37 @@ This policy setting is used to require encryption of fixed drives prior to grant
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can set whether BitLocker protection is required for fixed data drives to be writable on a computer.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>See the Reference section for a description of conflicts.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>All fixed data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>All fixed data drives on the computer are mounted with Read and Write access.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -973,37 +973,37 @@ This policy setting is used to require that removable drives are encrypted prior
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure whether BitLocker protection is required for a computer to be able to write data to a removable data drive.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>See the Reference section for a description of conflicts.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>All removable data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>All removable data drives on the computer are mounted with Read and Write access.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 If the **Deny write access to devices configured in another organization** option is selected, only drives with identification fields that match the computer's identification fields are given Write access. When a removable data drive is accessed, it is checked for a valid identification field and allowed identification fields. These fields are defined by the **Provide the unique identifiers for your organization** policy setting.
 
@@ -1026,41 +1026,41 @@ This policy setting is used to prevent users from turning BitLocker on or off on
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control the use of BitLocker on removable data drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can select property settings that control how users can configure BitLocker.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>Users cannot use BitLocker on removable data drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>Users can use BitLocker on removable data drives.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1082,37 +1082,37 @@ This policy setting is used to control the encryption method and cipher strength
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control the encryption method and strength for drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>All drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>Beginning with Windows 10, version 1511, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 The values of this policy determine the strength of the cipher that BitLocker uses for encryption.
 Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128).
@@ -1138,42 +1138,42 @@ This policy controls how BitLocker reacts to systems that are equipped with encr
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can manage BitLocker’s use of hardware-based encryption on fixed data drives and to specify which encryption algorithms BitLocker can use with hardware-based encryption.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>BitLocker cannot use hardware-based encryption with fixed data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>BitLocker software-based encryption is used irrespective of hardware-based encryption ability. 
 </p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 >**Note:**  The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
 
@@ -1193,41 +1193,41 @@ This policy controls how BitLocker reacts when encrypted drives are used as oper
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can manage BitLocker’s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>BitLocker cannot use hardware-based encryption with operating system drives, and BitLocker software-based encryption is used by default when the drive in encrypted.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>BitLocker software-based encryption is used irrespective of hardware-based encryption ability. </p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 If hardware-based encryption is not available, BitLocker software-based encryption is used instead.
 
@@ -1249,41 +1249,41 @@ This policy controls how BitLocker reacts to encrypted drives when they are used
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can manage BitLocker’s use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drive</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>BitLocker cannot use hardware-based encryption with removable data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>BitLocker software-based encryption is used irrespective of hardware-based encryption ability. </p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 If hardware-based encryption is not available, BitLocker software-based encryption is used instead.
 
@@ -1305,37 +1305,37 @@ This policy controls whether fixed data drives utilize Used Space Only encryptio
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure the encryption type that is used by BitLocker.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed data drive</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>This policy defines the encryption type that BitLocker uses to encrypt drives, and the encryption type option is not presented in the BitLocker Setup Wizard.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
 
@@ -1354,37 +1354,37 @@ This policy controls whether operating system drives utilize Full encryption or
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure the encryption type that is used by BitLocker.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drive</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
 
@@ -1403,37 +1403,37 @@ This policy controls whether fixed data drives utilize Full encryption or Used S
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure the encryption type that is used by BitLocker.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drive</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
 
@@ -1452,38 +1452,38 @@ This policy setting is used to configure recovery methods for operating system d
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>You must disallow the use of recovery keys if the <strong>Deny write access to removable drives not protected by BitLocker</strong> policy setting is enabled.</p>
-<p>When using data recovery agents, you must enable the <strong>Provide the unique identifiers for your organization</strong> policy setting.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>You must disallow the use of recovery keys if the <b>Deny write access to removable drives not protected by BitLocker</b> policy setting is enabled.</p>
+<p>When using data recovery agents, you must enable the <b>Provide the unique identifiers for your organization</b> policy setting.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can control the methods that are available to users to recover data from BitLocker-protected operating system drives.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1513,37 +1513,37 @@ This policy setting is used to configure recovery methods for BitLocker-protecte
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control whether the BitLocker Setup Wizard can display and specify BitLocker recovery options.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 and Windows Vista</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the <strong>Do not allow</strong> option for both user recovery options, you must enable the <strong>Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)</strong> policy setting to prevent a policy error.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the <b>Do not allow</b> option for both user recovery options, you must enable the <b>Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)</b> policy setting to prevent a policy error.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can configure the options that the Bitlocker Setup Wizard displays to users for recovering BitLocker encrypted data.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The BitLocker Setup Wizard presents users with ways to store recovery options.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy is only applicable to computers running Windows Server 2008 or Windows Vista. This policy setting is applied when you turn on BitLocker.
 
@@ -1567,37 +1567,37 @@ This policy setting is used to configure the storage of BitLocker recovery infor
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can manage the AD DS backup of BitLocker Drive Encryption recovery information.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 and Windows Vista</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>BitLocker recovery information is not backed up to AD DS.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy is only applicable to computers running Windows Server 2008 or Windows Vista.
 
@@ -1625,37 +1625,37 @@ This policy setting is used to configure the default folder for recovery passwor
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can specify the default path that is displayed when the BitLocker Setup Wizard prompts the user to enter the location of a folder in which to save the recovery password.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Vista</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>All drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify a fully qualified path or include the target computer&#39;s environment variables in the path. If the path is not valid, the BitLocker Setup Wizard displays the computer&#39;s top-level folder view.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The BitLocker Setup Wizard displays the computer&#39;s top-level folder view when the user chooses the option to save the recovery password in a folder.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1672,38 +1672,38 @@ This policy setting is used to configure recovery methods for fixed data drives.
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>You must disallow the use of recovery keys if the <strong>Deny write access to removable drives not protected by BitLocker</strong> policy setting is enabled.</p>
-<p>When using data recovery agents, you must enable and configure the <strong>Provide the unique identifiers for your organization</strong> policy setting.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>You must disallow the use of recovery keys if the <b>Deny write access to removable drives not protected by BitLocker</b> policy setting is enabled.</p>
+<p>When using data recovery agents, you must enable and configure the <b>Provide the unique identifiers for your organization</b> policy setting.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can control the methods that are available to users to recover data from BitLocker-protected fixed data drives.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1733,38 +1733,38 @@ This policy setting is used to configure recovery methods for removable data dri
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control how BitLocker-protected removable data drives are recovered in the absence of the required credentials.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>You must disallow the use of recovery keys if the <strong>Deny write access to removable drives not protected by BitLocker</strong> policy setting is enabled.</p>
-<p>When using data recovery agents, you must enable and configure the <strong>Provide the unique identifiers for your organization</strong> policy setting.</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>You must disallow the use of recovery keys if the <b>Deny write access to removable drives not protected by BitLocker</b> policy setting is enabled.</p>
+<p>When using data recovery agents, you must enable and configure the <b>Provide the unique identifiers for your organization</b> policy setting.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can control the methods that are available to users to recover data from BitLocker-protected removable data drives.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1791,37 +1791,37 @@ This policy setting is used to configure the entire recovery message and to repl
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure the BitLocker recovery screen to display a customized message and URL.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows 10</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ Configure pre-boot recovery message and URL</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>The customized message and URL are displayed on the pre-boot recovery screen. If you have previously enabled a custom recovery message and URL and want to revert to the default message and URL, you must keep the policy setting enabled and select the <strong>Use default recovery message and URL</strong> option.</p></td>
+<td align="left"><p><b>When enabled</b></p></td>
+<td align="left"><p>The customized message and URL are displayed on the pre-boot recovery screen. If you have previously enabled a custom recovery message and URL and want to revert to the default message and URL, you must keep the policy setting enabled and select the <b>Use default recovery message and URL</b> option.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>If the setting has not been previously enabled the default pre-boot recovery screen is displayed for BitLocker recovery. If the setting previously was enabled and is subsequently disabled the last message in Boot Configuration Data (BCD) is displayed whether it was the default recovery message or the custom message.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 Enabling the **Configure the pre-boot recovery message and URL** policy setting allows you to customize the default recovery screen message and URL to assist customers in recovering their key.
 
@@ -1846,38 +1846,38 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>All drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>If you enable <strong>Allow Secure Boot for integrity validation</strong>, make sure the <strong>Configure TPM platform validation profile for native UEFI firmware configurations</strong> Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.</p>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>If you enable <b>Allow Secure Boot for integrity validation</b>, make sure the <b>Configure TPM platform validation profile for native UEFI firmware configurations</b> Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.</p>
 <p>For more information about PCR 7, see <a href="#bkmk-pcr" data-raw-source="[Platform Configuration Register (PCR)](#bkmk-pcr)">Platform Configuration Register (PCR)</a> in this topic.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled or not configured</strong></p></td>
+<td align="left"><p><b>When enabled or not configured</b></p></td>
 <td align="left"><p>BitLocker uses Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>BitLocker uses legacy platform integrity validation, even on systems that are capable of Secure Boot-based integrity validation.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing preboot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8.
 When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored, and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.
@@ -1895,37 +1895,37 @@ This policy setting is used to establish an identifier that is applied to all dr
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can associate unique organizational identifiers to a new drive that is enabled with BitLocker.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>All drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>Identification fields are required to manage certificate-based data recovery agents on BitLocker-protected drives. BitLocker manages and updates certificate-based data recovery agents only when the identification field is present on a drive and it is identical to the value that is configured on the computer.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can configure the identification field on the BitLocker-protected drive and any allowed identification field that is used by your organization.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The identification field is not required.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 These identifiers are stored as the identification field and the allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line tool.
 
@@ -1952,37 +1952,37 @@ This policy setting is used to control whether the computer's memory will be ove
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control computer restart performance at the risk of exposing BitLocker secrets.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Vista</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>All drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>The computer will not overwrite memory when it restarts. Preventing memory overwrite may improve restart performance, but it increases the risk of exposing BitLocker secrets.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>BitLocker secrets are removed from memory when the computer restarts.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material that is used to encrypt data. This policy setting applies only when BitLocker protection is enabled.
 
@@ -1997,37 +1997,37 @@ This policy setting determines what values the TPM measures when it validates ea
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure how the computer&#39;s TPM security hardware secures the BitLocker encryption key.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
 
@@ -2072,37 +2072,37 @@ This policy setting determines what values the TPM measures when it validates ea
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure how the computer&#39;s TPM security hardware secures the BitLocker encryption key.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 and Windows Vista</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker is already turned on with TPM protection.
 
@@ -2147,39 +2147,39 @@ This policy setting determines what values the TPM measures when it validates ea
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure how the computer&#39;s Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>Setting this policy with PCR 7 omitted, overrides the <strong>Allow Secure Boot for integrity validation</strong> Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.</p>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>Setting this policy with PCR 7 omitted, overrides the <b>Allow Secure Boot for integrity validation</b> Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.</p>
 <p>If your environments use TPM and Secure Boot for platform integrity checks, this policy should not be configured.</p>
 <p>For more information about PCR 7, see <a href="#bkmk-pcr" data-raw-source="[Platform Configuration Register (PCR)](#bkmk-pcr)">Platform Configuration Register (PCR)</a> in this topic.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Before you turn on BitLocker, you can configure the boot components that the TPM validates before it unlocks access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker is already turned on with TPM protection.
 
@@ -2222,41 +2222,41 @@ This policy setting determines if you want platform validation data to refresh w
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can control whether platform validation data is refreshed when Windows is started following a BitLocker recovery.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Platform validation data is refreshed when Windows is started following a BitLocker recovery.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>Platform validation data is not refreshed when Windows is started following a BitLocker recovery.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>Platform validation data is refreshed when Windows is started following a BitLocker recovery.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 For more information about the recovery process, see the [BitLocker recovery guide](bitlocker-recovery-guide-plan.md).
 
@@ -2271,41 +2271,41 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can specify Boot Configuration Data (BCD) settings to verify during platform validation.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2012 and Windows 8</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Operating system drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
-<td align="left"><p>When BitLocker is using Secure Boot for platform and Boot Configuration Data integrity validation, the <strong>Use enhanced Boot Configuration Data validation profile</strong> Group Policy setting is ignored (as defined by the <strong>Allow Secure Boot for integrity validation</strong> Group Policy setting).</p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
+<td align="left"><p>When BitLocker is using Secure Boot for platform and Boot Configuration Data integrity validation, the <b>Use enhanced Boot Configuration Data validation profile</b> Group Policy setting is ignored (as defined by the <b>Allow Secure Boot for integrity validation</b> Group Policy setting).</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>You can add additional BCD settings, exclude the BCD settings you specify, or combine inclusion and exclusion lists to create a customized BCD validation profile, which gives you the ability to verify those BCD settings.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>The computer reverts to a BCD profile validation similar to the default BCD profile that is used by Windows 7.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When not configured</strong></p></td>
+<td align="left"><p><b>When not configured</b></p></td>
 <td align="left"><p>The computer verifies the default BCD settings in Windows.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 >**Note:**  The setting that controls boot debugging (0x16000010) is always validated, and it has no effect if it is included in the inclusion or the exclusion list.
 
@@ -2320,37 +2320,37 @@ This policy setting is used to control whether access to drives is allowed by us
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure whether fixed data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2).</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Fixed data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong> and <strong>When not configured</strong></p></td>
+<td align="left"><p><b>When enabled</b> and <b>When not configured</b></p></td>
 <td align="left"><p>Fixed data drives that are formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>Fixed data drives that are formatted with the FAT file system and are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 >**Note:**  This policy setting does not apply to drives that are formatted with the NTFS file system.
 
@@ -2367,37 +2367,37 @@ This policy setting controls access to removable data drives that are using the
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>With this policy setting, you can configure whether removable data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2008 R2 and Windows 7</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>Removable data drives</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
 <td align="left"><p>Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>None</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong> and <strong>When not configured</strong></p></td>
+<td align="left"><p><b>When enabled</b> and <b>When not configured</b></p></td>
 <td align="left"><p>Removable data drives that are formatted with the FAT file system can be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled</strong></p></td>
+<td align="left"><p><b>When disabled</b></p></td>
 <td align="left"><p>Removable data drives that are formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 >**Note:**  This policy setting does not apply to drives that are formatted with the NTFS file system.
 
@@ -2414,37 +2414,37 @@ You can configure the Federal Information Processing Standard (FIPS) setting for
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Policy description</strong></p></td>
+<td align="left"><p><b>Policy description</b></p></td>
 <td align="left"><p>Notes</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Introduced</strong></p></td>
+<td align="left"><p><b>Introduced</b></p></td>
 <td align="left"><p>Windows Server 2003 with SP1</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Drive type</strong></p></td>
+<td align="left"><p><b>Drive type</b></p></td>
 <td align="left"><p>System-wide</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Policy path</strong></p></td>
-<td align="left"><p>Local Policies\Security Options\System cryptography: <strong>Use FIPS compliant algorithms for encryption, hashing, and signing</strong></p></td>
+<td align="left"><p><b>Policy path</b></p></td>
+<td align="left"><p>Local Policies\Security Options\System cryptography: <b>Use FIPS compliant algorithms for encryption, hashing, and signing</b></p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Conflicts</strong></p></td>
+<td align="left"><p><b>Conflicts</b></p></td>
 <td align="left"><p>Some applications, such as Terminal Services, do not support FIPS-140 on all operating systems.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>When enabled</strong></p></td>
+<td align="left"><p><b>When enabled</b></p></td>
 <td align="left"><p>Users will be unable to save a recovery password to any location. This includes AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup wizard to create a recovery password.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>When disabled or not configured</strong></p></td>
+<td align="left"><p><b>When disabled or not configured</b></p></td>
 <td align="left"><p>No BitLocker encryption key is generated</p></td>
 </tr>
 </tbody>
 </table>
 
-<strong>Reference</strong>
+<b>Reference</b>
 
 This policy needs to be enabled before any encryption key is generated for BitLocker. Note that when this policy is enabled, BitLocker prevents creating or using recovery passwords, so recovery keys should be used instead.
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index e4e1a3ffcd..220bed5038 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -126,11 +126,11 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Name</strong></p></td>
-<td align="left"><p><strong>Parameters</strong></p></td>
+<td align="left"><p><b>Name</b></p></td>
+<td align="left"><p><b>Parameters</b></p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Add-BitLockerKeyProtector</strong></p></td>
+<td align="left"><p><b>Add-BitLockerKeyProtector</b></p></td>
 <td align="left"><p>-ADAccountOrGroup</p>
 <p>-ADAccountOrGroupProtector</p>
 <p>-Confirm</p>
@@ -152,26 +152,26 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Backup-BitLockerKeyProtector</strong></p></td>
+<td align="left"><p><b>Backup-BitLockerKeyProtector</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-KeyProtectorId</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Disable-BitLocker</strong></p></td>
+<td align="left"><p><b>Disable-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Disable-BitLockerAutoUnlock</strong></p></td>
+<td align="left"><p><b>Disable-BitLockerAutoUnlock</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Enable-BitLocker</strong></p></td>
+<td align="left"><p><b>Enable-BitLocker</b></p></td>
 <td align="left"><p>-AdAccountOrGroup</p>
 <p>-AdAccountOrGroupProtector</p>
 <p>-Confirm</p>
@@ -196,44 +196,44 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Enable-BitLockerAutoUnlock</strong></p></td>
+<td align="left"><p><b>Enable-BitLockerAutoUnlock</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Get-BitLockerVolume</strong></p></td>
+<td align="left"><p><b>Get-BitLockerVolume</b></p></td>
 <td align="left"><p>-MountPoint</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Lock-BitLocker</strong></p></td>
+<td align="left"><p><b>Lock-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-ForceDismount</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Remove-BitLockerKeyProtector</strong></p></td>
+<td align="left"><p><b>Remove-BitLockerKeyProtector</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-KeyProtectorId</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Resume-BitLocker</strong></p></td>
+<td align="left"><p><b>Resume-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Suspend-BitLocker</strong></p></td>
+<td align="left"><p><b>Suspend-BitLocker</b></p></td>
 <td align="left"><p>-Confirm</p>
 <p>-MountPoint</p>
 <p>-RebootCount</p>
 <p>-WhatIf</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Unlock-BitLocker</strong></p></td>
+<td align="left"><p><b>Unlock-BitLocker</b></p></td>
 <td align="left"><p>-AdAccountOrGroup</p>
 <p>-Confirm</p>
 <p>-MountPoint</p>
diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index 1473dadc79..d6b97d2ac5 100644
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -168,91 +168,91 @@ The following table contains information about both Physical Disk Resources (i.e
 </colgroup>
 <tbody>
 <tr class="odd">
-<td align="left"><p><strong>Action</strong></p></td>
-<td align="left"><p><strong>On owner node of failover volume</strong></p></td>
-<td align="left"><p><strong>On Metadata Server (MDS) of CSV</strong></p></td>
-<td align="left"><p><strong>On (Data Server) DS of CSV</strong></p></td>
-<td align="left"><p><strong>Maintenance Mode</strong></p></td>
+<td align="left"><p><b>Action</b></p></td>
+<td align="left"><p><b>On owner node of failover volume</b></p></td>
+<td align="left"><p><b>On Metadata Server (MDS) of CSV</b></p></td>
+<td align="left"><p><b>On (Data Server) DS of CSV</b></p></td>
+<td align="left"><p><b>Maintenance Mode</b></p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Manage-bde –on</strong></p></td>
+<td align="left"><p><b>Manage-bde –on</b></p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Manage-bde –off</strong></p></td>
+<td align="left"><p><b>Manage-bde –off</b></p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Manage-bde Pause/Resume</strong></p></td>
+<td align="left"><p><b>Manage-bde Pause/Resume</b></p></td>
 <td align="left"><p>Blocked</p></td>
-<td align="left"><p>Blocked<strong></p></td>
+<td align="left"><p>Blocked<b></p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Manage-bde –lock</strong></p></td>
+<td align="left"><p><b>Manage-bde –lock</b></p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>manage-bde –wipe</strong></p></td>
+<td align="left"><p><b>manage-bde –wipe</b></p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Unlock</strong></p></td>
+<td align="left"><p><b>Unlock</b></p></td>
 <td align="left"><p>Automatic via cluster service</p></td>
 <td align="left"><p>Automatic via cluster service</p></td>
 <td align="left"><p>Automatic via cluster service</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>manage-bde –protector –add</strong></p></td>
+<td align="left"><p><b>manage-bde –protector –add</b></p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>manage-bde -protector -delete</strong></p></td>
+<td align="left"><p><b>manage-bde -protector -delete</b></p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>manage-bde –autounlock</strong></p></td>
+<td align="left"><p><b>manage-bde –autounlock</b></p></td>
 <td align="left"><p>Allowed (not recommended)</p></td>
 <td align="left"><p>Allowed (not recommended)</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed (not recommended)</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Manage-bde -upgrade</strong></p></td>
+<td align="left"><p><b>Manage-bde -upgrade</b></p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p><strong>Shrink</strong></p></td>
+<td align="left"><p><b>Shrink</b></p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Blocked</p></td>
 <td align="left"><p>Allowed</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Extend</strong></p></td>
+<td align="left"><p><b>Extend</b></p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Allowed</p></td>
 <td align="left"><p>Blocked</p></td>
@@ -261,7 +261,7 @@ The following table contains information about both Physical Disk Resources (i.e
 </tbody>
 </table>
  
-&gt;</strong>Note:**  Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node
+&gt;</b>Note:**  Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node
  
 In the case where a physical disk resource experiences a failover event during conversion, the new owning node will detect the conversion is not complete and will complete the conversion process.
 
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 23f23e50da..97733a4dd7 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -53,7 +53,7 @@ This table includes info about how unenlightened apps might behave, based on you
         <th align="center">Name-based policies, using the /&#42;AppCompat&#42;/ string or proxy-based policies</th>
     </tr>
    <tr align="left">
-     <td><strong>Not required.</strong> App connects to enterprise cloud resources directly, using an IP address.</td>
+     <td><b>Not required.</b> App connects to enterprise cloud resources directly, using an IP address.</td>
      <td>
         <ul>
             <li>App is entirely blocked from both personal and enterprise cloud resources.</li>
@@ -70,7 +70,7 @@ This table includes info about how unenlightened apps might behave, based on you
     </td>
    </tr>
     <tr align="left">
-     <td><strong>Not required.</strong> App connects to enterprise cloud resources, using a hostname.</td>
+     <td><b>Not required.</b> App connects to enterprise cloud resources, using a hostname.</td>
      <td colspan="2">
         <ul>
             <li>App is blocked from accessing enterprise cloud resources, but can access other network resources.</li>
@@ -80,7 +80,7 @@ This table includes info about how unenlightened apps might behave, based on you
     </td>
    </tr>
     <tr align="left">
-     <td><strong>Allow.</strong> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
+     <td><b>Allow.</b> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
      <td colspan="2">
         <ul>
             <li>App can access both personal and enterprise cloud resources.</li>
@@ -90,7 +90,7 @@ This table includes info about how unenlightened apps might behave, based on you
     </td>
    </tr>
     <tr align="left" colspan="2">
-     <td><strong>Exempt.</strong> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
+     <td><b>Exempt.</b> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
      <td colspan="2">
         <ul>
             <li>App can access both personal and enterprise cloud resources.</li>
@@ -110,7 +110,7 @@ This table includes info about how enlightened apps might behave, based on your
      <th>Networking policy configuration for name-based policies, possibly using the /&#42;AppCompat&#42;/ string, or proxy-based policies</th>
    </tr>
     <tr>
-        <td><strong>Not required.</strong> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
+        <td><b>Not required.</b> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
         <td>
             <ul>
                 <li>App is blocked from accessing enterprise cloud resources, but can access other network resources.</li>
@@ -120,7 +120,7 @@ This table includes info about how enlightened apps might behave, based on your
         </td>
     </tr>
     <tr>
-        <td><strong>Allow.</strong> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
+        <td><b>Allow.</b> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
         <td>
             <ul>
                 <li>App can access both personal and enterprise cloud resources.</li>
@@ -130,7 +130,7 @@ This table includes info about how enlightened apps might behave, based on your
         </td>
     </tr>
     <tr>
-        <td><strong>Exempt.</strong> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
+        <td><b>Exempt.</b> App connects to enterprise cloud resources, using an IP address or a hostname.</td>
         <td>
             <ul>
                 <li>App can access both personal and enterprise cloud resources.</li>
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
index a5baa19809..49a57283b7 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
@@ -190,27 +190,27 @@ For this example, we're going to add Internet Explorer, a desktop app, to the **
             <td>All files signed by any publisher. (Not recommended.)</td>
         </tr>
         <tr>
-            <td><strong>Publisher</strong> selected</td>
+            <td><b>Publisher</b> selected</td>
             <td>All files signed by the named publisher.<p>This might be useful if your company is the publisher and signer of internal line-of-business apps.</td>
         </tr>
         <tr>
-            <td><strong>Publisher</strong> and <strong>Product Name</strong> selected</td>
+            <td><b>Publisher</b> and <b>Product Name</b> selected</td>
             <td>All files for the specified product, signed by the named publisher.</td>
         </tr>
         <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, and <strong>Binary name</strong> selected</td>
+            <td><b>Publisher</b>, <b>Product Name</b>, and <b>Binary name</b> selected</td>
             <td>Any version of the named file or package for the specified product, signed by the named publisher.</td>
         </tr>
         <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, and above</strong>, selected</td>
+            <td><b>Publisher</b>, <b>Product Name</b>, <b>Binary name</b>, and <b>File Version, and above</b>, selected</td>
             <td>Specified version or newer releases of the named file or package for the specified product, signed by the named publisher.<p>This option is recommended for enlightened apps that weren't previously enlightened.</td>
         </tr>
         <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, And below</strong> selected</td>
+            <td><b>Publisher</b>, <b>Product Name</b>, <b>Binary name</b>, and <b>File Version, And below</b> selected</td>
             <td>Specified version or older releases of the named file or package for the specified product, signed by the named publisher.</td>
         </tr>
         <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, Exactly</strong> selected</td>
+            <td><b>Publisher</b>, <b>Product Name</b>, <b>Binary name</b>, and <b>File Version, Exactly</b> selected</td>
             <td>Specified version of the named file or package for the specified product, signed by the named publisher.</td>
         </tr>
     </table>
@@ -403,8 +403,8 @@ There are no default locations included with WIP, you must add each of your netw
        </tr>
        <tr>
            <td>Enterprise Cloud Resources</td>
-           <td><strong>With proxy:</strong> contoso.sharepoint.com,contoso.internalproxy1.com|<br>contoso.visualstudio.com,contoso.internalproxy2.com<p><strong>Without proxy:</strong> contoso.sharepoint.com|contoso.visualstudio.com</td>
-           <td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.<p>If you have multiple resources, you must separate them using the &quot;|&quot; delimiter. If you don't use proxy servers, you must also include the &quot;,&quot; delimiter just before the &quot;|&quot;. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code>.</td>
+           <td><b>With proxy:</b> contoso.sharepoint.com,contoso.internalproxy1.com|<br>contoso.visualstudio.com,contoso.internalproxy2.com<p><b>Without proxy:</b> contoso.sharepoint.com|contoso.visualstudio.com</td>
+           <td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.<p>If you have multiple resources, you must separate them using the &quot;|&quot; delimiter. If you don't use proxy servers, you must also include the &quot;,&quot; delimiter just before the &quot;|&quot;. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p><b>Important</b><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code>.</td>
        </tr>
        <tr>
            <td>Enterprise Network Domain Names (Required)</td>
@@ -422,12 +422,12 @@ There are no default locations included with WIP, you must add each of your netw
            <td>Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.<br><br>This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.<br><br>If you have multiple resources, you must separate them using the &quot;;&quot; delimiter.</td><br/>    </tr>
        <tr>
            <td>Enterprise IPv4 Range (Required)</td>
-           <td><strong>Starting IPv4 Address:</strong> 3.4.0.1<br><strong>Ending IPv4 Address:</strong> 3.4.255.254<br><strong>Custom URI:</strong> 3.4.0.1-3.4.255.254,<br>10.0.0.1-10.255.255.254</td>
+           <td><b>Starting IPv4 Address:</b> 3.4.0.1<br><b>Ending IPv4 Address:</b> 3.4.255.254<br><b>Custom URI:</b> 3.4.0.1-3.4.255.254,<br>10.0.0.1-10.255.255.254</td>
            <td>Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the &quot;,&quot; delimiter.</td>
        </tr>
        <tr>
            <td>Enterprise IPv6 Range</td>
-           <td><strong>Starting IPv6 Address:</strong> 2a01:110::<br><strong>Ending IPv6 Address:</strong> 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff<br><strong>Custom URI:</strong> 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,<br>fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</td>
+           <td><b>Starting IPv6 Address:</b> 2a01:110::<br><b>Ending IPv6 Address:</b> 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff<br><b>Custom URI:</b> 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,<br>fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</td>
            <td>Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the &quot;,&quot; delimiter.</td>
        </tr>
        <tr>
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 8c01645295..a099742145 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -108,7 +108,7 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
 |                 Microsoft Messaging                  |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Messaging<br>**App Type:** Universal app                                                                                                                                        |
 |                         IE11                         |                                                                                                                                                         **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** iexplore.exe<br>**App Type:** Desktop app                                                                                                                                                          |
 |                 OneDrive Sync Client                 |                                                                                                                                                         **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** onedrive.exe<br>**App Type:** Desktop app                                                                                                                                                          |
-|                     OneDrive app                     |                                                                                              **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Microsoftskydrive<br><strong>Product Version:</strong>Product version: 17.21.0.0 (and later)<br>**App Type:** Universal app                                                                                              |
+|                     OneDrive app                     |                                                                                              **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Microsoftskydrive<br><b>Product Version:</b>Product version: 17.21.0.0 (and later)<br>**App Type:** Universal app                                                                                              |
 |                       Notepad                        |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** notepad.exe<br>**App Type:** Desktop app                                                                                                                                                          |
 |                   Microsoft Paint                    |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mspaint.exe<br>**App Type:** Desktop app                                                                                                                                                          |
 |               Microsoft Remote Desktop               |                                                                                                                                                           **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mstsc.exe<br>**App Type:** Desktop app                                                                                                                                                           |
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index 340c9edb2a..c1cd7193c0 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -33,18 +33,18 @@ This table provides info about the most common problems you might encounter whil
     </tr>
     <tr>
         <td>Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.</td>
-        <td><strong>If you’re using Azure RMS:</strong> Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.<br><br><strong>If you’re not using Azure RMS:</strong> Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won&#39;t open or the file opens, but doesn&#39;t contain readable text.</td>
+        <td><b>If you’re using Azure RMS:</b> Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.<br><br><b>If you’re not using Azure RMS:</b> Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won&#39;t open or the file opens, but doesn&#39;t contain readable text.</td>
         <td>Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<br><br>We strongly recommend educating employees about how to limit or eliminate the need for this decryption.</td>
     </tr>
     <tr>
         <td>Direct Access is incompatible with WIP.</td>
         <td>Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource.</td>
-        <td>We recommend that you use VPN for client access to your intranet resources.<br><br><strong>Note</strong><br>VPN is optional and isn’t required by WIP.</td>
+        <td>We recommend that you use VPN for client access to your intranet resources.<br><br><b>Note</b><br>VPN is optional and isn’t required by WIP.</td>
     </tr>
     <tr>
-        <td><strong>NetworkIsolation</strong> Group Policy setting takes precedence over MDM Policy settings.</td>
-        <td>The <strong>NetworkIsolation</strong> Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.</td>
-        <td>If you use both Group Policy and MDM to configure your <strong>NetworkIsolation</strong> settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.</td>
+        <td><b>NetworkIsolation</b> Group Policy setting takes precedence over MDM Policy settings.</td>
+        <td>The <b>NetworkIsolation</b> Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.</td>
+        <td>If you use both Group Policy and MDM to configure your <b>NetworkIsolation</b> settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.</td>
     </tr>
     <tr>
         <td>Cortana can potentially allow data leakage if it’s on the allowed apps list.</td>
@@ -63,7 +63,7 @@ This table provides info about the most common problems you might encounter whil
             <ul>
                 <li>Start the installer directly from the file share.<br><br>-OR-<br><br></li>
                 <li>Decrypt the locally copied files needed by the installer.<br><br>-OR-<br><br></li>
-                <li>Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as <strong>Authoritative</strong> and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list.</li>
+                <li>Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as <b>Authoritative</b> and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list.</li>
             </ul></td>
     </tr>
     <tr>
@@ -74,17 +74,17 @@ This table provides info about the most common problems you might encounter whil
     <tr>
         <td>Redirected folders with Client Side Caching are not compatible with WIP.</td>
         <td>Apps might encounter access errors while attempting to read a cached, offline file.</td>
-        <td>Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.<br><br><strong>Note</strong><br>For more info about Work Folders and Offline Files, see the blog, <a href="https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/" data-raw-source="[Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/)">Work Folders and Offline Files support for Windows Information Protection</a>. If you&#39;re having trouble opening files offline while using Offline Files and WIP, see the support article, <a href="https://support.microsoft.com/kb/3187045" data-raw-source="[Can&#39;t open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/kb/3187045)">Can&#39;t open files offline when you use Offline Files and Windows Information Protection</a>.</td>
+        <td>Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.<br><br><b>Note</b><br>For more info about Work Folders and Offline Files, see the blog, <a href="https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/" data-raw-source="[Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/)">Work Folders and Offline Files support for Windows Information Protection</a>. If you&#39;re having trouble opening files offline while using Offline Files and WIP, see the support article, <a href="https://support.microsoft.com/kb/3187045" data-raw-source="[Can&#39;t open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/kb/3187045)">Can&#39;t open files offline when you use Offline Files and Windows Information Protection</a>.</td>
     </tr>
     <tr>
         <td>An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.</td>
-        <td><p>Data copied from the WIP-managed device is marked as <strong>Work</strong>.<p>Data copied to the WIP-managed device is not marked as <strong>Work</strong>.<p>Local <strong>Work</strong> data copied to the WIP-managed device remains <strong>Work</strong> data.<p><strong>Work</strong> data that is copied between two apps in the same session remains </strong> data.</td>
+        <td><p>Data copied from the WIP-managed device is marked as <b>Work</b>.<p>Data copied to the WIP-managed device is not marked as <b>Work</b>.<p>Local <b>Work</b> data copied to the WIP-managed device remains <b>Work</b> data.<p><b>Work</b> data that is copied between two apps in the same session remains </b> data.</td>
         <td>Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default.</td>
     </tr>
     <tr>
         <td>You can&#39;t upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.</td>
-        <td>A message appears stating that the content is marked as <strong>Work</strong> and the user isn&#39;t given an option to override to <strong>Personal</strong>.</td>
-        <td>Open File Explorer and change the file ownership to <strong>Personal</strong> before you upload.</td>
+        <td>A message appears stating that the content is marked as <b>Work</b> and the user isn&#39;t given an option to override to <b>Personal</b>.</td>
+        <td>Open File Explorer and change the file ownership to <b>Personal</b> before you upload.</td>
     </tr>
     <tr>
         <td>ActiveX controls should be used with caution.</td>
@@ -97,7 +97,7 @@ This table provides info about the most common problems you might encounter whil
         <td>Format drive for NTFS, or use a different drive.</td>
     </tr>
     <tr>
-        <td>WIP isn’t turned on if any of the following folders have the <strong>MakeFolderAvailableOfflineDisabled</strong> option set to <strong>False</strong>:
+        <td>WIP isn’t turned on if any of the following folders have the <b>MakeFolderAvailableOfflineDisabled</b> option set to <b>False</b>:
             <ul>
                 <li>AppDataRoaming</li>
                 <li>Desktop</li>
@@ -115,7 +115,7 @@ This table provides info about the most common problems you might encounter whil
             </ul>
         </td>
         <td>WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager.</td>
-        <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.  You can configure this parameter, as described <a href="https://docs.microsoft.com/windows-server/storage/folder-redirection/disable-offline-files-on-folders" data-raw-source="[here](https://docs.microsoft.com/windows-server/storage/folder-redirection/disable-offline-files-on-folders)">here</a>.<br><br>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see <a href="https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection" data-raw-source="[Can&#39;t open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection)">Can&#39;t open files offline when you use Offline Files and Windows Information Protection</a>.
+        <td>Don’t set the <b>MakeFolderAvailableOfflineDisabled</b> option to <b>False</b> for any of the specified folders.  You can configure this parameter, as described <a href="https://docs.microsoft.com/windows-server/storage/folder-redirection/disable-offline-files-on-folders" data-raw-source="[here](https://docs.microsoft.com/windows-server/storage/folder-redirection/disable-offline-files-on-folders)">here</a>.<br><br>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see <a href="https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection" data-raw-source="[Can&#39;t open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection)">Can&#39;t open files offline when you use Offline Files and Windows Information Protection</a>.
         </td>
     </tr>
     <tr>
@@ -143,7 +143,7 @@ This table provides info about the most common problems you might encounter whil
 Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut.  Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the “Open in app” button.</td>    
     </tr>
     <tr>
-        <td>Microsoft Office Outlook offline data files (PST and OST files) are not marked as <strong>Work</strong> files, and are therefore not protected.
+        <td>Microsoft Office Outlook offline data files (PST and OST files) are not marked as <b>Work</b> files, and are therefore not protected.
         </td>
         <td>If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected. 
         </td>
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 961744bbf6..7353daae25 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -39,30 +39,30 @@ You can try any of the processes included in these scenarios, but you should foc
     </tr>
     <tr>
         <td>Encrypt and decrypt files using File Explorer.</td>
-        <td><strong>For desktop:</strong><br><br>
+        <td><b>For desktop:</b><br><br>
             <ol>
-                <li>Open File Explorer, right-click a work document, and then click <strong>Work</strong> from the <strong>File Ownership</strong> menu.<br>Make sure the file is encrypted by right-clicking the file again, clicking <strong>Advanced</strong> from the <strong>General</strong> tab, and then clicking <strong>Details</strong> from the <strong>Compress or Encrypt attributes</strong> area. The file should show up under the heading, <strong>This enterprise domain can remove or revoke access:</strong> <em>&lt;your_enterprise_identity&gt;</em>. For example, contoso.com.</li>
-                <li>In File Explorer, right-click the same document, and then click <strong>Personal</strong> from the <strong>File Ownership</strong> menu.<br>Make sure the file is decrypted by right-clicking the file again, clicking <strong>Advanced</strong> from the <strong>General</strong> tab, and then verifying that the <strong>Details</strong> button is unavailable.</li>
+                <li>Open File Explorer, right-click a work document, and then click <b>Work</b> from the <b>File Ownership</b> menu.<br>Make sure the file is encrypted by right-clicking the file again, clicking <b>Advanced</b> from the <b>General</b> tab, and then clicking <b>Details</b> from the <b>Compress or Encrypt attributes</b> area. The file should show up under the heading, <b>This enterprise domain can remove or revoke access:</b> <em>&lt;your_enterprise_identity&gt;</em>. For example, contoso.com.</li>
+                <li>In File Explorer, right-click the same document, and then click <b>Personal</b> from the <b>File Ownership</b> menu.<br>Make sure the file is decrypted by right-clicking the file again, clicking <b>Advanced</b> from the <b>General</b> tab, and then verifying that the <b>Details</b> button is unavailable.</li>
             </ol>
-            <strong>For mobile:</strong><br><br>
+            <b>For mobile:</b><br><br>
             <ol>
-                <li>Open the File Explorer app, browse to a file location, click the elipsis (...), and then click <strong>Select</strong> to mark at least one file as work-related.</li>
-                <li>Click the elipsis (...) again, click <strong>File ownership</strong> from the drop down menu, and then click <strong>Work</strong>.<br>Make sure the file is encrypted, by locating the <strong>Briefcase</strong> icon next to the file name.</li>
-                <li>Select the same file, click <strong>File ownership</strong> from the drop down menu, and then click <strong>Personal</strong>.<br>Make sure the file is decrypted and that you&#39;re no longer seeing the <strong>Briefcase</strong> icon next to file name.</li>
+                <li>Open the File Explorer app, browse to a file location, click the elipsis (...), and then click <b>Select</b> to mark at least one file as work-related.</li>
+                <li>Click the elipsis (...) again, click <b>File ownership</b> from the drop down menu, and then click <b>Work</b>.<br>Make sure the file is encrypted, by locating the <b>Briefcase</b> icon next to the file name.</li>
+                <li>Select the same file, click <b>File ownership</b> from the drop down menu, and then click <b>Personal</b>.<br>Make sure the file is decrypted and that you&#39;re no longer seeing the <b>Briefcase</b> icon next to file name.</li>
             </ol>
         </td>
     </tr>
     <tr>
         <td>Create work documents in enterprise-allowed apps.</td>
-        <td><strong>For desktop:</strong><br><br>
+        <td><b>For desktop:</b><br><br>
             <ul>
-                <li>Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.<br>Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.<br><br><strong>Important</strong><br>Certain file types like <code>.exe</code> and <code>.dll</code>, along with certain file paths, such as <code>%windir%</code> and <code>%programfiles%</code> are excluded from automatic encryption.<br><br>For more info about your Enterprise Identity and adding apps to your allowed apps list, see either <a href="create-wip-policy-using-intune-azure.md" data-raw-source="[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md)">Create a Windows Information Protection (WIP) policy using Microsoft Intune</a> or <a href="create-wip-policy-using-configmgr.md" data-raw-source="[Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md)">Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager</a>, based on your deployment system.</li>
+                <li>Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.<br>Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.<br><br><b>Important</b><br>Certain file types like <code>.exe</code> and <code>.dll</code>, along with certain file paths, such as <code>%windir%</code> and <code>%programfiles%</code> are excluded from automatic encryption.<br><br>For more info about your Enterprise Identity and adding apps to your allowed apps list, see either <a href="create-wip-policy-using-intune-azure.md" data-raw-source="[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md)">Create a Windows Information Protection (WIP) policy using Microsoft Intune</a> or <a href="create-wip-policy-using-configmgr.md" data-raw-source="[Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md)">Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager</a>, based on your deployment system.</li>
             </ul>
-            <strong>For mobile:</strong><br><br>
+            <b>For mobile:</b><br><br>
             <ol>
-                <li>Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as <strong>Work</strong> to a local, work-related location.<br>Make sure the document is encrypted, by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as <b>Work</b> to a local, work-related location.<br>Make sure the document is encrypted, by locating the <b>Briefcase</b> icon next to the file name.</li>
                 <li>Open the same document and attempt to save it to a non-work-related location.<br>WIP should stop you from saving the file to this location.</li>
-                <li>Open the same document one last time, make a change to the contents, and then save it again using the <strong>Personal</strong> option.<br>Make sure the file is decrypted and that you&#39;re no longer seeing the <strong>Briefcase</strong> icon next to file name.</li>
+                <li>Open the same document one last time, make a change to the contents, and then save it again using the <b>Personal</b> option.<br>Make sure the file is decrypted and that you&#39;re no longer seeing the <b>Briefcase</b> icon next to file name.</li>
             </ol>
         </td><br/>    </tr>
     <tr>
@@ -70,7 +70,7 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>
             <ol>
                 <li>Start an app that doesn&#39;t appear on your allowed apps list, and then try to open a work-encrypted file.<br>The app shouldn&#39;t be able to access the file.</li>
-                <li>Try double-clicking or tapping on the work-encrypted file.<br>If your default app association is an app not on your allowed apps list, you should get an <strong>Access Denied</strong> error message.</li>
+                <li>Try double-clicking or tapping on the work-encrypted file.<br>If your default app association is an app not on your allowed apps list, you should get an <b>Access Denied</b> error message.</li>
             </ol>
         </td>
     </tr>
@@ -78,9 +78,9 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>Copy and paste from enterprise apps to non-enterprise apps.</td>
         <td>
             <ol>
-                <li>Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn&#39;t appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <strong>Change to personal</strong> or <strong>Keep at work</strong>.</li>
-                <li>Click <strong>Keep at work</strong>.<br>The content isn&#39;t pasted into the non-enterprise app.</li>
-                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to paste the content again.<br>The content is pasted into the non-enterprise app.</li>
+                <li>Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn&#39;t appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <b>Change to personal</b> or <b>Keep at work</b>.</li>
+                <li>Click <b>Keep at work</b>.<br>The content isn&#39;t pasted into the non-enterprise app.</li>
+                <li>Repeat Step 1, but this time click <b>Change to personal</b>, and try to paste the content again.<br>The content is pasted into the non-enterprise app.</li>
                 <li>Try copying and pasting content between apps on your allowed apps list.<br>The content should copy and paste between apps without any warning messages.</li>
             </ol>
         </td>
@@ -89,9 +89,9 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>Drag and drop from enterprise apps to non-enterprise apps.</td>
         <td>
             <ol>
-                <li>Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn&#39;t appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <strong>Keep at work</strong> or <strong>Change to personal</strong>.</li>
-                <li>Click <strong>Keep at work</strong>.<br>The content isn&#39;t dropped into the non-enterprise app.</li>
-                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to drop the content again.<br>The content is dropped into the non-enterprise app.</li>
+                <li>Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn&#39;t appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <b>Keep at work</b> or <b>Change to personal</b>.</li>
+                <li>Click <b>Keep at work</b>.<br>The content isn&#39;t dropped into the non-enterprise app.</li>
+                <li>Repeat Step 1, but this time click <b>Change to personal</b>, and try to drop the content again.<br>The content is dropped into the non-enterprise app.</li>
                 <li>Try dragging and dropping content between apps on your allowed apps list.<br>The content should move between the apps without any warning messages.</li>
             </ol>
         </td>
@@ -100,9 +100,9 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>Share between enterprise apps and non-enterprise apps.</td>
         <td>
             <ol>
-                <li>Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn&#39;t appear on your allowed apps list, like Facebook.<br>You should see a WIP-related warning box, asking you to click either <strong>Keep at work</strong> or <strong>Change to personal</strong>.</li>
-                <li>Click <strong>Keep at work</strong>.<br>The content isn&#39;t shared into Facebook.</li>
-                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to share the content again.<br>The content is shared into Facebook.</li>
+                <li>Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn&#39;t appear on your allowed apps list, like Facebook.<br>You should see a WIP-related warning box, asking you to click either <b>Keep at work</b> or <b>Change to personal</b>.</li>
+                <li>Click <b>Keep at work</b>.<br>The content isn&#39;t shared into Facebook.</li>
+                <li>Repeat Step 1, but this time click <b>Change to personal</b>, and try to share the content again.<br>The content is shared into Facebook.</li>
                 <li>Try sharing content between apps on your allowed apps list.<br>The content should share between the apps without any warning messages.</li>
             </ol>
         </td>
@@ -112,8 +112,8 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>
             <ol>
                 <li>Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.<br>Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.</li>
-                <li>Open File Explorer and make sure your modified files are appearing with a <strong>Lock</strong> icon.</li>
-                <li>Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.<br><br><strong>Note</strong><br>Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.<br><br>A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don&#39;t have access by default, but can be added to your allowed apps list.</li>
+                <li>Open File Explorer and make sure your modified files are appearing with a <b>Lock</b> icon.</li>
+                <li>Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.<br><br><b>Note</b><br>Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.<br><br>A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don&#39;t have access by default, but can be added to your allowed apps list.</li>
             </ol>
         </td>
     </tr>
@@ -130,7 +130,7 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>Verify your shared files can use WIP.</td>
         <td>
             <ol>
-                <li>Download a file from a protected file share, making sure the file is encrypted by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Download a file from a protected file share, making sure the file is encrypted by locating the <b>Briefcase</b> icon next to the file name.</li>
                 <li>Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.</li>
                 <li>Open an app that doesn&#39;t appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.<br>The app shouldn&#39;t be able to access the file share.</li>
             </ol>
@@ -142,7 +142,7 @@ You can try any of the processes included in these scenarios, but you should foc
             <ol>
                 <li>Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.</li>
                 <li>Open SharePoint (or another cloud resource that&#39;s part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.<br>Both browsers should respect the enterprise and personal boundary.</li>
-                <li>Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.<br>IE11 shouldn&#39;t be able to access the sites.<br><br><strong>Note</strong><br>Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as <strong>Work</strong>.</li>
+                <li>Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.<br>IE11 shouldn&#39;t be able to access the sites.<br><br><b>Note</b><br>Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as <b>Work</b>.</li>
             </ol>
         </td>
     </tr>
@@ -150,7 +150,7 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>Verify your Virtual Private Network (VPN) can be auto-triggered.</td>
         <td>
             <ol>
-                <li>Set up your VPN network to start based on the <strong>WIPModeID</strong> setting.<br>For specific info about how to do this, see the <a href="create-vpn-and-wip-policy-using-intune-azure.md" data-raw-source="[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md)">Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune</a> topic.</li>
+                <li>Set up your VPN network to start based on the <b>WIPModeID</b> setting.<br>For specific info about how to do this, see the <a href="create-vpn-and-wip-policy-using-intune-azure.md" data-raw-source="[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md)">Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune</a> topic.</li>
                 <li>Start an app from your allowed apps list.<br>The VPN network should automatically start.</li>
                 <li>Disconnect from your network and then start an app that isn&#39;t on your allowed apps list.<br>The VPN shouldn&#39;t start and the app shouldn&#39;t be able to access your enterprise network.</li>
             </ol>
@@ -160,7 +160,7 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>Unenroll client devices from WIP.</td>
         <td>
             <ul>
-                <li>Unenroll a device from WIP by going to <strong>Settings</strong>, click <strong>Accounts</strong>, click <strong>Work</strong>, click the name of the device you want to unenroll, and then click <strong>Remove</strong>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<br><br><strong>Important</strong><br>On desktop devices, the data isn&#39;t removed and can be recovered, so you must make sure the content is marked as <strong>Revoked</strong> and that access is denied for the employee. On mobile devices, the data is removed.</li>
+                <li>Unenroll a device from WIP by going to <b>Settings</b>, click <b>Accounts</b>, click <b>Work</b>, click the name of the device you want to unenroll, and then click <b>Remove</b>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<br><br><b>Important</b><br>On desktop devices, the data isn&#39;t removed and can be recovered, so you must make sure the content is marked as <b>Revoked</b> and that access is denied for the employee. On mobile devices, the data is removed.</li>
             </ul>
         </td>
     </tr>
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index d0474f5941..4289b8d65a 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -157,7 +157,7 @@ This event generates on the computer to which the logon was performed (target co
 
     -   “dadmin” – claim value.
 
-**Device Claims** \[Type = UnicodeString\]**:** list of device claims for new logon session. For user accounts this field typically has “**-**“ value<strong>.</strong> For computer accounts this field has device claims listed.
+**Device Claims** \[Type = UnicodeString\]**:** list of device claims for new logon session. For user accounts this field typically has “**-**“ value<b>.</b> For computer accounts this field has device claims listed.
 
 ## Security Monitoring Recommendations
 
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index 45dcd000c9..bc6d20907b 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -274,5 +274,5 @@ For file system and registry objects, the following recommendations apply.
 
 - If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.**
 
-- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<strong>.</strong> For example, you could monitor the **ntds.dit** file on domain controllers.
+- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<b>.</b> For example, you could monitor the **ntds.dit** file on domain controllers.
 
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index 1641acbc10..81b9fd94a0 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -22,7 +22,7 @@ ms.author: dansimp
 
 <img src="images/event-4672.png" alt="Event 4672 illustration" width="449" height="503" hspace="10" align="left" />
 </br>
-<strong><em>Subcategory:</em></strong>&nbsp;<a href="audit-special-logon.md" data-raw-source="[Audit Special Logon](audit-special-logon.md)">Audit Special Logon</a>
+<b><em>Subcategory:</em></b>&nbsp;<a href="audit-special-logon.md" data-raw-source="[Audit Special Logon](audit-special-logon.md)">Audit Special Logon</a>
 
 ***Event Description:***
 
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index 1caa24d32d..dc2d0e52fe 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -135,40 +135,40 @@ Failure event generates when service call attempt fails.
 
 |     **Subcategory of event**      |                        **Privilege Name: <br>User Right Group Policy Name**                         |                                                                                                                                                                                           **Description**                                                                                                                                                                                           |
 |-----------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Non Sensitive Privilege Use |               <strong>SeChangeNotifyPrivilege: <br></strong>Bypass traverse checking                | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. <br>With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
-| Audit Non Sensitive Privilege Use |                 <strong>SeCreateGlobalPrivilege: <br></strong>Create global objects                 |                                                                                                                                              Required to create named file mapping objects in the global namespace during Terminal Services sessions.                                                                                                                                               |
-| Audit Non Sensitive Privilege Use |                  <strong>SeCreatePagefilePrivilege: <br></strong>Create a pagefile                  |                                                                                                                                                             With this privilege, the user can create and change the size of a pagefile.                                                                                                                                                             |
-| Audit Non Sensitive Privilege Use |          <strong>SeCreatePermanentPrivilege: <br></strong>Create permanent shared objects           |                                                                Required to create a permanent object. <br>This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege.                                                                 |
-| Audit Non Sensitive Privilege Use |              <strong>SeCreateSymbolicLinkPrivilege: <br></strong>Create symbolic links              |                                                                                                                                                                                 Required to create a symbolic link.                                                                                                                                                                                 |
-| Audit Non Sensitive Privilege Use |         <strong>SeIncreaseBasePriorityPrivilege: <br></strong>Increase scheduling priority          |                            Required to increase the base priority of a process. <br>With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.                             |
-| Audit Non Sensitive Privilege Use |          <strong>SeIncreaseQuotaPrivilege: <br></strong>Adjust memory quotas for a process          |                                                                                                                      Required to increase the quota assigned to a process. <br>With this privilege, the user can change the maximum memory that can be consumed by a process.                                                                                                                       |
-| Audit Non Sensitive Privilege Use |         <strong>SeIncreaseWorkingSetPrivilege: <br></strong>Increase a process working set          |                                                                                                                                                         Required to allocate more memory for applications that run in the context of users.                                                                                                                                                         |
-| Audit Non Sensitive Privilege Use |                  <strong>SeLockMemoryPrivilege: <br></strong>Lock pages in memory                   |                         Required to lock physical pages in memory. <br>With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                         |
-| Audit Non Sensitive Privilege Use |             <strong>SeMachineAccountPrivilege: <br></strong>Add workstations to domain              |                                                                                                                                        With this privilege, the user can create a computer account. <br>This privilege is valid only on domain controllers.                                                                                                                                         |
-| Audit Non Sensitive Privilege Use |           <strong>SeManageVolumePrivilege: <br></strong>Perform volume maintenance tasks            |                                                                                                                                                           Required to run maintenance tasks on a volume, such as remote defragmentation.                                                                                                                                                            |
-| Audit Non Sensitive Privilege Use |            <strong>SeProfileSingleProcessPrivilege: <br></strong>Profile single process             |                                                                                                      Required to gather profiling information for a single process. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes.                                                                                                      |
-| Audit Non Sensitive Privilege Use |                   <strong>SeRelabelPrivilege: <br></strong>Modify an object label                   |                                                                                                                                                                   Required to modify the mandatory integrity level of an object.                                                                                                                                                                    |
-| Audit Non Sensitive Privilege Use |         <strong>SeRemoteShutdownPrivilege: <br></strong>Force shutdown from a remote system         |                                                                                                                                                                       Required to shut down a system using a network request.                                                                                                                                                                       |
-| Audit Non Sensitive Privilege Use |                   <strong>SeShutdownPrivilege: <br></strong>Shut down the system                    |                                                                                                                                                                                Required to shut down a local system.                                                                                                                                                                                |
-| Audit Non Sensitive Privilege Use |            <strong>SeSyncAgentPrivilege: <br></strong>Synchronize directory service data            |      This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. <br>With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization.       |
-| Audit Non Sensitive Privilege Use |              <strong>SeSystemProfilePrivilege: <br></strong>Profile system performance              |                                                                                                       Required to gather profiling information for the entire system. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of system processes.                                                                                                        |
-| Audit Non Sensitive Privilege Use |                 <strong>SeSystemtimePrivilege: <br></strong>Change the system time                  |                     Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. <br>If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.                      |
-| Audit Non Sensitive Privilege Use |                   <strong>SeTimeZonePrivilege: <br></strong>Change the time zone                    |                                                                                                                                                           Required to adjust the time zone associated with the computer's internal clock.                                                                                                                                                           |
-| Audit Non Sensitive Privilege Use | <strong>SeTrustedCredManAccessPrivilege: <br></strong>Access Credential Manager as a trusted caller |                                                                                                                                                                     Required to access Credential Manager as a trusted caller.                                                                                                                                                                      |
-| Audit Non Sensitive Privilege Use |            <strong>SeUndockPrivilege: <br></strong>Remove computer from docking station             |                                                                                                                             Required to undock a laptop. <br>With this privilege, the user can undock a portable computer from its docking station without logging on.                                                                                                                              |
+| Audit Non Sensitive Privilege Use |               <b>SeChangeNotifyPrivilege: <br></b>Bypass traverse checking                | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. <br>With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
+| Audit Non Sensitive Privilege Use |                 <b>SeCreateGlobalPrivilege: <br></b>Create global objects                 |                                                                                                                                              Required to create named file mapping objects in the global namespace during Terminal Services sessions.                                                                                                                                               |
+| Audit Non Sensitive Privilege Use |                  <b>SeCreatePagefilePrivilege: <br></b>Create a pagefile                  |                                                                                                                                                             With this privilege, the user can create and change the size of a pagefile.                                                                                                                                                             |
+| Audit Non Sensitive Privilege Use |          <b>SeCreatePermanentPrivilege: <br></b>Create permanent shared objects           |                                                                Required to create a permanent object. <br>This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege.                                                                 |
+| Audit Non Sensitive Privilege Use |              <b>SeCreateSymbolicLinkPrivilege: <br></b>Create symbolic links              |                                                                                                                                                                                 Required to create a symbolic link.                                                                                                                                                                                 |
+| Audit Non Sensitive Privilege Use |         <b>SeIncreaseBasePriorityPrivilege: <br></b>Increase scheduling priority          |                            Required to increase the base priority of a process. <br>With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.                             |
+| Audit Non Sensitive Privilege Use |          <b>SeIncreaseQuotaPrivilege: <br></b>Adjust memory quotas for a process          |                                                                                                                      Required to increase the quota assigned to a process. <br>With this privilege, the user can change the maximum memory that can be consumed by a process.                                                                                                                       |
+| Audit Non Sensitive Privilege Use |         <b>SeIncreaseWorkingSetPrivilege: <br></b>Increase a process working set          |                                                                                                                                                         Required to allocate more memory for applications that run in the context of users.                                                                                                                                                         |
+| Audit Non Sensitive Privilege Use |                  <b>SeLockMemoryPrivilege: <br></b>Lock pages in memory                   |                         Required to lock physical pages in memory. <br>With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                         |
+| Audit Non Sensitive Privilege Use |             <b>SeMachineAccountPrivilege: <br></b>Add workstations to domain              |                                                                                                                                        With this privilege, the user can create a computer account. <br>This privilege is valid only on domain controllers.                                                                                                                                         |
+| Audit Non Sensitive Privilege Use |           <b>SeManageVolumePrivilege: <br></b>Perform volume maintenance tasks            |                                                                                                                                                           Required to run maintenance tasks on a volume, such as remote defragmentation.                                                                                                                                                            |
+| Audit Non Sensitive Privilege Use |            <b>SeProfileSingleProcessPrivilege: <br></b>Profile single process             |                                                                                                      Required to gather profiling information for a single process. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes.                                                                                                      |
+| Audit Non Sensitive Privilege Use |                   <b>SeRelabelPrivilege: <br></b>Modify an object label                   |                                                                                                                                                                   Required to modify the mandatory integrity level of an object.                                                                                                                                                                    |
+| Audit Non Sensitive Privilege Use |         <b>SeRemoteShutdownPrivilege: <br></b>Force shutdown from a remote system         |                                                                                                                                                                       Required to shut down a system using a network request.                                                                                                                                                                       |
+| Audit Non Sensitive Privilege Use |                   <b>SeShutdownPrivilege: <br></b>Shut down the system                    |                                                                                                                                                                                Required to shut down a local system.                                                                                                                                                                                |
+| Audit Non Sensitive Privilege Use |            <b>SeSyncAgentPrivilege: <br></b>Synchronize directory service data            |      This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. <br>With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization.       |
+| Audit Non Sensitive Privilege Use |              <b>SeSystemProfilePrivilege: <br></b>Profile system performance              |                                                                                                       Required to gather profiling information for the entire system. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of system processes.                                                                                                        |
+| Audit Non Sensitive Privilege Use |                 <b>SeSystemtimePrivilege: <br></b>Change the system time                  |                     Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. <br>If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.                      |
+| Audit Non Sensitive Privilege Use |                   <b>SeTimeZonePrivilege: <br></b>Change the time zone                    |                                                                                                                                                           Required to adjust the time zone associated with the computer's internal clock.                                                                                                                                                           |
+| Audit Non Sensitive Privilege Use | <b>SeTrustedCredManAccessPrivilege: <br></b>Access Credential Manager as a trusted caller |                                                                                                                                                                     Required to access Credential Manager as a trusted caller.                                                                                                                                                                      |
+| Audit Non Sensitive Privilege Use |            <b>SeUndockPrivilege: <br></b>Remove computer from docking station             |                                                                                                                             Required to undock a laptop. <br>With this privilege, the user can undock a portable computer from its docking station without logging on.                                                                                                                              |
 
 |   **Subcategory of event**    |                               **Privilege Name: <br>User Right Group Policy Name**                               |                                                                                                                                                                                                                                                                                                        **Description**                                                                                                                                                                                                                                                                                                         |
 |-------------------------------|------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Sensitive Privilege Use |                <strong>SeAssignPrimaryTokenPrivilege: <br></strong>Replace a process-level token                 |                                                                                                                                                                     Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess.                                                                                                                                                                      |
-| Audit Sensitive Privilege Use |                         <strong>SeAuditPrivilege: <br></strong>Generate security audits                          |                                                                                                                                                                                                                                                                               With this privilege, the user can add entries to the security log.                                                                                                                                                                                                                                                                               |
-| Audit Sensitive Privilege Use |                        <strong>SeCreateTokenPrivilege: <br></strong>Create a token object                        |                                                                                                                         Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it.                                                                                                                          |
-| Audit Sensitive Privilege Use |                              <strong>SeDebugPrivilege: <br></strong>Debug programs                               |                                                                                                 Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components.                                                                                                  |
-| Audit Sensitive Privilege Use |              <strong>SeImpersonatePrivilege: <br></strong>Impersonate a client after authentication              |                                                                                                                                                                                                                                                                                 With this privilege, the user can impersonate other accounts.                                                                                                                                                                                                                                                                                  |
-| Audit Sensitive Privilege Use |                    <strong>SeLoadDriverPrivilege: <br></strong>Load and unload device drivers                    |                                                                                                                                                                                                   Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers.                                                                                                                                                                                                    |
-| Audit Sensitive Privilege Use |                         <strong>SeLockMemoryPrivilege: <br></strong>Lock pages in memory                         |                                                                                                                                        Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                                                                                                                                         |
-| Audit Sensitive Privilege Use |              <strong>SeSystemEnvironmentPrivilege: <br></strong>Modify firmware environment values               |                                                                                                                                                                                                                                                       Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information.                                                                                                                                                                                                                                                       |
-| Audit Sensitive Privilege Use |                     <strong>SeTcbPrivilege: <br></strong>Act as part of the operating system                     |                                                                                                                                                                                          This privilege identifies its holder as part of the trusted computer base. This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user.                                                                                                                                                                                           |
-| Audit Sensitive Privilege Use | <strong>SeEnableDelegationPrivilege: <br></strong>Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the **Trusted for Deleg**ation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. |
+| Audit Sensitive Privilege Use |                <b>SeAssignPrimaryTokenPrivilege: <br></b>Replace a process-level token                 |                                                                                                                                                                     Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess.                                                                                                                                                                      |
+| Audit Sensitive Privilege Use |                         <b>SeAuditPrivilege: <br></b>Generate security audits                          |                                                                                                                                                                                                                                                                               With this privilege, the user can add entries to the security log.                                                                                                                                                                                                                                                                               |
+| Audit Sensitive Privilege Use |                        <b>SeCreateTokenPrivilege: <br></b>Create a token object                        |                                                                                                                         Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it.                                                                                                                          |
+| Audit Sensitive Privilege Use |                              <b>SeDebugPrivilege: <br></b>Debug programs                               |                                                                                                 Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components.                                                                                                  |
+| Audit Sensitive Privilege Use |              <b>SeImpersonatePrivilege: <br></b>Impersonate a client after authentication              |                                                                                                                                                                                                                                                                                 With this privilege, the user can impersonate other accounts.                                                                                                                                                                                                                                                                                  |
+| Audit Sensitive Privilege Use |                    <b>SeLoadDriverPrivilege: <br></b>Load and unload device drivers                    |                                                                                                                                                                                                   Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers.                                                                                                                                                                                                    |
+| Audit Sensitive Privilege Use |                         <b>SeLockMemoryPrivilege: <br></b>Lock pages in memory                         |                                                                                                                                        Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                                                                                                                                         |
+| Audit Sensitive Privilege Use |              <b>SeSystemEnvironmentPrivilege: <br></b>Modify firmware environment values               |                                                                                                                                                                                                                                                       Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information.                                                                                                                                                                                                                                                       |
+| Audit Sensitive Privilege Use |                     <b>SeTcbPrivilege: <br></b>Act as part of the operating system                     |                                                                                                                                                                                          This privilege identifies its holder as part of the trusted computer base. This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user.                                                                                                                                                                                           |
+| Audit Sensitive Privilege Use | <b>SeEnableDelegationPrivilege: <br></b>Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the **Trusted for Deleg**ation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. |
 
 ## Security Monitoring Recommendations
 
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index b4146f681a..5781254277 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -157,42 +157,42 @@ Failure event generates when operation attempt fails.
 
 |     **Subcategory of event**      |                        **Privilege Name: <br>User Right Group Policy Name**                         |                                                                                                                                                                                           **Description**                                                                                                                                                                                           |
 |-----------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Non Sensitive Privilege Use |               <strong>SeChangeNotifyPrivilege: <br></strong>Bypass traverse checking                | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. <br>With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
-| Audit Non Sensitive Privilege Use |                 <strong>SeCreateGlobalPrivilege: <br></strong>Create global objects                 |                                                                                                                                              Required to create named file mapping objects in the global namespace during Terminal Services sessions.                                                                                                                                               |
-| Audit Non Sensitive Privilege Use |                  <strong>SeCreatePagefilePrivilege: <br></strong>Create a pagefile                  |                                                                                                                                                             With this privilege, the user can create and change the size of a pagefile.                                                                                                                                                             |
-| Audit Non Sensitive Privilege Use |          <strong>SeCreatePermanentPrivilege: <br></strong>Create permanent shared objects           |                                                                Required to create a permanent object. <br>This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege.                                                                 |
-| Audit Non Sensitive Privilege Use |              <strong>SeCreateSymbolicLinkPrivilege: <br></strong>Create symbolic links              |                                                                                                                                                                                 Required to create a symbolic link.                                                                                                                                                                                 |
-| Audit Non Sensitive Privilege Use |         <strong>SeIncreaseBasePriorityPrivilege: <br></strong>Increase scheduling priority          |                             Required to increase the base priority of a process.<br>With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.                             |
-| Audit Non Sensitive Privilege Use |          <strong>SeIncreaseQuotaPrivilege: <br></strong>Adjust memory quotas for a process          |                                                                                                                      Required to increase the quota assigned to a process. <br>With this privilege, the user can change the maximum memory that can be consumed by a process.                                                                                                                       |
-| Audit Non Sensitive Privilege Use |         <strong>SeIncreaseWorkingSetPrivilege: <br></strong>Increase a process working set          |                                                                                                                                                         Required to allocate more memory for applications that run in the context of users.                                                                                                                                                         |
-| Audit Non Sensitive Privilege Use |                  <strong>SeLockMemoryPrivilege: <br></strong>Lock pages in memory                   |                         Required to lock physical pages in memory. <br>With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                         |
-| Audit Non Sensitive Privilege Use |             <strong>SeMachineAccountPrivilege: <br></strong>Add workstations to domain              |                                                                                                                                          With this privilege, the user can create a computer account. This privilege is valid only on domain controllers.                                                                                                                                           |
-| Audit Non Sensitive Privilege Use |           <strong>SeManageVolumePrivilege: <br></strong>Perform volume maintenance tasks            |                                                                                                                                                           Required to run maintenance tasks on a volume, such as remote defragmentation.                                                                                                                                                            |
-| Audit Non Sensitive Privilege Use |            <strong>SeProfileSingleProcessPrivilege: <br></strong>Profile single process             |                                                                                                      Required to gather profiling information for a single process. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes.                                                                                                      |
-| Audit Non Sensitive Privilege Use |                   <strong>SeRelabelPrivilege: <br></strong>Modify an object label                   |                                                                                                                                                                   Required to modify the mandatory integrity level of an object.                                                                                                                                                                    |
-| Audit Non Sensitive Privilege Use |         <strong>SeRemoteShutdownPrivilege: <br></strong>Force shutdown from a remote system         |                                                                                                                                                                       Required to shut down a system using a network request.                                                                                                                                                                       |
-| Audit Non Sensitive Privilege Use |                   <strong>SeShutdownPrivilege: <br></strong>Shut down the system                    |                                                                                                                                                                                Required to shut down a local system.                                                                                                                                                                                |
-| Audit Non Sensitive Privilege Use |            <strong>SeSyncAgentPrivilege: <br></strong>Synchronize directory service data            |      This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. <br>With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization.       |
-| Audit Non Sensitive Privilege Use |              <strong>SeSystemProfilePrivilege: <br></strong>Profile system performance              |                                                                                                       Required to gather profiling information for the entire system. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of system processes.                                                                                                        |
-| Audit Non Sensitive Privilege Use |                 <strong>SeSystemtimePrivilege: <br></strong>Change the system time                  |                     Required to modify the system time. <br>With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.                      |
-| Audit Non Sensitive Privilege Use |                   <strong>SeTimeZonePrivilege: <br></strong>Change the time zone                    |                                                                                                                                                           Required to adjust the time zone associated with the computer's internal clock.                                                                                                                                                           |
-| Audit Non Sensitive Privilege Use | <strong>SeTrustedCredManAccessPrivilege: <br></strong>Access Credential Manager as a trusted caller |                                                                                                                                                                     Required to access Credential Manager as a trusted caller.                                                                                                                                                                      |
-| Audit Non Sensitive Privilege Use |            <strong>SeUndockPrivilege: <br></strong>Remove computer from docking station             |                                                                                                                             Required to undock a laptop. <br>With this privilege, the user can undock a portable computer from its docking station without logging on.                                                                                                                              |
+| Audit Non Sensitive Privilege Use |               <b>SeChangeNotifyPrivilege: <br></b>Bypass traverse checking                | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. <br>With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
+| Audit Non Sensitive Privilege Use |                 <b>SeCreateGlobalPrivilege: <br></b>Create global objects                 |                                                                                                                                              Required to create named file mapping objects in the global namespace during Terminal Services sessions.                                                                                                                                               |
+| Audit Non Sensitive Privilege Use |                  <b>SeCreatePagefilePrivilege: <br></b>Create a pagefile                  |                                                                                                                                                             With this privilege, the user can create and change the size of a pagefile.                                                                                                                                                             |
+| Audit Non Sensitive Privilege Use |          <b>SeCreatePermanentPrivilege: <br></b>Create permanent shared objects           |                                                                Required to create a permanent object. <br>This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege.                                                                 |
+| Audit Non Sensitive Privilege Use |              <b>SeCreateSymbolicLinkPrivilege: <br></b>Create symbolic links              |                                                                                                                                                                                 Required to create a symbolic link.                                                                                                                                                                                 |
+| Audit Non Sensitive Privilege Use |         <b>SeIncreaseBasePriorityPrivilege: <br></b>Increase scheduling priority          |                             Required to increase the base priority of a process.<br>With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.                             |
+| Audit Non Sensitive Privilege Use |          <b>SeIncreaseQuotaPrivilege: <br></b>Adjust memory quotas for a process          |                                                                                                                      Required to increase the quota assigned to a process. <br>With this privilege, the user can change the maximum memory that can be consumed by a process.                                                                                                                       |
+| Audit Non Sensitive Privilege Use |         <b>SeIncreaseWorkingSetPrivilege: <br></b>Increase a process working set          |                                                                                                                                                         Required to allocate more memory for applications that run in the context of users.                                                                                                                                                         |
+| Audit Non Sensitive Privilege Use |                  <b>SeLockMemoryPrivilege: <br></b>Lock pages in memory                   |                         Required to lock physical pages in memory. <br>With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                         |
+| Audit Non Sensitive Privilege Use |             <b>SeMachineAccountPrivilege: <br></b>Add workstations to domain              |                                                                                                                                          With this privilege, the user can create a computer account. This privilege is valid only on domain controllers.                                                                                                                                           |
+| Audit Non Sensitive Privilege Use |           <b>SeManageVolumePrivilege: <br></b>Perform volume maintenance tasks            |                                                                                                                                                           Required to run maintenance tasks on a volume, such as remote defragmentation.                                                                                                                                                            |
+| Audit Non Sensitive Privilege Use |            <b>SeProfileSingleProcessPrivilege: <br></b>Profile single process             |                                                                                                      Required to gather profiling information for a single process. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes.                                                                                                      |
+| Audit Non Sensitive Privilege Use |                   <b>SeRelabelPrivilege: <br></b>Modify an object label                   |                                                                                                                                                                   Required to modify the mandatory integrity level of an object.                                                                                                                                                                    |
+| Audit Non Sensitive Privilege Use |         <b>SeRemoteShutdownPrivilege: <br></b>Force shutdown from a remote system         |                                                                                                                                                                       Required to shut down a system using a network request.                                                                                                                                                                       |
+| Audit Non Sensitive Privilege Use |                   <b>SeShutdownPrivilege: <br></b>Shut down the system                    |                                                                                                                                                                                Required to shut down a local system.                                                                                                                                                                                |
+| Audit Non Sensitive Privilege Use |            <b>SeSyncAgentPrivilege: <br></b>Synchronize directory service data            |      This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. <br>With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization.       |
+| Audit Non Sensitive Privilege Use |              <b>SeSystemProfilePrivilege: <br></b>Profile system performance              |                                                                                                       Required to gather profiling information for the entire system. <br>With this privilege, the user can use performance monitoring tools to monitor the performance of system processes.                                                                                                        |
+| Audit Non Sensitive Privilege Use |                 <b>SeSystemtimePrivilege: <br></b>Change the system time                  |                     Required to modify the system time. <br>With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.                      |
+| Audit Non Sensitive Privilege Use |                   <b>SeTimeZonePrivilege: <br></b>Change the time zone                    |                                                                                                                                                           Required to adjust the time zone associated with the computer's internal clock.                                                                                                                                                           |
+| Audit Non Sensitive Privilege Use | <b>SeTrustedCredManAccessPrivilege: <br></b>Access Credential Manager as a trusted caller |                                                                                                                                                                     Required to access Credential Manager as a trusted caller.                                                                                                                                                                      |
+| Audit Non Sensitive Privilege Use |            <b>SeUndockPrivilege: <br></b>Remove computer from docking station             |                                                                                                                             Required to undock a laptop. <br>With this privilege, the user can undock a portable computer from its docking station without logging on.                                                                                                                              |
 
 |   **Subcategory of event**    |                  **Privilege Name: <br>User Right Group Policy Name**                   |                                                                                                                                                                                                                                                                                                                                                                                                    **Description**                                                                                                                                                                                                                                                                                                                                                                                                    |
 |-------------------------------|-----------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Sensitive Privilege Use |    <strong>SeAssignPrimaryTokenPrivilege: <br></strong>Replace a process-level token    |                                                                                                                                                                                                                                                               Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. <br>With this privilege, the user can initiate a process to replace the default token associated with a started subprocess.                                                                                                                                                                                                                                                               |
-| Audit Sensitive Privilege Use |             <strong>SeAuditPrivilege: <br></strong>Generate security audits             |                                                                                                                                                                                                                                                                                                                                                                          With this privilege, the user can add entries to the security log.                                                                                                                                                                                                                                                                                                                                                                           |
-| Audit Sensitive Privilege Use |          <strong>SeBackupPrivilege: <br></strong>Back up files and directories          |                                                     -   Required to perform backup operations. <br>With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](https://msdn.microsoft.com/library/windows/desktop/ms721532(v=vs.85).aspx#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. <br>The following access rights are granted if this privilege is held:<br>READ\_CONTROL<br>ACCESS\_SYSTEM\_SECURITY<br>FILE\_GENERIC\_READ<br>FILE\_TRAVERSE                                                     |
-| Audit Sensitive Privilege Use |           <strong>SeCreateTokenPrivilege: <br></strong>Create a token object            |                                                                                                                                                                                                                   Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. <br>When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it.                                                                                                                                                                                                                   |
-| Audit Sensitive Privilege Use |                  <strong>SeDebugPrivilege: <br></strong>Debug programs                  |                                                                                                                                                                                         Required to debug and adjust the memory of a process owned by another account. <br>With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. <br>This user right provides complete access to sensitive and critical operating system components.                                                                                                                                                                                         |
-| Audit Sensitive Privilege Use | <strong>SeImpersonatePrivilege: <br></strong>Impersonate a client after authentication  |                                                                                                                                                                                                                                                                                                                                                                             With this privilege, the user can impersonate other accounts.                                                                                                                                                                                                                                                                                                                                                                             |
-| Audit Sensitive Privilege Use |       <strong>SeLoadDriverPrivilege: <br></strong>Load and unload device drivers        |                                                                                                                                                                                                                                                                                             Required to load or unload a device driver. <br>With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers.                                                                                                                                                                                                                                                                                             |
-| Audit Sensitive Privilege Use |            <strong>SeLockMemoryPrivilege: <br></strong>Lock pages in memory             |                                                                                                                                                                                                                                  Required to lock physical pages in memory. <br>With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                                                                                                                                                                                                                                  |
-| Audit Sensitive Privilege Use |         <strong>SeRestorePrivilege: <br></strong>Restore files and directories          | Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. The following access rights are granted if this privilege is held:<br>WRITE\_DAC<br>WRITE\_OWNER<br>ACCESS\_SYSTEM\_SECURITY<br>FILE\_GENERIC\_WRITE<br>FILE\_ADD\_FILE<br>FILE\_ADD\_SUBDIRECTORY<br>DELETE<br>With this privilege, the user can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object. |
-| Audit Sensitive Privilege Use |       <strong>SeSecurityPrivilege: <br></strong>Manage auditing and security log        |                                                                                                                                                                                                                        Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log. <br>With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. A user with this privilege can also view and clear the security log.                                                                                                                                                                                                                        |
-| Audit Sensitive Privilege Use |  <strong>SeSystemEnvironmentPrivilege: <br></strong>Modify firmware environment values  |                                                                                                                                                                                                                                                                                                                                                  Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information.                                                                                                                                                                                                                                                                                                                                                   |
-| Audit Sensitive Privilege Use | <strong>SeTakeOwnershipPrivilege: <br></strong>Take ownership of files or other objects |                                                                                                                                                                                            Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object. <br>With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads.                                                                                                                                                                                            |
+| Audit Sensitive Privilege Use |    <b>SeAssignPrimaryTokenPrivilege: <br></b>Replace a process-level token    |                                                                                                                                                                                                                                                               Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. <br>With this privilege, the user can initiate a process to replace the default token associated with a started subprocess.                                                                                                                                                                                                                                                               |
+| Audit Sensitive Privilege Use |             <b>SeAuditPrivilege: <br></b>Generate security audits             |                                                                                                                                                                                                                                                                                                                                                                          With this privilege, the user can add entries to the security log.                                                                                                                                                                                                                                                                                                                                                                           |
+| Audit Sensitive Privilege Use |          <b>SeBackupPrivilege: <br></b>Back up files and directories          |                                                     -   Required to perform backup operations. <br>With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](https://msdn.microsoft.com/library/windows/desktop/ms721532(v=vs.85).aspx#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. <br>The following access rights are granted if this privilege is held:<br>READ\_CONTROL<br>ACCESS\_SYSTEM\_SECURITY<br>FILE\_GENERIC\_READ<br>FILE\_TRAVERSE                                                     |
+| Audit Sensitive Privilege Use |           <b>SeCreateTokenPrivilege: <br></b>Create a token object            |                                                                                                                                                                                                                   Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. <br>When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it.                                                                                                                                                                                                                   |
+| Audit Sensitive Privilege Use |                  <b>SeDebugPrivilege: <br></b>Debug programs                  |                                                                                                                                                                                         Required to debug and adjust the memory of a process owned by another account. <br>With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. <br>This user right provides complete access to sensitive and critical operating system components.                                                                                                                                                                                         |
+| Audit Sensitive Privilege Use | <b>SeImpersonatePrivilege: <br></b>Impersonate a client after authentication  |                                                                                                                                                                                                                                                                                                                                                                             With this privilege, the user can impersonate other accounts.                                                                                                                                                                                                                                                                                                                                                                             |
+| Audit Sensitive Privilege Use |       <b>SeLoadDriverPrivilege: <br></b>Load and unload device drivers        |                                                                                                                                                                                                                                                                                             Required to load or unload a device driver. <br>With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers.                                                                                                                                                                                                                                                                                             |
+| Audit Sensitive Privilege Use |            <b>SeLockMemoryPrivilege: <br></b>Lock pages in memory             |                                                                                                                                                                                                                                  Required to lock physical pages in memory. <br>With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).                                                                                                                                                                                                                                  |
+| Audit Sensitive Privilege Use |         <b>SeRestorePrivilege: <br></b>Restore files and directories          | Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. The following access rights are granted if this privilege is held:<br>WRITE\_DAC<br>WRITE\_OWNER<br>ACCESS\_SYSTEM\_SECURITY<br>FILE\_GENERIC\_WRITE<br>FILE\_ADD\_FILE<br>FILE\_ADD\_SUBDIRECTORY<br>DELETE<br>With this privilege, the user can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object. |
+| Audit Sensitive Privilege Use |       <b>SeSecurityPrivilege: <br></b>Manage auditing and security log        |                                                                                                                                                                                                                        Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log. <br>With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. A user with this privilege can also view and clear the security log.                                                                                                                                                                                                                        |
+| Audit Sensitive Privilege Use |  <b>SeSystemEnvironmentPrivilege: <br></b>Modify firmware environment values  |                                                                                                                                                                                                                                                                                                                                                  Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information.                                                                                                                                                                                                                                                                                                                                                   |
+| Audit Sensitive Privilege Use | <b>SeTakeOwnershipPrivilege: <br></b>Take ownership of files or other objects |                                                                                                                                                                                            Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object. <br>With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads.                                                                                                                                                                                            |
 
 ## Security Monitoring Recommendations
 
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 55ace9419d..e441a2501c 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -206,9 +206,9 @@ For 4688(S): A new process has been created.
 
 - It can be unusual for a process to run using a local account in either **Creator Subject\\Security ID** or in **Target** **Subject\\Security ID**.
 
-- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol<strong>.</strong> Typically this means that UAC is disabled for this account for some reason.
+- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol<b>.</b> Typically this means that UAC is disabled for this account for some reason.
 
-- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol<strong>.</strong> This means that a user ran a program using administrative privileges.
+- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol<b>.</b> This means that a user ran a program using administrative privileges.
 
 - You can also monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs.
 
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index ef907d69b0..ddfd079946 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -242,7 +242,7 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT
 
 - **DNS Host Name** \[Type = UnicodeString\]: name of computer account as registered in DNS. The value of **dNSHostName** attribute of new computer object. For manually created computer account objects this field has value “**-**“.
 
-- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals “**-**“. This is an example of **Service Principal Names** field for new domain joined workstation<strong>:</strong>
+- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals “**-**“. This is an example of **Service Principal Names** field for new domain joined workstation<b>:</b>
 
   HOST/Win81.contoso.local
 
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index b39135ee00..94fc78b48f 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -243,7 +243,7 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT
 
 - **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. If the SPN list of a computer account changed, you will see the new SPN list in **Service Principal Names** field (note that you will see the new list instead of changes). If the value of **servicePrincipalName** attribute of computer object was changed, you will see the new value here.
 
-  Here is an example of **Service Principal Names** field for new domain joined workstation in event 4742 on domain controller, after workstation reboots<strong>:</strong>
+  Here is an example of **Service Principal Names** field for new domain joined workstation in event 4742 on domain controller, after workstation reboots<b>:</b>
 
   HOST/Win81.contoso.local
 
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index 34454c6d14..6610d670eb 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -285,5 +285,5 @@ For 4907(S): Auditing settings on object were changed.
 
 - If you have critical file or registry objects and you need to monitor all modifications (especially changes in SACL), monitor for specific “**Object\\Object Name”**.
 
-- If you have high-value computers for which you need to monitor all changes for all or specific file or registry objects, monitor for all [4907](event-4907.md) events on these computers<strong>.</strong>
+- If you have high-value computers for which you need to monitor all changes for all or specific file or registry objects, monitor for all [4907](event-4907.md) events on these computers<b>.</b>
 
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index a4f705ba93..3d3d5152cc 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -145,7 +145,7 @@ For 5140(S, F): A network share object was accessed.
 
 > **Important**&nbsp;&nbsp;For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
-- If you have high-value computers for which you need to monitor all access to all shares or specific shares (“**Share Name**”), monitor this event<strong>.</strong> For example, you could monitor share **C$** on domain controllers.
+- If you have high-value computers for which you need to monitor all access to all shares or specific shares (“**Share Name**”), monitor this event<b>.</b> For example, you could monitor share **C$** on domain controllers.
 
 - Monitor this event if the **Network Information\\Source Address** is not from your internal IP range.
 
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index 858e4a608f..727a8f8576 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -104,7 +104,7 @@ For 5142(S): A network share object was added.
 
 > **Important**&nbsp;&nbsp;For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
-- If you have high-value computers for which you need to monitor creation of new file shares, monitor this event<strong>.</strong> For example, you could monitor domain controllers.
+- If you have high-value computers for which you need to monitor creation of new file shares, monitor this event<b>.</b> For example, you could monitor domain controllers.
 
 - We recommend checking “**Share Path**”, because it should not point to system directories, such as **C:\\Windows** or **C:\\**, or to critical local folders which contain private or high value information.
 
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index c7f46521ae..7fd678a12b 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -259,5 +259,5 @@ For 5143(S): A network share object was modified.
 
 > **Important**&nbsp;&nbsp;For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
-- If you have high-value computers for which you need to monitor all modifications to all shares or specific shares (“**Share Name**”), monitor this event<strong>.</strong> For example, you could monitor all changes to the SYSVOL share on domain controllers.
+- If you have high-value computers for which you need to monitor all modifications to all shares or specific shares (“**Share Name**”), monitor this event<b>.</b> For example, you could monitor all changes to the SYSVOL share on domain controllers.
 
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index 4c20a34092..c0cff03c22 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -106,5 +106,5 @@ For 5144(S): A network share object was deleted.
 
 - If you have critical network shares for which you need to monitor all changes (especially, the deletion of that share), monitor for specific “**Share Information\\Share Name”.**
 
-- If you have high-value computers for which you need to monitor all changes (especially, deletion of file shares), monitor for all [5144](event-5144.md) events on these computers<strong>.</strong> For example, you could monitor file shares on domain controllers.
+- If you have high-value computers for which you need to monitor all changes (especially, deletion of file shares), monitor for all [5144](event-5144.md) events on these computers<b>.</b> For example, you could monitor file shares on domain controllers.
 
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index 725e9d2023..d594900ce7 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -42,7 +42,7 @@ The following tables provide more information about the hardware, firmware, and
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | See the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**      | UEFI firmware must support secure firmware update found under the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies).  | UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
 | Software: **HVCI compatible drivers**       | See the Filter.Driver.DeviceGuard.DriverCompatibility requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Filter driver download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode.  |
-| Software: Qualified **Windows operating system**  | Windows 10 Enterprise, Windows 10 Pro, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><strong>Important:</strong><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.</p></blockquote> | Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
+| Software: Qualified **Windows operating system**  | Windows 10 Enterprise, Windows 10 Pro, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.</p></blockquote> | Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
 
 > **Important**&nbsp;&nbsp;The following tables list additional qualifications for improved security. You can use Windows Defender Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that Windows Defender Device Guard can provide.
 
@@ -75,6 +75,6 @@ The following tables describe additional hardware and firmware qualifications, a
 
 | Protections for Improved Security          | Description                                        | Security benefits |
 |---------------------------------------------|----------------------------------------------------|------|
-| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.<br>• UEFI runtime service must meet these requirements: <br>&nbsp;&nbsp;&nbsp;&nbsp;• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. <br>&nbsp;&nbsp;&nbsp;&nbsp;• PE sections need to be page-aligned in memory (not required for in non-volitile storage).<br>&nbsp;&nbsp;&nbsp;&nbsp;• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;• No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. <br><blockquote><p><strong>Notes:</strong><br>• This only applies to UEFI runtime service memory, and not UEFI boot service memory. <br>• This protection is applied by VBS on OS page tables.</p></blockquote><br> Please also note the following: <br>• Do not use sections that are both writeable and executable<br>• Do not attempt to directly modify executable system memory<br>• Do not use dynamic code  | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.   |
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.<br>• UEFI runtime service must meet these requirements: <br>&nbsp;&nbsp;&nbsp;&nbsp;• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. <br>&nbsp;&nbsp;&nbsp;&nbsp;• PE sections need to be page-aligned in memory (not required for in non-volitile storage).<br>&nbsp;&nbsp;&nbsp;&nbsp;• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;• No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. <br><blockquote><p><b>Notes:</b><br>• This only applies to UEFI runtime service memory, and not UEFI boot service memory. <br>• This protection is applied by VBS on OS page tables.</p></blockquote><br> Please also note the following: <br>• Do not use sections that are both writeable and executable<br>• Do not attempt to directly modify executable system memory<br>• Do not use dynamic code  | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.   |
 | Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.<br>• Blocks additional security attacks against SMM.  |
 
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 7bc3af8993..262058bf1d 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -102,10 +102,10 @@ Validated Editions: Home, Pro, Enterprise, Education
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library</td>
@@ -166,10 +166,10 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library</td>
@@ -236,10 +236,10 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)</td>
@@ -251,7 +251,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
 <p><em>Validated Component Implementations:</em> FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1133">#1133</a>); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#2521">#2521</a>); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281">#1281</a>); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278">#1278</a>)</p></td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3094.pdf">10.0.15063</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094">#3094</a></td>
 <td><p><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094">#3094</a></p>
@@ -323,10 +323,10 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)</td>
@@ -338,7 +338,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 <p><em>Validated Component Implementations:</em> FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922">#922</a>); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888">#888</a>); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887">#887</a>); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#886">#886</a>)</p></td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2936.pdf">10.0.14393</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936">#2936</a></td>
 <td><p><em>FIPS Approved algorithms:</em> AES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">#4064</a>); DRBG (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">#1217</a>); DSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098">#1098</a>); ECDSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911">#911</a>); HMAC (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651">#2651</a>); KAS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92">#92</a>); KBKDF (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101">#101</a>); KTS (AES Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062">#4062</a>; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192">#2192</a>, <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193">#2193</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2195">#2195</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">#3347</a>); Triple-DES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227">#2227</a>)<br />
@@ -416,10 +416,10 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)</td>
@@ -431,7 +431,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 <p><em>Validated Component Implementations:</em> FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666">#666</a>); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665">#665</a>); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#663">#663</a>); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#664">#664</a>)</p></td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf">10.0.10586</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2605">#2605</a></td>
 <td><p><em>FIPS Approved algorithms:</em> AES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629">#3629</a>); DRBG (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">#955</a>); DSA (Certs.  <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024">#1024</a>); ECDSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760">#760</a>); HMAC (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381">#2381</a>); KAS (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72">#72</a>; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72">#72</a>); KTS (AES Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653">#3653</a>; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887">#1887</a>, <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888">#1888</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1889">#1889</a>); SHS (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">#3047</a>); Triple-DES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024">#2024</a>)<br />
@@ -514,10 +514,10 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)</td>
@@ -529,7 +529,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 <p><em>Validated Component Implementations:</em> FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572">#572</a>); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#576">#576</a>); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#575">#575</a>)</p></td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf">10.0.10240</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2605">#2605</a></td>
 <td><p><em>FIPS Approved algorithms:</em> AES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497">#3497</a>); DRBG (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">#868</a>); DSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983">#983</a>); ECDSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706">#706</a>); HMAC (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233">#2233</a>); KAS (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64">#64</a>; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66">#66</a>); KTS (AES Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3507">#3507</a>; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783">#1783</a>, <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798">#1798</a>, and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802">#1802</a>); SHS (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">#2886</a>); Triple-DES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969">#1969</a>)<br />
@@ -612,10 +612,10 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)</td>
@@ -627,7 +627,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
 <p><em>Validated Component Implementations:</em> FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288">#288</a>); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289">#289</a>); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#323">#323</a>)</p></td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2356.pdf">6.3.9600 6.3.9600.17042</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2356">#2356</a></td>
 <td><p><em>FIPS Approved algorithms:</em> AES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832">#2832</a>); DRBG (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">#489</a>); ECDSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505">#505</a>); HMAC (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773">#1773</a>); KAS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47">#47</a>); KBKDF (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30">#30</a>); PBKDF (vendor affirmed); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487">#1487</a>, <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493">#1493</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1519">#1519</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373"># 2373</a>); Triple-DES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692">#1692</a>)<br />
@@ -689,10 +689,10 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)</td>
@@ -705,7 +705,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 </td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1891.pdf">6.2.9200</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1891">#1891</a></td>
 <td><em>FIPS Approved algorithms:</em> AES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">#2197</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216">#2216</a>); DRBG (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#259">#259</a>); ECDSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341">#341</a>); HMAC (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345">#1345</a>); KAS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36">#36</a>); KBKDF (Cert. <a href="http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3">#3</a>); PBKDF (vendor affirmed); RNG (Cert. <a href="http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1110">#1110</a>); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133">#1133</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134">#1134</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a>); Triple-DES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387">#1387</a>)<br />
@@ -791,10 +791,10 @@ Validated Editions: Windows 7, Windows 7 SP1
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)</td>
@@ -915,10 +915,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Boot Manager (bootmgr)</td>
@@ -981,10 +981,10 @@ Validated Editions: Ultimate Edition
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Enhanced Cryptographic Provider (RSAENH)</td>
@@ -1033,10 +1033,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Kernel Mode Cryptographic Module (FIPS.SYS)</td>
@@ -1074,10 +1074,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>DSS/Diffie-Hellman Enhanced Cryptographic Provider</td>
@@ -1108,10 +1108,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Microsoft Enhanced Cryptographic Provider</td>
@@ -1135,10 +1135,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Kernel Mode Cryptographic Module</td>
@@ -1162,10 +1162,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Kernel Mode Cryptographic Module (FIPS.SYS)</td>
@@ -1199,10 +1199,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Kernel Mode Cryptographic Module (FIPS.SYS)</td>
@@ -1240,10 +1240,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider</td>
@@ -1270,10 +1270,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider</td>
@@ -1297,10 +1297,10 @@ Validated Editions: Ultimate Edition
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider</td>
@@ -1318,10 +1318,10 @@ Validated Editions: Ultimate Edition
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Base Cryptographic Provider</td>
@@ -1349,10 +1349,10 @@ Validated Editions: Standard, Datacenter
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library</td>
@@ -1413,10 +1413,10 @@ Validated Editions: Standard, Datacenter
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library</td>
@@ -1483,10 +1483,10 @@ Validated Editions: Standard, Datacenter, Storage Server
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)</td>
@@ -1497,7 +1497,7 @@ Validated Editions: Standard, Datacenter, Storage Server
 <em>Other algorithms:</em> HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)</td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2936.pdf">10.0.14393</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936">2936</a></td>
 <td><em>FIPS Approved algorithms:</em> AES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">#4064</a>); DRBG (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">#1217</a>); DSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098">#1098</a>); ECDSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911">#911</a>); HMAC (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651">#2651</a>); KAS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92">#92</a>); KBKDF (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101">#101</a>); KTS (AES Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062">#4062</a>; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192">#2192</a>, <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193">#2193</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2195">#2195</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">#3347</a>); Triple-DES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227">#2227</a>)<br />
@@ -1562,10 +1562,10 @@ Validated Editions: Server, Storage Server,
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)</td>
@@ -1576,7 +1576,7 @@ Validated Editions: Server, Storage Server,
 <em>Other algorithms:</em> AES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832">#2832</a>, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)</td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2356.pdf">6.3.9600 6.3.9600.17042</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2356">2356</a></td>
 <td><em>FIPS Approved algorithms:</em> AES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832">#2832</a>); DRBG (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">#489</a>); ECDSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505">#505</a>); HMAC (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773">#1773</a>); KAS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47">#47</a>); KBKDF (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30">#30</a>); PBKDF (vendor affirmed); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487">#1487</a>, <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493">#1493</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1519">#1519</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373"># 2373</a>); Triple-DES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692">#1692</a>)<br />
@@ -1638,10 +1638,10 @@ Validated Editions: Server, Storage Server
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)</td>
@@ -1654,7 +1654,7 @@ Validated Editions: Server, Storage Server
 <em>Other algorithms:</em> AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)</td>
 </tr>
 <tr class="odd">
-<td><strong>Kernel Mode Cryptographic Primitives Library (cng.sys)</strong></td>
+<td><b>Kernel Mode Cryptographic Primitives Library (cng.sys)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1891.pdf">6.2.9200</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1891">1891</a></td>
 <td><em>FIPS Approved algorithms:</em> AES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">#2197</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216">#2216</a>); DRBG (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#259">#259</a>); ECDSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341">#341</a>); HMAC (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345">#1345</a>); KAS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36">#36</a>); KBKDF (Cert. <a href="http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3">#3</a>); PBKDF (vendor affirmed); RNG (Cert. <a href="http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1110">#1110</a>); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133">#1133</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134">#1134</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a>); Triple-DES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387">#1387</a>)<br />
@@ -1728,10 +1728,10 @@ Validated Editions: Server, Storage Server
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Boot Manager (bootmgr)</td>
@@ -1742,7 +1742,7 @@ Validated Editions: Server, Storage Server
 <em>Other algorithms:</em> MD5</td>
 </tr>
 <tr class="odd">
-<td><strong>Winload OS Loader (winload.exe)</strong></td>
+<td><b>Winload OS Loader (winload.exe)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1333.pdf">6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675</a>6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675</td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1333">1333</a></td>
 <td><em>FIPS Approved algorithms:</em> AES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168">#1168</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177">#1177</a>); RSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568">#568</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">#1081</a>)<br />
@@ -1806,10 +1806,10 @@ Validated Editions: Server, Storage Server
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Boot Manager (bootmgr)</td>
@@ -1820,7 +1820,7 @@ Validated Editions: Server, Storage Server
 <em>Other algorithms:</em> N/A</td>
 </tr>
 <tr class="odd">
-<td><strong>Winload OS Loader (winload.exe)</strong></td>
+<td><b>Winload OS Loader (winload.exe)</b></td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1005.pdf">6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596</a>6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596</td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1005">1005</a></td>
 <td><em>FIPS Approved algorithms:</em> AES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739">#739</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760">#760</a>); RSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355">#355</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">#753</a>)<br />
@@ -1884,10 +1884,10 @@ Validated Editions: Server, Storage Server
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)</td>
@@ -1925,10 +1925,10 @@ Validated Editions: Server, Storage Server
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Kernel Mode Cryptographic Module (FIPS.SYS)</td>
@@ -1972,10 +1972,10 @@ Validated Editions: Server, Storage Server
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Kernel Mode Cryptographic Module (FIPS.SYS)</td>
@@ -2021,10 +2021,10 @@ Validated Editions: Server, Storage Server
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Enhanced Cryptographic Provider</td>
@@ -2056,10 +2056,10 @@ Validated Editions: Server, Storage Server
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Enhanced Cryptographic Provider</td>
@@ -2083,10 +2083,10 @@ Validated Editions: Server, Storage Server
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Cryptographic Module</strong></td>
-<td><strong>Version (link to Security Policy)</strong></td>
-<td><strong>FIPS Certificate #</strong></td>
-<td><strong>Algorithms</strong></td>
+<td><b>Cryptographic Module</b></td>
+<td><b>Version (link to Security Policy)</b></td>
+<td><b>FIPS Certificate #</b></td>
+<td><b>Algorithms</b></td>
 </tr>
 <tr class="even">
 <td>Outlook Cryptographic Provider (EXCHCSP)</td>
@@ -2113,8 +2113,8 @@ The following tables are organized by cryptographic algorithms with their modes,
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -2563,137 +2563,137 @@ The following tables are organized by cryptographic algorithms with their modes,
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB128</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>OFB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CTR</strong> ( int only; 128 , 192 , 256 )</p></td>
+<td><p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB128</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>OFB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CTR</b> ( int only; 128 , 192 , 256 )</p></td>
 <td><p>Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4627">#4627</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>KW</strong> ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )</p>
+<td><p><b>KW</b> ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624">Val#4624</a></p></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626">#4626</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CCM</strong> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
+<td><p><b>CCM</b> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624">Val#4624</a></p>
 <p> </p></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625">#4625</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB128</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CTR</strong> ( int only; 128 , 192 , 256 )</p>
-<p><strong>CCM</strong> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
-<p><strong>CMAC</strong> (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )</p>
-<p><strong>GCM</strong> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )</p>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB128</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CTR</b> ( int only; 128 , 192 , 256 )</p>
+<p><b>CCM</b> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
+<p><b>CMAC</b> (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )</p>
+<p><b>GCM</b> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )</p>
 <p>(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )</p>
 <p>IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported</p>
 <p>GMAC_Supported</p>
-<p><strong>XTS</strong>( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )</p></td>
+<p><b>XTS</b>( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )</p></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624">#4624</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434">#4434</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433">#4433</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CTR</strong> ( int only; 128 , 192 , 256 )</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CTR</b> ( int only; 128 , 192 , 256 )</p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431">#4431</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CTR</strong> ( int only; 128 , 192 , 256 )</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CTR</b> ( int only; 128 , 192 , 256 )</p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430">#4430</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB128</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>OFB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CTR</strong> ( int only; 128 , 192 , 256 )</p></td>
+<td><p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB128</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>OFB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CTR</b> ( int only; 128 , 192 , 256 )</p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074">#4074</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 ); <strong>CBC</strong> ( e/d; 128 , 192 , 256 ); <strong>CFB8</strong> ( e/d; 128 , 192 , 256 ); <strong>CFB128</strong> ( e/d; 128 , 192 , 256 ); <strong>CTR</strong> ( int only; 128 , 192 , 256 )</p>
-<p><strong>CCM</strong> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
-<p><strong>CMAC (Generation/Verification )</strong> (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
-<p><strong>GCM</strong> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 ); <b>CBC</b> ( e/d; 128 , 192 , 256 ); <b>CFB8</b> ( e/d; 128 , 192 , 256 ); <b>CFB128</b> ( e/d; 128 , 192 , 256 ); <b>CTR</b> ( int only; 128 , 192 , 256 )</p>
+<p><b>CCM</b> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
+<p><b>CMAC (Generation/Verification )</b> (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
+<p><b>GCM</b> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
 (KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
-<strong>IV Generated:</strong>  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported<br />
+<b>IV Generated:</b>  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported<br />
 GMAC_Supported</p>
-<p><strong>XTS( (KS: XTS_128</strong>( (e/d) (f) ) <strong>KS: XTS_256</strong>( (e/d) (f) )</p></td>
+<p><b>XTS( (KS: XTS_128</b>( (e/d) (f) ) <b>KS: XTS_256</b>( (e/d) (f) )</p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">#4064</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
 <p> </p></td>
 <td>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4063">#4063</a><br />
 Version 10.0.14393</td>
 </tr>
 <tr class="even">
-<td><p><strong>KW</strong>  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )</p>
+<td><p><b>KW</b>  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">Val#4064</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062">#4062</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CCM</strong> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
+<td><p><b>CCM</b> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">Val#4064</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061">#4061</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>KW</strong>  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )</p>
+<td><p><b>KW</b>  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629">Val#3629</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3652">#3652</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CCM</strong> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
+<td><p><b>CCM</b> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629">Val#3629</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653">#3653</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
 <p> </p></td>
 <td>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3630">#3630</a><br />
 Version 10.0.10586</td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 ); <strong>CBC</strong> ( e/d; 128 , 192 , 256 ); <strong>CFB8</strong> ( e/d; 128 , 192 , 256 ); <strong>CFB128</strong> ( e/d; 128 , 192 , 256 ); <strong>CTR</strong> ( int only; 128 , 192 , 256 )</p>
-<p><strong>CCM</strong> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
-<p><strong>CMAC (Generation/Verification )</strong> (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
-<p><strong>GCM</strong> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 ); <b>CBC</b> ( e/d; 128 , 192 , 256 ); <b>CFB8</b> ( e/d; 128 , 192 , 256 ); <b>CFB128</b> ( e/d; 128 , 192 , 256 ); <b>CTR</b> ( int only; 128 , 192 , 256 )</p>
+<p><b>CCM</b> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
+<p><b>CMAC (Generation/Verification )</b> (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
+<p><b>GCM</b> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
 (KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
-<strong>IV Generated:</strong>  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported<br />
+<b>IV Generated:</b>  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported<br />
 GMAC_Supported</p>
-<p><strong>XTS( (KS: XTS_128</strong>( (e/d) (f) ) <strong>KS: XTS_256</strong>( (e/d) (f) )</p></td>
+<p><b>XTS( (KS: XTS_128</b>( (e/d) (f) ) <b>KS: XTS_256</b>( (e/d) (f) )</p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629">#3629</a><br />
 <br />
 </p>
@@ -2706,141 +2706,141 @@ GMAC_Supported</p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CCM</strong> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
+<td><p><b>CCM</b> (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497">Val#3497</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498">#3498</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 ); <strong>CBC</strong> ( e/d; 128 , 192 , 256 ); <strong>CFB8</strong> ( e/d; 128 , 192 , 256 ); <strong>CFB128</strong> ( e/d; 128 , 192 , 256 ); <strong>CTR</strong> ( int only; 128 , 192 , 256 )</p>
-<p><strong>CCM</strong> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
-<p><strong>CMAC(Generation/Verification )</strong> (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
-<p><strong>GCM</strong> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 ); <b>CBC</b> ( e/d; 128 , 192 , 256 ); <b>CFB8</b> ( e/d; 128 , 192 , 256 ); <b>CFB128</b> ( e/d; 128 , 192 , 256 ); <b>CTR</b> ( int only; 128 , 192 , 256 )</p>
+<p><b>CCM</b> (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
+<p><b>CMAC(Generation/Verification )</b> (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
+<p><b>GCM</b> (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
 (KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
-<strong>IV Generated:</strong>  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported<br />
+<b>IV Generated:</b>  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported<br />
 GMAC_Supported</p>
-<p><strong>XTS( (KS: XTS_128</strong>( (e/d) (f) ) <strong>KS: XTS_256</strong>( (e/d) (f) )</p></td>
+<p><b>XTS( (KS: XTS_128</b>( (e/d) (f) ) <b>KS: XTS_256</b>( (e/d) (f) )</p></td>
 <td>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497">#3497</a><br />
 Version 10.0.10240</td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
 <p> </p></td>
 <td>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3476">#3476</a><br />
 Version 10.0.10240</td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
 <p> </p></td>
 <td><p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2853">#2853</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CCM (KS: 256 )</strong> (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
+<td><p><b>CCM (KS: 256 )</b> (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832">Val#2832</a></p></td>
 <td><p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2848">#2848</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>CCM (KS: 128 , 192 , 256 )</strong> (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
-<p><strong>CMAC (Generation/Verification ) (KS: 128</strong>; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
-<p><strong>GCM (KS: AES_128</strong>( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )</p>
-<p><strong>(KS: AES_256</strong>( e/d ) Tag Length(s): 128 120 112 104 96 )</p>
-<p><strong>IV Generated:</strong>  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;<br />
-<strong>OtherIVLen_Supported<br />
-GMAC_Supported</strong></p></td>
+<td><p><b>CCM (KS: 128 , 192 , 256 )</b> (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )</p>
+<p><b>CMAC (Generation/Verification ) (KS: 128</b>; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )</p>
+<p><b>GCM (KS: AES_128</b>( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )</p>
+<p><b>(KS: AES_256</b>( e/d ) Tag Length(s): 128 120 112 104 96 )</p>
+<p><b>IV Generated:</b>  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;<br />
+<b>OtherIVLen_Supported<br />
+GMAC_Supported</b></p></td>
 <td><p>Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832">2832</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CCM (KS: 128 , 192 , 256</strong> ) <strong>(Assoc. Data Len Range</strong>: 0 - 0 , 2^16 ) <strong>(Payload Length Range</strong>: 0 - 32 ( <strong>Nonce Length(s)</strong>: 7 8 9 10 11 12 13 <strong>(Tag Length(s)</strong>: 4 6 8 10 12 14 16 )<br />
+<td><p><b>CCM (KS: 128 , 192 , 256</b> ) <b>(Assoc. Data Len Range</b>: 0 - 0 , 2^16 ) <b>(Payload Length Range</b>: 0 - 32 ( <b>Nonce Length(s)</b>: 7 8 9 10 11 12 13 <b>(Tag Length(s)</b>: 4 6 8 10 12 14 16 )<br />
 AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">Val#2197</a></p>
-<p><strong>CMAC</strong> (Generation/Verification ) <strong>(KS: 128;</strong> Block Size(s): ; <strong>Msg Len(s)</strong> Min: 0 Max: 2^16 ; <strong>Tag Len(s)</strong> Min: 16 Max: 16 ) <strong>(KS: 192</strong>; Block Size(s): ; <strong>Msg Len(s)</strong> Min: 0 Max: 2^16 ; <strong>Tag Len(s)</strong> Min: 16 Max: 16 ) <strong>(KS: 256</strong>; Block Size(s): ; <strong>Msg Len(s)</strong> Min: 0 Max: 2^16 ; <strong>Tag Len(s)</strong> Min: 16 Max: 16 )<br />
+<p><b>CMAC</b> (Generation/Verification ) <b>(KS: 128;</b> Block Size(s): ; <b>Msg Len(s)</b> Min: 0 Max: 2^16 ; <b>Tag Len(s)</b> Min: 16 Max: 16 ) <b>(KS: 192</b>; Block Size(s): ; <b>Msg Len(s)</b> Min: 0 Max: 2^16 ; <b>Tag Len(s)</b> Min: 16 Max: 16 ) <b>(KS: 256</b>; Block Size(s): ; <b>Msg Len(s)</b> Min: 0 Max: 2^16 ; <b>Tag Len(s)</b> Min: 16 Max: 16 )<br />
 AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">Val#2197</a></p>
-<p><strong>GCM(KS: AES_128</strong>( e/d ) Tag Length(s): 128 120 112 104 96 ) <strong>(KS: AES_192</strong>( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
-<strong>(KS: AES_256</strong>( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
-<strong>IV Generated:</strong> ( Externally ) ; <strong>PT Lengths Tested:</strong> ( 0 , 128 , 1024 , 8 , 1016 ) ; <strong>AAD Lengths tested:</strong> ( 0 , 128 , 1024 , 8 , 1016 ) ; <strong>IV Lengths Tested:</strong> ( 8 , 1024 ) ; <strong>96BitIV_Supported<br />
-GMAC_Supported</strong></p></td>
+<p><b>GCM(KS: AES_128</b>( e/d ) Tag Length(s): 128 120 112 104 96 ) <b>(KS: AES_192</b>( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
+<b>(KS: AES_256</b>( e/d ) Tag Length(s): 128 120 112 104 96 )<br />
+<b>IV Generated:</b> ( Externally ) ; <b>PT Lengths Tested:</b> ( 0 , 128 , 1024 , 8 , 1016 ) ; <b>AAD Lengths tested:</b> ( 0 , 128 , 1024 , 8 , 1016 ) ; <b>IV Lengths Tested:</b> ( 8 , 1024 ) ; <b>96BitIV_Supported<br />
+GMAC_Supported</b></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216">#2216</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>CCM (KS: 256 ) (Assoc. Data Len Range:</strong> 0 - 0 , 2^16 <strong>) (Payload Length Range:</strong> 0 - 32 ( <strong>Nonce Length(s)</strong>: 12 <strong>(Tag Length(s)</strong>: 16 )</p>
+<td><p><b>CCM (KS: 256 ) (Assoc. Data Len Range:</b> 0 - 0 , 2^16 <b>) (Payload Length Range:</b> 0 - 32 ( <b>Nonce Length(s)</b>: 12 <b>(Tag Length(s)</b>: 16 )</p>
 <p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196">Val#2196</a></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198">#2198</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB128</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CTR</strong> ( int only; 128 , 192 , 256 )</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB128</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CTR</b> ( int only; 128 , 192 , 256 )</p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">#2197</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
 <p> </p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196">#2196</a></td>
 </tr>
 <tr class="odd">
-<td><strong>CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range:</strong> 0 – 0 , 2^16 <strong>) (Payload Length Range:</strong> 0 - 32 <strong>( Nonce Length(s):</strong> 7 8 9 10 11 12 13 <strong>(Tag Length(s):</strong> 4 6 8 10 12 14 16 <strong>)</strong><br />
+<td><b>CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range:</b> 0 – 0 , 2^16 <b>) (Payload Length Range:</b> 0 - 32 <b>( Nonce Length(s):</b> 7 8 9 10 11 12 13 <b>(Tag Length(s):</b> 4 6 8 10 12 14 16 <b>)</b><br />
 AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168">Val#1168</a></td>
 <td><p>Windows Server 2008 R2 and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1187">#1187</a></p>
 <p>Windows 7 Ultimate and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1178">#1178</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>CCM (KS: 128 , 256 ) (Assoc. Data Len Range:</strong> 0 - 8 <strong>) (Payload Length Range:</strong> 4 - 32 <strong>( Nonce Length(s):</strong> 7 8 12 13 <strong>(Tag Length(s):</strong> 4 6 8 14 16 <strong>)</strong><br />
+<td><b>CCM (KS: 128 , 256 ) (Assoc. Data Len Range:</b> 0 - 8 <b>) (Payload Length Range:</b> 4 - 32 <b>( Nonce Length(s):</b> 7 8 12 13 <b>(Tag Length(s):</b> 4 6 8 14 16 <b>)</b><br />
 AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168">Val#1168</a></td>
 <td>Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177">#1177</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p>
 <p> </p></td>
 <td>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168">#1168</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>GCM</strong></p>
-<p><strong>GMAC</strong></p></td>
+<td><p><b>GCM</b></p>
+<p><b>GMAC</b></p></td>
 <td>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168">#1168</a> , vendor-affirmed</td>
 </tr>
 <tr class="odd">
-<td><strong>CCM (KS: 128 , 256 ) (Assoc. Data Len Range:</strong> 0 - 8 <strong>) (Payload Length Range:</strong> 4 - 32 <strong>( Nonce Length(s):</strong> 7 8 12 13 <strong>(Tag Length(s):</strong> 4 6 8 14 16 <strong>)</strong></td>
+<td><b>CCM (KS: 128 , 256 ) (Assoc. Data Len Range:</b> 0 - 8 <b>) (Payload Length Range:</b> 4 - 32 <b>( Nonce Length(s):</b> 7 8 12 13 <b>(Tag Length(s):</b> 4 6 8 14 16 <b>)</b></td>
 <td>Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760">#760</a></td>
 </tr>
 <tr class="even">
-<td><strong>CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range:</strong> 0 - 0 , 2^16 <strong>) (Payload Length Range:</strong> 1 - 32 <strong>( Nonce Length(s):</strong> 7 8 9 10 11 12 13 <strong>(Tag Length(s):</strong> 4 6 8 10 12 14 16 <strong>)</strong></td>
+<td><b>CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range:</b> 0 - 0 , 2^16 <b>) (Payload Length Range:</b> 1 - 32 <b>( Nonce Length(s):</b> 7 8 9 10 11 12 13 <b>(Tag Length(s):</b> 4 6 8 10 12 14 16 <b>)</b></td>
 <td><p>Windows Server 2008 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#757">#757</a></p>
 <p>Windows Vista Ultimate SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#756">#756</a></p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CBC</strong> ( e/d; 128 , 256 );</p>
-<p><strong>CCM</strong> (<strong>KS: 128 , 256</strong> ) (<strong>Assoc. Data Len Range</strong>: 0 - 8 ) (<strong>Payload Length Range</strong>: 4 - 32 ( <strong>Nonce Length(s)</strong>: 7 8 12 13 (<strong>Tag Length(s)</strong>: 4 6 8 14 16 )</p></td>
+<td><p><b>CBC</b> ( e/d; 128 , 256 );</p>
+<p><b>CCM</b> (<b>KS: 128 , 256</b> ) (<b>Assoc. Data Len Range</b>: 0 - 8 ) (<b>Payload Length Range</b>: 4 - 32 ( <b>Nonce Length(s)</b>: 7 8 12 13 (<b>Tag Length(s)</b>: 4 6 8 14 16 )</p></td>
 <td><p>Windows Vista Ultimate BitLocker Drive Encryption <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#715">#715</a></p>
 <p>Windows Vista Ultimate BitLocker Drive Encryption <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#424">#424</a></p></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CFB8</strong> ( e/d; 128 , 192 , 256 );</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CFB8</b> ( e/d; 128 , 192 , 256 );</p></td>
 <td><p>Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739">#739</a></p>
 <p>Windows Vista Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#553">#553</a></p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CTR</strong> ( int only; 128 , 192 , 256 )</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CTR</b> ( int only; 128 , 192 , 256 )</p></td>
 <td>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2023">#2023</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>ECB</strong> ( e/d; 128 , 192 , 256 );</p>
-<p><strong>CBC</strong> ( e/d; 128 , 192 , 256 );</p></td>
+<td><p><b>ECB</b> ( e/d; 128 , 192 , 256 );</p>
+<p><b>CBC</b> ( e/d; 128 , 192 , 256 );</p></td>
 <td><p>Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2024">#2024</a></p>
 <p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#818">#818</a></p>
 <p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#781">#781</a></p>
@@ -2865,8 +2865,8 @@ Deterministic Random Bit Generator (DRBG)
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -2934,74 +2934,74 @@ Deterministic Random Bit Generator (DRBG)
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_DRBG:</strong> [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4627">Val#4627</a> ) ]</td>
+<td><b>CTR_DRBG:</b> [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4627">Val#4627</a> ) ]</td>
 <td><p>Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556">#1556</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_DRBG:</strong> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624">Val#4624</a> ) ]</td>
+<td><b>CTR_DRBG:</b> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624">Val#4624</a> ) ]</td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555">#1555</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_DRBG</strong>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434">Val#4434</a> ) ]</td>
+<td><b>CTR_DRBG</b>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434">Val#4434</a> ) ]</td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1433">#1433</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_DRBG</strong>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433">Val#4433</a> ) ]</td>
+<td><b>CTR_DRBG</b>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433">Val#4433</a> ) ]</td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1432">#1432</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_DRBG</strong>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431">Val#4431</a> ) ]</td>
+<td><b>CTR_DRBG</b>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431">Val#4431</a> ) ]</td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430">#1430</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_DRBG</strong>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430">Val#4430</a> ) ]</td>
+<td><b>CTR_DRBG</b>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430">Val#4430</a> ) ]</td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429">#1429</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_DRBG:</strong> [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074">Val#4074</a> ) ]</td>
+<td><b>CTR_DRBG:</b> [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074">Val#4074</a> ) ]</td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">#1222</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_DRBG:</strong> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">Val#4064</a> ) ]</td>
+<td><b>CTR_DRBG:</b> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">Val#4064</a> ) ]</td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">#1217</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_DRBG:</strong> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629">Val#3629</a> ) ]</td>
+<td><b>CTR_DRBG:</b> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629">Val#3629</a> ) ]</td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">#955</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_DRBG:</strong> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497">Val#3497</a> ) ]</td>
+<td><b>CTR_DRBG:</b> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497">Val#3497</a> ) ]</td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">#868</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_DRBG:</strong> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832">Val#2832</a> ) ]</td>
+<td><b>CTR_DRBG:</b> [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832">Val#2832</a> ) ]</td>
 <td><p>Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">#489</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_DRBG</strong>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">Val#2197</a> ) ]</td>
+<td><b>CTR_DRBG</b>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">Val#2197</a> ) ]</td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_DRBG</strong>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2023">Val#2023</a> ) ]</td>
+<td><b>CTR_DRBG</b>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2023">Val#2023</a> ) ]</td>
 <td>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">#193</a></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_DRBG</strong>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168">Val#1168</a> ) ]</td>
+<td><b>CTR_DRBG</b>: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168">Val#1168</a> ) ]</td>
 <td>Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">#23</a></td>
 </tr>
 <tr class="odd">
-<td><strong>DRBG</strong> (SP 800–90)</td>
+<td><b>DRBG</b> (SP 800–90)</td>
 <td>Windows Vista Ultimate SP1, vendor-affirmed</td>
 </tr>
 </tbody>
@@ -3017,8 +3017,8 @@ Deterministic Random Bit Generator (DRBG)
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -3137,118 +3137,118 @@ Deterministic Random Bit Generator (DRBG)
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:</strong></p>
-<p><strong>PQG(gen)</strong>PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
-<p><strong>PQG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
-<p><strong>KeyPairGen</strong>:   [ (2048,256) ; (3072,256) ]</p>
-<p><strong>SIG(gen)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]</p>
-<p><strong>SIG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
+<td><p><b>FIPS186-4:</b></p>
+<p><b>PQG(gen)</b>PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
+<p><b>PQG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
+<p><b>KeyPairGen</b>:   [ (2048,256) ; (3072,256) ]</p>
+<p><b>SIG(gen)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]</p>
+<p><b>SIG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
 <p>DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555">Val# 1555</a></p></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223">#1223</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-4:<br />
-PQG(ver)PARMS TESTED:</strong>   [ (1024,160) SHA( 1 ); ]<br />
-<strong>SIG(ver)PARMS TESTED:</strong>   [ (1024,160) SHA( 1 ); ]<br />
+<td><b>FIPS186-4:<br />
+PQG(ver)PARMS TESTED:</b>   [ (1024,160) SHA( 1 ); ]<br />
+<b>SIG(ver)PARMS TESTED:</b>   [ (1024,160) SHA( 1 ); ]<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188">#1188</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-4:<br />
-PQG(ver)PARMS TESTED:</strong>   [ (1024,160) SHA( 1 ); ]<br />
-<strong>SIG(ver)PARMS TESTED:</strong>   [ (1024,160) SHA( 1 ); ]<br />
+<td><b>FIPS186-4:<br />
+PQG(ver)PARMS TESTED:</b>   [ (1024,160) SHA( 1 ); ]<br />
+<b>SIG(ver)PARMS TESTED:</b>   [ (1024,160) SHA( 1 ); ]<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187">#1187</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-PQG(gen)</strong>PARMS TESTED: [<br />
+<td><p><b>FIPS186-4:<br />
+PQG(gen)</b>PARMS TESTED: [<br />
 (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
-<strong>PQG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
+<b>PQG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
 KeyPairGen:    [ (2048,256) ; (3072,256) ]<br />
-<strong>SIG(gen)</strong>PARMS TESTED:   [ (2048,256)<br />
+<b>SIG(gen)</b>PARMS TESTED:   [ (2048,256)<br />
 SHA( 256 ); (3072,256) SHA( 256 ); ]<br />
-<strong>SIG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
+<b>SIG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val# 1217</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098">#1098</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-PQG(gen)</strong>PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] <strong>PQG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]<br />
-KeyPairGen:    [ (2048,256) ; (3072,256) ] <strong>SIG(gen)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]<br />
-<strong>SIG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
+<td><p><b>FIPS186-4:<br />
+PQG(gen)</b>PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] <b>PQG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]<br />
+KeyPairGen:    [ (2048,256) ; (3072,256) ] <b>SIG(gen)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]<br />
+<b>SIG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">Val# 955</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024">#1024</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-PQG(gen)</strong>PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
-<strong>PQG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
+<td><p><b>FIPS186-4:<br />
+PQG(gen)</b>PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
+<b>PQG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
 KeyPairGen:    [ (2048,256) ; (3072,256) ]<br />
-<strong>SIG(gen)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] <strong>SIG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
+<b>SIG(gen)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] <b>SIG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">Val# 868</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983">#983</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-PQG(gen)</strong>PARMS TESTED:   [<br />
+<td><p><b>FIPS186-4:<br />
+PQG(gen)</b>PARMS TESTED:   [<br />
 (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
-<strong>PQG(ver</strong>)PARMS TESTED:   [ (2048,256)<br />
+<b>PQG(ver</b>)PARMS TESTED:   [ (2048,256)<br />
 SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
 KeyPairGen:    [ (2048,256) ; (3072,256) ]<br />
-<strong>SIG(gen)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]<br />
-<strong>SIG(ver)</strong>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
+<b>SIG(gen)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]<br />
+<b>SIG(ver)</b>PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val# 2373</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">Val# 489</a></p></td>
 <td><p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855">#855</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186</strong>-2:<br />
-<strong>PQG(ver)</strong> MOD(1024);<br />
-<strong>SIG(ver)</strong> MOD(1024);<br />
+<td><p><b>FIPS186</b>-2:<br />
+<b>PQG(ver)</b> MOD(1024);<br />
+<b>SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a></p>
-<p><strong>FIPS186-4:<br />
-PQG(gen)PARMS TESTED</strong>: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
-<strong>PQG(ver)PARMS TESTED</strong>: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
-<strong>SIG(gen)PARMS TESTED</strong>: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]<br />
-<strong>SIG(ver)PARMS TESTED</strong>: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
+<p><b>FIPS186-4:<br />
+PQG(gen)PARMS TESTED</b>: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
+<b>PQG(ver)PARMS TESTED</b>: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
+<b>SIG(gen)PARMS TESTED</b>: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]<br />
+<b>SIG(ver)PARMS TESTED</b>: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#687">Historical DSA List Val#687</a>.</p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687">#687</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-PQG(ver)</strong> MOD(1024);<br />
-<strong>SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+PQG(ver)</b> MOD(1024);<br />
+<b>SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#686">Historical DSA List Val#686</a>.</td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#686">#686</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val# 1773</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#645">Historical DSA List Val#645</a>.</td>
 <td>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#645">#645</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val# 1081</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">Val# 23</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#391">Historical DSA List Val#391</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#386">Historical DSA List Val#386</a>.</td>
@@ -3256,8 +3256,8 @@ Some of the previously validated components for this validation have been remove
 <p>Windows 7 Ultimate and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#386">#386</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val# 1081</a><br />
 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#649">Val# 649</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#390">Historical DSA List Val#390</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#385">Historical DSA List Val#385</a>.</td>
@@ -3265,16 +3265,16 @@ Some of the previously validated components for this validation have been remove
 <p>Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#385">#385</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val# 753</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#284">Historical DSA List Val#284</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#283">Historical DSA List Val#283</a>.</td>
 <td><p>Windows Server 2008 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#284">#284</a></p>
 <p>Windows Vista Ultimate SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#283">#283</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val# 753</a><br />
 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#435">Val# 435</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#282">Historical DSA List Val#282</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#281">Historical DSA List Val#281</a>.</td>
@@ -3282,8 +3282,8 @@ Some of the previously validated components for this validation have been remove
 <p>Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#281">#281</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val# 618</a><br />
 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321">Val# 321</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#227">Historical DSA List Val#227</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#226">Historical DSA List Val#226</a>.</td>
@@ -3291,61 +3291,61 @@ Some of the previously validated components for this validation have been remove
 <p>Windows Vista Enhanced DSS (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#226">#226</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784">Val# 784</a><br />
 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#448">Val# 448</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#292">Historical DSA List Val#292</a>.</td>
 <td>Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#292">#292</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val# 783</a><br />
 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#447">Val# 447</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#291">Historical DSA List Val#291</a>.</td>
 <td>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#291">#291</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-PQG(gen)</strong> MOD(1024);<br />
-<strong>PQG(ver)</strong> MOD(1024);<br />
-<strong>KEYGEN(Y)</strong> MOD(1024);<br />
-<strong>SIG(gen)</strong> MOD(1024);<br />
-<strong>SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+PQG(gen)</b> MOD(1024);<br />
+<b>PQG(ver)</b> MOD(1024);<br />
+<b>KEYGEN(Y)</b> MOD(1024);<br />
+<b>SIG(gen)</b> MOD(1024);<br />
+<b>SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#611">Val# 611</a><br />
 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#314">Val# 314</a></td>
 <td>Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#221">#221</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-PQG(gen)</strong> MOD(1024);<br />
-<strong>PQG(ver)</strong> MOD(1024);<br />
-<strong>KEYGEN(Y)</strong> MOD(1024);<br />
-<strong>SIG(gen)</strong> MOD(1024);<br />
-<strong>SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+PQG(gen)</b> MOD(1024);<br />
+<b>PQG(ver)</b> MOD(1024);<br />
+<b>KEYGEN(Y)</b> MOD(1024);<br />
+<b>SIG(gen)</b> MOD(1024);<br />
+<b>SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385">Val# 385</a></td>
 <td>Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#146">#146</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-PQG(ver)</strong> MOD(1024);<br />
-<strong>KEYGEN(Y)</strong> MOD(1024);<br />
-<strong>SIG(gen)</strong> MOD(1024);<br />
-<strong>SIG(ver)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+PQG(ver)</b> MOD(1024);<br />
+<b>KEYGEN(Y)</b> MOD(1024);<br />
+<b>SIG(gen)</b> MOD(1024);<br />
+<b>SIG(ver)</b> MOD(1024);<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181">Val# 181</a><br />
 <br />
 </td>
 <td>Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#95">#95</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-PQG(gen)</strong> MOD(1024);<br />
-<strong>PQG(ver)</strong> MOD(1024);<br />
-<strong>KEYGEN(Y)</strong> MOD(1024);<br />
-<strong>SIG(gen)</strong> MOD(1024);<br />
+<td><b>FIPS186-2:<br />
+PQG(gen)</b> MOD(1024);<br />
+<b>PQG(ver)</b> MOD(1024);<br />
+<b>KEYGEN(Y)</b> MOD(1024);<br />
+<b>SIG(gen)</b> MOD(1024);<br />
 SHS: SHA-1 (BYTE)<br />
-<strong>SIG(ver)</strong> MOD(1024);<br />
+<b>SIG(ver)</b> MOD(1024);<br />
 SHS: SHA-1 (BYTE)</td>
 <td><p>Windows 2000 DSSENH.DLL <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29">#29</a></p>
 <p>Windows 2000 DSSBASE.DLL <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28">#28</a></p>
@@ -3353,12 +3353,12 @@ SHS: SHA-1 (BYTE)</td>
 <p>Windows NT 4 SP6 DSSBASE.DLL <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25">#25</a></p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-2: PRIME;<br />
-FIPS186-2:</strong></p>
-<p><strong>KEYGEN(Y):</strong><br />
+<td><p><b>FIPS186-2: PRIME;<br />
+FIPS186-2:</b></p>
+<p><b>KEYGEN(Y):</b><br />
 SHS: SHA-1 (BYTE)</p>
-<p><strong>SIG(gen):<br />
-SIG(ver)</strong> MOD(1024);<br />
+<p><b>SIG(gen):<br />
+SIG(ver)</b> MOD(1024);<br />
 SHS: SHA-1 (BYTE)</p></td>
 <td>Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#17">#17</a></td>
 </tr>
@@ -3375,8 +3375,8 @@ SHS: SHA-1 (BYTE)</p></td>
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -3653,93 +3653,93 @@ SHS: SHA-1 (BYTE)</p></td>
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 TestingCandidates )<br />
+<td><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 TestingCandidates )<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555">Val# 1555</a></td>
 <td><p>Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1136">#1136</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>PKV: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
+<td><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>PKV: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555">Val# 1555</a></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1135">#1135</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>PKV: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
+<td><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>PKV: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
 SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555">Val# 1555</a></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133">#1133</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>PKV: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) <em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )<br />
-<strong>SHS:</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a><br />
-<strong>DRBG:</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430">Val# 1430</a></td>
+<td><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>PKV: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) <em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+<b>SigVer: CURVES</b>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )<br />
+<b>SHS:</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a><br />
+<b>DRBG:</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430">Val# 1430</a></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1073">#1073</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>PKV: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) <em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )<br />
-<strong>SHS:</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a><br />
-<strong>DRBG:</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429">Val# 1429</a></td>
+<td><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>PKV: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) <em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+<b>SigVer: CURVES</b>( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )<br />
+<b>SHS:</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a><br />
+<b>DRBG:</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429">Val# 1429</a></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072">#1072</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 TestingCandidates )<br />
-<strong>PKV: CURVES</strong>( P-256 P-384 )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )</p>
+<td><p><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 TestingCandidates )<br />
+<b>PKV: CURVES</b>( P-256 P-384 )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">Val# 1222</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920">#920</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>PKV: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )</p>
+<td><p><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>PKV: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val# 1217</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911">#911</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )</p>
+<td><p><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">Val# 955</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760">#760</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<td><p><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
 SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">Val# 868</a></p></td>
@@ -3747,79 +3747,79 @@ DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )</p>
+<td><p><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )</p>
 <p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">Val# 489</a></p></td>
 <td><p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505">#505</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-2:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
-<strong>SIG(ver):CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a></p>
-<p><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
+<td><p><b>FIPS186-2:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
+<b>SIG(ver):CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a></p>
+<p><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#341">Historical ECDSA List Val#341</a>.</p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341">#341</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-2:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a><br />
-<strong>SIG(ver): CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a></p>
-<p><strong>FIPS186-4:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 ExtraRandomBits )<br />
-<strong>SigGen: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
-<strong>SigVer: CURVES</strong>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a><br />
+<td><p><b>FIPS186-2:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a><br />
+<b>SIG(ver): CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a></p>
+<p><b>FIPS186-4:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 ExtraRandomBits )<br />
+<b>SigGen: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<br />
+<b>SigVer: CURVES</b>( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#295">Historical ECDSA List Val#295</a>.</p></td>
 <td>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#295">#295</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">Val# 23</a><br />
-<strong>SIG(ver): CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a><br />
-<strong>DRBG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">Val# 23</a><br />
+<td><b>FIPS186-2:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">Val# 23</a><br />
+<b>SIG(ver): CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a><br />
+<b>DRBG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">Val# 23</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#142">Historical ECDSA List Val#142</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#141">Historical ECDSA List Val#141</a>.</td>
 <td><p>Windows Server 2008 R2 and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#142">#142</a></p>
 <p>Windows 7 Ultimate and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#141">#141</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
-<strong>SIG(ver): CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
+<td><b>FIPS186-2:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
+<b>SIG(ver): CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#83">Historical ECDSA List Val#83</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#82">Historical ECDSA List Val#82</a>.</td>
 <td><p>Windows Server 2008 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#83">#83</a></p>
 <p>Windows Vista Ultimate SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#82">#82</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-PKG: CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a><br />
-<strong>RNG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val# 321</a><br />
-<strong>SIG(ver): CURVES</strong>( P-256 P-384 P-521 )<br />
-<strong>SHS</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a><br />
-<strong>RNG</strong>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321">Val# 321</a><br />
+<td><b>FIPS186-2:<br />
+PKG: CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a><br />
+<b>RNG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val# 321</a><br />
+<b>SIG(ver): CURVES</b>( P-256 P-384 P-521 )<br />
+<b>SHS</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a><br />
+<b>RNG</b>: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321">Val# 321</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#60">Historical ECDSA List Val#60</a>.</td>
 <td>Windows Vista CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#60">#60</a></td>
 </tr>
@@ -3836,8 +3836,8 @@ Some of the previously validated components for this validation have been remove
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -3983,265 +3983,265 @@ Some of the previously validated components for this validation have been remove
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p></td>
 <td><p>Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3062">#3062</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1(Key Sizes Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p></td>
+<td><p><b>HMAC-SHA1(Key Sizes Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></p></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061">#3061</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested:</strong> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested:</b> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2946">#2946</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested:</strong> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested:</b> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2945">#2945</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested:</strong> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested:</b> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2943">#2943</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested:</strong> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested:</strong> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested:</b> KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested:</b> KSBS ) SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2942">#2942</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1</strong> (Key Sizes Ranges Tested:  KSBS )<br />
+<td><p><b>HMAC-SHA1</b> (Key Sizes Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
-<p><strong>HMAC-SHA256</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA256</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
-<p><strong>HMAC-SHA384</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA384</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661">#2661</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1</strong> (Key Sizes Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
-<p><strong>HMAC-SHA256</strong> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
-<p><strong>HMAC-SHA384</strong> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
-<p><strong>HMAC-SHA512</strong> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p></td>
+<td><p><b>HMAC-SHA1</b> (Key Sizes Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
+<p><b>HMAC-SHA256</b> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
+<p><b>HMAC-SHA384</b> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
+<p><b>HMAC-SHA512</b> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651">#2651</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1</strong> (Key Sizes Ranges Tested:  KSBS )<br />
+<td><p><b>HMAC-SHA1</b> (Key Sizes Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a></p>
-<p><strong>HMAC-SHA256</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA256</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a></p>
-<p><strong>HMAC-SHA384</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA384</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a></p>
-<p><strong>HMAC-SHA512</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA512</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381">#2381</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1</strong> (Key Sizes Ranges Tested:  KSBS )<br />
+<td><p><b>HMAC-SHA1</b> (Key Sizes Ranges Tested:  KSBS )<br />
 SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a></p>
-<p><strong>HMAC-SHA256</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA256</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a></p>
-<p><strong>HMAC-SHA384</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA384</b> ( Key Size Ranges Tested:  KSBS )<br />
 <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886"> SHSVal# 2886</a></p>
-<p><strong>HMAC-SHA512</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA512</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233">#2233</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1</strong> (Key Sizes Ranges Tested:  KSBS )<br />
+<td><p><b>HMAC-SHA1</b> (Key Sizes Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a></p>
-<p><strong>HMAC-SHA256</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA256</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a></p>
-<p><strong>HMAC-SHA384</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA384</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a></p>
-<p><strong>HMAC-SHA512</strong> ( Key Size Ranges Tested:  KSBS )<br />
+<p><b>HMAC-SHA512</b> ( Key Size Ranges Tested:  KSBS )<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a></p></td>
 <td><p>Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773">#1773</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1</strong> (Key Sizes Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p>
-<p><strong>HMAC-SHA256</strong> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p>
-<p><strong>HMAC-SHA384</strong> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p>
-<p><strong>HMAC-SHA512</strong> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p></td>
+<td><p><b>HMAC-SHA1</b> (Key Sizes Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p>
+<p><b>HMAC-SHA256</b> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p>
+<p><b>HMAC-SHA384</b> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p>
+<p><b>HMAC-SHA512</b> ( Key Size Ranges Tested: KSBS ) SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764">Val#2764</a></p></td>
 <td><p>Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2122">#2122</a></p>
 <p>Version 5.2.29344</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1347">1347</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1346">1346</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )</strong></p>
-<p><strong>SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS )</strong></p>
-<p><strong>SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS )</strong></p>
-<p><strong>SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS )</strong></p>
-<p><strong>SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )</b></p>
+<p><b>SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS )</b></p>
+<p><b>SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS )</b></p>
+<p><b>SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS )</b></p>
+<p><b>SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345">1345</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p>
-<p><strong>Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p>
+<p><b>Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a></p></td>
 <td>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1364">#1364</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a></p></td>
 <td>Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1227">#1227</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p></td>
 <td><p>Windows Server 2008 R2 and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#686">#686</a></p>
 <p>Windows 7 and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#677">#677</a></p>
 <p>Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#687">#687</a></p>
 <p>Windows 7 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#673">#673</a></p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1(Key Sizes Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p></td>
+<td><p><b>HMAC-SHA1(Key Sizes Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a></p></td>
 <td>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675">#675</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a></p></td>
 <td>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#452">#452</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p></td>
 <td>Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#415">#415</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS )</strong>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS )</b>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p></td>
 <td><p>Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#408">#408</a></p>
 <p>Windows Vista Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#407">#407</a></p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p></td>
 <td>Windows Vista Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#297">#297</a></td>
 </tr>
 <tr class="even">
-<td><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785">Val#785</a></td>
+<td><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785">Val#785</a></td>
 <td><p>Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#429">#429</a></p>
 <p>Windows XP, vendor-affirmed</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a></p></td>
 <td>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#428">#428</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a></p></td>
 <td>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#289">#289</a></td>
 </tr>
 <tr class="odd">
-<td><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610">Val#610</a></td>
+<td><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610">Val#610</a></td>
 <td>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#287">#287</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a></p></td>
 <td><p>Windows Server 2008 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#413">#413</a></p>
 <p>Windows Vista Ultimate SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#412">#412</a></p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737">Val#737</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737">Val#737</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737">Val#737</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737">Val#737</a></p></td>
 <td>Windows Vista Ultimate BitLocker Drive Encryption <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#386">#386</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#618">Val#618</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p></td>
+<td><p><b>HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#618">Val#618</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a></p></td>
 <td>Windows Vista CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#298">#298</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p></td>
+<td><p><b>HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a></p></td>
 <td>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#267">#267</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p></td>
+<td><p><b>HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a></p></td>
 <td>Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#260">#260</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495">Val#495</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495">Val#495</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495">Val#495</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495">Val#495</a></p></td>
 <td>Windows Vista BitLocker Drive Encryption <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#199">#199</a></td>
 </tr>
 <tr class="even">
-<td><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364">Val#364</a></td>
+<td><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364">Val#364</a></td>
 <td><p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#99">#99</a></p>
 <p>Windows XP, vendor-affirmed</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p>
-<p><strong>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p>
-<p><strong>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p>
-<p><strong>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</strong><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p></td>
+<td><p><b>HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p>
+<p><b>HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p>
+<p><b>HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p>
+<p><b>HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS</b><a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a></p></td>
 <td>Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#31">#31</a></td>
 </tr>
 </tbody>
@@ -4257,8 +4257,8 @@ SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -4782,7 +4782,7 @@ SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) <strong>SCHEMES</strong> [ <strong>FullUnified</strong> ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ]</p>
+<td><p><b>ECC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) <b>SCHEMES</b> [ <b>FullUnified</b> ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a><br />
 DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1135">Val#1135</a><br />
 DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556">Val#1556</a></p></td>
@@ -4790,15 +4790,15 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FFC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <strong>SCHEMES</strong> [ <strong>dhEphem</strong> ( KARole(s): Initiator / Responder )<br />
-( <strong>FB:</strong> SHA256 ) ( <strong>FC:</strong> SHA256 ) ]<br />
-[ <strong>dhOneFlow</strong> ( <strong>FB:</strong> SHA256 ) ( <strong>FC:</strong> SHA256 ) ] [ <strong>dhStatic</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>FB:</strong> SHA256 HMAC ) ( <strong>FC:</strong> SHA256   HMAC ) ]<br />
+<td><p><b>FFC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <b>SCHEMES</b> [ <b>dhEphem</b> ( KARole(s): Initiator / Responder )<br />
+( <b>FB:</b> SHA256 ) ( <b>FC:</b> SHA256 ) ]<br />
+[ <b>dhOneFlow</b> ( <b>FB:</b> SHA256 ) ( <b>FC:</b> SHA256 ) ] [ <b>dhStatic</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>FB:</b> SHA256 HMAC ) ( <b>FC:</b> SHA256   HMAC ) ]<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a><br />
 DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223">Val#1223</a><br />
 DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555">Val#1555</a></p>
-<p><strong>ECC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <strong>SCHEMES</strong> [ <strong>EphemeralUnified</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
-[ <strong>OnePassDH</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
-[ <strong>StaticUnified</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
+<p><b>ECC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <b>SCHEMES</b> [ <b>EphemeralUnified</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+[ <b>OnePassDH</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
+[ <b>StaticUnified</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
 <br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a><br />
 ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133">Val#1133</a><br />
@@ -4807,29 +4807,29 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FFC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <strong>SCHEMES</strong> [ <strong>dhEphem</strong> ( KARole(s): Initiator / Responder )<br />
-( <strong>FB:</strong> SHA256 ) ( <strong>FC:</strong> SHA256 ) ]<br />
-[ <strong>dhOneFlow</strong> ( KARole(s): Initiator / Responder ) ( <strong>FB:</strong> SHA256 ) ( <strong>FC:</strong> SHA256 ) ] [ <strong>dhStatic</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>FB:</strong> SHA256 HMAC ) ( <strong>FC:</strong> SHA256   HMAC ) ]<br />
+<td><p><b>FFC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <b>SCHEMES</b> [ <b>dhEphem</b> ( KARole(s): Initiator / Responder )<br />
+( <b>FB:</b> SHA256 ) ( <b>FC:</b> SHA256 ) ]<br />
+[ <b>dhOneFlow</b> ( KARole(s): Initiator / Responder ) ( <b>FB:</b> SHA256 ) ( <b>FC:</b> SHA256 ) ] [ <b>dhStatic</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>FB:</b> SHA256 HMAC ) ( <b>FC:</b> SHA256   HMAC ) ]<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a><br />
 DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188">Val#1188</a><br />
 DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430">Val#1430</a></p>
-<p><strong>ECC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) <strong>SCHEMES</strong> [ <strong>EphemeralUnified</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
-[ <strong>OnePassDH</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
-[ <strong>StaticUnified</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521   HMAC (SHA512, HMAC_SHA512) ) ]</p></td>
+<p><b>ECC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) <b>SCHEMES</b> [ <b>EphemeralUnified</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+[ <b>OnePassDH</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
+[ <b>StaticUnified</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521   HMAC (SHA512, HMAC_SHA512) ) ]</p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#115">#115</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FFC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <strong>SCHEMES</strong> [ <strong>dhEphem</strong> ( KARole(s): Initiator / Responder )<br />
-( <strong>FB:</strong> SHA256 ) ( <strong>FC:</strong> SHA256 ) ]<br />
-[ <strong>dhHybridOneFlow</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>FB:</strong>SHA256 HMAC ) ( <strong>FC:</strong> SHA256   HMAC ) ]<br />
-[ <strong>dhStatic</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>FB:</strong>SHA256 HMAC ) ( <strong>FC:</strong> SHA256   HMAC ) ]<br />
+<td><p><b>FFC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) <b>SCHEMES</b> [ <b>dhEphem</b> ( KARole(s): Initiator / Responder )<br />
+( <b>FB:</b> SHA256 ) ( <b>FC:</b> SHA256 ) ]<br />
+[ <b>dhHybridOneFlow</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>FB:</b>SHA256 HMAC ) ( <b>FC:</b> SHA256   HMAC ) ]<br />
+[ <b>dhStatic</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>FB:</b>SHA256 HMAC ) ( <b>FC:</b> SHA256   HMAC ) ]<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a><br />
 DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187">Val#1187</a><br />
 DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429">Val#1429</a></p>
-<p><strong>ECC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) <strong>SCHEMES</strong> [ <strong>EphemeralUnified</strong> ( <strong>No_KC</strong> ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
-[ <strong>OnePassDH</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
-[ <strong>StaticUnified</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC:</strong> P-256   SHA256   HMAC ) ( <strong>ED:</strong> P-384   SHA384   HMAC ) ( <strong>EE:</strong> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
+<p><b>ECC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) <b>SCHEMES</b> [ <b>EphemeralUnified</b> ( <b>No_KC</b> ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+[ <b>OnePassDH</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
+[ <b>StaticUnified</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC:</b> P-256   SHA256   HMAC ) ( <b>ED:</b> P-384   SHA384   HMAC ) ( <b>EE:</b> P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
 <br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a><br />
 ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072">Val#1072</a><br />
@@ -4838,19 +4838,19 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>ECC:</strong>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )<br />
-<strong>SCHEMES  [ FullUnified  ( No_KC</strong>  &amp;lt; KARole(s): Initiator / Responder &amp;gt; &amp;lt; KDF: CONCAT &amp;gt; ) ( <strong>EC:</strong>  P-256   SHA256   HMAC ) ( <strong>ED:</strong>  P-384   SHA384   HMAC ) ]</p>
+<td><p><b>ECC:</b>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )<br />
+<b>SCHEMES  [ FullUnified  ( No_KC</b>  &amp;lt; KARole(s): Initiator / Responder &amp;gt; &amp;lt; KDF: CONCAT &amp;gt; ) ( <b>EC:</b>  P-256   SHA256   HMAC ) ( <b>ED:</b>  P-384   SHA384   HMAC ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a> ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920">Val#920</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">Val#1222</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93">#93</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FFC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )<br />
-<strong>SCHEMES</strong>  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
-( <strong>FB:</strong> SHA256 ) ( <strong>FC:</strong> SHA256 ) ]<br />
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( <strong>FB:</strong>  SHA256 ) ( <strong>FC:</strong>  SHA256 ) ] [ <strong>dhStatic (No_KC</strong>  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]</p>
+<td><p><b>FFC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )<br />
+<b>SCHEMES</b>  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
+( <b>FB:</b> SHA256 ) ( <b>FC:</b> SHA256 ) ]<br />
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( <b>FB:</b>  SHA256 ) ( <b>FC:</b>  SHA256 ) ] [ <b>dhStatic (No_KC</b>  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a> DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098">Val#1098</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val#1217</a></p>
-<p><strong>ECC:</strong>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) <strong>SCHEMES</strong>  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+<p><b>ECC:</b>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) <b>SCHEMES</b>  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
 [ OnePassDH  ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
 [ StaticUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a> DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098">Val#1098</a> ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911">Val#911</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val#1217</a> HMAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651">Val#2651</a></p></td>
@@ -4858,11 +4858,11 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FFC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
+<td><p><b>FFC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
 ( FB: SHA256 ) ( FC: SHA256 ) ]<br />
 [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a> DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024">Val#1024</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">Val#955</a></p>
-<p><strong>ECC:</strong>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+<p><b>ECC:</b>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
 [ OnePassDH  ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
 [ StaticUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a> ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760">Val#760</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">Val#955</a></p></td>
@@ -4870,11 +4870,11 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FFC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
+<td><p><b>FFC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
 ( FB: SHA256 ) ( FC: SHA256 ) ]<br />
 [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a> DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983">Val#983</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">Val#868</a></p>
-<p><strong>ECC:</strong>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+<p><b>ECC:</b>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
 [ OnePassDH  ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
 [ StaticUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a> ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706">Val#706</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">Val#868</a></p></td>
@@ -4882,11 +4882,11 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FFC:</strong> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
+<td><p><b>FFC:</b> (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )<br />
 ( FB: SHA256 ) ( FC: SHA256 ) ]<br />
 [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a> DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855">Val#855</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">Val#489</a></p>
-<p><strong>ECC:</strong>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+<p><b>ECC:</b>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
 [ OnePassDH  ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]<br />
 [ StaticUnified ( No_KC  &amp;lt; KARole(s): Initiator / Responder &amp;gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]</p>
 <p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a> ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505">Val#505</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">Val#489</a></p></td>
@@ -4894,20 +4894,20 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FFC</strong>: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ <strong>dhEphem</strong> ( KARole(s): Initiator / Responder )<br />
-( <strong>FA</strong>: SHA256 ) ( <strong>FB</strong>: SHA256 ) ( <strong>FC</strong>: SHA256 ) ]<br />
-[ <strong>dhOneFlow</strong> ( KARole(s): Initiator / Responder ) ( <strong>FA</strong>: SHA256 ) ( <strong>FB</strong>: SHA256 ) ( <strong>FC</strong>: SHA256 ) ]<br />
-[ <strong>dhStatic</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>FA</strong>: SHA256 HMAC ) ( <strong>FB</strong>: SHA256 HMAC ) ( <strong>FC</strong>: SHA256 HMAC ) ]<br />
+<td><p><b>FFC</b>: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ <b>dhEphem</b> ( KARole(s): Initiator / Responder )<br />
+( <b>FA</b>: SHA256 ) ( <b>FB</b>: SHA256 ) ( <b>FC</b>: SHA256 ) ]<br />
+[ <b>dhOneFlow</b> ( KARole(s): Initiator / Responder ) ( <b>FA</b>: SHA256 ) ( <b>FB</b>: SHA256 ) ( <b>FC</b>: SHA256 ) ]<br />
+[ <b>dhStatic</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>FA</b>: SHA256 HMAC ) ( <b>FB</b>: SHA256 HMAC ) ( <b>FC</b>: SHA256 HMAC ) ]<br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a> DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687">Val#687</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a></p>
-<p><strong>ECC</strong>: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) <strong>SCHEMES</strong> [ <strong>EphemeralUnified</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( EC: P-256 SHA256 HMAC ) ( <strong>ED</strong>: P-384 SHA384 HMAC ) ( <strong>EE</strong>: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
-[ <strong>OnePassDH( No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC</strong>: P-256 SHA256 ) ( <strong>ED</strong>: P-384 SHA384 ) ( <strong>EE</strong>: P-521 (SHA512, HMAC_SHA512) ) ) ]<br />
-[ <strong>StaticUnified</strong> ( <strong>No_KC</strong> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <strong>EC</strong>: P-256 SHA256 HMAC ) ( <strong>ED</strong>: P-384 SHA384 HMAC ) ( <strong>EE</strong>: P-521 HMAC (SHA512, HMAC_SHA512) ) ]<br />
+<p><b>ECC</b>: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) <b>SCHEMES</b> [ <b>EphemeralUnified</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( EC: P-256 SHA256 HMAC ) ( <b>ED</b>: P-384 SHA384 HMAC ) ( <b>EE</b>: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]<br />
+[ <b>OnePassDH( No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC</b>: P-256 SHA256 ) ( <b>ED</b>: P-384 SHA384 ) ( <b>EE</b>: P-521 (SHA512, HMAC_SHA512) ) ) ]<br />
+[ <b>StaticUnified</b> ( <b>No_KC</b> &amp;lt; KARole(s): Initiator / Responder&amp;gt; ) ( <b>EC</b>: P-256 SHA256 HMAC ) ( <b>ED</b>: P-384 SHA384 HMAC ) ( <b>EE</b>: P-521 HMAC (SHA512, HMAC_SHA512) ) ]<br />
 <br />
 SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a> ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341">Val#341</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36">#36</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>KAS (SP 800–56A)</strong></p>
+<td><p><b>KAS (SP 800–56A)</b></p>
 <p>key agreement</p>
 <p>key establishment methodology provides 80 to 256 bits of encryption strength</p></td>
 <td><p>Windows 7 and SP1, vendor-affirmed</p>
@@ -4922,8 +4922,8 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
 <table>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -5021,7 +5021,7 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><strong>CTR_Mode:</strong> ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )<br />
+<td><b>CTR_Mode:</b> ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )<br />
 <br />
 KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#128">Val#128</a><br />
 DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556">Val#1556</a><br />
@@ -5030,7 +5030,7 @@ MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>CTR_Mode:</strong> ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )<br />
+<td><b>CTR_Mode:</b> ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )<br />
 <br />
 KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127">Val#127</a><br />
 AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624">Val#4624</a><br />
@@ -5040,37 +5040,37 @@ MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CTR_Mode:</strong>  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
+<td><p><b>CTR_Mode:</b>  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
 <p>KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93">Val#93</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">Val#1222</a> MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661">Val#2661</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#102">#102</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>CTR_Mode:</strong>  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
+<td><p><b>CTR_Mode:</b>  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
 <p>KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92">Val#92</a> AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064">Val#4064</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val#1217</a> MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651">Val#2651</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101">#101</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CTR_Mode:</strong>  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
+<td><p><b>CTR_Mode:</b>  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
 <p>KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72">Val#72</a> AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629">Val#3629</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">Val#955</a> MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381">Val#2381</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72">#72</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>CTR_Mode:</strong>  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
+<td><p><b>CTR_Mode:</b>  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
 <p>KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64">Val#64</a> AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497">Val#3497</a> RBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">Val#868</a> MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233">Val#2233</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66">#66</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>CTR_Mode:</strong>  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
+<td><p><b>CTR_Mode:</b>  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
 <p>DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">Val#489</a> MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773">Val#1773</a></p></td>
 <td><p>Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30">#30</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>CTR_Mode</strong>: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
+<td><p><b>CTR_Mode</b>: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )</p>
 <p>DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a> HMAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345">Val#1345</a></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations <a href="http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3">#3</a></td>
 </tr>
@@ -5087,34 +5087,34 @@ Random Number Generator (RNG)
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS 186-2 General Purpose</strong></p>
-<p><strong>[ (x-Original); (SHA-1) ]</strong></p></td>
+<td><p><b>FIPS 186-2 General Purpose</b></p>
+<p><b>[ (x-Original); (SHA-1) ]</b></p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#1110">1110</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS 186-2<br />
-[ (x-Original); (SHA-1) ]</strong></td>
+<td><b>FIPS 186-2<br />
+[ (x-Original); (SHA-1) ]</b></td>
 <td><p>Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#1060">#1060</a></p>
 <p>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#292">#292</a></p>
 <p>Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#286">#286</a></p>
 <p>Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#66">#66</a></p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS 186-2<br />
-[ (x-Change Notice); (SHA-1) ]</strong></p>
-<p><strong>FIPS 186-2 General Purpose<br />
-[ (x-Change Notice); (SHA-1) ]</strong></p></td>
+<td><p><b>FIPS 186-2<br />
+[ (x-Change Notice); (SHA-1) ]</b></p>
+<p><b>FIPS 186-2 General Purpose<br />
+[ (x-Change Notice); (SHA-1) ]</b></p></td>
 <td><p>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#649">#649</a></p>
 <p>Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#435">#435</a></p>
 <p>Windows Vista RNG implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321">#321</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS 186-2 General Purpose<br />
-[ (x-Change Notice); (SHA-1) ]</strong></td>
+<td><b>FIPS 186-2 General Purpose<br />
+[ (x-Change Notice); (SHA-1) ]</b></td>
 <td><p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#470">#470</a></p>
 <p>Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#449">#449</a></p>
 <p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#447">#447</a></p>
@@ -5122,8 +5122,8 @@ Random Number Generator (RNG)
 <p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#313">#313</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS 186-2<br />
-[ (x-Change Notice); (SHA-1) ]</strong></td>
+<td><b>FIPS 186-2<br />
+[ (x-Change Notice); (SHA-1) ]</b></td>
 <td><p>Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#448">#448</a></p>
 <p>Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#314">#314</a></p></td>
 </tr>
@@ -5140,8 +5140,8 @@ Random Number Generator (RNG)
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><p>RSA:</p>
@@ -5711,419 +5711,419 @@ Random Number Generator (RNG)
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))<br />
-<strong>[RSASSA-PSS]:</strong> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))<br />
+<td><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))<br />
+<b>[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></td>
 <td><p>Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2524">#2524</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
+<td><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523">#2523</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-4:<br />
-186-4KEY(gen):</strong> FIPS186-4_Fixed_e ( 10001 ) ;<br />
-<strong>PGM(ProbPrimeCondition):</strong> 2048 , 3072 <strong>PPTT:</strong>( C.3 )<br />
-<strong>ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
-<strong>[RSASSA-PSS]:</strong> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
+<td><b>FIPS186-4:<br />
+186-4KEY(gen):</b> FIPS186-4_Fixed_e ( 10001 ) ;<br />
+<b>PGM(ProbPrimeCondition):</b> 2048 , 3072 <b>PPTT:</b>( C.3 )<br />
+<b>ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
+<b>[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555">Val# 1555</a></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522">#2522</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-4:<br />
+<td><b>FIPS186-4:<br />
 186-4KEY(gen):<br />
-PGM(ProbRandom:</strong> ( 2048 , 3072 ) <strong>PPTT:</strong>( C.2 )<br />
-<strong>ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
-<strong>[RSASSA-PSS]:</strong> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
+PGM(ProbRandom:</b> ( 2048 , 3072 ) <b>PPTT:</b>( C.2 )<br />
+<b>ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
+<b>[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">Val#3790</a></td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2521">#2521</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><p><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a><br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a><br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p>
-<p><strong>FIPS186-4:<br />
-ALG[ANSIX9.31]</strong> Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))<strong><br />
-<em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em></strong> Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))<br />
-<strong>ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
+<p><b>FIPS186-4:<br />
+ALG[ANSIX9.31]</b> Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))<b><br />
+<em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em></b> Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))<br />
+<b>ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">Val#3652</a></p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2415">#2415</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><p><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a><br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a><br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p>
-<p><strong>FIPS186-4:<br />
-ALG[ANSIX9.31]</strong> Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))<strong><br />
-<em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em></strong> Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))<br />
-<strong>ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
+<p><b>FIPS186-4:<br />
+ALG[ANSIX9.31]</b> Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))<b><br />
+<em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em></b> Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))<br />
+<b>ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">Val#3651</a></p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2414">#2414</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a> , SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a> , SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a><br />
+<td><p><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a> , SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a> , SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a><br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a> , SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a> , SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a> , SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a></p>
-<p><strong>FIPS186-4:<br />
-186-4KEY(gen):</strong> FIPS186-4_Fixed_e (10001) ;<br />
-<strong>PGM(ProbRandom:</strong> ( 2048 , 3072 ) <strong>PPTT:</strong>( C.2 )<br />
-<strong>ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
+<p><b>FIPS186-4:<br />
+186-4KEY(gen):</b> FIPS186-4_Fixed_e (10001) ;<br />
+<b>PGM(ProbRandom:</b> ( 2048 , 3072 ) <b>PPTT:</b>( C.2 )<br />
+<b>ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">Val# 3649</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430">Val# 1430</a></p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2412">#2412</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a><br />
+<td><p><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a><br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a></p>
-<p><strong>FIPS186-4:<br />
-186-4KEY(gen):</strong> FIPS186-4_Fixed_e (10001) ;<br />
-<strong>PGM(ProbRandom:</strong> ( 2048 , 3072 ) <strong>PPTT:</strong>( C.2 )<br />
-<strong>ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <strong><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
-</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
+<p><b>FIPS186-4:<br />
+186-4KEY(gen):</b> FIPS186-4_Fixed_e (10001) ;<br />
+<b>PGM(ProbRandom:</b> ( 2048 , 3072 ) <b>PPTT:</b>( C.2 )<br />
+<b>ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) <b><em>SIG(gen) with SHA-1 affirmed for use with protocols only.</em><br />
+</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">Val#3648</a><br />
 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429">Val# 1429</a></p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2411">#2411</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.<br />
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.<br />
 SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))<br />
-<strong>[RSASSA-PSS]:</strong> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.<br />
+<b>[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.<br />
 Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2206">#2206</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-186-4KEY(gen):</strong> FIPS186-4_Fixed_e ( 10001 ) ;<br />
-<strong>PGM(ProbPrimeCondition):</strong> 2048 , 3072 PPTT:( C.3 )</p>
+<td><p><b>FIPS186-4:<br />
+186-4KEY(gen):</b> FIPS186-4_Fixed_e ( 10001 ) ;<br />
+<b>PGM(ProbPrimeCondition):</b> 2048 , 3072 PPTT:( C.3 )</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a> DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val# 1217</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2195">#2195</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3346">Val#3346</a></p></td>
 <td><p>soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2194">#2194</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
-<strong>SIG(Ver)</strong> (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
+<b>SIG(Ver)</b> (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a> DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val# 1217</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193">#2193</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-[RSASSA-PSS]: Sig(Gen):</strong> (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
-<p><strong>Sig(Ver):</strong> (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
+<td><p><b>FIPS186-4:<br />
+[RSASSA-PSS]: Sig(Gen):</b> (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
+<p><b>Sig(Ver):</b> (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a> DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217">Val# 1217</a></p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192">#2192</a></p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-186-4KEY(gen)</strong>:  FIPS186-4_Fixed_e ( 10001 ) ;<br />
-<strong>PGM(ProbPrimeCondition</strong>): 2048 , 3072 PPTT:( C.3 )</p>
+<td><p><b>FIPS186-4:<br />
+186-4KEY(gen)</b>:  FIPS186-4_Fixed_e ( 10001 ) ;<br />
+<b>PGM(ProbPrimeCondition</b>): 2048 , 3072 PPTT:( C.3 )</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a> DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955">Val# 955</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1889">#1889</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048">Val#3048</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871">#1871</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
-<strong>SIG(Ver)</strong> (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
+<b>SIG(Ver)</b> (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888">#1888</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-[RSASSA-PSS]: Sig(Gen)</strong>: (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
-<strong>Sig(Ver):</strong> (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
+<td><p><b>FIPS186-4:<br />
+[RSASSA-PSS]: Sig(Gen)</b>: (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
+<b>Sig(Ver):</b> (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">Val# 3047</a></p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887">#1887</a></p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-186-4KEY(gen):</strong> FIPS186-4_Fixed_e ( 10001 ) ;<br />
+<td><p><b>FIPS186-4:<br />
+186-4KEY(gen):</b> FIPS186-4_Fixed_e ( 10001 ) ;<br />
 PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a> DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868">Val# 868</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798">#1798</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871">Val#2871</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784">#1784</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871">Val#2871</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783">#1783</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-[RSASSA-PSS]:</strong> Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
+<td><p><b>FIPS186-4:<br />
+[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
 Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">Val# 2886</a></p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802">#1802</a></p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-186-4KEY(gen):</strong> FIPS186-4_Fixed_e ;<br />
-<strong>PGM(ProbPrimeCondition):</strong> 2048 , 3072 PPTT:( C.3 )</p>
+<td><p><b>FIPS186-4:<br />
+186-4KEY(gen):</b> FIPS186-4_Fixed_e ;<br />
+<b>PGM(ProbPrimeCondition):</b> 2048 , 3072 PPTT:( C.3 )</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a> DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489">Val# 489</a></p></td>
 <td><p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487">#1487</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a></p></td>
 <td><p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494">#1494</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5</strong>] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5</b>] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
 SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a></p></td>
 <td><p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493">#1493</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>FIPS186-4:<br />
-[RSASSA-PSS]:</strong> Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
+<td><p><b>FIPS186-4:<br />
+[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))<br />
  Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))</p>
 <p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">Val#2373</a></p></td>
 <td><p>Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1519">#1519</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-4:<br />
-ALG[RSASSA-PKCS1_V1_5]</strong> SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))<br />
+<td><p><b>FIPS186-4:<br />
+ALG[RSASSA-PKCS1_V1_5]</b> SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))<br />
 SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))<br />
-<strong>[RSASSA-PSS]:</strong> Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
+<b>[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))<br />
 Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
 <p>Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1134">Historical RSA List Val#1134</a>.</p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134">#1134</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-4:<br />
-186-4KEY(gen):</strong> FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value<br />
-<strong>PGM(ProbPrimeCondition):</strong> 2048 , 3072 <strong>PPTT:</strong>( C.3 )<br />
+<td><b>FIPS186-4:<br />
+186-4KEY(gen):</b> FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value<br />
+<b>PGM(ProbPrimeCondition):</b> 2048 , 3072 <b>PPTT:</b>( C.3 )<br />
 SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a> DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133">#1133</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a><br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>, SHA-<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1132">Historical RSA List Val#1132</a>.</td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132">#1132</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>,<br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">Val#1774</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1052">Historical RSA List Val#1052</a>.</td>
 <td>Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1052">#1052</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193">Val# 193</a><br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">Val#1773</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1051">Historical RSA List Val#1051</a>.</td>
 <td>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1051">#1051</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#568">Historical RSA List Val#568</a>.</td>
 <td>Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568">#568</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
-<strong>ALG[RSASSA-PSS]:</strong> SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a><br />
+<b>ALG[RSASSA-PSS]:</b> SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#567">Historical RSA List Val#567</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#560">Historical RSA List Val#560</a>.</td>
 <td><p>Windows Server 2008 R2 and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#567">#567</a></p>
 <p>Windows 7 and SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#560">#560</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">Val# 23</a><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23">Val# 23</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#559">Historical RSA List Val#559</a>.</td>
 <td>Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559">#559</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">Val#1081</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#557">Historical RSA List Val#557</a>.</td>
 <td>Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557">#557</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
+<td><b>FIPS186-2:<br />
 ALG[ANSIX9.31]:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>,<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816">Val#816</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#395">Historical RSA List Val#395</a>.</td>
 <td>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#395">#395</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a>,<br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">Val#783</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#371">Historical RSA List Val#371</a>.</td>
 <td>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#371">#371</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>,<br />
-<strong>ALG[RSASSA-PSS]:</strong> SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
+<b>ALG[RSASSA-PSS]:</b> SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#358">Historical RSA List Val#358</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#357">Historical RSA List Val#357</a>.</td>
 <td><p>Windows Server 2008 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#358">#358</a></p>
 <p>Windows Vista SP1 CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#357">#357</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>,<br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">Val#753</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#355">Historical RSA List Val#355</a>. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#354">Historical RSA List Val#354</a>.</td>
 <td><p>Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355">#355</a></p>
 <p>Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354">#354</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537<br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#353">Historical RSA List Val#353</a>.</td>
 <td>Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353">#353</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321">Val# 321</a><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b> Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321">Val# 321</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#258">Historical RSA List Val#258</a>.</td>
 <td>Windows Vista RSA key generation implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#258">#258</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>,<br />
-<strong>ALG[RSASSA-PSS]:</strong> SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a><br />
+<b>ALG[RSASSA-PSS]:</b> SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#257">Historical RSA List Val#257</a>.</td>
 <td>Windows Vista CNG algorithms <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#257">#257</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>,<br />
+<td><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">Val#618</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#255">Historical RSA List Val#255</a>.</td>
 <td>Windows Vista Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#255">#255</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>,<br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">Val#613</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#245">Historical RSA List Val#245</a>.</td>
 <td>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#245">#245</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>,<br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">Val#589</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#230">Historical RSA List Val#230</a>.</td>
 <td>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#230">#230</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>,<br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">Val#578</a>, SHA-512<a href="http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#578">Val#578</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#222">Historical RSA List Val#222</a>.</td>
 <td>Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#222">#222</a></td>
 </tr>
 <tr class="even">
-<td><strong>FIPS186-2:<br />
-ALG[RSASSA-PKCS1_V1_5]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[RSASSA-PKCS1_V1_5]:</b><br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364">Val#364</a><br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#81">Historical RSA List Val#81</a>.</td>
 <td>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81">#81</a></td>
 </tr>
 <tr class="odd">
-<td><strong>FIPS186-2:<br />
-ALG[ANSIX9.31]:</strong><br />
+<td><b>FIPS186-2:<br />
+ALG[ANSIX9.31]:</b><br />
 SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#305">Val#305</a><br />
-<strong>ALG[RSASSA-PKCS1_V1_5]:</strong> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>,<br />
+<b>ALG[RSASSA-PKCS1_V1_5]:</b> SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>,<br />
 SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>, SHA-256<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>, SHA-384<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>, SHA-512<a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">Val#305</a>,<br />
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See <a href="http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#52">Historical RSA List Val#52</a>.</td>
 <td>Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#52">#52</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>FIPS186-2:</strong></p>
+<td><p><b>FIPS186-2:</b></p>
 <p>– PKCS#1 v1.5, signature generation and verification</p>
 <p>– Mod sizes: 1024, 1536, 2048, 3072, 4096</p>
 <p>– SHS: SHA–1/256/384/512</p></td>
@@ -6143,8 +6143,8 @@ Some of the previously validated components for this validation have been remove
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -6213,170 +6213,170 @@ Some of the previously validated components for this validation have been remove
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong>      (BYTE-only)<br />
-<strong>SHA-256</strong>  (BYTE-only)<br />
-<strong>SHA-384</strong>  (BYTE-only)<br />
-<strong>SHA-512</strong>  (BYTE-only)</td>
+<td><b>SHA-1</b>      (BYTE-only)<br />
+<b>SHA-256</b>  (BYTE-only)<br />
+<b>SHA-384</b>  (BYTE-only)<br />
+<b>SHA-512</b>  (BYTE-only)</td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790">#3790</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong>      (BYTE-only)<br />
-<strong>SHA-256</strong>  (BYTE-only)<br />
-<strong>SHA-384</strong>  (BYTE-only)<br />
-<strong>SHA-512</strong>  (BYTE-only)</td>
+<td><b>SHA-1</b>      (BYTE-only)<br />
+<b>SHA-256</b>  (BYTE-only)<br />
+<b>SHA-384</b>  (BYTE-only)<br />
+<b>SHA-512</b>  (BYTE-only)</td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652">#3652</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong>      (BYTE-only)<br />
-<strong>SHA-256</strong>  (BYTE-only)<br />
-<strong>SHA-384</strong>  (BYTE-only)<br />
-<strong>SHA-512</strong>  (BYTE-only)</td>
+<td><b>SHA-1</b>      (BYTE-only)<br />
+<b>SHA-256</b>  (BYTE-only)<br />
+<b>SHA-384</b>  (BYTE-only)<br />
+<b>SHA-512</b>  (BYTE-only)</td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651">#3651</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong>      (BYTE-only)<br />
-<strong>SHA-256</strong>  (BYTE-only)<br />
-<strong>SHA-384</strong>  (BYTE-only)<br />
-<strong>SHA-512</strong>  (BYTE-only)</td>
+<td><b>SHA-1</b>      (BYTE-only)<br />
+<b>SHA-256</b>  (BYTE-only)<br />
+<b>SHA-384</b>  (BYTE-only)<br />
+<b>SHA-512</b>  (BYTE-only)</td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649">#3649</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong>      (BYTE-only)<br />
-<strong>SHA-256</strong>  (BYTE-only)<br />
-<strong>SHA-384</strong>  (BYTE-only)<br />
-<strong>SHA-512</strong>  (BYTE-only)</td>
+<td><b>SHA-1</b>      (BYTE-only)<br />
+<b>SHA-256</b>  (BYTE-only)<br />
+<b>SHA-384</b>  (BYTE-only)<br />
+<b>SHA-512</b>  (BYTE-only)</td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648">#3648</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">#3347</a><br />
 Version 10.0.14393</td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3346">#3346</a><br />
 Version 10.0.14393</td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048">#3048</a><br />
 Version 10.0.10586</td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047">#3047</a><br />
 Version 10.0.10586</td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886">#2886</a><br />
 Version 10.0.10240</td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871">#2871</a><br />
 Version 10.0.10240</td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396">#2396</a><br />
 Version 6.3.9600</td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373">#2373</a><br />
 Version 6.3.9600</td>
 </tr>
 <tr class="even">
-<td><p><strong>SHA-1</strong> (BYTE-only)</p>
-<p><strong>SHA-256</strong> (BYTE-only)</p>
-<p><strong>SHA-384</strong> (BYTE-only)</p>
-<p><strong>SHA-512</strong> (BYTE-only)</p>
+<td><p><b>SHA-1</b> (BYTE-only)</p>
+<p><b>SHA-256</b> (BYTE-only)</p>
+<p><b>SHA-384</b> (BYTE-only)</p>
+<p><b>SHA-512</b> (BYTE-only)</p>
 <p><em>Implementation does not support zero-length (null) messages.</em></p></td>
 <td><p>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a></p>
 <p>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902">#1902</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td><p>Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774">#1774</a></p>
 <p>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773">#1773</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td><p>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">#1081</a></p>
 <p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816.">#816</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)</td>
 <td><p>Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785">#785</a></p>
 <p>Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784">#784</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783">#783</a></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td><p>Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753">#753</a></p>
 <p>Windows Vista Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618">#618</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)</td>
 <td><p>Windows Vista BitLocker Drive Encryption <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737">#737</a></p>
 <p>Windows Vista Beta 2 BitLocker Drive Encryption <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495">#495</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td><p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613">#613</a></p>
 <p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364">#364</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)</td>
 <td><p>Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#611">#611</a></p>
 <p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610">#610</a></p>
 <p>Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385">#385</a></p>
@@ -6386,16 +6386,16 @@ Version 6.3.9600</td>
 <p>Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176">#176</a></p></td>
 </tr>
 <tr class="odd">
-<td><strong>SHA-1</strong> (BYTE-only)<br />
-<strong>SHA-256</strong> (BYTE-only)<br />
-<strong>SHA-384</strong> (BYTE-only)<br />
-<strong>SHA-512</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)<br />
+<b>SHA-256</b> (BYTE-only)<br />
+<b>SHA-384</b> (BYTE-only)<br />
+<b>SHA-512</b> (BYTE-only)</td>
 <td><p>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589">#589</a></p>
 <p>Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578">#578</a></p>
 <p>Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305">#305</a></p></td>
 </tr>
 <tr class="even">
-<td><strong>SHA-1</strong> (BYTE-only)</td>
+<td><b>SHA-1</b> (BYTE-only)</td>
 <td><p>Windows XP Microsoft Enhanced Cryptographic Provider <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83">#83</a></p>
 <p>Crypto Driver for Windows 2000 (fips.sys) <a href="http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htmlhttp:/csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.html#35">#35</a></p>
 <p>Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#32">#32</a></p>
@@ -6417,8 +6417,8 @@ Version 6.3.9600</td>
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Modes / States / Key Sizes</strong></td>
-<td><strong>Algorithm Implementation and Certificate #</strong></td>
+<td><b>Modes / States / Key Sizes</b></td>
+<td><b>Algorithm Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
@@ -6499,112 +6499,112 @@ Version 6.3.9600</td>
 <p>Version 10.0.16299</p></td>
 </tr>
 <tr class="odd">
-<td><strong>TECB</strong>( KO 1 e/d, ) ; <strong>TCBC</strong>( KO 1 e/d, ) ; <strong>TCFB8</strong>( KO 1 e/d, ) ; <strong>TCFB64</strong>( KO 1 e/d, )</td>
+<td><b>TECB</b>( KO 1 e/d, ) ; <b>TCBC</b>( KO 1 e/d, ) ; <b>TCFB8</b>( KO 1 e/d, ) ; <b>TCFB64</b>( KO 1 e/d, )</td>
 <td><p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2459">#2459</a></p>
 <p>Version 10.0.15063</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, )</p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2384">#2384</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, )</p></td>
 <td><p>Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2383">#2383</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, ) ;</p>
-<p><strong>CTR</strong> ( int only )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, ) ;</p>
+<p><b>CTR</b> ( int only )</p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2382">#2382</a></p>
 <p>Version 7.00.2872</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, )</p></td>
 <td><p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2381">#2381</a></p>
 <p>Version 8.00.6246</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB8</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB64</strong>( KO 1 e/d, )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB8</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB64</b>( KO 1 e/d, )</p></td>
 <td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227">#2227</a><br />
 <br />
 </p>
 <p>Version 10.0.14393</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB8</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB64</strong>( KO 1 e/d, )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB8</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB64</b>( KO 1 e/d, )</p></td>
 <td><p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024">#2024</a><br />
 <br />
 </p>
 <p>Version 10.0.10586</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB8</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB64</strong>( KO 1 e/d, )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB8</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB64</b>( KO 1 e/d, )</p></td>
 <td><p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969">#1969</a><br />
 <br />
 </p>
 <p>Version 10.0.10240</p></td>
 </tr>
 <tr class="odd">
-<td><p><strong>TECB</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCBC</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB8</strong>( KO 1 e/d, ) ;</p>
-<p><strong>TCFB64</strong>( KO 1 e/d, )</p></td>
+<td><p><b>TECB</b>( KO 1 e/d, ) ;</p>
+<p><b>TCBC</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB8</b>( KO 1 e/d, ) ;</p>
+<p><b>TCFB64</b>( KO 1 e/d, )</p></td>
 <td><p>Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692">#1692</a></p>
 <p>Version 6.3.9600</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCBC</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCFB8</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCFB64</strong>( e/d; KO 1,2 )</p></td>
+<td><p><b>TECB</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCBC</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCFB8</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCFB64</b>( e/d; KO 1,2 )</p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387">#1387</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>TECB</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCBC</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCFB8</strong>( e/d; KO 1,2 )</p></td>
+<td><p><b>TECB</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCBC</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCFB8</b>( e/d; KO 1,2 )</p></td>
 <td>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386">#1386</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCBC</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCFB8</strong>( e/d; KO 1,2 )</p></td>
+<td><p><b>TECB</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCBC</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCFB8</b>( e/d; KO 1,2 )</p></td>
 <td>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846">#846</a></td>
 </tr>
 <tr class="odd">
-<td><p><strong>TECB</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCBC</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCFB8</strong>( e/d; KO 1,2 )</p></td>
+<td><p><b>TECB</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCBC</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCFB8</b>( e/d; KO 1,2 )</p></td>
 <td>Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656">#656</a></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCBC</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCFB8</strong>( e/d; KO 1,2 )</p></td>
+<td><p><b>TECB</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCBC</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCFB8</b>( e/d; KO 1,2 )</p></td>
 <td>Windows Vista Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549">#549</a></td>
 </tr>
 <tr class="odd">
-<td><strong>Triple DES MAC</strong></td>
+<td><b>Triple DES MAC</b></td>
 <td><p>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386">#1386</a>, vendor-affirmed</p>
 <p>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846">#846</a>, vendor-affirmed</p></td>
 </tr>
 <tr class="even">
-<td><p><strong>TECB</strong>( e/d; KO 1,2 ) ;</p>
-<p><strong>TCBC</strong>( e/d; KO 1,2 )</p></td>
+<td><p><b>TECB</b>( e/d; KO 1,2 ) ;</p>
+<p><b>TCBC</b>( e/d; KO 1,2 )</p></td>
 <td><p>Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1308">#1308</a></p>
 <p>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1307">#1307</a></p>
 <p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#691">#691</a></p>
@@ -6636,15 +6636,15 @@ Version 6.3.9600</td>
 <table border="1" cellpadding="0" summary="table" xmlns="http://www.w3.org/1999/xhtml">
   <tr>
     <td>
-      <strong>Modes / States / Key Sizes</strong>
+      <b>Modes / States / Key Sizes</b>
     </td>
     <td colspan="2">
-      <strong>Algorithm Implementation and Certificate #</strong>
+      <b>Algorithm Implementation and Certificate #</b>
     </td>
   </tr>
   <tr>
     <td>
-      <strong>PBKDF</strong> (vendor affirmed)</td>
+      <b>PBKDF</b> (vendor affirmed)</td>
     <td colspan="2">
       <p> Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 <a runat="server" href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937">#2937</a><br />(Software Version: 10.0.14393)</p>
       <p>Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 <a runat="server" href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936">#2936</a><br />(Software Version: 10.0.14393)</p>
@@ -6654,7 +6654,7 @@ Version 6.3.9600</td>
   </tr>
   <tr>
     <td colspan="2">
-      <strong>PBKDF</strong> (vendor affirmed)</td>
+      <b>PBKDF</b> (vendor affirmed)</td>
     <td>
       <p>Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 <a runat="server" href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936">#2936</a><br />(Software Version: 10.0.14393)</p>
       <p>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed</p>
@@ -6672,8 +6672,8 @@ Version 6.3.9600</td>
 </colgroup>
 <tbody>
 <tr class="odd">
-<td><strong>Publication / Component Validated / Description</strong></td>
-<td><strong>Implementation and Certificate #</strong></td>
+<td><b>Publication / Component Validated / Description</b></td>
+<td><b>Implementation and Certificate #</b></td>
 </tr>
 <tr class="even">
 <td><ul>
diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md
index 8544b43d61..5ecbd9a101 100644
--- a/windows/security/threat-protection/intelligence/support-scams.md
+++ b/windows/security/threat-protection/intelligence/support-scams.md
@@ -63,6 +63,6 @@ It is also important to keep the following in mind:
 
 Help Microsoft stop scammers, whether they claim to be from Microsoft or from another tech company, by reporting tech support scams:
 
-<strong>www.microsoft.com/reportascam</strong>
+<b>www.microsoft.com/reportascam</b>
 
 You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/wdsi/support/report-unsafe-site) or using built in web browser functionality.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
index 2dc93956ba..ef4053bac6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
@@ -103,8 +103,8 @@ The following steps assume that you have completed all the required steps in [Be
     For example, if the configuration file in &quot;flexagent&quot; directory is named &quot;WDATP-Connector.jsonparser.properties&quot;, you must type &quot;WDATP-Connector&quot; as the name of the client property file.</td>
     </tr>
     <td>Events URL</td>
-    <td>Depending on the location of your datacenter, select either the EU or the US URL: </br></br> <strong>For EU</strong>:  https://<i></i>wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME <br>
-   </br><strong>For US:</strong> https://<i></i>wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME <br> <br> <strong>For UK</strong>:  https://<i></i>wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME</td>
+    <td>Depending on the location of your datacenter, select either the EU or the US URL: </br></br> <b>For EU</b>:  https://<i></i>wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME <br>
+   </br><b>For US:</b> https://<i></i>wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME <br> <br> <b>For UK</b>:  https://<i></i>wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME</td>
     <tr>
     <td>Authentication Type</td>
     <td>OAuth 2</td>
@@ -113,7 +113,7 @@ The following steps assume that you have completed all the required steps in [Be
     <td>Browse to the location of the <em>wdatp-connector.properties</em> file. The name must match the file provided in the .zip that you downloaded.</td>
     <tr>
     <td>Refresh Token</td>
-    <td>You can obtain a refresh token in two ways: by generating a refresh token from the <strong>SIEM settings</strong> page or using the restutil tool. <br><br> For more information on generating a refresh token from the <strong>Preferences setup</strong> , see <a href="enable-siem-integration.md" data-raw-source="[Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)">Enable SIEM integration in Microsoft Defender ATP</a>. </br> </br><strong>Get your refresh token using the restutil tool:</strong> </br> a. Open a command prompt. Navigate to C:\<em>folder_location</em>\current\bin where <em>folder_location</em> represents the location where you installed the tool. </br></br> b. Type: <code>arcsight restutil token -config</code> from the bin directory.For example: <strong>arcsight restutil boxtoken -proxy proxy.location.hp.com:8080</strong> A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d. A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the <strong>Refresh Token</strong> field.
+    <td>You can obtain a refresh token in two ways: by generating a refresh token from the <b>SIEM settings</b> page or using the restutil tool. <br><br> For more information on generating a refresh token from the <b>Preferences setup</b> , see <a href="enable-siem-integration.md" data-raw-source="[Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)">Enable SIEM integration in Microsoft Defender ATP</a>. </br> </br><b>Get your refresh token using the restutil tool:</b> </br> a. Open a command prompt. Navigate to C:\<em>folder_location</em>\current\bin where <em>folder_location</em> represents the location where you installed the tool. </br></br> b. Type: <code>arcsight restutil token -config</code> from the bin directory.For example: <b>arcsight restutil boxtoken -proxy proxy.location.hp.com:8080</b> A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d. A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the <b>Refresh Token</b> field.
     </td>
     </tr>
     </tr>
diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
index 7f19406d2e..a856668804 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
@@ -108,15 +108,15 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 <tr>
 <td>8</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to clean its configuration. Failure code: <code>variable</code>.</td>
-<td><strong>During onboarding:</strong> The service failed to clean its configuration during the onboarding. The onboarding process continues. <br><br> <strong>During offboarding:</strong> The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
+<td><b>During onboarding:</b> The service failed to clean its configuration during the onboarding. The onboarding process continues. <br><br> <b>During offboarding:</b> The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
  </td>
-<td><strong>Onboarding:</strong> No action required. <br><br> <strong>Offboarding:</strong> Reboot the system.<br>
+<td><b>Onboarding:</b> No action required. <br><br> <b>Offboarding:</b> Reboot the system.<br>
 See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>9</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to change its start type. Failure code: <code>variable</code>.</td>
-<td><strong>During onboarding:</strong> The device did not onboard correctly and will not be reporting to the portal. <br><br><strong>During offboarding:</strong> Failed to change the service start type. The offboarding process continues. </td>
+<td><b>During onboarding:</b> The device did not onboard correctly and will not be reporting to the portal. <br><br><b>During offboarding:</b> Failed to change the service start type. The offboarding process continues. </td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
 See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 4f0891df0c..3956891c0c 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -33,29 +33,29 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
 <th align="left">Description</th>
 </tr>
 <tr>
-<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p>
-<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen</td>
+<td><b>Windows 10, version 2004:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p>
+<td><b>Windows 10, version 1703:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p><b>Windows 10, Version 1607 and earlier:</b><br>Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen</td>
 <td>At least Windows Server 2012, Windows 8 or Windows RT</td>
 <td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
-<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
-<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
-<td><strong>Windows 10, version 1703</td>
-<td>This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.</br></br>This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.</p><p><strong>Important:</strong> Using a trustworthy browser helps ensure that these protections work as expected.</p></td>
+<td><b>Windows 10, version 2004:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
+<td><b>Windows 10, version 1703:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
+<td><b>Windows 10, version 1703</td>
+<td>This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.</br></br>This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.</p><p><b>Important:</b> Using a trustworthy browser helps ensure that these protections work as expected.</p></td>
 </tr>
 <tr>
-<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen</td>
+<td><b>Windows 10, version 2004:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><b>Windows 10, version 1703:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><b>Windows 10, Version 1607 and earlier:</b><br>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen</td>
 <td>Microsoft Edge on Windows 10 or later</td>
 <td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
-<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files</td>
+<td><b>Windows 10, version 2004:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><b>Windows 10, version 1703:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><b>Windows 10, Version 1511 and 1607:</b><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files</td>
 <td>Microsoft Edge on Windows 10, version 1511 or later</td>
 <td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.<p>If you enable this setting, it stops employees from bypassing the warning, stopping the file download.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.</td>
 </tr>
 <tr>
-<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites</td>
+<td><b>Windows 10, version 2004:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><b>Windows 10, version 1703:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><b>Windows 10, Version 1511 and 1607:</b><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites</td>
 <td>Microsoft Edge on Windows 10, version 1511 or later</td>
 <td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.<p>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.</td>
 </tr>
@@ -90,11 +90,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
 <td>Windows 10</td>
 <td>
 <ul>
-<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li>
-<li><strong>Data type.</strong> Integer</li>
-<li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Turns off Microsoft Defender SmartScreen in Edge.</li>
-<li><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Edge.</li></ul></li></ul>
+<li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li>
+<li><b>Data type.</b> Integer</li>
+<li><b>Allowed values:</b><ul>
+<li><b>0 .</b> Turns off Microsoft Defender SmartScreen in Edge.</li>
+<li><b>1.</b> Turns on Microsoft Defender SmartScreen in Edge.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@@ -102,11 +102,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
 <td>Windows 10, version 1703</td>
 <td>
 <ul>
-<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl</li>
-<li><strong>Data type.</strong> Integer</li>
-<li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.</li>
-<li><strong>1.</strong> Turns on Application Installation Control, allowing users to install apps from the Microsoft Store only.</li></ul></li></ul>
+<li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl</li>
+<li><b>Data type.</b> Integer</li>
+<li><b>Allowed values:</b><ul>
+<li><b>0 .</b> Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.</li>
+<li><b>1.</b> Turns on Application Installation Control, allowing users to install apps from the Microsoft Store only.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@@ -114,11 +114,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
 <td>Windows 10, version 1703</td>
 <td>
 <ul>
-<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell</li>
-<li><strong>Data type.</strong> Integer</li>
-<li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Turns off Microsoft Defender SmartScreen in Windows for app and file execution.</li>
-<li><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Windows for app and file execution.</li></ul></li></ul>
+<li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell</li>
+<li><b>Data type.</b> Integer</li>
+<li><b>Allowed values:</b><ul>
+<li><b>0 .</b> Turns off Microsoft Defender SmartScreen in Windows for app and file execution.</li>
+<li><b>1.</b> Turns on Microsoft Defender SmartScreen in Windows for app and file execution.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@@ -126,11 +126,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
 <td>Windows 10, version 1703</td>
 <td>
 <ul>
-<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell</li>
-<li><strong>Data type.</strong> Integer</li>
-<li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.</li>
-<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.</li></ul></li></ul>
+<li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell</li>
+<li><b>Data type.</b> Integer</li>
+<li><b>Allowed values:</b><ul>
+<li><b>0 .</b> Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.</li>
+<li><b>1.</b> Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@@ -138,11 +138,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
 <td>Windows 10, Version 1511 and later</td>
 <td>
 <ul>
-<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li>
-<li><strong>Data type.</strong> Integer</li>
-<li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings.</li>
-<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings.</li></ul></li></ul>
+<li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li>
+<li><b>Data type.</b> Integer</li>
+<li><b>Allowed values:</b><ul>
+<li><b>0 .</b> Employees can ignore Microsoft Defender SmartScreen warnings.</li>
+<li><b>1.</b> Employees can't ignore Microsoft Defender SmartScreen warnings.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@@ -150,11 +150,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
 <td>Windows 10, Version 1511 and later</td>
 <td>
 <ul>
-<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles</li>
-<li><strong>Data type.</strong> Integer</li>
-<li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings for files.</li>
-<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings for files.</li></ul></li></ul>
+<li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles</li>
+<li><b>Data type.</b> Integer</li>
+<li><b>Allowed values:</b><ul>
+<li><b>0 .</b> Employees can ignore Microsoft Defender SmartScreen warnings for files.</li>
+<li><b>1.</b> Employees can't ignore Microsoft Defender SmartScreen warnings for files.</li></ul></li></ul>
 </td>
 </tr>
 </table>
@@ -170,19 +170,19 @@ To better help you protect your organization, we recommend turning on and using
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen</td>
-<td><strong>Enable.</strong> Turns on Microsoft Defender SmartScreen.</td>
+<td><b>Enable.</b> Turns on Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites</td>
-<td><strong>Enable.</strong> Stops employees from ignoring warning messages and continuing to a potentially malicious website.</td>
+<td><b>Enable.</b> Stops employees from ignoring warning messages and continuing to a potentially malicious website.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files</td>
-<td><strong>Enable.</strong> Stops employees from ignoring warning messages and continuing to download potentially malicious files.</td>
+<td><b>Enable.</b> Stops employees from ignoring warning messages and continuing to download potentially malicious files.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen</td>
-<td><strong>Enable with the Warn and prevent bypass option.</strong> Stops employees from ignoring warning messages about malicious files downloaded from the Internet.</td>
+<td><b>Enable with the Warn and prevent bypass option.</b> Stops employees from ignoring warning messages about malicious files downloaded from the Internet.</td>
 </tr>
 </table>
 <p>
@@ -193,23 +193,23 @@ To better help you protect your organization, we recommend turning on and using
 </tr>
 <tr>
 <td>Browser/AllowSmartScreen</td>
-<td><strong>1.</strong> Turns on Microsoft Defender SmartScreen.</td>
+<td><b>1.</b> Turns on Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
 <td>Browser/PreventSmartScreenPromptOverride</td>
-<td><strong>1.</strong> Stops employees from ignoring warning messages and continuing to a potentially malicious website.</td>
+<td><b>1.</b> Stops employees from ignoring warning messages and continuing to a potentially malicious website.</td>
 </tr>
 <tr>
 <td>Browser/PreventSmartScreenPromptOverrideForFiles</td>
-<td><strong>1.</strong> Stops employees from ignoring warning messages and continuing to download potentially malicious files.</td>
+<td><b>1.</b> Stops employees from ignoring warning messages and continuing to download potentially malicious files.</td>
 </tr>
 <tr>
 <td>SmartScreen/EnableSmartScreenInShell</td>
-<td><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
+<td><b>1.</b> Turns on Microsoft Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
 </tr>
 <tr>
 <td>SmartScreen/PreventOverrideForFilesInShell</td>
-<td><strong>1.</strong> Stops employees from ignoring warning messages about malicious files downloaded from the Internet.<p>Requires at least Windows 10, version 1703.</td>
+<td><b>1.</b> Stops employees from ignoring warning messages about malicious files downloaded from the Internet.<p>Requires at least Windows 10, version 1703.</td>
 </tr>
 </table> 
 
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 15bf8bc91c..eaef387dbf 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -311,9 +311,9 @@ The following table lists EMET features in relation to Windows 10 features.
 <table>
 <thead>
 <tr class="header">
-<th><strong>Specific EMET features</strong></th>
-<th><strong>How these EMET features map<br />
-to Windows 10 features</strong></th>
+<th><b>Specific EMET features</b></th>
+<th><b>How these EMET features map<br />
+to Windows 10 features</b></th>
 </tr>
 </thead>
 <tbody>
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index d726f7ff56..905bf8c06a 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -351,7 +351,7 @@ The following table details the hardware requirements for both virtualization-ba
 <td align="left"><p>Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled</p></td>
 <td align="left"><p>Required to support virtualization-based security.</p>
 <div class="alert">
-<strong>Note</strong><br/><p>Device Guard can be enabled without using virtualization-based security.</p>
+<b>Note</b><br/><p>Device Guard can be enabled without using virtualization-based security.</p>
 </div>
 <div>
 
@@ -533,7 +533,7 @@ If the TPM ownership is not known but the EK exists, the client library will pro
 
 As part of the provisioning process, Windows 10 will create an AIK with the TPM. When this operation is performed, the resulting AIK public portion is stored in the registry at the following location: **HKLM\\SYSTEM\\CurrentControlSet\\Services\\TPM\\WMI\\WindowsAIKPub**
 
-> **Note:**  For provisioning AIK certificates and filtering Internet access, you must authorize the following wildcard URL: <strong>https://\*.microsoftaik.azure.net</strong>
+> **Note:**  For provisioning AIK certificates and filtering Internet access, you must authorize the following wildcard URL: <b>https://\*.microsoftaik.azure.net</b>
 
 ### Windows 10 Health Attestation CSP
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
index 7ac5a2faeb..1f35434f95 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@@ -59,12 +59,12 @@ You can perform this task by using the Group Policy Management Console for an Ap
     </thead>
     <tbody>
     <tr class="odd">
-    <td align="left"><p><strong>Use an installed packaged app as a reference</strong></p></td>
+    <td align="left"><p><b>Use an installed packaged app as a reference</b></p></td>
     <td align="left"><p>If selected, AppLocker requires you to choose an app that is already installed on which to base your new rule. AppLocker uses the publisher, package name and package version to define the rule.</p></td>
     <td align="left"><p>You want the Sales group only to use the app named Microsoft.BingMaps for its outside sales calls. The Microsoft.BingMaps app is already installed on the device where you are creating the rule, so you choose this option, and select the app from the list of apps installed on the computer and create the rule using this app as a reference.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><strong>Use a packaged app installer as a reference</strong></p></td>
+    <td align="left"><p><b>Use a packaged app installer as a reference</b></p></td>
     <td align="left"><p>If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name and package version of the installer to define the rule.</p></td>
     <td align="left"><p>Your company has developed a number of internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share and choose the installer for the Payroll app as a reference to create your rule.</p></td>
     </tr>
@@ -87,30 +87,30 @@ You can perform this task by using the Group Policy Management Console for an Ap
     </thead>
     <tbody>
     <tr class="odd">
-    <td align="left"><p>Applies to <strong>Any publisher</strong></p></td>
-    <td align="left"><p>This is the least restrictive scope condition for an <strong>Allow</strong> rule. It permits every packaged app to run or install.</p>
-    <p>Conversely, if this is a <strong>Deny</strong> rule, then this option is the most restrictive because it denies all apps from installing or running.</p></td>
+    <td align="left"><p>Applies to <b>Any publisher</b></p></td>
+    <td align="left"><p>This is the least restrictive scope condition for an <b>Allow</b> rule. It permits every packaged app to run or install.</p>
+    <p>Conversely, if this is a <b>Deny</b> rule, then this option is the most restrictive because it denies all apps from installing or running.</p></td>
     <td align="left"><p>You want the Sales group to use any packaged app from any signed publisher. You set the permissions to allow the Sales group to be able to run any app.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p>Applies to a specific <strong>Publisher</strong></p></td>
+    <td align="left"><p>Applies to a specific <b>Publisher</b></p></td>
     <td align="left"><p>This scopes the rule to all apps published by a particular publisher.</p></td>
     <td align="left"><p>You want to allow all your users to install apps published by the publisher of Microsoft.BingMaps. You could select Microsoft.BingMaps as a reference and choose this rule scope.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p>Applies to a <strong>Package name</strong></p></td>
+    <td align="left"><p>Applies to a <b>Package name</b></p></td>
     <td align="left"><p>This scopes the rule to all packages that share the publisher name and package name as the reference file.</p></td>
     <td align="left"><p>You want to allow your Sales group to install any version of the Microsoft.BingMaps app. You could select the Microsoft.BingMaps app as a reference and choose this rule scope.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p>Applies to a <strong>Package version</strong></p></td>
+    <td align="left"><p>Applies to a <b>Package version</b></p></td>
     <td align="left"><p>This scopes the rule to a particular version of the package.</p></td>
     <td align="left"><p>You want to be very selective in what you allow. You do not want to implicitly trust all future updates of the Microsoft.BingMaps app. You can limit the scope of your rule to the version of the app currently installed on your reference computer.</p></td>
     </tr>
     <tr class="odd">
     <td align="left"><p>Applying custom values to the rule</p></td>
-    <td align="left"><p>Selecting the <strong>Use custom values</strong> check box allows you to adjust the scope fields for your particular circumstance.</p></td>
-    <td align="left"><p>You want to allow users to install all Microsoft.Bing* applications which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the <strong>Use custom values</strong> check box and edit the package name field by adding “Microsoft.Bing*” as the Package name.</p></td>
+    <td align="left"><p>Selecting the <b>Use custom values</b> check box allows you to adjust the scope fields for your particular circumstance.</p></td>
+    <td align="left"><p>You want to allow users to install all Microsoft.Bing* applications which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the <b>Use custom values</b> check box and edit the package name field by adding “Microsoft.Bing*” as the Package name.</p></td>
     </tr>
     </tbody>
     </table>
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
index 3cac5abbce..c43cf96fee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
@@ -99,9 +99,9 @@ The following table provides an example of how to list applications for each bus
 </tbody>
 </table>
  
-&gt;<strong>Note:</strong>  AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary.
+&gt;<b>Note:</b>  AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary.
  
-<strong>Event processing</strong>
+<b>Event processing</b>
 
 As you create your list of apps, you need to consider how to manage the events that are generated by user access, or you need to deny running those apps to make your users as productive as possible. The following list is an example of what to consider and what to record:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
index 90bf198903..35e51ee350 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@@ -277,7 +277,7 @@ The following table is an example of what to consider and record.
 </tbody>
 </table>
  
-<strong>Policy maintenance policy</strong>
+<b>Policy maintenance policy</b>
 When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies.
 The following table is an example of what to consider and record.
 <table>
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
index 5bfe8d38ed..1d132ac242 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@@ -131,7 +131,7 @@ An AppLocker policy deployment plan is the result of investigating which applica
 </tbody>
 </table>
  
-<strong>Event processing policy</strong>
+<b>Event processing policy</b>
 
 <table>
 <colgroup>
@@ -169,7 +169,7 @@ An AppLocker policy deployment plan is the result of investigating which applica
 </tbody>
 </table>
  
-<strong>Policy maintenance policy</strong>
+<b>Policy maintenance policy</b>
 
 <table>
 <colgroup>
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
index 7baf71b5df..a8bfeff845 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
@@ -119,7 +119,7 @@ If your organization supports multiple Windows operating systems, app control po
 </ul></td>
 <td align="left"><p>AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see <a href="requirements-to-use-applocker.md" data-raw-source="[Requirements to use AppLocker](requirements-to-use-applocker.md)">Requirements to use AppLocker</a>.</p>
 <div class="alert">
-<strong>Note</strong><br/><p>If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.</p>
+<b>Note</b><br/><p>If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.</p>
 </div>
 <div>
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
index 2ddcbb332e..eab62e36b7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
@@ -119,7 +119,7 @@ The following table compares AppLocker to Software Restriction Policies.
 </tbody>
 </table>
 
-<strong>Application control function differences</strong>
+<b>Application control function differences</b>
 
 The following table compares the application control functions of Software Restriction Policies (SRP) and AppLocker.
 <table>
@@ -141,7 +141,7 @@ The following table compares the application control functions of Software Restr
 <td align="left"><p>SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.</p></td>
 <td align="left"><p>AppLocker policies apply only to those supported operating system versions and editions listed in <a href="requirements-to-use-applocker.md" data-raw-source="[Requirements to use AppLocker](requirements-to-use-applocker.md)">Requirements to use AppLocker</a>. But these systems can also use SRP.</p>
 <div class="alert">
-<strong>Note</strong><br/><p>Use different GPOs for SRP and AppLocker rules.</p>
+<b>Note</b><br/><p>Use different GPOs for SRP and AppLocker rules.</p>
 </div>
 <div>
 

From 1ca3ea1af7d85603d83849beb924db7ce12701fc Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greg.lindsay@microsoft.com>
Date: Thu, 20 Aug 2020 11:28:24 -0700
Subject: [PATCH 44/66] split section

---
 windows/whats-new/whats-new-windows-10-version-2004.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index c9092135cd..8c86914b6b 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -126,8 +126,12 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym
 
 ## Networking
 
+### Wi-Fi 6 and WPA3
+
 Windows now supports the latest Wi-Fi standards with [Wi-Fi 6 and WPA3](https://support.microsoft.com/help/4562575/windows-10-faster-more-secure-wifi). Wi-Fi 6 gives you better wireless coverage and performance with added security. WPA3 provides improved Wi-Fi security and secures open networks. 
 
+### TEAP
+
 In this release, Tunnel Extensible Authentication Protocol (TEAP) has been added as an authentication method to allow chaining together multiple credentials into a single EAP transaction. TEAP networks can be configured by [enterprise policy](https://docs.microsoft.com/openspecs/windows_protocols/ms-gpwl/94cf6896-c28e-4865-b12a-d83ee38cd3ea).   
 
 ## Virtualization

From fc73a7071c352009a923751d0b10859de9434dec Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Thu, 20 Aug 2020 12:17:28 -0700
Subject: [PATCH 45/66] Relese notes for 101.05.17

---
 .../microsoft-defender-atp/mac-whatsnew.md             | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 4b48c8771f..a76ef78405 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -38,6 +38,16 @@ ms.topic: conceptual
 > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
 
+## 101.05.17
+
+> [!IMPORTANT]
+> We are working on a new and enhanced syntax for the `mdatp` command-line tool. The new syntax is currently the default in the Insider Fast and Insider Slow update channels. We encourage you to famliliarize yourself with this new syntax.
+> 
+> We will continue supporting the old syntax in parallel with the new syntax and will provide more communication around the deprecation plan for the old syntax in the upcoming months.
+
+- Addressed a kernel panic that occurred sometimes when accessing SMB file shares
+- Performance improvements & bug fixes
+
 ## 101.05.16
 
 - Improvements to quick scan logic to significantly reduce the number of scanned files

From a31f68d0b47e11fec69b5d6d8c949d8000405867 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:07:00 -0700
Subject: [PATCH 46/66] Applied note style and Acrolinx spelling: "estrict"

---
 .../restrict-access-to-only-trusted-devices.md               | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index 56b9898e53..3a0dc80f39 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,6 +1,6 @@
 ---
 title: Restrict access to only trusted devices (Windows 10)
-description: estrict access to only trusted devices
+description: Restrict access to only trusted devices
 ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
 ms.reviewer: 
 ms.author: dansimp
@@ -27,7 +27,8 @@ Your organizational network likely has a connection to the Internet. You also li
 
 To mitigate this risk, you must be able to isolate the devices you trust, and restrict their ability to receive unsolicited network traffic from untrusted devices. By using connection security and firewall rules available in Windows Defender Firewall with Advanced Security, you can logically isolate the devices that you trust by requiring that all unsolicited inbound network traffic be authenticated. Authentication ensures that each device or user can positively identify itself by using credentials that are trusted by the other device. Connection security rules can be configured to use IPsec with the Kerberos V5 protocol available in Active Directory, or certificates issued by a trusted certification authority as the authentication method.
 
->**Note:**  Because the primary authentication method recommended for devices that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to devices that are not part of an Active Directory domain.
+> [!NOTE]
+> Because the primary authentication method recommended for devices that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to devices that are not part of an Active Directory domain.
 
 The protection provided by domain isolation can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
 

From cb4df1b00e3a7d0e15de0031a326644ff8d6e18b Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:20:36 -0700
Subject: [PATCH 47/66] Acrolinx spelling, punctuation, some grammar fixes

---
 .../troubleshooting-uwp-firewall.md                | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index 1ea6cce448..6071427eda 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -27,7 +27,7 @@ UWP app network connectivity issues are typically caused by:
 
 1. The UWP app was not permitted to receive loopback traffic. This must be configured. By default, UWP apps are not allowed to receive loopback traffic.
 2. The UWP app is missing the proper capability tokens.
-3. The private range is configured incorrectly. For example, the private ranges is set incorrectly through GP/MDM policies, etc.
+3. The private range is configured incorrectly. For example, the private range is set incorrectly through GP/MDM policies, etc.
 
 To understand these causes more thoroughly, there are several concepts to review.
 
@@ -51,24 +51,24 @@ traces collected on previous releases of Windows.
 
 ## Debugging UWP App Loopback scenarios
 
-If you need to establis a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
+If you need to establish a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
 
 To enable loopback for client outbound connections, run the following at a command prompt:
 
-```dos
+```console
 CheckNetIsolation.exe LoopbackExempt -a -n=<AppContainer or Package Family>
 ```
 
 To enable loopback for server inbound connections,  run the following at a
 command prompt:
-```dos
+```console
 CheckNetIsolation.exe LoopbackExempt -is -n=<AppContainer or Package Family>
 ```
 You can ensure loopback is enabled by checking the appx manifests of both the sender and receiver.
 
 For more information about loopback scenarios, see [Communicating with
 localhost
-(loopback)](https://docs.microsoft.com/windows/iot-core/develop-your-app/loopback)
+(loopback)](https://docs.microsoft.com/windows/iot-core/develop-your-app/loopback).
 
 ## Debugging Live Drops
 
@@ -76,7 +76,7 @@ If the issue happened recently, but you find you are not able to reproduce the i
 
 If you can consistently reproduce the issue, then you can run the following in an admin command prompt to gather a fresh trace:
 
-```DOS
+```console
 Netsh wfp capture start keywords=19
 <Run UWP app>
 Netsh wfp capture stop
@@ -760,7 +760,7 @@ PrivateNetwork Outbound Default Rule filter.
 
 The following PrivateNetwork Outbound Default Rule filters have conditions for matching Intranet IP addresses. Since the expected Intranet target address,
 10.1.1.1, is not included in these filters it becomes clear that the address is not in the private range. Check the policies that configure the private range
-on the device (MDM, Group Policy, etc) and make sure it includes the private targetaddress you wanted to reach.
+on the device (MDM, Group Policy, etc.) and make sure it includes the private target address you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
 ```xml

From 6288eb39f606acbabfe89303dfd0d8f04aa08105 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:24:16 -0700
Subject: [PATCH 48/66] Applied note style

---
 ...implementing-a-certificate-based-isolation-policy-design.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 573b76aa96..ec38163418 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -25,7 +25,8 @@ ms.date: 08/17/2017
 
 This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
 
->**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
 
 **Checklist: Implementing certificate-based authentication**
 

From 8032365eb3e8c71afe42efeee8ba64ee24e5ca79 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:25:29 -0700
Subject: [PATCH 49/66] Applied note style

---
 .../checklist-implementing-a-domain-isolation-policy-design.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index d946ecab9e..be895718b3 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -25,7 +25,8 @@ ms.date: 08/17/2017
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
->**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
 
 The procedures in this section use the Group Policy MMC snap-ins to configure the GPOs, but you can also use Windows PowerShell to configure GPOs. For more info, see [Windows Defender Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md).
 

From b30d1223362cfbc94b3205252985ff69239a782e Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:26:38 -0700
Subject: [PATCH 50/66] Applied note style

---
 ...implementing-a-standalone-server-isolation-policy-design.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 2ed1fd1e5e..0435b698be 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -27,7 +27,8 @@ This checklist contains procedures for creating a server isolation policy design
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
->**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
 
 **Checklist: Implementing a standalone server isolation policy design**
 

From a17a245dad3c529ef3197fb16ec62052cf8cbbb6 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:27:33 -0700
Subject: [PATCH 51/66] Applied "Important" note style

---
 .../windows-firewall/domain-isolation-policy-design.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index b618fe6d2d..df754926bf 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -50,8 +50,8 @@ Characteristics of this design, as shown in the diagram, include the following:
 -   Untrusted non-domain members (area D) - Devices that are not managed by your organization and have an unknown security configuration must have access only to those devices required for your organization to correctly conduct its business. Domain isolation exists to put a logical barrier between these untrusted Devices and your organization's devices.
 
 After implementing this design, your administrative team will have centralized management of the firewall and connection security rules applied to the devices in your organization.
-
->**Important:**  This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
+> [!IMPORTANT]
+> This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
 
 This design can be applied to Devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
 

From 3f22784ad8528578b7357af0da648fa55f76497b Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:28:55 -0700
Subject: [PATCH 52/66] Applied "Important" note style

---
 ...als-to-a-windows-firewall-with-advanced-security-design.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 6f6cd2d1a1..314389955f 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -24,8 +24,8 @@ ms.date: 04/19/2017
 -   Windows Server 2016
 
 After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
-
->**Important:**  The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
+> [!IMPORTANT]
+> The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
 
 Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security implementation goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security implementation goals to meet the needs of your organization.
 

From 29d2a49f6fe398ec2bf587cabfe3b2a59a90722f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:30:11 -0700
Subject: [PATCH 53/66] Applied "Important" note style

---
 .../windows-firewall/server-isolation-policy-design.md         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 23a6808219..7d2631e576 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -43,7 +43,8 @@ Characteristics of this design include the following:
 
 To add support for server isolation, you must ensure that the authentication methods are compatible with the requirements of the isolated server. For example, if you want to authorize user accounts that are members of a NAG in addition to authorizing computer accounts, you must enable both user and computer authentication in your connection security rules.
 
->**Important:**  This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
+> [!IMPORTANT]
+> This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
 
 This design can be applied to devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
 

From c33a891b0ad07fba35fd473ac75ea19a7619f795 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:31:34 -0700
Subject: [PATCH 54/66] Applied "Caution" note style

---
 ...indows-firewall-with-advanced-security-deployment-guide.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index dbfd48ddf6..a600f54944 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -46,8 +46,8 @@ After you select your design and gather the required information about the zones
 -   [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
 
 Use the checklists in [Implementing Your Windows Defender Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md) to determine how best to use the instructions in this guide to deploy your particular design.
-
->**Caution:**  We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the devices in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
+> [!CAUTION]
+> We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the devices in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
 
 In a large enterprise environment with hundreds or thousands of GPOs, using this technique with too many GPOs can result in user or device accounts that are members of an excessive number of groups; this can result in network connectivity problems if network protocol limits are exceeded. 
  

From 879e57a863e683e10aea913b230ce21b24d9ed9b Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Thu, 20 Aug 2020 16:32:08 -0700
Subject: [PATCH 55/66] Added Phase 0 policies

---
 windows/client-management/mdm/TOC.md          |    7 +-
 .../policy-configuration-service-provider.md  |  159 ++
 .../mdm/policy-csp-admx-ciphersuiteorder.md   |  203 --
 .../mdm/policy-csp-admx-com.md                |  197 --
 .../mdm/policy-csp-admx-conf.md               | 2431 -----------------
 .../mdm/policy-csps-admx-backed.md            |   45 +
 6 files changed, 210 insertions(+), 2832 deletions(-)
 delete mode 100644 windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
 delete mode 100644 windows/client-management/mdm/policy-csp-admx-com.md
 delete mode 100644 windows/client-management/mdm/policy-csp-admx-conf.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 476d73c694..0bf40d8bd9 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -171,11 +171,16 @@
 #### [AboveLock](policy-csp-abovelock.md)
 #### [Accounts](policy-csp-accounts.md)
 #### [ActiveXControls](policy-csp-activexcontrols.md)
+#### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
+#### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
+#### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
+#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md)
+#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)
 #### [AppVirtualization](policy-csp-appvirtualization.md)
-#### [AttachmentManager](policy-csp-attachmentmanager.md)
+#### [AttachmentManager](policy-csp-attachmentmanager.md))
 #### [Audit](policy-csp-audit.md)
 #### [Authentication](policy-csp-authentication.md)
 #### [Autoplay](policy-csp-autoplay.md)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 5b3e186835..2923b2da09 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -168,6 +168,165 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_AddRemovePrograms policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-defaultcategory" id="admx-addremoveprograms-defaultcategory">ADMX_AddRemovePrograms/DefaultCategory</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfromcdorfloppy" id="admx-addremoveprograms-noaddfromcdorfloppy">ADMX_AddRemovePrograms/NoAddFromCDorFloppy</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfrominternet" id="admx-addremoveprograms-noaddfrominternet">ADMX_AddRemovePrograms/NoAddFromInternet</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfromnetwork" id="admx-addremoveprograms-noaddfromnetwork">ADMX_AddRemovePrograms/NoAddFromNetwork</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddpage" id="admx-addremoveprograms-noaddpage">ADMX_AddRemovePrograms/NoAddPage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddremoveprograms" id="admx-addremoveprograms-noaddremoveprograms">ADMX_AddRemovePrograms/NoAddRemovePrograms</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nochooseprogramspage" id="admx-addremoveprograms-nochooseprogramspage">ADMX_AddRemovePrograms/NoChooseProgramsPage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noremovepage" id="admx-addremoveprograms-noremovepage">ADMX_AddRemovePrograms/NoRemovePage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noservices" id="admx-addremoveprograms-noservices">ADMX_AddRemovePrograms/NoServices</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nosupportinfo" id="admx-addremoveprograms-nosupportinfo">ADMX_AddRemovePrograms/NoSupportInfo</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nowindowssetuppage" id="admx-addremoveprograms-nowindowssetuppage">ADMX_AddRemovePrograms/NoWindowsSetupPage</a>
+  </dd>
+</dl>
+
+### ADMX_AppCompat policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatprevent16bitmach" id="admx-appcompat-appcompatprevent16bitmach">ADMX_AppCompat/AppCompatPrevent16BitMach</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatremoveprogramcompatproppage" id="admx-appcompat-appcompatremoveprogramcompatproppage">ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffapplicationimpacttelemetry" id="admx-appcompat-appcompatturnoffapplicationimpacttelemetry">ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffswitchback" id="admx-appcompat-appcompatturnoffswitchback">ADMX_AppCompat/AppCompatTurnOffSwitchBack</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffengine" id="admx-appcompat-appcompatturnoffengine">ADMX_AppCompat/AppCompatTurnOffEngine</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_1" id="admx-appcompat-appcompatturnoffprogramcompatibilityassistant_1">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_2" id="admx-appcompat-appcompatturnoffprogramcompatibilityassistant_2">ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord" id="admx-appcompat-appcompatturnoffuseractionrecord">ADMX_AppCompat/AppCompatTurnOffUserActionRecord</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory" id="admx-appcompat-appcompatturnoffprograminventory">ADMX_AppCompat/AppCompatTurnOffProgramInventory</a>
+  </dd>
+</dl>
+
+### ADMX_AuditSettings policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline" id="admx-auditsettings-includecmdline">ADMX_AuditSettings/IncludeCmdLine</a>
+  </dd>
+</dl>
+
+### ADMX_DnsClient policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries" id="admx-dnsclient-dns-allowfqdnnetbiosqueries">ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname" id="admx-dnsclient-dns-appendtomultilabelname">ADMX_DnsClient/DNS_AppendToMultiLabelName</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain" id="admx-dnsclient-dns-domain">ADMX_DnsClient/DNS_Domain</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domainnamedevolutionlevel" id="admx-dnsclient-dns-domainnamedevolutionlevel">ADMX_DnsClient/DNS_DomainNameDevolutionLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-idnencoding" id="admx-dnsclient-dns-idnencoding">ADMX_DnsClient/DNS_IdnEncoding</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-idnmapping" id="admx-dnsclient-dns-idnmapping">ADMX_DnsClient/DNS_IdnMapping</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-nameserver" id="admx-dnsclient-dns-nameserver">ADMX_DnsClient/DNS_NameServer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-preferlocalresponsesoverlowerorderdns" id="admx-dnsclient-dns-preferlocalresponsesoverlowerorderdns">ADMX_DnsClient/DNS_PreferLocalResponsesOverLowerOrderDns</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-primarydnssuffix" id="admx-dnsclient-dns-primarydnssuffix">ADMX_DnsClient/DNS_PrimaryDnsSuffix</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registeradaptername" id="admx-dnsclient-dns-registeradaptername">ADMX_DnsClient/DNS_RegisterAdapterName</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registerreverselookup" id="admx-dnsclient-dns-registerreverselookup">ADMX_DnsClient/DNS_RegisterReverseLookup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationenabled" id="admx-dnsclient-dns-registrationenabled">ADMX_DnsClient/DNS_RegistrationEnabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationoverwritesinconflict" id="admx-dnsclient-dns-registrationoverwritesinconflict">ADMX_DnsClient/DNS_RegistrationOverwritesInConflict</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationrefreshinterval" id="admx-dnsclient-dns-registrationrefreshinterval">ADMX_DnsClient/DNS_RegistrationRefreshInterval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationttl" id="admx-dnsclient-dns-registrationttl">ADMX_DnsClient/DNS_RegistrationTtl</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-searchlist" id="admx-dnsclient-dns-searchlist">ADMX_DnsClient/DNS_SearchList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-smartmultihomednameresolution" id="admx-dnsclient-dns-smartmultihomednameresolution">ADMX_DnsClient/DNS_SmartMultiHomedNameResolution</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-smartprotocolreorder" id="admx-dnsclient-dns-smartprotocolreorder">ADMX_DnsClient/DNS_SmartProtocolReorder</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatesecuritylevel" id="admx-dnsclient-dns-updatesecuritylevel">ADMX_DnsClient/DNS_UpdateSecurityLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones" id="admx-dnsclient-dns-updatetopleveldomainzones">ADMX_DnsClient/DNS_UpdateTopLevelDomainZones</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution" id="admx-dnsclient-dns-usedomainnamedevolution">ADMX_DnsClient/DNS_UseDomainNameDevolution</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-Offmulticast" id="admx-dnsclient-dns-Offmulticast">ADMX_DnsClient/Turn_Off_Multicast</a>
+  </dd>
+</dl>
+
+### ADMX_EventForwarding policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage" id="admx_eventforwarding-forwarderresourceusage">ADMX_EventForwarding/ForwarderResourceUsage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager" id="admx_eventforwarding-subscriptionmanager">ADMX_EventForwarding/SubscriptionManager</a>
+  </dd>
+</dl>
+
 ### ApplicationDefaults policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
deleted file mode 100644
index 306231cdcf..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ /dev/null
@@ -1,203 +0,0 @@
----
-title: Policy CSP - ADMX_CipherSuiteOrder
-description: Policy CSP - ADMX_CipherSuiteOrder
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 08/17/2020
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_CipherSuiteOrder
-
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-<hr/>
-
-<!--Policies-->
-## ADMX_CipherSuiteOrder policies  
-
-<dl>
-  <dd>
-    <a href="#admx-ciphersuiteorder-sslciphersuiteorder">ADMX_CipherSuiteOrder/SSLCipherSuiteOrder</a>
-  </dd>
-  <dd>
-    <a href="#admx-ciphersuiteorder-sslcurveorder">ADMX_CipherSuiteOrder/SSLCurveOrder</a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-ciphersuiteorder-sslciphersuiteorder"></a>**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
-
-If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
-
-If you disable or do not configure this policy setting, default cipher suite order is used.
-
-For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](https://go.microsoft.com/fwlink/?LinkId=517265).
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *SSL Cipher Suite Order*
--   GP name: *Functions*
--   GP path: *Network/SSL Configuration Settings*
--   GP ADMX file name: *CipherSuiteOrder.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-ciphersuiteorder-sslcurveorder"></a>**ADMX_CipherSuiteOrder/SSLCurveOrder**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
-
-If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.
-
-If you disable or do not configure this policy setting, the default ECC curve order is used.
-
-The default curve order is as follows:
-
-- curve25519
-- NistP256
-- NistP384
-
-To see all the curves supported on the system, enter the following command:
-
-``` cmd
-CertUtil.exe -DisplayEccCurve
-```
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *ECC Curve Order*
--   GP name: *EccCurves*
--   GP path: *Network/SSL Configuration Settings*
--   GP ADMX file name: *CipherSuiteOrder.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-<!--/Policies-->
-
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
deleted file mode 100644
index ff361f80d2..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ /dev/null
@@ -1,197 +0,0 @@
----
-title: Policy CSP - ADMX_COM
-description: Policy CSP - ADMX_COM
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 08/18/2020
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_COM
-
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-<hr/>
-
-<!--Policies-->
-## ADMX_COM policies  
-
-<dl>
-  <dd>
-    <a href="#admx-com-appmgmt-com-searchforclsid-1">ADMX_COM/AppMgmt_COM_SearchForCLSID_1</a>
-  </dd>
-  <dd>
-    <a href="#admx-com-appmgmt-com-searchforclsid-2">ADMX_COM/AppMgmt_COM_SearchForCLSID_2</a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-com-appmgmt-com-searchforclsid-1"></a>**ADMX_COM/AppMgmt_COM_SearchForCLSID_1**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
-
-Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
-
-If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.
-
-If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
-
-This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Download missing COM components*
--   GP name: *COMClassStore*
--   GP path: *System*
--   GP ADMX file name: *COM.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-com-appmgmt-com-searchforclsid-2"></a>**ADMX_COM/AppMgmt_COM_SearchForCLSID_2**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
-
-Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
-
-If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.
-
-If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
-
-This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Download missing COM components*
--   GP name: *COMClassStore*
--   GP path: *System*
--   GP ADMX file name: *COM.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-<!--/Policies-->
-
diff --git a/windows/client-management/mdm/policy-csp-admx-conf.md b/windows/client-management/mdm/policy-csp-admx-conf.md
deleted file mode 100644
index 931927fe44..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-conf.md
+++ /dev/null
@@ -1,2431 +0,0 @@
----
-title: Policy CSP - ADMX_Conf
-description: Policy CSP - ADMX_Conf
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.localizationpriority: medium
-ms.date: 08/18/2020
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_Conf
-
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-<hr/>
-
-<!--Policies-->
-## Policy CSP - ADMX_Conf  
-
-<dl>
-  <dd>
-    <a href="#admx-conf-allowpersistautoacceptcalls">ADMX_Conf/AllowPersistAutoAcceptCalls
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disableadvcallingbutton">ADMX_Conf/DisableAdvCallingButton
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disableappsharing">ADMX_Conf/DisableAppSharing
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disableaudiopage">ADMX_Conf/DisableAudioPage
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disablechat">ADMX_Conf/DisableChat
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disablegeneralpage">ADMX_Conf/DisableGeneralPage
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disablenewwhiteboard">ADMX_Conf/DisableNewWhiteboard
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disableoldwhiteboard">ADMX_Conf/DisableOldWhiteboard
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disablerds">ADMX_Conf/DisableRDS
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disablesecuritypage">ADMX_Conf/DisableSecurityPage
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-disablevideopage">ADMX_Conf/DisableVideoPage
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-enableautoconfiguration">ADMX_Conf/EnableAutoConfiguration
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventaddingnewils">ADMX_Conf/PreventAddingNewILS
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventaudio">ADMX_Conf/PreventAudio
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventautoaccept">ADMX_Conf/PreventAutoAccept
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventchangedirectsound">ADMX_Conf/PreventChangeDirectSound
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventchangingcallmode">ADMX_Conf/PreventChangingCallMode
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventdirectoryservices">ADMX_Conf/PreventDirectoryServices
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventfullduplex">ADMX_Conf/PreventFullDuplex
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventgrantingcontrol">ADMX_Conf/PreventGrantingControl
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventreceivingfiles">ADMX_Conf/PreventReceivingFiles
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventreceivingvideo">ADMX_Conf/PreventReceivingVideo
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventsendingfiles">ADMX_Conf/PreventSendingFiles
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventsendingvideo">ADMX_Conf/PreventSendingVideo
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventsharing">ADMX_Conf/PreventSharing
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventsharingcmdprompt">ADMX_Conf/PreventSharingCMDPrompt
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventsharingdesktop">ADMX_Conf/PreventSharingDesktop
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventsharingexplorer">ADMX_Conf/PreventSharingExplorer
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventsharingtruecolor">ADMX_Conf/PreventSharingTrueColor
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-preventwebdirectory">ADMX_Conf/PreventWebDirectory
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-restrictftsendsize">ADMX_Conf/RestrictFTSendSize
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-setavthroughput">ADMX_Conf/SetAVThroughput
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-setintranetsupport">ADMX_Conf/SetIntranetSupport
-    </a>
-  </dd>
-  <dd>
-    <a href="#admx-conf-setsecurityoptions">ADMX_Conf/SetSecurityOptions
-    </a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-allowpersistautoacceptcalls"></a>**ADMX_Conf/AllowPersistAutoAcceptCalls**  
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting makes the automatic acceptance of incoming calls persistent.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Allow persisting automatic acceptance of Calls*
--   GP name: *PersistAutoAcceptCalls*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disableadvcallingbutton"></a>**ADMX_Conf/DisableAdvCallingButton**  
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable the Advanced Calling button*
--   GP name: *NoAdvancedCalling*
--   GP path: *Windows Components/NetMeeting/Options Page*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disableappsharing"></a>**ADMX_Conf/DisableAppSharing**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable application Sharing*
--   GP name: *NoAppSharing*
--   GP path: *Windows Components/NetMeeting/Application Sharing*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disableaudiopage"></a>**ADMX_Conf/DisableAudioPage**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Hide the Audio page*
--   GP name: *NoAudioPage*
--   GP path: *Windows Components/NetMeeting/Options Page*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disablechat"></a>**ADMX_Conf/DisableChat**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Chat feature of NetMeeting.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable Chat*
--   GP name: *NoChat*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disablegeneralpage"></a>**ADMX_Conf/DisableGeneralPage**
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Hide the General page*
--   GP name: *NoGeneralPage*
--   GP path: *Windows Components/NetMeeting/Options Page*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disablenewwhiteboard"></a>**ADMX_Conf/DisableNewWhiteboard**
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the T.126 whiteboard feature of NetMeeting.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable Whiteboard*
--   GP name: *NoNewWhiteBoard*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disableoldwhiteboard"></a>**ADMX_Conf/DisableOldWhiteboard**
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the 2.x whiteboard feature of NetMeeting.
-
-The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.
-
-Deployers who do not need it can save bandwidth by disabling it.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable NetMeeting 2.x Whiteboard*
--   GP name: *NoOldWhiteBoard*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disablerds"></a>**ADMX_Conf/DisableRDS**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable remote Desktop Sharing*
--   GP name: *NoRDS*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disablesecuritypage"></a>**ADMX_Conf/DisableSecurityPage**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Hide the Security page*
--   GP name: *NoSecurityPage*
--   GP path: *Windows Components/NetMeeting/Options Page*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-disablevideopage"></a>**ADMX_Conf/DisableVideoPage**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Hide the Video page*
--   GP name: *NoVideoPage*
--   GP path: *Windows Components/NetMeeting/Options Page*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-enableautoconfiguration"></a>**ADMX_Conf/EnableAutoConfiguration**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting configures NetMeeting to download settings for users each time it starts.
-
-The settings are downloaded from the URL listed in the "Configuration URL:" text box.
-
-Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Enable Automatic Configuration*
--   GP name: *Use AutoConfig*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventaddingnewils"></a>**ADMX_Conf/PreventAddingNewILS**
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent adding Directory servers*
--   GP name: *NoAddingDirectoryServers*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventaudio"></a>**ADMX_Conf/PreventAudio**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the audio feature of NetMeeting. Users will not be able to send or receive audio.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable Audio*
--   GP name: *NoAudio*
--   GP path: *Windows Components/NetMeeting/Audio & Video*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventautoaccept"></a>**ADMX_Conf/PreventAutoAccept**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from turning on automatic acceptance of incoming calls.
-
-This ensures that others cannot call and connect to NetMeeting when the user is not present.
-
-This policy is recommended when deploying NetMeeting to run always.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent automatic acceptance of Calls*
--   GP name: *NoAutoAcceptCalls*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventchangedirectsound"></a>**ADMX_Conf/PreventChangeDirectSound**
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents user from changing the DirectSound audio setting.  
-
-DirectSound provides much better audio quality, but older audio hardware may not support it.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent changing DirectSound Audio setting*
--   GP name: *NoChangeDirectSound*
--   GP path: *Windows Components/NetMeeting/Audio & Video*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventchangingcallmode"></a>**ADMX_Conf/PreventChangingCallMode**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents users from changing the way calls are placed, either directly or via a gatekeeper server.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent changing Call placement method*
--   GP name: *NoChangingCallMode*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventdirectoryservices"></a>**ADMX_Conf/PreventDirectoryServices**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables the directory feature of NetMeeting.
-
-Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.
-
-This policy is for deployers who have their own location or calling schemes such as a Web site or an address book.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable Directory services*
--   GP name: *NoDirectoryServices*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventfullduplex"></a>**ADMX_Conf/PreventFullDuplex**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Disable full duplex Audio*
--   GP name: *NoFullDuplex*
--   GP path: *Windows Components/NetMeeting/Audio & Video*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventgrantingcontrol"></a>**ADMX_Conf/PreventGrantingControl**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent Control*
--   GP name: *NoAllowControl*
--   GP path: *Windows Components/NetMeeting/Application Sharing*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventreceivingfiles"></a>**ADMX_Conf/PreventReceivingFiles**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving files from others in a conference.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent receiving files*
--   GP name: *NoReceivingFiles*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventreceivingvideo"></a>**ADMX_Conf/PreventReceivingVideo**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving video. Users will still be able to send video provided they have the hardware.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent receiving Video*
--   GP name: *NoReceivingVideo*
--   GP path: *Windows Components/NetMeeting/Audio & Video*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventsendingfiles"></a>**ADMX_Conf/PreventSendingFiles**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending files to others in a conference.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent sending files*
--   GP name: *NoSendingFiles*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventsendingvideo"></a>**ADMX_Conf/PreventSendingVideo**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending video if they have the hardware. Users will still be able to receive video from others.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent sending Video*
--   GP name: *NoSendingVideo*
--   GP path: *Windows Components/NetMeeting/Audio & Video*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventsharing"></a>**ADMX_Conf/PreventSharing**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent Sharing*
--   GP name: *NoSharing*
--   GP path: *Windows Components/NetMeeting/Application Sharing*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventsharingcmdprompt"></a>**ADMX_Conf/PreventSharingCMDPrompt**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent Sharing Command Prompts*
--   GP name: *NoSharingDosWindows*
--   GP path: *Windows Components/NetMeeting/Application Sharing*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventsharingdesktop"></a>**ADMX_Conf/PreventSharingDesktop**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing the whole desktop. They will still be able to share individual applications.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent Desktop Sharing*
--   GP name: *NoSharingDesktop*
--   GP path: *Windows Components/NetMeeting/Application Sharing*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventsharingexplorer"></a>**ADMX_Conf/PreventSharingExplorer**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent Sharing Explorer windows*
--   GP name: *NoSharingExplorer*
--   GP path: *Windows Components/NetMeeting/Application Sharing*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventsharingtruecolor"></a>**ADMX_Conf/PreventSharingTrueColor**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing applications in true color.  True color sharing uses more bandwidth in a conference.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent Application Sharing in true color*
--   GP name: *NoTrueColorSharing*
--   GP path: *Windows Components/NetMeeting/Application Sharing*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-preventwebdirectory"></a>**ADMX_Conf/PreventWebDirectory**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing directories as Web pages in a browser.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent viewing Web directory*
--   GP name: *NoWebDirectory*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-restrictftsendsize"></a>**ADMX_Conf/RestrictFTSendSize**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting limits the size of files users can send to others in a conference.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Limit the size of sent files*
--   GP name: *MaxFileSendSize*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-setavthroughput"></a>**ADMX_Conf/SetAVThroughput**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Limit the bandwidth of Audio and Video*
--   GP name: *MaximumBandwidth*
--   GP path: *Windows Components/NetMeeting/Audio & Video*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-setintranetsupport"></a>**ADMX_Conf/SetIntranetSupport**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting sets the URL NetMeeting will display when the user chooses the Help Online Support command.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Set the intranet support Web page*
--   GP name: *IntranetSupportURL*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-conf-setsecurityoptions"></a>**ADMX_Conf/SetSecurityOptions**
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting sets the level of security for both outgoing and incoming NetMeeting calls.
-<!--/Description-->
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Set Call Security options*
--   GP name: *CallSecurity*
--   GP path: *Windows Components/NetMeeting*
--   GP ADMX file name: *Conf.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-<!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md
index 0dada7486c..7662e83815 100644
--- a/windows/client-management/mdm/policy-csps-admx-backed.md
+++ b/windows/client-management/mdm/policy-csps-admx-backed.md
@@ -21,6 +21,51 @@ ms.date: 08/18/2020
 >
 
 - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+- [ADMX_AddRemovePrograms/DefaultCategory](/policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-defaultcategory)
+- [ADMX_AddRemovePrograms/NoAddFromCDorFloppy](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfromcdorfloppy)
+- [ADMX_AddRemovePrograms/NoAddFromInternet](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfrominternet)
+- [ADMX_AddRemovePrograms/NoAddFromNetwork](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfromnetwork)
+- [ADMX_AddRemovePrograms/NoAddPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddpage)
+- [ADMX_AddRemovePrograms/NoAddRemovePrograms](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddremoveprograms)
+- [ADMX_AddRemovePrograms/NoChooseProgramsPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nochooseprogramspage)
+- [ADMX_AddRemovePrograms/NoRemovePage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noremovepage)
+- [ADMX_AddRemovePrograms/NoServices](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noservices)
+- [ADMX_AddRemovePrograms/NoSupportInfo](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nosupportinfo)
+- [ADMX_AddRemovePrograms/NoWindowsSetupPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nowindowssetuppage)
+- [ADMX_AppCompat/AppCompatPrevent16BitMach](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatprevent16bitmach)
+- [ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatremoveprogramcompatproppage)
+- [ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffapplicationimpacttelemetry)
+- [ADMX_AppCompat/AppCompatTurnOffSwitchBack](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffswitchback)
+- [ADMX_AppCompat/AppCompatTurnOffEngine](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffengine)
+- [ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_1)
+- [ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_2)
+- [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord)
+- [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory)
+- [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline)
+- [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries)
+- [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname)
+- [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain)
+- [ADMX_DnsClient/DNS_DomainNameDevolutionLevel](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domainnamedevolutionlevel)
+- [ADMX_DnsClient/DNS_IdnEncoding](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-idnencoding)
+- [ADMX_DnsClient/DNS_IdnMapping](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-idnmapping)
+- [ADMX_DnsClient/DNS_NameServer](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-nameserver)
+- [ADMX_DnsClient/DNS_PreferLocalResponsesOverLowerOrderDns](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-preferlocalresponsesoverlowerorderdns)
+- [ADMX_DnsClient/DNS_PrimaryDnsSuffix](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-primarydnssuffix)
+- [ADMX_DnsClient/DNS_RegisterAdapterName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registeradaptername)
+- [ADMX_DnsClient/DNS_RegisterReverseLookup](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registerreverselookup)
+- [ADMX_DnsClient/DNS_RegistrationEnabled](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationenabled)
+- [ADMX_DnsClient/DNS_RegistrationOverwritesInConflict](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationoverwritesinconflict)
+- [ADMX_DnsClient/DNS_RegistrationRefreshInterval](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationrefreshinterval)
+- [ADMX_DnsClient/DNS_RegistrationTtl](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationttl)
+- [ADMX_DnsClient/DNS_SearchList](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-searchlist)
+- [ADMX_DnsClient/DNS_SmartMultiHomedNameResolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-smartmultihomednameresolution)
+- [ADMX_DnsClient/DNS_SmartProtocolReorder](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-smartprotocolreorder)
+- [ADMX_DnsClient/DNS_UpdateSecurityLevel](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatesecuritylevel)
+- [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones)
+- [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution)
+- [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-Offmulticast)
+- [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage)
+- [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager)
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)

From 7053b7a38b03ea63515f6e9fb7cf4057c50fb6a9 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Thu, 20 Aug 2020 16:41:17 -0700
Subject: [PATCH 56/66] Fixed build warnings

---
 windows/client-management/mdm/TOC.md                          | 2 +-
 .../mdm/policy-configuration-service-provider.md              | 2 +-
 windows/client-management/mdm/policy-csp-admx-dnsclient.md    | 4 ++--
 windows/client-management/mdm/policy-csps-admx-backed.md      | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 0bf40d8bd9..2d6a0b7bda 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -180,7 +180,7 @@
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)
 #### [AppVirtualization](policy-csp-appvirtualization.md)
-#### [AttachmentManager](policy-csp-attachmentmanager.md))
+#### [AttachmentManager](policy-csp-attachmentmanager.md)
 #### [Audit](policy-csp-audit.md)
 #### [Authentication](policy-csp-authentication.md)
 #### [Autoplay](policy-csp-autoplay.md)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 2923b2da09..7986a6fae0 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -312,7 +312,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution" id="admx-dnsclient-dns-usedomainnamedevolution">ADMX_DnsClient/DNS_UseDomainNameDevolution</a>
   </dd>
   <dd>
-    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-Offmulticast" id="admx-dnsclient-dns-Offmulticast">ADMX_DnsClient/Turn_Off_Multicast</a>
+    <a href="./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast" id="admx-dnsclient-turn-off-multicast">ADMX_DnsClient/Turn_Off_Multicast</a>
   </dd>
 </dl>
 
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 0c26d32f23..e3fef30269 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -87,7 +87,7 @@ manager: dansimp
     <a href="#admx-dnsclient-dns-usedomainnamedevolution">ADMX_DnsClient/DNS_UseDomainNameDevolution</a>
   </dd>
   <dd>
-    <a href="#admx-dnsclient-turn-Offmulticast">ADMX_DnsClient/Turn_Off_Multicast</a>
+    <a href="#admx-dnsclient-turn-off-multicast">ADMX_DnsClient/Turn_Off_Multicast</a>
   </dd>
 </dl>
 
@@ -1642,7 +1642,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx-dnsclient-turn-Offmulticast"></a>**ADMX_DnsClient/Turn_Off_Multicast**
+<a href="" id="admx-dnsclient-turn-off-multicast"></a>**ADMX_DnsClient/Turn_Off_Multicast**
 <!--SupportedSKUs-->
 <table>
 <tr>
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md
index 7662e83815..6e3d43c649 100644
--- a/windows/client-management/mdm/policy-csps-admx-backed.md
+++ b/windows/client-management/mdm/policy-csps-admx-backed.md
@@ -63,7 +63,7 @@ ms.date: 08/18/2020
 - [ADMX_DnsClient/DNS_UpdateSecurityLevel](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatesecuritylevel)
 - [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones)
 - [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution)
-- [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-Offmulticast)
+- [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast)
 - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage)
 - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager)
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)

From 01808e6e86476d7fdeb708d67e938edd7782c415 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Thu, 20 Aug 2020 16:50:46 -0700
Subject: [PATCH 57/66] Incrporated acrolinx suggestion

---
 windows/client-management/mdm/policy-csp-admx-appcompat.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index cd7a091fd2..86b6730590 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -628,7 +628,7 @@ ADMX Info:
 <!--Description-->
 Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of Steps Recorder.
 
-Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screen shots.  Steps Recorder includes an option to turn on and off data collection.
+Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots.  Steps Recorder includes an option to turn on and off data collection.
 
 If you enable this policy setting, Steps Recorder will be disabled.
 

From 76eea24f0f5e5cfeeebc6cee1828a07d5c0a94d6 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Thu, 20 Aug 2020 16:51:33 -0700
Subject: [PATCH 58/66] Added Acrolinx suggestion

---
 windows/client-management/mdm/policy-csp-admx-appcompat.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index 86b6730590..527d07b981 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/10/2020
+ms.date: 08/20/2020
 ms.reviewer: 
 manager: dansimp
 ---

From e25d348f3fb7a1e1a49137a0bed8934d12e93035 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 21 Aug 2020 09:20:44 -0700
Subject: [PATCH 59/66] corrected TOC item

---
 windows/deployment/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 27f6ebfdc9..b558969815 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -44,7 +44,7 @@
         - name: Define your servicing strategy
           href: update/plan-define-strategy.md
         - name: Delivery Optimization for Windows 10 updates
-          href: update/waas-delivery-optimization-reference.md
+          href: update/waas-delivery-optimization.md
         - name: Best practices for feature updates on mission-critical devices
           href: update/feature-update-mission-critical.md
         - name: Windows 10 deployment considerations

From cfe32839595b8b04dc72afbc082fbc58b81f0824 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 21 Aug 2020 10:03:11 -0700
Subject: [PATCH 60/66] Update edr-in-block-mode.md

---
 .../microsoft-defender-atp/edr-in-block-mode.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 12436534f1..83a25f396d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -15,7 +15,7 @@ ms.localizationpriority: medium
 ms.custom: 
 - next-gen
 - edr
-ms.collection: 
+ms.date: 08/21/2020
 ---
 
 # Endpoint detection and response (EDR) in block mode
@@ -29,7 +29,7 @@ ms.collection:
 When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. 
 
 > [!NOTE]
-> EDR in block mode is currently in private preview. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
+> EDR in block mode is currently in preview, available to organizations who have opted in to receive [preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview). To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
 
 ## What happens when something is detected?
 

From cca1fe501d01761f8f314a7e76860c3074f2604e Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Fri, 21 Aug 2020 10:26:15 -0700
Subject: [PATCH 61/66] pencil edit

---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 8ea5343d35..8df0ef33bb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -225,7 +225,7 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 
 Validate your new CRL distribution point is working. 
 
-1. Open a web browser.  Navigate to <b>http://crl.[yourdomain].com/cdp</b>.  You should see two files created from publishing your new CRL.
+1. Open a web browser. Navigate to <b>http://crl.[yourdomain].com/cdp</b>.  You should see two files created from publishing your new CRL.
    ![Validate the new CRL](images/aadj/validate-cdp-using-browser.png)
 
 ### Reissue domain controller certificates

From e9d239eca385615df4918d034c6a804d44f2eac0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 21 Aug 2020 10:26:47 -0700
Subject: [PATCH 62/66] edr in block mode updates

---
 .../edr-in-block-mode.md                       |   2 +-
 .../images/edr-in-block-mode-detection.png     | Bin 0 -> 172406 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/edr-in-block-mode-detection.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 83a25f396d..6b15d36a5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -37,7 +37,7 @@ When EDR in block mode is turned on, and a malicious artifact is detected, block
 
 The following image shows an instance of unwanted software that was detected and blocked through EDR in block mode:
 
-:::image type="content" source="images/edr-in-block-mode.jpg" alt-text="EDR in block mode detected something":::
+:::image type="content" source="images/edr-in-block-mode-detection.png" alt-text="EDR in block mode detected something":::
 
 
 ## Enable EDR in block mode
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/edr-in-block-mode-detection.png b/windows/security/threat-protection/microsoft-defender-atp/images/edr-in-block-mode-detection.png
new file mode 100644
index 0000000000000000000000000000000000000000..2a5104b58214e4c683f4e9c8277dfcbd16f83f92
GIT binary patch
literal 172406
zcmd3NhgTDQw5^CJ2#5;Oi=a}Z_YMLA(nUld)PVHfq=g_|sVWkBRe~SAOD_R}5FkM4
zq4y#L2tAZH-@EtS_wM}*URJWQGHYel%>2$dzkT-J=kse_b;`SpcW>OdL8<ZT<(nHf
zNMJW^5Z@%d4IDYwNOAzah`isZE8i#^WZndR+_G2FQMz%XGLifOOalBS^LS<Aed7lE
z*uNj5TbVUkH*Q=PXuMQ<>u>S*(%0vm5#jnXI{nOMJY5`*?oT&qOT(=@R@O%^>;f+u
zzZC0&$Ps0pA#2y+o87b2V*aFLU9+E>T0#gdI6`}t2iL8;JgeR<*|j;}pAcLWPoTJM
zGeSt%W77ZrZYJj7BmeJ*NO2LQsQ+;YA<K@a`XB$@)BRMz_dicZ{r~&vLO51dSJ}nI
z4X+>FQaa`0;p2M=0x`aM^X5xtW?X;2Ha?9?T}>_O-nIF{<Y1LppBOJM3Ziyu){90@
z;Eqm8@iQ|s4_!HBWw8+W!D8x{uV2eB9qp~AZ{NOGAfUe_C56*?p9xho-%`5&zu&*i
zo~s&5e5Uy)FwFMWgV&ZSME0FgxZyfiCYOu-JMVuMW}qP;kB4bxBS<o4uH^3S?lsX>
zgV(Qf%O$t6IUZpnl-zX75-?KNb-j|94w2>B=0ryk&iYJa#{KVf3SGBm#fI%#wH>V#
z=1JC)95wXxg4Tm5{S{GRH<4JY;L5-8K?>tfGXuZ@d(t?LpUuzp3=1C(B#G1C!A92F
zS5w4!l{@^Ybl}zgF?>fvly~mVmFulra-Hp=#6$J^Dx;+aOx||rE2{uohB^FE_kt3!
zki*c6nFjB|F8{p-uccGr(X!P@JDrSNw;j-_-GCFGVbQxAi)G4^^&P$Z1vAnqF{@n4
zIv)-tCg@`@!~+@PV<BypZF9iGBcq_`iXdBl-DY7vs=wnm-p}yq^Jn3lOZ&-|AUej;
z@<LRK?cv1N&Nb2h6O3<Z+02dCo^Bx`$pgK{8V$8rWIi|~vS5Gz*k}t)wIW01*BGnC
zX5c2uF-f}WcY;QXP48?^loFms!hZeYreGC&rMG~LXCl1gRg3ZZ`t|GN)wUqLgb(R-
zja%gL&b0MX7un=*cR_0#n_AL<<9>!3XY86GAyqW!T|>UTg9B-x4-UR;1B$xGP}2Pp
z>ATQQRO5<abRCmMn#k;B-`l~0FN1W4OrmLMrSs<SJ#5b{ReaM4hr98Xh6-tgGc(Ni
zvGK)AKeu^g+$P2+Fz{sSvt`H`$>-0XAJH0AS66xNFR9kNJ2~0L-jQ^l6Uzypt`kNE
zU(HBs(<|yKR%@;68rM2KyLt2GoW=z|6)eQZN9+S`I&!WhXfrTX#`i9yxdr9Is}@i-
zbBvoW$7&SA_=l?1sa&v)B*R4m!k3Ri(IKaMc?myM@o-QV4<-N3yK;-toQ^{i=O=1b
zEgxRnjG;3mGjO-V!YqCrOWe|7lpH-e$?MxS=tSc_4>pCjuoM{;7ZC`u8{pN0Q8bmj
z;kB>lhp?8c(k<DRy@jh_{FLNk{;;Ae!x{T29!>n~V3qFqe8R7HwRdUxQr#7vK+4Qo
zA!L+{qZ5}KsOt;5wZW`#zfHBK54&9<SKA@&W8Eg#mw{(q__V&B`D>or_crciFpl{W
zSVRNG@<$1mIqy+u#m;eflz=5{cuqd3-~PYyj8CDlLK`(SRc+TXFh(+{n*h>Yu#5@K
zDdx5zi&O?#B71tA+4nBa@Xub_#5mE+b3ga?>Z(c;wmA<nb%tsqIy;BqzRr_V)4BGE
zyP*Es+p3G(6XlLXzm+b}r!~>D1BMgw;n7VQSAHkEvo-h6mI89?mTcyBc3f)q80hJ(
z5_WXlPER+ES5`K1BmaS3o;!tpLoAiIU7Z)jd*=7HH4l>BJFYvw$d4rNuQX&<Se~l3
z2a&o><|;Hh1#X?1_(5p-`%)9fir>K;A6#w>KRLwB>j^%tpoo)MZz%=Ub&d0zzE$We
z3qmqIWR6P{waazOlBqB_E3AjE_SxbeJ^LIRi@EtO2^sGzFND(;ygo>)Q7ag_K3LVl
zv*6U<z2mHNzc!RF{A%$OY=W2We{wDFwDKw<GBUj!IuJ`I=o293G`SFeu+rxExz4Be
z;rrz3PaT1U9<AQ%_sj*GQ#||MUj7nmPOw$?jIc#-Yu@>>BSgje{IWzZ-2Un+&@;lC
zx2Ga;kz>hVVbeg-XLH0Pg_uB({S*BV=04w8u${4r4s@8xmliOSa#wKPvNzLSK)n6p
z#KtVz@Z!jQeQ#0G7b<<_NnzgX|Me_xuL0rNppk@ZWE*>JbGv5=2$Hs)xl&a#Ju1IT
zzp=gv8+}{+-!#Q23WlFOuj=Oamyw&1Z6V)WO@D8Brmvb}Ff4?V9nqWz{}~^7Ri_&W
zua_@xP5*W-jC`S+K+o+YZkSZslgO4)elC~y!fUnf(c#7%3ni1-Q2uhZe9)mM@s*?^
zNulpk)mB{=*@d+MrnTxES~YVo4s~7?XM_kzUox-JMzcqiJ!xcfv}^nQ2x$%YW6h3F
z2!fHN&glB21h)*!WZOKmjRv=r>)b^WEgyqqWY;_tTZ-0?o3FHqrgfVc4X6``R%tz$
zAia=O%rb9Sat=l}z0mi=z~e#pe@v=%d_U^b3r}NJiCgiOaJ#5{DNh~qOFrm$Xo3MD
z5NQDK<>oq$4ZkzjFWZgD&3)XTqp0`$$(nvjc_1rxaIDy<-w3uc(@^d40dD19j04Y6
z>SsDyd3^91T1DG8Q~5Y|%2)-^=a=j=D`5U$Co63Zm1BtLjE&JWJgExh>Egb#c#FB7
zno2naoaB5-K&MmkiFZeorJ{#0Ld(3zzM5rUkbhpQ^H?J<eJ5#i8LxTEkgY`T2V{Hn
z0KsXPa+?U9y{XVAmPoIl9kF`yn4O&nmBNqlZGR!j#6Y|HN21CWg>Ezt8ao`K-2jlo
zwc1PLtNQ;7E3W0(42|LUeKv-2KvF;U)Rf{74A&VP_h%nKc3Z`%SmkoLB5S$|J|WPT
zrAkIO&^dRU^8OmEx*|k^2cd+WX(L!+iG2)rJd@-IVty!3MaX~e@#Q=XuF-cVzchDB
z_a3WIGBwwy3)!IYe#r<EgcqYwZd*bI^^9(oj8k6B>jkk0+n8@O_u8%krSGvRlyv5)
zMDMNVglx6>;bw+Un#pM%Oq5#|a#mzd*P?c_nijUVV=;w#;K_<SnOTTLq<xH+zJ7VP
zP>e0jj81+b_13St3YX0{r;5QbmUXUU<6Uw+a+Hixdz9p}(Nw$J7xZU#SEq6??*PO>
zuL0L#ZH-tVw~{l?d7{jEbL3g0rASK&+HN3yp+8M@t!a)@;C`j94oB?|0VYsxV31|c
zp9h_m{PaSJOp<P5^R^FBo4OI}CKfdkz}05!-cfZ}OYG<vq&08y8AdceqnRe0Y!{OR
zu7!q9RL4ywl#rp!ApZLo4Ify%2*>=7+}iH?;pQTLKhKFIr`tHJ%5+S-HZymBj5vr6
zjTP(Y=$Jll^<j8(QHZ($6Ydr}4}`B?wy`{bT@%<52R*70w*Lu$PS?+VAw;?>KT~r$
zEdDuV&Q@^bk!x(Mw_5l}^o)<5KX39?N9fYC@B(L|m|;0}BgXNr9=}jDcm{HNIfyRL
zbiR0Zu|-=iG?EZ=(Jbd-@O!rDL+e8j4}5o~!C*aYf(f194ogZZ&C!cBW3_KRomaaG
zXc0f5hkJ>b+pKhe(uP{XJO>DFnXewC?lN*G_~6D3du-e7N1_F{(~{(3f_8VyiU!pe
zHZg@V=zc0<ys~1i52dxs6@IDP`%*&=dlwa>@L{tqSL`qkbs*NI+4w}Lf(9l%^;1<$
zRTDk{@;7oYY4O9cGD|~@L*VEt$=r-+qD#Ui1V7b}0#b0mUYaKaetBNyLa&y{dQ`L{
zTK32?<nlSr3?l7$QLkYCVlk=pDT8G2hmoQaAapT)ItAeF36!t2X&u{IB&^=8jFa3F
zS?e&YjGv0>Y{g^r6k8r9JBI31PJUeC=MSY+%2ck_ck@Z}(ye6x$yQVF5iI<T>5&Nx
zmqpsfDLn}+qB-J9ziIe0Br(bgbgrkFzsXSU;Y(zZo-pq$P;CXc^ERG=8p0VYYE*jg
z>^2qSFYEyUaZyc`h76MoCiOP6l4rPt1!JoQ9vECp#wQ``5p@I0$jR>j_{G&mT(31$
zne8?gSM)cEF4e$vwfqwT?6HfrNdGP$ZwM(FS;rv&cUbnOE(s?SOA5<t^6uMBa_-+t
zbrS{VCtOkVMkvNR@h3z*dok_y48E`DCPA=@ewl@+(&n7~m6UU@kB*W{6YF@*aRw~e
z_N0{i4l3N}D9Nq)Ny&uXR~fgnIbn0>=kCbj980wf@El4@B_Q>{DiFS3R<Yun1viy1
z$2K+0m1If&5nnHDhJ25j*bkgD`g&~tSsXmo{>vz;>KxT{7gc~cFRQqRYP<&4;G|z@
z*Van@`$UibTvc!jr2#>7EXxxuh^^c73|r;>uU_av6!I3FMjJ_kIql5Je=f<5t?_)~
zG*MKLILx+PYWln1C?%rRk4xuVlU(0MEpenN&wJ#hbDez9RXYHEYXz;LTYCCi<_k{~
zk{F>D!562(u6cj#g<8Y!P&p}K-hASw<SM1v;uadr5@oVci|=}$JigO*RfHJ`LTAYr
zmkKm!F!Dd=`JjKlAXxw}7CimdwX&zitkp+fX9T&mY*45@UM4KXF6*`OiFU#tlHZ2|
z0`Ca<G>$f8xhD~GQ=n7QdHj3osJF<V&dJ90hfGZ>;#slRzZQS)np??To~K<b9++e<
zFbK^D6As6z<y3zC#BJ2nRBcBE2p=SU`xeHN#I@;_|K-*8u~v~8AGm>4!RHmBWmTNU
zC<NPrf{X)@Z1F&)V_h_BoD<<fJzsVSkEqa|uZWmnlRr;UP$#Ohm~A{gThBR?CU*1a
z^|Cpu{JS=g<*Z<{bahF{)mv>1J_o8DX0p*2RcxR9jE~O1Mc>y9_Q&gTy4L8ZTgZEj
z0-qMs2^E4&3b9a;Sb$C$V@V>$SCR}{M4;KY=>pNPvHBMj;BJtmjb-7p-|WWK@<ZqI
z4?(Qn)KcdMYn(<Q|6C!Q<Gmn8;4~(V5sobMd(fs<21nsD$XYwmrM_Ogy-PW6I+|3K
z4ir#s(gHg9!D9g5@Qi-f0JEm!udyG<{D+`e`eReHu_l9Az}Uk^KEcxL{qR+bVQ^13
za;y6;(p{!i^Y^Uw(cjpj(#kSv+KU5}g#0~_Ldx5>#_$(iBwTLD-g1glIplz#p|zpx
z!l?mc!lRlw$&tF_4EIsrfIyq>0Yz6tZYZ(OHJD&$F5xu!+FbIbC1LjWe5;|5&Dqrz
z!M(`*-Wd3*Il%v5<ufar@$O8G*LTKh$*WUhgtCfdt>XAII*$!EyBbZVdBerU2ktd`
z$M(lOt+D>{lBQWg&}IQNn*^jh2h1N|5V`tHi*|eYP#vurqhFNWmM*m)FL<Xu6?v+I
zLkyo9)IQRxS7Ihngg&Tx+ucjaNj6Umk@Oml%}5`7b0m_v<8bbi`5M>q{rigK0qpzt
zpIZxD=59Vp2#Kz9op%AYrfK<edMSeDB9^WkvRtOWRa%WsTdhr}T7rJJmh*ut#c25L
zi?8}5I;wJ;o}eTgf5tj8iuixIk_S3;YXCW>#M1GPUcOIt;vyWUOL#65l8^d4KgGKI
zy#o=%2LpkECZ(XLnO4*I@ByYv*8^&uPpcy-a?O<URGtV{<>u$}-cN8`O3?_qn*1SY
zuqx%X@&{~=EFf8nxr_QcQ4;Rz)SoHm_|1vy$q|BNp7*cOD%qtA`a=HY^|j)~UW-#W
zwUF1T$E<t3lvA@}A2p1jCmEG;R5@JaUU|7!9Il?ox`prZPe@FpqUAUHw5SrjwZBtx
zUfNaJJ00{<Xy>c`*Fd6gZAr!!T)NB?M~yoFcc<(*b3ll25zlDH=CsL5PyaBfhVPx6
zOx$Ep+$_BDGS7E4=FvMYc^X4*HN1>&mwF;&q?VJi78r)$P`$&tzJ8JUr!|)R^U%<1
z`GD1y%nJQiBAi^>22CGaYd@L<ep8oHDhQdQ9mv>jX0T=_UQSnVP0!wYz3?8Qt(eFZ
zs!YaZ%SU|ocBZ!e_q@}7GA325L80!Z#^eB#WX&_q<uz~4VDZYXr>UDi9&zDTy=w%g
z#hnjZo(l6k*ls1fBQJqSl!Fx*j4lI@gj}~q{hmuAwK^iKA73+~*?pc^tt6szC+&HJ
zS}E&@Vw~f`&upil)poUKC1ko^3U#vbG3cs%+kb4&OUY0*F=Z4E8tTIxub8?mK-&*t
z6Vq?<@wVb*zgMm<gZAETO7taKmp-d8v%Lmm^A`{rb*<wUB~@nN?>&xVgOh3ulOMS2
zTX>0x(1-Xm+Ht0~*A+CRle*C98jT#$F%3~>LE8Wq%C)4hCpepc^oa9svA1aMn{d)(
zooc(gyI)ekBLf1Bz-JxdcR=lSii?wbDm>1%2nG8?qPqgH;04#c=|U(J#Jn<TH!6<*
zBcY|W0o3FJ%{ZGY3769=!)$*Rx~jMXTiM(S#KEHYUs1*DW)sEeF#opJ;3IivckaHC
zdD%$CA30U>fr0gT=2(f-<&$}>xK4L!*cnB_5B%DI%CZ`qk||#7K(I&uxUF`+WcYIY
zq1zwzZ78hTHGT`k_dac8fHKF%-k>v60+ZTX1#UKMy-+6a=Sw-reN_uN6KRoJ*sv-@
ze%1xW&F)<W?ucgWGvpaW-wSMx|NQx1`r%MmAtNM>N`L}J8#qNLSu8P7hp0@MsJuvH
zn^R}oCSOB`*ti6%7)zM)d3%1pmRLFi+VbGcip<UEOy7Q=sp-iLA4b>Q*JBLb{z#M{
zWBo#Ub~YS6yhAx#M~{=Xxmfo;bzj?A=}kIkxJ`4}P~Tf+(^5U_p_CNc+?<2^Vczs1
zy?iZ&5gZ5}--~rKxd%zn_YrgkqaM~32p72?r1b-E_Q|0#oXC7-Zx&sjRws}pyM4j%
zI`e&oO>p(BCwrntrCns8rQ{o&=~~)On&bN*YwY@3)qKgB8hJJ>;?^DTcnL#e4hY7A
zvpF9RKFK=kJE)|AnW)pi(An}o=FR2oipV7|<DkKW_MRRrr0_EUi<lEP5*+`g3ZG{U
z9{=%A(;Zjh7Zf}aa4RSL7XO+PoQ>l+Rv+g_4b|ra*q!aQXmgvTJmd5Jni*?a!Ze4f
z>$@b46OP<DiV0Mw+?c-}Gw$%$K3XUX5qxbXcxfus_SjPJ;U0?(-w@M&HQSJ)EWTGP
z_P<EfYYH|U<F%ELu1|}BH`_ICm6md|{`?7dYWpRJ?0tc=XsNmXno$d!mc(*?>^j_>
zmi<&z$l`YPdRs$iia7fuV@?0!(@5%vcbj!G#D+PDa(XmkX{$hWLlY*-c^?sXaI3zV
z4hL-kY~2y*tgIlheC|3u9gmHX_S8|Pj>(q^)KEo5Mft`2AQEKfx|ay_V1?|mxhvw<
zj#rp%w|%WM_8mc5BDY?ZTzpNXutAkvPNFc)Rud%)W5M*D#zVYr_Ug<VLunq+qvu1D
zI^>^IY2U&0#p4}5AC(OSmZ*{^$x_r&*0E{nhrJum{E3&ti&>v~0JyUt(snKR>boPE
z-7QdhrHiJX)wO_Lww#*xn1TtsgdDWXh<F&O2ijp=2YPq%kn6(pOd_rwnwN3T4z(ul
zg6yVwb~ircl?AhbrJsu&Bxf)xl>2VKvxUmPX00i+53&xfoZ<Opf;iS`TPhK}4RXf#
zBC)w+TqJt1JKc9-_CHmzzmc`h6Fx0WJNARJq$nDggDMINmP@?35goR~Qfe3Evkgau
zZZ1o;%M?<1B~U^HdgA5>GV~wT#r{jZc_tja+)pESS;@x9&$7|yw3Np0dPn)c%<H)i
zJL5Yh0a@XtO9X8wR;3kEVjX>KZT2L<X_i0Y=q28!h+~lJLb`Y3XzI=Tdrm206k!N+
z6NCtXyp)-NYS{`j1?PV0X|_U-)Zv_0HHItV0jf1$4>uQ>X*aj|B<oCMS^@QWyjc!e
ze)Cjrt_Lq(WQ4J4ERbSlqKkFJz_+}>EC(ni^Tc?@EwL&}k$LCw66muVNkFaKlkYqs
zLKO$r7EN<t?gu4Va&8M}Pl)Qqq^m?xK*#8$;QXNa7i{aCSv6sjxslf?mKW=WXO)yf
zS%DWuwrHud<lZ0A<)xbZk+uS))oj|CQu>zYnrht-F4u;ZC<zJZg}?V@2CW2xVov9^
z-BcCD*`s#s+(1A;!>I+p9PCY**Lqw`%j8%-p?3>1*5$JoK+q4Vhtxi|EFzd#{<zQN
z3>saL4PWh+GP(Y1scoZT$chXKTiPBkHML9*u(rNQE09{gor1Quh$9$J$hnyeu7Y{^
zM0ZL}Ye#%tFKC4#%x;h0>GnmHKLz&av^jvw+a|dQ$Iuh#1qtk^Kfjou&yImo`)n?#
zB*~^HVe4FESMn%y`W(8J5o|jlfH6`Uk61memtsL9*+NFqOP7bA^@b<>uZ6Q{uCPV>
zGq0X3uj8bT8ODjXqb+}DNe6@GRp@bfDtC@*<1#`g#*6KzBT{U8+N;2s|D}l_6g$<a
zVVg!N%AAqupjxLbJySBS>G`tYmJTK^T7|i1r9PyQwz}L>`olNF)8AtHqQ^yj9w-Ti
zQFH0mN&mC3URh9@&=+=-N-_sq%BfxB|I?veFKV;#<L2Vi*!?#yLVOWC9wS@d9fdi=
zG95<xl5&s-7;TU+zgfkN2I&TwL4fYs)Tm|O^+KqVmvJSsJrNRmK|YkZp>Mn<p6RoH
z#`P8wfxcSH5I;}j<BcJn;U4_R@gi||*5@jX^=@g6^~%cxSbrwHh^{V8+6Uc3?nVz{
zS$O2Qd8UxT7lQ2Tjl3_N8aac7>FrFgB-~AmU47@mN-~0jM1Z)FVqYkQgznY{)B29b
zFoejm6~Rh@hl4&(*Hy6P0duK=A`Q*d<Q4ZXQCA4(tQ7r_Q$o&drn9ZdycSwpzQwi%
ze?;So_)JCro9|T-XBV;v5%ZP`^UBOgH}1##_;tThLFL7WGm#?$Dn9e7F36g=`t`Zi
zZ}JvL@DAu)^!UIkAb~+tZ9Q>SV{x5;n`jdc4pBFTf6)nzMB7-dq|mTEgl-Di54vP2
z+^!1+fX|jH%bMSCzN*XsjZ6Kn`z)>xk*W5LGoD7iw%_mIyY=QB^>vh@LdP=`NBwQu
zk4M`q6}?+hBj^(NYrYkH)HWiad1T_J*6d>oCjGby>?^;afZQ{y8z87so-MyeaBp)g
zKHx9HVQvn8N(p17yNV;-C<@(uImzje)!(YbYn2c=Jggt+t<iY05U^HS7?bfXS({q*
z_iz5Yp3IBzEbSa&i)uHXzG3mf3Cobu9<{oV+wi2FZ)IN`#s)l_>jLc=E|X&gU;@6@
z);2YU`+w7_4~?GH)Y!=%m@E6;)0RZV<(CxjeyobHZT<bP3V_Rd(ceP)%_7~5Ur1Mg
zREWyLZaCew=X5Ewb(1Gkq?I$C$vJfFW2{q_tlyjEOC=8*<JRR3RKWaP%a*xyAi5H=
z89w_FM+1Fi{hfsnR%zAlN7C~i6yoiYpZbT8#tFlfx4B?&HwETOEl;u(27Qj+Y=-PD
zw4RaKs<a(gi0fE8{J2eN@i{_OHFEkq*|tYGYt!1qlR|XzA7pT2dajUrLw$F5pGlFq
zw^`%*b}@l{du#48s4;%ugwMN?H19|}PwUQF^5!~@Zk%U3)m7|mts-a$B!KuHT~Ogt
z(+yC#TixP~Kl2Db;YEMrpj{I7JgF&Me3(eeSql#vt7T|imde)U;Grit{A@wgB&T#V
z2vNnN=zn@Ym~gD`>p<9=x-eH|JEI$Q&jW}I#|f^Wlhm1*@3gRnFWvLfKCT@kg0N@k
zqup5pQ+=kPSqfE$xla6F!pvlHoBKv}HjXu06!IFAOtome12mRCOg87nx1*RS5<Z)~
z@bHx2cQ|PNFWGeuy{8W_j~SUhjMk1xobj5Z0do`O&Xu9m4|JbOcL?y)8s9}_-tb=1
zB%jacNV2p5aSS6OsqcbT_S&R*piIpv2-5C5%kvP4ZW&!xY0t%5QDH1xT2a?_x=VoA
zRe<Sy;micO$EYko%%w@Qb2=ZvF#srZwVyhgMHFk^*Zq_Orwws@KdGdkM^B(qT4Hi?
zZZdgJl$xp&!k*TAVUctAqRWNWhpY*^E%dAl3(|!7XH)y0!yy^Q2CR-naT~l}spa5F
z8K}!+tovH^qi9E~003FKB|WySO88Ns_ca^6u=2e%kTRA#d;}qKU8T*VOrHlD6ZB!I
zHlsAwi<<{oUBXDZA3^hH(JrCrW_-h8j_c-0#!gI`k$*zcdnj_i29_GJdMv{#e|Gf>
zA(EpKnq=F5cwkb)TCn$?3`>u9E7hJHjF))D{&l~C-|^%bt#zW3BRDOVcic+;^+!hS
zuXASEaVbl^T4T_8B;hWq2Da*N`(3@~9?L?|N!i)o=+K?6jbgq+ap&=k^{RpDO!t|+
z;qfmJh0^0hQ<u3{!f^sZ{(|_PIz9H0rx6)uR<Hf5yWSYv1$cOVUUjRnhlyVjV`9Fn
zJKDY?`l9@75n<&Bp8A;ofKcD6SG#V}66iq37R5dA0i`M<a8)s2AeQe;2by^3jHnW3
zrB2AJF|)G>z&#%Go9ix303tY!_~Q3hKY_!c$UA5}GhWhn>-}swY4<R$?b?D(a{5S5
z(RE~<be=7)Q=}~}<48kN&}CU$mhPr>9n<$`d`X?rRL-GEt5ZMJ{dPoRhNuGhkK7gr
z@ir36tB7RUtw+Dz=0?})aW@R-Y2Hv8-*b_TaI`hGVLcloFa2}ImlS!pVze9rJiZW~
zF9web9&53Gy_^R$LE7ek>`>ZP6BD=&fu6hGZ+BFwFvYfBDR~`h)g&S@_#S%>4c}x1
zb&s^wCplfy)TLR%Gr|P%$v^tCT9X{j2kkFUJE_hU5T2>NwsA&k=E8!9odb<l=TlS^
zzcnD&RplZA@JO7Qh5Kjy6ZcNw@tU#7)Jz0-(qm2D9mf8J4~p`asK+d*t{uX-_zXU+
z6EbYOkGm8!PuRP+Bp)u?ApreN>$CH_QqX=8pM>l5EvB)xxRZydq+s+Prt1Sg;>52&
z0Ak5{G+GG(ialJdrq^=*3uB_BbRuznGK7cxxl>WvzF!MZ;0u=&7s|2A55e=`Mut<>
z+rht?+REuqnZ63VnA8i1{~x)lyGG$hM^O{^;|sF)7IEpIgKu{)tqQP{esy8zyRTvl
zKW&$C=<fO4L{!==Rk`}}6E$rNU(H1^xAc_sIYZ{BJ?hg2?==T!mKdVUTb>VJwUtFJ
zcxvd#Nb^_+a^J+`-`j{-&}K>{)51=QG+@u-egGLu%>!dYeYEZND%k6&=Xshj;^bBS
zLiqD*v)uZQ?SO0rwT6G_I@8CBeWtNBZl$P%v%C$B%9Y@}3YSxv_mGRsOsMaC^bPTV
z0ta-BXzM=!%e8zMstN9PFsPB>)d3ct+9}4ghEFm$fA;NVQ+7i1RVk&zGY!kpnl}X`
zGQ^h-)g^rVUHpr1|BKN~h48d@HY3`+CnI6M3o80Gq!lCAqCo%VY@&T-KMTRp#LoDi
zk%x)Cs-funm3&}JS>J=7$9j#LM^rz|VEpD`u0^v9mUle7xsjbBR!nt=RL-wK#&w(`
zo@Tj%MxZf<)!tL?Ku`9c9L?nw+7lEt6|3^iAv2Se&yeX<M3<)`ZVKVcH-Z;OqNPwU
z=qKP}D&skX_^<dIg12EG(4Ea=Z&%-#CjSsV*2z8u(TD?-KF?&uK#GN2u0z+l$US)c
zu2B60W*$A`HRD$gzF)?9>g6a50JuUQ;BS(|#%0U%RBMOV=Q#OHL4HgKFI8GfN<N^I
ziC2DF%1p_vIovp2akz4721->7T01PpGplG3Ms4TcE3PkbL~5Tiz^NdO&#W3MW+umZ
z7#Y6<!TWK=6P|**5#t#_{?)J;`cLUMqhI?PCjo{6D44+5dczGRx(6jx3GxL!6m>Qr
zd4t@QRHSD*G|6$c|G4u|`+Td|XlEA45LRw$Q_v9OUIXhcr<OlFBi4Xfg&!-5%JO`D
ze^t%HJ^ZFnw@RJln*DL6Nv>SL^_={y;?&xd`)M}3Le9e~WG5pHhMcKM>@mJFtFMc|
z87J)9j~eT0Il&_{PK0$~L|FEDs-A=lNZWj)uR)vMlv_ad(I3G#$A71ONIn&#<$fLp
zEO-@ser;yvn?hkjDze*hTpm9Vf0Huy=pe#Yps|Xj@?QN5G-aR`ey@YLMX0@gYQjOf
zf1ZY>ZylXcjOn_lF54h9$ni<yY^FR^G>%1KKr<w3rC7-v%l!poq_7>e`5p@|egtx=
zE`^-zfLgx7%kFR`6+Z<%p*~NsKR5nxWGKtm62Lpv98j$pyNM!u03-PiJ!&y$@dqiY
zwbk$FR#+0H?k9&xL@x>d8a;r4j{4A#%kyGycDnxx1@3^1{L%~*BY(k{49kzIw|)ql
z-=$8@zo|;+R@I{+ig^JJwZ3<)<N2kBLMaTrD1R|J{^qg5p?z=GS!o9uzakeuKcA>V
zIKU~?+%MR^5%ZJg3s2)gl1I!5jgfSo^}_nks39Gq=>2^uJfhvJibAfZYW3+?H>D~~
zllLv;7e2nrNVX&IxI>SmiWBx{&ln5_m<}uD8vR5~Oy`@{i<j4hW3Hq2tUm)+da!2S
zK2!4vK}@VlD&RC^jjrM!w$%X48F3l5*5AqTN)KAa_<~}%FU+!A-=FcF8_m^wKB@m~
z>B#-PvMiMgsihR2<fC=!4k|fFYmQQWV*+S7X2!37b(;%(_xLt=IIe$|r4Zamt69<^
zCty+YsxWebX;r!Sg;wl#hNSzJLZ`opB6;blv7Pz81rk&5sdBO3gIlZS+!zNZJ(pF<
zUGV*jX68*zh&fOIdfTOjYWpL3hya#WlI8Nt&;c${@oLDnx6Z^OXGQ#P6H^Gp)mOuK
z-4uFdvW~8w8--1G63#QqB7p3Q(W9X@(Bhx-4BcvSZyWOz8CvahtWLxLQFX2*ev5xC
zoGA(xb?JXrWm~=kf9<!K?-&=7QK8*YS5x8A@D+>wSGcqL@YdF6^<ev|;~WsYn-Ve{
zhunPoq3<c{^RmHYy>exQ-P&Y%y2Z)sQxfv+7#mTnz&slyac`dQx8DPprCdlE|55zG
z63647hZgvp>vOh7ISL~kn$3-<$2`LNv7dn+d<+dd0k(n4w1ZcY%szBhKfmJG;a~G~
zOF=R$Kr=uA@tYSm{Q^Q9_gA(%pyE(f{G#-iU!d6y9t4R=x{#?lomdzj+xeuuY3?H_
zRVYZ*z`?T4<sSj!gcKST$HhLVX>DIhs!YR5Hj!DyTm?AX;_Z6|p^Ak1Po3xB>8abm
z-Oj!Jeo}6PGg}MYv=81BEMMj9x_JIXK|$A&AVC36LtC|$oY~zYBSShE>Lsi}yp@o~
zul_A|sT%C*%d{bMnF_umK(#Y#e-D935YtJij83-iXW*VTb}Wbj%=15UB%DT%ZGo1%
z+Qs<lkV?<lnRPk8prFkS@uA!E<4#<F)fpbgw9_^AcF?D=Yv4H<K?qBqh(EF3jHe{)
zhWbfj!s`CtJ+mXy_U>bv1nJO)pP|&c{P6k=&Kw#4)a#;lXMg_7AQ0$gFdwi38J=@U
z?EX0YgD!JqfA!!S?YEhVDC%bbDVD=(dbbPK%7;RvSM-10Zz4rS<P2j*VDI3W_YG2i
z7>Zzeg6h2qM6rheV&}=+6ZJ#2Q+CjAwD}yDm^|w{HV1#;9%MM`71MuJHRDi`Um<tO
z!;cy8mjWw5FH(;Qe@;yV0nTzbM?D4k#(1rThMXJOOsShH?P<%jgr}braA4OYntBMs
za8`fPrQ>tSp=lE|Z#0HS3S;l{Q^Z$+Tau5R2fFFA?XxON<CtWTkTsn-RbxBTA7izZ
zL!Ipq{V(~+9wtHqhmnI`R?>{CZ`v&6DVSv5o;*=L5j!k!`}E3EC-Zd6z)AUQ)YaF3
z1mB(yp7^zGorY98c%&~9B0AJ~1Sn<Yw3^TR2&5>pn%s?Uue`mHQd6T_w{E4Pq4dVA
zZN-({_up@g9*o42x4gaPo#G1GzIx?+G(yg0W|eQthqtexUi-?yUV5yFkE)RK`BY}0
z#XXHdWCEEs@Nx0p0w9f&@WVrw8^ytC&<_nl9sX&!grbn)^5+3;;Im+U80sNxYK>kJ
zW2IvZw{isN%$7spejAtK8df$Df1&YW{GlqUZm<>UjpN{3UtQhyyPu;W9FKeIw$)Ra
zuzaPLA+aU1Gx0l70WD}GVA=Syt?1XgBdwjf&A(|Aw1qC6oo^ewAXd^|7^(Ae+rZ-;
zZ1Ls2Y6!saOtEc*pM0LD4jz11XCKqVcjq=h)a874LAMMQ>bV0B5?#Vd8L3N12^EYu
zcu_R*LV4+$5ON(dy`$vww&vK<vIX=g3kleViYk}lbjc%)wAgTwP8SPC@_^b+`S(;d
z3|2w&_)IpE+=Y+rE;6b@d(!AMyP!bvghFTwyFtaLb=>=VKdPd6O$RLfcp<IslO1%j
z+#%UDt{lh7*LLPhiKS3=R>;`2%UGa$e7NZLFjEI{@ayZ7`=Bk}^bw$+>!)fH`%%zX
z9Kd%_WI}EF+l6PJ^?lQl^2g!bDXxus5g8I~PF!1UQ@W?~7dk!rkskB6RRD1E(od-X
z+~#ZOxQJIZru`4QQ$$D<l>i^+jt!cXGleAcm51_6aI$jYgH!k0*~{XYG(I~c8nJS>
z*|dz0kB`Tbm~<1kZ@j)=@KKd0Vc&ovZ)gBdbAvLr_lf$wZ81^#{?3Qup}|<LN`Mga
z^NmzG-7I2%xGw|M?4t~fgY4lgwH70<1Or&g{rtQ;J^`ft(^QV^#e|6KfkUS2tESf*
z@Uhg*w6aFGO{R%Gv;(EWL^?f+GML-0s)XmKUWSa}`ji9jMcfqQc!X`ElRpzptno?B
z%NmNQDH9o8Vhi=W@SSj2U;jE_Z>bgc2@tyH=7Ln{kkhAFxor;{vV^am4Jf8bG}YW*
zF8)>V_j=UQ^jz2i#!?#3`-bx`6-0Ma1Z-t0LaXkuudVda5p22=VhTzb5lI;Lkkj)F
z52H6PypL2mVRqrwW-DiqdH;$`u@Z*>Qs|JWud?%%qGVgqC#%CUk0;_tG~`XmeDylj
z?1>3djqQDi*!j<bUxQvtYL?83sk+CmAoHrrN^PFL*DtDoRuG=s<?K-DPPUy8drO;o
zInVdGq{OpFA0ol_g>6^dI`v!Bolz9yp7<*Z`5=y=zcI`6e0<gAOv)@6b;-v*<Ti0O
zF5x9y2`50RP&YbRrJK~vi0usJDIOWC41dX}^o#>l`B&0nH>guNp3S<yEj@^Q-U)uz
z=Wu;>d2XW3MdzK$wk)r%<=a@BH$Q!s47DZ!CX>9iGTC_mW*CV{ah<4=$G73fMC0qs
zA4pkL&W<Rjovk5QRcD@CLh~Zk5CirN`+TU+wCyz10oki9&g;6tlmQnTUq29cK!oCb
zwmW?)uE=HsJis51j6uc{3%EFxk$}zIjP&`*M`2x$e(uZcIyFZldNZMlzu1+kExowJ
zi3+!MbWR~E9ss-;RWj@YoQ>?1+i{aCS?PfERkeIov+?f><%qW0)A{C{^;F3#+UHb2
zaX;}CBoc7&7EZAJW7Sak6dZsVqmK-^+YaH%kqdZ}5<09KcieFd=vTp?Lw!*qHnZYx
zqc?gIu51&=Zec~REIs$fWB>bRv+8VAzV%t0OE!~Ycqux^)LZmvqmNZ?;#jS7+wjdA
z_UHTAqHE}iUVy`wHpy#O$xBIk0`fG839G3n7-Qw)$$aWrmHaKU1g-x!|8W;Yc<893
zJC@EuCqhbpDS;5zd4JYFGed+SOw9cDkY)@ukA?fp2|)W#VC;oap~}LMVGNkU?W$$r
zyAE-v$08!irVAojHAMx!PZfXjQ=*b?4n=>oCQ-csW7&?_v_3zT7WJDdlqH46=nY3(
zKjDXj%w14(l+;@<h+{^7Chu36o%Tv^N1o-8zW@8il2KP1VC8KN+@(Wpt+MvZ_4OV_
zLS=Y93A4}`8dK4jYmz@#yMXy3;{V~MuZH+5c8kF@l)$01){Z=AZyF_sS(EHG4~1e5
zgx5PeSe@4@eo}q1&Yum_BgV8@fYw`{Y(hX^bwuq~$4j~l-2kM|SdF)D_J_~=jaL=|
z&O^l)qFfH``<MSF(mdmi*qi&ETqr)LZrmEU8slc)oPCMMx=*B|A;udb5oqBNHQ~gY
zdXDv9Y#Z9uxJeV4rIk~J@#-P?8SR99AqCcTqdTxw8y>!lt%6pIek+p$nX3Zsl>#Iu
zJa#8x*O@}{re4l@G7leSoge!Uy|0k4pU9>-el$>TV#JlerZPKStL+M!)zkW*kkqVW
zY<ETJY=0Xh<)u{kqI+P!YLbrv*4;w`JNqZ3sm|3m%{wzMmW#M<DhGN_c5kbJFT?K<
zY)b9aHip&*@V_j{biaTlFT$+=1Ms<pz*6PRMn($9-#680+i=UbY(HQ1dizv9uoE7f
zYw<oAW4(jp1ujdn=RJ(LoJkRy$v81TWAzob9fi$|`I7#vs5Bw1?EGlkNh=7X(A3np
zL|0vIfBwR4qAaV`?xMbO+Wf(+>(D^>YCg?8+Uz5k(Xq5&XNjVo{zXTUZ@;SY-R!7D
z+d4&*&K@b2VisKa*LSw)^m&z1DbNsztS$}IIve?#f-M8iL^LK?Fdfi8$9?fHDS@3*
zFMEYE9A25cxfJI7^ZXKgQD>Evjts%1c6#Nao+B>yf(IlJ$A4s2jBLzCh0ldCueR-M
z@+uD3g3U%3=yd^yenjY*mE~`<l?B4blRY_tsN~{+k*6ubPZ;}oRryfxFuZJ}`*2@S
z_3Y=*E+fY#&*doApg59y|8EZ#eiubU^RLsVYU3^S2i=keybKpn=3n|y1<L?_uBSBS
z(wmE2pWlI^>W_pYY;`R*RK6>xd~H=Fr*j&{ZH*PD$_0GWmCfmq0+#+}#(O(E2mSuk
z7s4LIPobK+VE>a{bI_msBUZfg3;ksD@{u<0<;;lD^X}pH_8VE2&~&rx3hjEbME1$*
zehP9f3(IqA<GWHwB(ymSU0^6G`LMb0K=Xv8P&aFoNq3kr)pwsg_my6(Az+dfM15QB
z_ZjI{D%551Rq)S5@CCD`M7c)fWZ)T*KwYeWG=A7D;i?|DYG4Aqd@tBj!stuWPa9ev
za7P?e<411JVf}NrK5l}oE=q`z1F8>Er#!}c7<Z6Ag9Ewnn8f6+zaT0CT6xwWE~ziF
z6?66c40m9qz{|m>9-;ny^7N~MFr6UiSGNJ`@W4Az!2iOxtHyDp$*Z%6U}(AOU4I{N
z6ACZ_2G^oQ{rcSds^qrBb&fwm@PdTfr9xUMT#^Cji_w&UNyP{LMqp`CQLS!5`0jRd
z;;I8A>M}1+=vCVkgchUrASi~>eK1F{FjDsXzI_(-XzZoD9b<){K}k)sI|`Qbp!ocT
zB%kQWT$O6<Lvn9G(81CIE*QOHJ-4v#^EG7#tjO}h`qiPV3xEVA#=%neF!|Zm5744R
zw#2g!hg65AYn`=>{YDPHE3{GqB#J2XJQe<{uSPT&aGL3_R+9s+#bDcg3tBb<V>tFE
zzui9~_Kgk?Q2Qsn%RSSo_j;slAixczSu@Wo{pF=e*sO}WO5#~yz;*K)m2G&&J6Z>i
z|KmE%^wHL)*KG{O%_wqtv^6?@v|BjMKzCT5+F2u-aPkOtW?@$6GF2>Mojt|cu*ii9
zgKj$#X;=Cw@w9Ebhr1=7LRw>){yA7#x<f}7CoCW#aZl8)e`qJ%H5T^(#D^(}U$tg8
z=h|x?RtH>@Kk2@0Sie6iG7MY{-?U@Ot<X-<im*(iV3c~@gv?)6n3ueWiGp?Y3({$B
z1pYj1y+01Lqw#h9e!_Gyj)n@Z(=@@En^rS50>}H%9j$t~fA#D)6OV8<7l1`|+AGU7
zG*<1xwX<%(y9C8rR64>|ON0tLvoc|Fg}M1dFOTRhuL?+YBn2;~qyAMT9z33RritL;
z#52I_7Q+5@cg-(Hlr@~PicH^~P2@|JqyoIl6U+UxO@5<<Q+pORNonx~BSuJ1)o!Z7
zmD-Zg>%)%zgKf9Dy)U+%{{IbIKIg+s7X%YN1m*+Agk`n(1>E&0<XGqQpXVezy7%a(
z{~_b>i{heTlLFhxWs1eIif>T@wgn5_D5>Garv#vh2w<iEMe?+>FER;ow-&D9LM%VL
zB&_>Qibp)c7NO(r!2bv6KiaR?BBDdia9^LOH9sUGEv0l6)(#DKTopA@$Q085_49}_
z(or|zR9pAf*=ILLhci`4A~j|T2&<y-dc(+2->0y6o>DmFWU6iq3r%61TpWWaJmUV9
zU!J>Oj2d$3W{&f%<@pjp-ETZkVOMhV?Up(l{N~Pkf}KW|!M3eSI;m99d;L|yyEY0Y
zb+Ax$VYh_|(?l|f`3)he)$W0IIT3d{f$xVn2vBQk+_A@o(n47!)JWSJF1ISRj$FA^
zJvX5qe{Qcm6B;2+72Y?X`=;=eqc<`wa_ehrVN;JP_G)jJUUR<_bz2MH6j@pesczmJ
ziO6s;xvMx6w^>UM7SKa~a}-^&3Rzq~S?%a%N7{cE<lpNHKT^zXGg+vq9R}dINz64%
zsyk@1_KgkIcIQ;DSefTvaL$S)j0Lbl7HkE@#MGXuRDOGxOk=kZn+)4s8SSO^_#jdH
z<ZgtVef{pgc9^=FnHB$jXA?M|^N&pb0l-?W`KgHpQcv22r`g*$8Oz`Dxwv2q-KTd=
z*=Mw2Pn7;gu4=B0u-jymbDWe*Cs^bD&ceo^g)xef<;~Jm#8p_Df<>p8s1OSvIbe25
z<>=`m-}2v_#%?M2osDc?DS^|L7*KKhqVX^R8q#10K0uoog#*|eOwZZeqILA}AmARh
z!`jPx?nn6c9xPZ2>@hIQ_`GhqCA8%{oFBO+$~mb9CAj{E3M`9v<D!nXwb7h<mlqaf
z*ygB!pS(BE9ezhF6G?Wj`j%LZQ(`*X%ud0x2T~Xn{UHF7W7&}?1tq%YK&ye+kGt|@
zNZe=sA<u-PcaxI}nUlk_JPHpJqT@7<>VHDw1;Q}3Q5x%JNVtwVt_S>(({hjN*_MWT
z?uXg-9@5*sU{4DZyUtjqrZcH`P)cBxKL>`a1pmrjpzMWpnzPGZp6)`KQUonWmZWet
zXM2+Il`r}wY`S_6Y-ID31+axgbaLG3c$q8n2J6VPII;wuk`Mz+;f85&b6o7EeREt6
zj<oSzC3DCbbDd;e$P-GnM*p_qD{eRHyC}dPJn9<0IzV!_QzQ+Ce7D6A7ru&VHlc3W
z<jCo;f3qhJ-QH(hi+1gzC-|`Z5}xw{C&oHOg+S-*H4`24(t3=eT|u>h;;?}FCeZAt
z(SOV;-j7H`-JyoXj;@4eY<Mhnv0YwN>VcD}_p5RrYYIn99I)!jC8S?&=+_ICxJrFp
zK*|GNQNX9$lK$4?oBjiETD~BEB==))<xT>FB7dZVuXbo;kMvpI4ObpMYA9nLdXPuP
z8_`RUo?3h#NBs(la5dh#udAS!DOJW*nfWS>Q&kuA@dR)@0)wvo_Fe}sLub;vMY>;t
zWS9_?IVM`&>f5HM-u!37`ugYIPESgkqmy*tq0};WDK7qwi?p!a)ZK6te&xqZV|vO5
zqsl=+yg0OY1)z=2pGXS84SLxZW5ws-MiYrc6LVU=Cm=q2;9OyjV}s*Q>DM&*lh*<W
z5mYM7MU5GLky?V)x>Lsj3jkD)nZ5ntSZWt+iPkvTbyX&(&iP&R0Mr2$e)iLs7q^PE
zC{cH&MMV)P;r}!rGIHFNJPfonw)FArtf9XQ3-#4=?gWhBt;2&3!M&}hbCKz2+s3$d
zsM6v(PzU*80j0x(>qT{ztTcKiRFK;wuLM4Qm$V2bb(?K0D7|4a&rCHlV2hS$Z?wh=
zZGCgIZcUf6NO>UnXX*4$Jc`2FI{(OsmH7$79RjVYS)C!2%!(A{f+K!AcYLwmRCg+g
zye}xIH(R(ikU>DIW$-b9*hMYo^!6(cg*q!eh7ly7Tkoe$LezrnKs^4Q+O=j5PiSCi
zdhmEC)NvC8GG1#69p471TS27G{%6|RsHTJ}ArrokQUW{4g)WPXaV=nAMv8e5p@4P5
z4_s8ZGSZ?VmL*hu>%4yq9JCn~Rh}+%gv$)XrSxc;@)?M&$wQ96J&PT%w@`_-{xK_h
zxr43kB#EVb)$mIwWY^4h@XAoG#tY8Np>;^7<P>LhS#{x)>E<?#NcTmQKR3?SMz6e~
zMPUkc$Ixp5&_{29Ie`yq6OXBpi4$nyE~7dI7z6fJ53v^cMa+wBD6&^fXqI`|0qhP~
zluOuPM1(u@V_bS!VmZN-<{u6>XHk4U8Cx-~Nlf$m&JXGg6BvA4ZH@UbJDN>(@DuUU
zk0vR*TMFY`Ii2NiH@@X@yk01@>JtH*?~}7bdpq{~G0nidYNtY1xr0=lsj_~`O&L^D
zh*9ZtlY1q^0<ZNlg@^{;W&$X$H_)o3+7;uJiQ~}fnEu$q{mWZFeid=B&=MEEtfD^V
zN5N}-7o`$?Z~O?+T#<0f6fQIyMcN+}ki8ppy2>z&mM+T1936QZbE?Tqy{q?sq2;Ib
zked4KZ29;O>TNU}@L#u8xzx9}+lvU4r?XmD{-3ez>l<v^#&G|3y^{6*?9$8YgX*`?
zyQbNORJcWP@6p=k=rDdo#nq<~<LHYBSlKf>z{~E(^gGkXlS7;Q)!mNfC@2H(7V7Ih
z#+6vrP{Df}mNOP1Z_(4MQ|s@t^_^#WAX5B6_$GXBK(A->Byj?7a4GBO)^_m3iHs{G
z^P@g}wzN$YZMb7;uaA&_kmbZ`w+5G@B`_<KeKz=QC<GWx^Y&%t6O5Up+D*Z+esnA_
zZts;xr8!=H*a7ipzHUAn%C90?E|^qm%PZjmB_2%GJpXr;K_FzD3x#BC&fy^6&JMM$
z4jk(<YFaf7Kk-<8yv(YA1_^c77R|(yXm$FW&$ST7>lr3lQv^+;xb#>vZ~|o5?<Ysw
z=hb#~mgkv2rCx*Ha+9wm<?~^Q@Q4piJE)Hf3y*i+ExT@tuR2E2vR>c&yA5-7?YIaC
z)V7i~Wx8{k)-c>wT7V)|yN0`u9po<b90;BFU=OHi8H;9Z_s(e6rC9&XU~Vb3J^UWq
zSZarty~*$_3Ej<lX^x&-%Divavd$L$yM*C~fFFJAnnwU_$I7XLNL-WK)4BmD!~Q6}
znJK^eFDk`Qz}K1p_y!hJhV*1f#9&V@L$1%a%PYnWrf8R~mk;goX*AOkaINOWir)6J
zk_XmgJ)3N!sqOV?c5AcKQYeT}2(zHcZ9w)}b~CYwQi4BMIUli4tCX+E*(WC@hJRjS
z-_CS2uD1%Uqxc<h)Cs{ixP%wb5$bPr*p$e|O#192s;roP%5sl0kp!XQMK+_XzV($4
z&uygt5~Eq#;0Q;r;y0g6c<smADi`a{DS9Kd``>O}YsD9i1KzIN&_ZO;T9PueIo(hx
z^>*yOsQjV4OPsumWzC%3)V>^DtfrvM_ox$vkSnv;4L+)?+s18fS##Wg1`0zpefcrh
zIg?>k)o`)?>!7ghz1FGtZOJ3izR$Svr@WTC6{S!A*^dr;g8DeVhD=e0@6U)u379vo
zB#%j=J(+<h`QnBt(Q+Ht(y}{d&o1X?PH9-=$QkHn5OBgnLD?Zq$4tJE^kb#|6R`ep
z#{K~>MGVp<`~u}yC~kbmtYRwfTp}c?;vV1__=(-enweL|O<qq%85OkxS&O?LbHaQl
z?&5&=7cg14Ro8K>t~l3AYdhFo;@)=ot_fn@A~f`Es{JsN?<iv-%0g_(7jiGy2-B^d
ztyx&RuYAHg7BWR^lA!25SJK9}SnH#XI6ROl#qgW+ll|wY`)g^)Ya@CRk~7dxp|DyF
zWk>(`Re6etr28nFan3?HyMO`gt>_UCL>GY%<H#(k9AFG@;Yb?DSH>I_;NLV-^zllf
zw&|azuYYsAl(P0RF^2KrEr!L6eo}si`<TEU%{^ne{U{zwx;pkmc-mccTGvstuzR{%
zGi4r&ApGoPggNq-$0_;*co_ianTO?^I9jqj1Wd8~rE+TeznYytd1fy?ynd)<L{9_T
zJm|d79q%Pr4l$NcBm6Jw-ZCn#ZQB-3f<v$bcS}eJPVfSPLx2Fm3Qs|TySuw4A-F?u
zf=l60xVvlNPT^L-EB4;!+<WeOf4{H2_lMS2v1G2f<{Wd3KKtn7tBdw5P)}d4ab0(f
zr^HkHP8;$b*rk87G-i2Zxz+#9z5guUN+r;2fHz+zh45{1ZBEmBDNUfBM!m=LE0058
z1W&J<$?sczA5&@ANev*5HLq4^IG?z`vALgXDTjjj?eX(T5teb&KYAZk1R|~b^ES?p
zRM6tSX$iFC^e<>7lDHbIxOA8ogGd!!uWLI(<~j9q`t!1E|JAcF=vBsF>07X2Lj@qK
z`MBIad5VuNP{5_=V>U*>@biCT6_5YDn)xdw6_)s)A{f-<f1M@F1+G&=u(MabSO@Q_
z6=giqbHzFT`(1GZ{{kP=N%8UV6ND|v1RQrmYAm%3Z_Z3ZqN91!5lR&QIADlp-Tw0|
zWgVS}#zw&U=H@OU5aRf+Gw=fbx!=EJ5gs)-{;v?|NXM3xlzhX=%JU%iS8qoD{oa4K
z6JjhbCiaYzlXKwV#pC-z4gY&@!e;TPsoDO{t5bdUZ^A6%(sb;<kHj`;{+)J*?gyLw
z=SUUj|EZJhWW&P4Cm)*bt?yMH`$!o1KbxOkUzQRd8+0}E29cRhs~WfsM*g}%gxI|U
zj;;CGY_4k}cQX`vZ>;9l^1>l&$F^y&5nmtfEdK8#B1FelLRE<4JRh`z^(^<YKx;-O
z<Mo8~7gRphJck|attJEn1WBb#!4PKTTagbI5V=#|3XJ+YMk!p<z?aT&-z=Ai?P=m7
z96iyR>&8dP7dWNFzxI_L8%!?j2)e##Q`??x5^_2a49dH-`f_=*K{8u}z5D*ae@%FJ
z$x4C34zs<1r?oVgEeZFRf~_(>CMKqm!~-#DCdon(WAl=?>|YIr`v2!Qh3#PV7mc=f
zE4nOu=RPPL^NR34S-Wxk&|M&i_g(dObl&UE)gMPJF1Idgqm^IQH;FU&xX2WvO2zYX
z(-K<Dkf?$>=xfWK^p@khxLophOjI}H-hEH`k-gTV5E-2A{p9oY(LVa~gK_eAxH_oA
zo4;SL&bHsejxV|f=bgVN#g!aA$^`_3(f!9jgB{_=-3?01QzUU?MpC-1?H<Ui=QVXi
zl;&p0)h>|;Ix%Q*TLg<lEsK3z(FbzZVKo94Msh6$2bQa-kNIV<EDv5hKb$3}m%@=w
z&OI+Tm{<NyL_oheCG4;#f=+x0P*V(<MzEPd>%?1zxA4*J#X9;R9O}>|Apt0Y;F=ro
zIK9PC@IjjYWg{%EYSH_rkCgX42hXV)vtk>NN|wDMPK%5)M7w2YTsMW`cX#CmS5MxP
zR#5QL+kdBadf_iP)j53oiMGWjitFS@a%y;0{M!&r+_oG3yAk7U1^~9AIAqa(d!~VU
zXwfaJgbSm;2v=8H-RphO*<r{=axFa%2TEY4z+YzcKb3zxc;MQB8{$~q8JWh`3$6sA
z{9KG}O;$(_2cwii_0Hn)IF=(8+aDJ&)vv=Ed_bvt%_rqLDe0l$GGnmIE(uR@V)&sY
zS%%s&2MkM2BI}6O;ZX3&mi2AHyFsFUZ#_x;uyUhgo%fci#4*Iyt*MN(J;VLu$BzvW
zll&jOqJiFz<OaQnA>O3_U}VRDdbu0mROuy||MBJw-=E!X!#bq*-FtnIpF0fN$?^OU
zh$a}NJK1f}<ecps90#mF#~Yj6==Mqq7H*e<ipn&qff9w|A_s3dv#Gy8Bg$=@Y`SLq
zr)h&8)sY|#|6}MDVD;Btlzxb|Iw*UX;SUH3qG8~Bg4GrIAv=f#x^@fHxBoKAJW<H~
z#5<)iuqQ+&AUKego2#Dz9+cX-f>T|-+MOEmQ6^}3$a>^=Kg~YC78``m0TgKxnY$zj
zL8HZx0oy;ZY`BEXCOZV;2R~h`H<)b>?_nC!*dXv{C$xrzqiv7X(eqG=g#YBMd7QVu
zqW`_+g=nsEdmbyZh(IMu_Dzj=15WB_j1{XujrjDBQ=3y+@HJ)z_zgz*<|oN;b<2?=
zV>U+xcMB0uQq7yM@27^+ebg0_4Ek=Ck7u?>h~&xqY7PW4wpx1=gdGW9vjU$zz!(}m
zJTTiCJp%V|pG`)FCh&Ms@TAuJ4>X!EYqO(J3Ob4|>*<cxA3Z;Zvv;vRj%Y%u|IK8b
zR&c>MIdC{QIG8%<I5<f8T^9mM89Gt;ck5j|bv+Dz*1ul%K<!bp?da~LdCQF?+1c4M
z_)*-$f?2Q7+xT}LE&nUR>p;mjeJZvLjP$(vo%%Wf>+A6{!@c6=H~MZLIStenY;7@m
zK6n4M{^<UX!7~x~mt?_}4&HxEwSSJ7(EgiC5HO7T_fe+Z|KBGEM>8=K6BEmQrx6uP
z%mftcvWfZy{QS#12;jXY2>jMugB2d83}eGM;Sxt!jC^!zg#Og)MpswY9#uAnpolXE
zj28?tBO)jE6_v_B;FVeN8|>(ftu6X@?^L>QF<yKOEFO?w-`LE`&+jpN_{$(Z9D0O7
z>{QK!@7;cer8@sa@PP6tYnHu2O=9&PpX@?Tt%J~IijP^;;ogai4wqE@%9oW*#~_1f
zBw7?k`KYptqT;lnq^a!yUTjQ^e%}?Xs9$WW*N=>)(z-f+I@Z4w$OwfcLDy0;uj}D2
zFypPCLC+UY6$SW;F<T=?<n8+&>3f+L!eM3dauUrw*>sSqNzQ0l!~^{BIXTDhUs8tp
z`T4zokUS6-d<d5h8%|6leRUW^Bl@fbwNFyaBSp{S?eK~IqY1rlIC+cNkKcPe<IaX6
za?JqRi&PY}s80*%At?WAp<5b4BaVCfVswuE)hiTbeCW+GV!XyF@kK>FpVsFgfsjD;
z?*)Ze6tMd1T<dPYH0Y&J!8nMWfdPa({BNzQo=s20C4Nep9!dz#lJ+MX(;PVGTUl-9
z$7DY-(>Khg_V@ey`-tWuJ)|c6%wkD0O?-<kCW|=$;Y3=l)rt5^wg$@mFV6>tU`HWt
z5}5Go*PF++NgbN&0nchnDl2Yrk@+Mg{|hnGzhJX4cX#f3K7U^1{nv2NqyNX9!g)+9
zWUPO@*%$1XGK!#q0cI8k#O~C?W+<XP8~-eK|FRcK{Er@}SdL0snFWwp`mxFCnPu|I
zntxB&vZ%k!%D+x~d`hFpKP|of%Xy_ikM(~%NmT&xGvxN4cKpx#|9@~H>}kdmGV+&!
zjl4<j9GG^Tc!aSbVIM^TU1w$F(8Zc>j*9o00|FS6K6ywzHuUHp3#lah?~c~Q>X%p4
z)6+}z-5D4dm=F=*ltb~9PwnsRW##?)?OQB)MP=oKdQWffTi&n6@q`miOy1P~@J5S{
zSIw#$=E6#0S$=@8uO+j~im{dgSLxQj8q>UOf;SRuZDrE{C{RG4+!iTxY)O!X#q8Gg
zQI8BkZf;gaM#cb)2l|?C1lQBesV)67dq7&AfY1m!cO;T!9~~&eN$pO)^CQ~Uw4X+z
z@WE^MDERH^<>O1h$pbbFCNGL3$)(u4qAQ-=wp0t>GL=Q!N4#MJMxacIsjF+YIh0Or
zX$6cOYobP3BWBw-)LapI@yK+hQfp+#6vv`&*{*M|fbN@n-?L9!ZNbH@oJN%E>%S;n
znu}ZE<ZD&ct*3#3lJ!UNI4Df;m?NHl44=o}PGLYFv=YImLq`?%#(6LvhB4D*NT8!X
z4@gg^{*(p?UF(j5b{wz0dKR7fc?$t)`p(x{YheSNcUC(&+c)ImS3K|B>Y#}I+;2e$
zk(;*Z%TI~W!$m=`?P=WP%7H!7<)O%k<7Xn~^!yO?j?PZH*PIlhZL~calWIDuK2-rG
z3^`i~rB%Ptp^8l$UP~X>iGjpiV_8VH2Aa+cn_G#|aO{(Do6B7g^P)So<i_^Ibzxez
zr6s;@cF;~Kzl7)Ys~7do(xNu(SqBHpeAK#40;>Q3>?D{PkBlm6q>LT0iZ|o0uC5L!
zR(x`?d6UGm8|52b6I&+#Ng)C<;M>k&GUCzr9`SYfZJ&bS_TB*Ahh&c@q4zPX>3DJB
z_G5S_aMEXKEv<4zmJJLDIuq>DJIv>aqhbLJ?n*-?>=vS8JiK~VXK#&6)sk`3Qo5Us
z&=vBchh6<i=CwH=lhkSQ=rsd7ZE%*j>$7p`G<adhm+DlLvFbKw4Y{{pE(tB1pI4Jv
zE!QEXlMAc+*G5NEt)&5Aordq)jz)zR)OSSe;0#e|eCJXt$6Q-OYZolsp9=Si1CyB+
zz#yRoRl^y=*oSOy%C_=s?<V|v0Xvc{Rnp~_2c^is%RfQxmxpUmq&?_pJ6b&zYr#oN
zabLXy*aiv!I?48$hA7H=(RaLVlrVG4t;=a7|AyUrbdpQ(_uAPf{kO5mr?}Tf?^nFL
zs|H(;rlFv&_Qo*s*{&i-Q3@3Xe(i5HWSp!^=Jl-dv0#BMbYc<rJtv4S)o)O@0^4nT
zO!QqnS!}57f9`y^5HuW_tlsWuO?|c0pkGo(K}j0urF&~|%GUB_eC`zqhXvk{aF~>r
z5vCRVnk#Bq`P{hqf?E>(v>}S4vV~O|h|_xfN>@0c%wwyMmU+&;)B`j-jLY#b{%|H0
zqE0(H{t~5d=ufI~$iwnIF9VBKKr2EJ%^gG4vYit_o}^(a{Qb(#RLn1Xw8_-EIEe%Q
zlD_h+d=+95aH9*EdAnC`v?=zx&`>h)Is_Y6N?r$$MNjuV!QchoseL6r1wjPxoc`*1
zQH8JR8;#%O@q&({r$tcMJL1`b(VmQx(l<T*l6E>2m}(D9J;M?n1}|2#vhgV?ePIa<
zzZp8{UcW|#;zN6SJZps$QWL|1olDzA083&ctWrj16o(7-p<APGHw}NI7hotCvMope
z4eGCF<_lCob?mr17$C4C^iA&by-?Bi?v?3wV!X`07Qh>35zpOV<6-zRIzb#Yz{4lT
zc*q35&SB;FwD3WtvC;l^irlx`dI{DR8%}JqF(z3g8s0x$8cSND$A!@|1?iNFpS<4F
z`p|5DSu$y}cVUSL$h5Jio0`r^F0bx&0TnOO0B4;nvG?uWpH@oO7?;rjUN`&vF+Rm5
zl|)wgD{F>A3rdD0D0-MZ1o3jg^uf5$Vx~3sORD^GSlZ;uo;xn?p*Ai-ye2NO+O>)f
zE9D~*q5se`U?a;<CjeErO<|c)rgqys&@~a=!;X6C66yQ5(O0JxoUp4lp#=}JfM=)W
zwf~?C|F!CPoIvbse}oOMjvtKqLbR1hR||m5@z&)O_%9-%cgAZuQ{Lft*H<K6UhX7y
zuGc-X-l1m{F$2oK;(bR}XaXd=X!IwIXH={sk{ezG7SFAUu_$e6=Qk6?DKhUF(J~X$
zF)^cO;*ZW*+kl=*{)jJ?kgG{tze0}5|NJYsXXHzOWCu+&F+l=zTzuo8K^*`z+uzT?
z{4o4bIcdK7aQQ$f8&3Sd0=jnnK=K+pEhJgv64ZNvbpv$MLB=V0AZz%v*g01x_gx+6
z(~~EB<+kJiKbhAn)_zZ2#7iY%CCYl3vgqHomS-?uB2s4b$=d=bM8d%oh1N{F%?qPB
zc|o<-HT0B^$lyh#!815)d>uokr$@}Cl~g|A7TasF41c*K$$u$(Yi)W^#Nc$8oWpTU
z25xte*qoOoAsJu**|xnhx)a9Q+Y^%zZtw|xnG0G>D=J0VTBW#hr|t-NJ6^tb#&X(L
ztKtf=<M=6dw066}RR#r9SJ<B@sebpLpZ;X9JF(+}XY}@GyaaPxr@=MiYo`2qv;ScF
zHkaj=inm=~yDP67&=y4~&SAaC=3=JhKGtz1)X}HxUw*Nrf3~V3`H!ppU$#Zq6vWTV
zh($cC8+c@?4*)w;<9f&iHZ+5sw|J;fIt#WEtSdeQY@7sc^sr<0kK<EZzUXDkhQY?D
zflUvu?Z#f%9L-3jxZwH1Q{FECyq|EjkOkKDH;X$+(L(O5zpVOkzaMPRHa9MFftoRV
zZ6QJs=lNx0y}dvjX(FCJ)|-lLRoCyJYs5jY?=;M5jRdwgX$Bp^BHc-^%<<w8QwP_h
z%&pB~K(7jQnmU+Xgbk^g`XlgO|DL#Ly5oWRp?jG)?#`d%+dd}%!z1Wb<!c%MJ#pKx
zmEq3r0aFxSu{MmG?ggEVL;uJ9hWlruqoXc1YcF_8)1rghqRSkQkpaVRM$QQ@_gS3=
zs6tE#kM0_1x5pozoUBr}8M~+dgq-|7mKo@Ss4TxE;XWcBZvx!|d5kG=MC6qohJucA
zkP@m4k`do`-PoAsERdS+a|HtASpS-{=9(e0I`*;tM^B%OXe*aD!#A7R3<Jbgo6axd
zqMKE#0U?)%Y7(oi%P#DJlw+1Y&TS%)CPLlMK2X^QoM408h|X3AGPZr1MNbcV|EA)r
zHglik*RLdSvASQX9RGL?C;!A=Ou>p;z^Ld@$?m9esQV?pn4jM<09GgI;=9tC2R^!E
zoH}ZWqNogiA}0Z4)d%M09Qz#l!}f;sj}KO5N%-w4S1VO1jb20CkIX3Q?kGUfYzF%g
z8|a}QM<51XUL24+Pj=7}C!om{zi5lKbuHn&eZ*^dh@JEAY&<CKQxZN0VXG@)NbI<D
z`Ij>#om0;U&;Go%2>oYaSYuFcQ(pBW;n0j=Vs_&$&IK<Ry2da(P*P=Eef5<`>D@US
zUYtL>*ZOA$#%{>vm6S)r8s8^GvQ!I|1Rc{G<UQh&*3*P9#i`tQSk3c62lL)-aerD?
zuXeCto(?auy5zaKk-v5V+IJj{K(iL*Dd{khS|{wbW1AQka$<^*BgRN^zneA+_!(WC
zbyI$Hw=}ZB;)yAku=8H&NsBfkht;g&%|f2UH;jH+Hmem#&5sc7hxwnseH!@6?U*5B
z#o=~zh-d@O;lb>U{(tQB@F?*u*8cB54UQLWFiw7u9YjW=HU5aX-0aW_*r)|E2TOy1
z4{yPqmpm6%I)0McQKrrWlB5_2J|~&<VGtebzA%wOVnDXW5iKVZs%v0ph?f^u)6IGN
zPh0Vom-m~vJS@y?M}cPx3=+D_K0`>|t3|Rg?6&*p@@em>c+-Pv*AF=c=AEcyZI!R?
zk~?9pWMOg*aT)F{po9+d?uZVJm^>(C9EiBd;$?;h=(_i1QC2xo+~R`L%8~UsKpg&X
z(?Vz3_6#|{2I3@2JIe`BIbcLYf^ddCWMNNVd?aIkp5}6p@AmRH=G;L&6alRe5Bv!3
zN@98d$BSDY*3Pc%W|@z&l6Ic~t1tEGShw-Lk~p4T(i?nFOY>!nk6vpS_5ASmb}99X
z!`?O8cl^-qZjCRCiFq;#a^0zN#_Xn7A1cc{p7z%yEm(I12(>4@(uW!`+=>fR-BPsY
zcaopiDTemFh+DgBvc0+Gkl}g!I2mYs6>iVd@_@Bfk5lH`->x)tIrLu<)#DO1ZPouH
zN$VsAK22bPAUcbtU%rS-zq*EA9k21-5O;=UBb;gFFU^`!Wdrt8JO^CQI=`8dUuXu6
zA^xC-^*{auSzc^pqkB(Ak2WM~_VjxaN#wabBXpwa4S~_?HsfU`3NUF_>ANAh&Pc9X
z4$oDIlv72CiBs)uA)6;t0~C?;)9Gd{y>TX>>%AqJ{xIp8bIXMCbIcbiW8dR0Ui9wr
zqcF*q|9}Gdjd@Ch>LXu~U(nIBJk{{hj{G)1MDtcbH#y1gcRbsV*x1h;)cu7~h7Y9=
zdy#mj-uLM;W~0wg3Mo78MIIDG?WJU{PUISODp5sgY0)upq?DADLSd_&SWWnPt^okt
z_LKti4+U@8_{qGzTAq+cElh41h_xS&_Z@xr6$@Ar2_}7+yL#EqXk&6jw7=jj&pqLA
zm2yR@LR8!p%0+xUUT8W~{f%>VvdJr&j@@Yibgtit?&e0C%{bhext0fOPwBlf+GK7V
z=o9O(r-p-vrA6M+GNEhpFn8VoFM^*TFEseLE+0*83BO{J1G38FwEc-mF57#3(8BVz
ztEp(K+-7sShgm$PD5MNtGkCki#H`==<wg9T0Q30eX4iCX<;2Vi#7weWx^xcshS~Vd
zYRP$9vB`DWA1!)i?{+1!RpE|_jyb;8HU00;4?FrtG&7$<*cQZ3wOC&&Q4{#EG`7yL
z)U_$jix8$sZ*e*PC{y!X%jV*;`}%at_HcmI@=l#D-;j8sPO#P*dPunkjl!JjSk-{u
zI4;!7f^zm(*4A{5z_#sZm(&aIxE30`achqj5JAIIePnPnRs1{V;9v=mQmLuT08gC)
zdc8f#T3$(a_=u9r(KVTSlRga_7dAAL_R-JsK7ivlu%ggh9dk#dHc<R{>RfI&_Z7ZF
z>GQm4JS}wMjW>nv$WznK>yYQ3AsjE`SIZyl5i(3Pbg<VIs%jg?%^l~IG36$`^7~Dn
zo(d9+I!A+UAV<(k0D4<nn+v`Kb-yXtbBAX0Zd1DivDp0dix6`Ej>x0SZQ1<ZY))LE
zs!NoUqbZbre0$WxXY+&~Azz|<cQrvPbQk$ORxNI_F*IdgC$<HhfHSfag~?l1W{^|%
z(6vxRB3RnY+y*mgCv?>1WSjPxKjiy2Cz!U*_wa=8#xVB_3JwfenQ+`^wZe#yzw>kp
zBi9@g3y+*EzXaohst4z4yV#H6L6%At{M0XY(m&Ia{S)$SzV6<<ky3ZV6w5-yZ-|*b
z--ruqa7M#2W|jH?!;+AYqSJ|;KfTqkHJNs!XwY|>MX=Ak&aUu>^cq9#<5`>VUEpJr
zMH>jr*lP7A_8r)3(hb(^G+DUa-&)?L9f_||qE|`As;|5jU5k5ov(%p2(5#MxNPujZ
zf?yN!H4C}A44c8+J@lg^yA@O0ddH2I(YqCkIL;xRwV3_i0=0Rqp-FuY1u={^Hxs?Q
z5Lw5RaOW!dW_#(4?vF4v*E~eP1yH{mMljhmuv~K5U#SJdSLu(xF|EGPYsNQNReSh!
zyY;&0f1*0=j4aG8s<u_8T-dnO!jdK?+sU*Hc+pmOp_2`z8LfSW330G88%NzY5V7{9
z=et+oK0ci7r^dr8m)oF3=+2t7%ROEG0^SP(pb@$keu$5;Vn5E)dl#zTt8dwU!36IF
zkWrC$JrJrK-BO)~(0xalAr9Fz&9@kQWu_=m`VG<Ud0w58Eiw$!fUdAQ6%NNP3X6I7
zXPVc6A=u5)8{}YG9eg@?W4X<o2OuQpxfvb3FtP@Zq8L-`%BmQk@ruz%o+^B&atj*0
zrU5E`DuLo+xU`-V(!(x9jWP?icVf%+=BDD>WNT{+$3=Lp7$VD9GY(@dIv~v}XXQkQ
zow64XD<vFd?dGC&A0?dKdWt|kjSn^XLifYxn>{COGR*#A_?@c$i8nn!qfP&OR4_Vy
zrDSp?xB-`1lQ32vC2Xj<>P-!miS6yxD18w$l+2w9;NnAGd$?jm>bvD(wOCEos0McI
zCdQ>+P&r1VYJ9o7gBJ%GE2i%{EPx%!d991KG_iIUu+z!E1!?nIK{R5;HKA!ox&V)}
zRx_8gt4t<(%yt65(k6UX{pK+3TB{vNpTEL93hi`&vZKSLg1K>!pz~qd@DZtj;Y&P9
z%1fz`hzL<TyTZC0)qkO2{|52e8Q(Dz6A`T-h*I10-VB=qiQ%upi9pAYpP*jIb%LNf
zS#I$ap{VW7E9W_lkTRX-G96_S>AGXp6;de*LfJv>bVm4I0W*l7kr69C>drSXoM?5#
zl^THk{IjPB^7Ie|q*iWgEqHl|hPKIqy8qE(Vg4Jlgx~%Pb`Mrm0kX16{CXgiPiH5s
zO%J4JVWBjATOh+i2p-k^D8@W=SN_yq!%AG|?VdP(oJa%$*P~AAL%=U56*i|6ddxa-
zq!)GrXe@7J!rOM5L_h}@FMDdo6c9eq;}ZOclwLX0Ary-lh4`Olwuy#>C`hDL4+o=&
zUVUNcl%!$UM)C7+|B+~Zzj{mgw#OwjWCSlDNSc=M;coScv8VqNQe-;<dB#ut9wkO<
zCCo33NdIF)@-=R0pA*4ZJ#)44bJjZ=vu4q$_rPF`f``VAGeVWWYGH%}@#7GjYGDN?
zabT2-2UbJepww4QcW<Vj?bK@{ij}t9>k2=V9({zrnb!f{jOjni;GDuzgST(cQE1;V
zWAeLBwZz?O{7CnqCXSL;Fm```D1gJ8E}5vPiW68z>c)Bu;CrsgKczcQxVb^|mKFye
znu(5qGv$62ASppd%Rv}uHiS=3p3Q5zWpq$r_Q@b}U;;THxX{i0m_j+!bhlZIp;IDp
zZ=Aq*=X;FG=(QXN=eP<2X)oA3$aQb0&;IdK`C|PQ7mMarFoNI-coy2bv&r=>CXS$p
z_z75A(RT?ipJ6s}CnP))HBc~@mKpGZO=XFy)G_SGkEE|Zx?~t~w3cB4@942@N0m!Y
zhU#4tZ!WfSTi$Ol(g_oy#5HqbRp1xQA@7anhx3ZR`D`zLS4y+@3ev8cCN6dkKON5{
zDav#BeD?=cXK`*V%RA!ws^NJ0hTlZ1AElbCw(~~=oBXY~=LrG*RoBxh6IF7YPbJ&U
z+vs{mVHNO#<IsA@8!0C@3J;HxwZ7PXuv;uSb1Wh2THj<5cxNv<<@39ozXqg7l7|DR
zj*l9FytU;Aq79(+(UId)>2((WAs&42!VcWX^NOwp>j)s{uUwvCSP6Lq%&WH>E;K)U
zu-4Ns0(<U7D)6$jFE$W(Q3J6FJdYL|g7<`LS9GOT>db{}{{$5=T`ko6-(DUTx)cYa
zUDnAi8x}!#Vi*M|r#-D8x4CX<)fq#&Ely1XEB1@z&Z_*s2;Veo&sY6|wzc0DMp&(_
zcFKVrc23BlkU+WJJ7_kqzQ@hPQRGVL?$Ic{nsn`vDFWI7JMOVkiFk!2B)CXOb~fYF
z(PbT<d<*;Uv)+RVfsa@*#6?j*$s?PD?ye$t*B{uPOsR0s-_<Jp4(y&mEPKGPQjF$=
z_h9<wtKkQqNb#3&*TK@yr@z*n$?gPrJBdqJY&VoMuJc7X^tz;1Mxv<MZ6!qBTkFWh
zHqob0q$-!nVm&9VdzLx+_R8p90xYN++|)$byl9U~Y7I|e>RNIf9|h+kSy)oCJI|B;
z-un9Gyvz$$R_>eJ@J=U%q|_fL3dgC;-sW?Q8g=3kTeLxdNTXl1TyD19{HBe@j=j>3
z`B*NOQR$3NH*NVF=JGZrTDmkB!*jo0lev+X7fw9+<N2gr^4fmxitWXiU79<+=x0qn
zoonuG{gY4ch~NSF>p#<NUk5C8Z*pUe=E-SK*l8S$k5XYL*K}!c#jnNbhulP7vub^!
z5~I@Tn6B*3HuY5Go0-kBT8m3yH^#O?lhEFeSB(G@JC}KN0?u|v$hdVWC+#Um%QVU5
zlUgX6pF-8s`xSQd7g_>dy>x4r%c-9CTMYSBjTf-yG4e<ErRpE`JGIp9jNP8aK|-q%
zRvX8XV9(2T)gsia(z}ogg{BqthNog;?eexB6$FOo>rpU=LR8{uCoqf(!nrlOhIZ+v
z5c|-&)QjDZv&b^Kd1_aI*i@yGeVdpww<My#;pcgg?b@zY=IkI^D;X>ayhpzN&3km)
zfY=X#RKQG6Mgun>4htS0SVe4-2<}Ft_ZPk?xC`*1wTyw67mc=!4UdcrE`_c_%g2DO
znAYN>uPJ&i+QJy!kK?7dayij5uyRy-<NYOL61M6}lU8uN1I=c1QAG@Pv}nXqcFP2C
zgV=5=nCsCaqXM`z4S^W6Zu=Oj!!8lh(UYgeD2|6v|KM*y(zw*n0;b>!zXuf&WMtt=
zvS;aN`J7pu<!m0F%LqL9s&Gr>vm>G3_wOsb&-T6(F;#u^x;Yz!t%tS<P-iU}_L><a
zA&}j0xer=%BD|V}|De)aD)@2YCHGNY2fJ-uOHU6=Sj%e5+x^m`X*nL2X(NyqT7n|Y
z<FlNDbNRex(MpZuuEAy2FN4l^qI&zi#B4m0u3a|1uRCLU3Uar3*HyJ{1iuR0c+*mp
zz>_ZoNU;DJ8)NZ0<08t=5M%F7Px^hGWTIR-AopdIp2{-xG@hB6$vFK*4Wldhm1E;Y
zu!*yWv$Z?9vNB4R=jlJu24JS1Ah((<YVRDx#wO$WP-&zvQYCBn-gE&Eo1C}vWlLV}
zZGR4eQs5Na5JS1kYvHHPqMaezE@0zq8&sK%R3EJ!M9fjz5*2>h-~&z7hK$yrnoU~=
zAed%ZHNoNaQ&f>|@<IB*tm}`G$~A?x?|`)yWJwdH1#8()gj>VP8a-`sCr-;m59+Z;
zKj&ncuAy$e=gabnS9ZapFjn5$czFjyMs+gH9S7#=iC0-IzNiK)o>k7{Bn5Wkvklr3
z8jMeT%0Dp5I~^-j!+LM7Lv1y*TemxB)YKyOLG@?zm;}``k5XvEM&(F`l>!S<L;iaw
zebtY^PvCG6Qhjz*q4`uWjskghT_H7_A}*Lu5YpL1It1Vz#LX_b4{=g3gH)^Ec?Xs?
z8krfp)Y*t;x4UaIqv<XMAN$`L%mmE3;89r%WB!&BZll(o0`<+%0?Y57f36hCsSE5i
zsQb1iVB_E<9^GkB4u5+xi`7r?UEEKss^>;ZsT=9;uK)Q{_`+@59cOz?FfJb6RpSEQ
z8C)|FD!IaiDAw@VDdXF^J)xp2RMTe?Ht>)*grMI*@?^e&AqcJ@;lFmogt0+&cn#Bo
zQl7lp?=2Q_EXlY7;<K@}&XXg%MKLzbg)QTTNpTtH*_5;0xG5TT&4q7<W3H}{>uU?b
zALesuS%qDU5N{B$*mb3Muwr4HEs|_KS1+{54D_WGbTS;K7Cc_8nB89TVzyewMYFqO
zclv-fGn;R2e%_UHo4E;;X8>GbA%>=Zqylyobu(U@*7hKzg4Pq78O855)s5R?(cRfk
zY<saln!@i+mN%R#`SGJ<vsr)l%_|iS`$MsPK@Xy4=cARg%mb2%9KwYZO4YeN(6E|!
z3{+0}^_0S)zgE;FbYG8p+2Z=8?^9gZ-GFHR*5MO(LBV2v53HS_{)OTOlBp*CW_T8v
z*<>LGo1!zgj?Zu;YtS0KAC1Q&khIdsU~7pUe6Sa8pNC^$&=Li+bM(vh$BLsomNb)G
zPg&JrPG(1^imI`>D2%qQrEFd6#x1k!QkppVq7wx?zkT)9Om3ZS|K5$lXdo>-^;U7^
z@Xnpj+dxF>(gaH}*4fzD*`n^^Ie+Qb2%59QxflBIJj~sxi!r+L<f3<OtoMI@m!+hl
zr|-qvo}9_*Qa|4sO7AZBOdiRU6z7|n&)y1%4Uy%H#KMoC%9hkMo~fUbP?G7be>l5h
zhuCQX;FdT^lTPXfLn!vOX=;B?RS;Su%w*GfUB)cTr?VWR93f$0VhA;fSiC^k$Oxx6
zPzGHO8TA*bUmBX(veZUkehA{nuY4$n85Kw@^z^EL4HP*ni*UTcv0)E{>+2ErpPSO@
zeq}n}SA#X%-7~s~AKGBo%Lb!YKTHlx(a491`0VcRKQ=anV@)=4_nm#yQX;^_3{(1^
z92!!F2k=I~#kQeF=EEm%nV3IFxnUY)(cw{?JwxoBhJ-3g=#h#LVq#4+3JH_Zwu#=D
zmwX?w`TcDxlSXcEqh0Sy-%OiLZUefYARIoQj;IL2|8sojMK)gO8TWv(M8|ey>sXAz
znMU34B)4sW=BtzV<QM)SU&iCBM|%_5-;b<9JP!P|L`2>Ix4812iI{)Z)9EfQ4a!uz
zR0flq5TS&hl$kDlnQ$t>k!ED9I^-fErfz;qk{f_Z_ipejsL5=~#6@5>A3nP}ZK(0X
zSh>fz=Ff*Bx5KjX@@}}L@%Lg~{=DRX4KnU8N0W%`Z<9{A@H#!mtGh@A+~|7%@!+mN
z`_L5XyNhLHZJSR4xHk@_IVgujNbz)U=GKG3G&h*24%R5zu|#=PMaORj_S5<HsB$Cr
zqo-1D3>U{_w?`_TQczM9WA?*Y65}<-q|d`olSgwTEiDfgodz)iR5Qpof+?jRK1G7e
z4a1{Ucxm=?cKF$-DWryLB2{&qwgH>w5)27_LadxP*Et@MXjIx^IFXBAjE{UcT9!oN
zMPCEIOoTi&8E?j|DNYT=`9o$pO^TQt>Te;5`a}hsj{cR>FDdF@-W2L~T_3hxfjmdD
zmuVy<C6lA$6hBENP1*XXHsE4}x5{BXj7nZ>qN^Mvc=Ek@LqO_Ux>v*g4*zWO4zacD
zm;LjHJ}{so1Rc4cSuA}7?vu&RM$YjAg#P)C9l%7SNp#tQAV0JAh}#(yyGfOO(gwPK
zFEn)B24q4bB=X(#WMt4e?KN8^L!zE{Lan>9Y*~o;>cAk#bjvDqoH!)RTQgTK0$%)n
zgqNo~qDLZ5lw&Mr%~1pgC-Q??kg{u_jBE(Xoh4du5H0_oss|X|SK}OdVV;k-gGQPX
zQr&d)^A&n>nEgWW@W9_^9vw<WDjU+vv)5(|T)J8j5i>FYjbG|e_sR!oX7~5*JHu_h
zZY67p>NyeV6`mcNe-##FrrX7)-U=+VxF%%ohK`i+IsX0-si{0??OxJ}8dAqZU4K8r
zGr^bi>+`(^MW^I-h?=F?mT0VIT4pj4F)cl-YL425Xyh^}%BFx)cMLs5!E#d)-EPoO
z+R7=HtliMja~mKbRdm8OJIvjAE#sN!Q^r2-*am`zD1N;D;s!-bcPu}c=_7CEznCu`
zn2?k9HSLk?K;q_NgWw|^z4pk;+mTvJA=M%+l$hy<&~4`MOJ^^-*HKi(L!M7HhJE=Q
zw~=wIbc2i>%^^ce7>j7podw#68iM+1=t=>%8j7He#@_9*dfJrz!uF+JB%$Dl&I@|t
zA1P{|Kgi35wEhs%X7`eDKG2`eb>jxRPqs%JQ_*k3#h#m}qfA<+LU*9PNoiCzc4gAB
z4{+}pyDQA2uCY;1sOpB?gb6Q&v%jIO`4MJS;a&(CccI~atv6jC#CNZ^I(rn-#8jwJ
z+xAh7sA^~MqeAO-i&uMxsP4+)*KjkZq3sE40-htmKrk<Ier*h?ExEs2wSVLv7M(@%
zwRINn)5MD7JIhxBJT}vGyEAGH_^C$ds<S{Y$0ue2s{Yv;?kN|ZAb}`VEKuEB)<y5)
zEmi{KQ#-XcO7>)@u}AH`*p(yTxR;0!pnRtTq2cXjdvEMur7RsjNMEZbRjeG@sYwFJ
zz_qY6%da;La>q?ej@pufZXTe?$n=VWT0v)fGcvKEscN8Evgj!554XA1s$>=%W_yGk
zO?O0qB_X5(a=xOP-H=k}RMDhNtW9K)!7z?ZO?jZ)?GG1<PoN=z%L_KCWK^p{*8TEz
z82#^NGhsH{g9{;s+(I6F*JqvrJVAfza}nwoQefO52NN8$bGUF!i{ygb9yvyHs#w7F
zVuxbUX11r{B%`IOe!(<_3b6;$k#w8e%eKbfPvog5@P{sHY@GfCV|O3XEi=!hE^|^U
zm<hIbEfK0rr?&Q==@jpd5+0s49UexJ3v1ZAbmMMM6h}Fok7n8Hd$jDabrkK%|6*Y_
zZi?ut^B3eWloy$FN;#)f@_#+Z?%HOTa^f0dAs(f2x=*>ASgq!6dv4Pm$jCMk@*^~J
zF{w?jn#DO5N6~R%vRCgixY>S+o@3B$BY0`1G*Hi7+SozAj96ocvioOmVGFn}%cy+{
zcy?gbkz=&ddrqGq@EdJmF$JnziebdO81Ow{dd+U&rCRPXi)2fQWz`;;wjf&7&KU8s
z#gab^S)7FJE%T+G*Yi-enB&C^9-G?Ir^8x~Fq*!Jk}#~3a#suIyKf;y#tLwo&1O^l
zqWmYz3Y5=rjTtA*_%ZLxO?%`pI*&yDv?n|@gP$sS4t1fPYdf_rsFB;U@##q#xw)Aw
zU{zU6$>a>;D<sLcHC5hneEZ@)ad9H?0bD@!!jF0_{wO}ve9x^geaa_T!&5$?nqbT7
zhPE_<@&#7K%QB-ca<ORSF5LS*<VMrHlCuRfd=&^xuCP7ZNyws+ymVKVa=5px;*fHs
zaLy}rvmHM!!51DsT<$r}OEOxE1<<89hkVNB(JeC>Bm&?lxN#E^uK#Y|nh<7A08n7>
zg104^x|7a19Cqox8fj$sYdm>$6!RSr$Wy@OKm3?C>E3$4q4qe!80Gl_rv1GOh~}~q
z%^J#U>_g1tLbZ{qJq_@~0OTX52>wecY_V!HwUwPo(#53r($h7Aqra7fT<RNIJ9}~T
zQuA7GWnI%-jSUV0peF0e<dh9gk4n>{IjOzFfBfAoEd+NXbt=!b)y1B~MeboJc9WGk
z+et2>MvjzNzI$JC5Oq9XvUVRBnIKYu4KSYy3T`OEv@)41Ce`AxjzZcxDkRY}=*<__
z0+uXUkyxR0(eMtSAvIJfx#oxEF1~I%k}UQj3ghB1?4X$`GPhjRUg^3s-tCrWaw;W@
z4oY*fDH=ylt#^_x)mt3Nw_@R&nKQVLM*E&{H%C@R*T~m`A*3}vHid&-&(=Qv9rMc5
z%T=+Vy{xtXr#33aW~;9E$U^itZqTI#R`RaesOi9G<W7=9mH|kG0ydxfR41Y&Q<>)$
z4!pwgU5(XJgeCDE{=;Ds_%&@0`I=j`Z;S%>goVHp-e=io$9sag*$PO~GqVDqMN<*A
ze$+sOHAyFm+mW7~?#uOcRm9CY5=8GO#Sl&4&7ucT6t?$PVtiV{E%~nG^>vEjy`!U_
ze+<2s5Y&H~3#`gaHik{*#A8#kh{mg*aH5(tVIm@bFpg8=gaA+`UreXRLr?kkw-Gl)
z;e#D~eSc;bROya{*nfjBu~N}dr-(lc4OZtkoK796X&;0RStdco2T`!+a9g=sWSaOh
zA95DAM`q+|+v0@sXc&Z%Trm_!q|d*xE>!LCk}8K<$aMne>RtjYELV0n!%Ul!vUK;1
zOfqjYgxGiy0aV-MBw@dE3ReTJ=v&b2L@g%gTA6E`$;7cukiS3uF1MLq%^$4{5Tznt
z5#NIORQrWtt&(cSCZ<`5t{Bh@P9fRT)>s;pr75I1q1p{l&0j9#n5(f2Cf#$Q<!`^y
zS-^{<q(~k4eaTm4F^77f^<I(%R|8zQHC4P5+9_fs(SJcX+GzSRmeJX9K{;m;sj?=8
zLmNu8b~ar(QlV^EWx6aItszwJI5Aycz)AXWUZT;QCI@6@6AD@%03cH(6?VOo=Bsl>
zu=4|mzK3IRjWo!Sa|ex})eE|@+`cS;KhNZ&jJc@^C^AcLBEI*lDyHaInhR2AA<K3x
za@wA)L~|>sFfHtBo9sk6Kpj@`?40<44VrCh!_Z6f99inb*0UNinJJ_7%Ub<Tbo^v(
z61-KiYPFE{C#;CE-q9>FsnF7ed)F`9S<fVO4IA^+*7jCs;#}47Koe_^HOTxazaalJ
z%4D7~!=IJO!~)Dbu^OVHMD;c1n9|&Oms+j}l*?5Hd_k}E-ZCQ2QZ-rC6_GH5MK)Pb
zFc(Gc7Ofw;9r5hWV)<qAh>s<tlaOW3S>1F$YKT%W<F++ZM(%<ANcR6|F0_C{;my9K
zs7?~qY%Lu=q|3Bp7G8Dk*Iy@`i=%c+u*;8r9+^AiUx!|q4dBg8l=&8g)89m;1#t;S
z+uqGkZ!eYyUMS0fc1y?O2Y7+>Sl!MKLD}7<^lG;;Z=@#fR7e)83C&dh_&L#QKu!7j
zf1@{OL`aEGn`trc@Yp=BITQ)aSb3r&*of7ldnWx=jI1K&CA;S;J6K@K2T>l@Yu5d_
zGDoP)@b6xW=S0zmSn+0Rpm7kNmGD}S$t;k=6@B5LsI6IDP6upVK{6EH6bZT$$f*A)
z-Yq+iN1-2*V85L0&V{R5s)uCQa<AF&=?&8mB)U>MyT(oLe6Gnx&pJ-S*6L0eiIP0g
z1BX|?iu#`I9bM=%^GU9zlpUOG92`B5jKGQDVBQSFmu#w~P@ivt!*m<5<+ZZFi>m6t
zhG25AD^-6Nq70(bWKpYWmmWa=y-<A1Fd{$cV*s6b2};;0-px8$?(;)*joV$D^WyLg
z?N2oP{lBwQ?rdqaCJRsn1=;q&_Y-0iERYr7I|WEZ4AP+%ew_Usj;a!nRZOSnWpR=K
zo?Z!)2rCsy!wO@^D^0N5o3B(Sa+}@E2?r_s%GHe0d;<Kd(OAwbV+p~rF>YD8FUMyH
zr=QUcbYrV(qn~w-*)C3U^Vrz^2`!Dg_YL^Px#^SXtp)@RMKwl>Qfjq|#wrFY%i*P-
zrIE`M<r)r!=oMO7C>N<IQe1e2L00JkZVRibte!}_yUW9ksDD<Q+VD6rlZDR};tDoQ
zv^k@duGVtLjQoz{TG*}a-s#>9%v^oOyf=qZtvYYJk)@DFJL9&(M<oo7)Sn)dtVHF8
z{_Y#gK9>Q6%1qV%!i!5!WOg`$*P#yXxkE-rF(_{$+G^;DS01)mFCH3S{MnoKi)lhK
zo7@Q<0gfAm2)a8;>rSdKn!Bwwx{mk%29r?ei%==-fgzof*fHt{kV;~FnU9~?RQj=+
zT%TAb6*LM8WT_v#1~!?pQ7yLwI-Uk)m1vUWp_~m6CfiP5@_1<qB1P`G<OBHIixzc|
z858DWk23FO>{p&=4ID7jbD*C}JNY+MA_0=mTH9q*mgE{BGJ|iWto+!txXphPcg?X1
z`>&_a5isgWZB0cY>Ri*ixJ*bKsK?;<fw`!&6~j@P^fcgC(?aXSMD#neC>FC#xc8fp
zY*?Hz<@VPk6HfL4$;RUQ7m-tjqEc|IDyva>?VqQ6kxq-jUpo6HXBtiE4JO<-Z{G^7
z>{y^hyIGc<P6%0MrjY!e)608p<K!e7O`5!PrPUEYmQI}}Re4hl&A*v%EsdrZEJbJY
zAI?r>nok-`YMmT>iM<;siK&bAO+>mO_k3k%$5+G(5z%P`{OV>bv%EyqsNrPs*vRcP
z9B%}{9Be-f&PCc@i2_be>|mz@n@o{Bu>47M@=wAXEzX!Qx(~6E&DB*+f{(kpN<06F
zH9S<6?ca4@ZcmILahpxFPE2aA+(tAD>94frUYpGKVDoSnf(H6T@IYWacC7vdhT*nq
z)<)|QrkRc~QWdC~iteHc<*i~07j^X~J#{9rXLmLStD5jSZ(JwqJ1S3ss;TrXUJG6l
z+%(B2fgB{<zvI2)%$r!j$E^(Pnua_3$2PY4xr^)+%`W{Oza&7TZz{_cy!fncg7>ls
z>IHZlrO(ZxfOX5{3x@AtJs%y+H-ie*D39lJ+;8eP45c8FLg`}T6{Q+q9(?a+DxKM;
z<oAQSs4lKn!ymp37wp~4h1s3f%5Kl}s9TRsIgF_zcc{s;yTWeC9L!dpl9Q7UET0fp
zgkhC?c1lb*R{9$LDFMUSJ3L;wB5)m*TPq=VgP!kgBmff{RP62WOcC7=N`<l(O)gLh
zr-KDwk^3u3Z}>gA)6o)2%lDq?aEvf`@z({uCh{h2ULVWz-TcW6ek0F@ml#APABHR`
z{L~%IT8D;^=1Z<Lfk?#7L~)b{%lbgp9>{od9(%64J>O)0;bLY)QXQ&t=&L~B!#HEP
z{>B!sy%$3EhSx*fz|qSq{hE-h9-*baJhW7U7spj@p^ED=H;v%&;$8u^o&|)iHa-V5
z-Vg^>St17`d`9I4{H|f`@PPOY^wuL9=Je$ng2CN-L`;dj40ps$Ji4~$7ujcU<BGh%
z+2%Ar^}2T?zBsr;YI$fz@l<Q#FKC`M>S)w}II5qC%kM8^9I}2g83Vs-1T?NdHL*^;
z0sd7Mrx39pvcQspo7m)F!F!mOk=<-YZ`be4#g*MJNY1>xj|P89Pw=3+%;T+3+&KzR
zB$u)=WrCx$>uOK*SB=Xg!4_!miZwrbsIGpxqs@mzSFuGCy?=`eHK9apVUeGFaIfBs
zy5F8B9rBL2_uB_honz&V8>mpcMN;Oy_N7sWo_GUKB&c*ZFHVD4LZW4&I~<E{w8dVI
zuW(II@9vmkz=0yLZZ7`TGW{K&lZl8Eyn=9C`b>-km)HdXj_OCt>*K*(gUSX5Z$Hms
zoQ!eg>vHiG@a?@%@dYP*Mcz;H<B4o6yJ}D~nFBYw#SvSf1<*sMSgTA{a{3AgJ)SAp
z+Ht(%c>Nsr@M`6(T>Q$jn+?eA{A}0NwN-6$cHI+KO#!wSMT0OFs<)t0?G{=Oh`a%B
z?_iYZrIW%0-)6uZr4%&Ja=zSpnQHQ=Hd{Y_(?-ek)B=FRrl;jiyzwg705~61_#lvJ
z|4`Q>BirS_7&B5~>N#*_N^dq<8tmq{M?=SfV~SgwWh#U_Q9SwVsd8@Mv#6)G%9*gH
zjmR}=Txcz&_VIa@Z~no~vuH#dHh3)EGt}F)RO;R~E_*IY?0lA9MIk+`FRlbsO>Dkg
z{ww3{e~VXCfvkO9_1D?e$rxVh2dnE(q|w|dP0qU%7Z!C=lv>VZ7F-Qpd__RvZs$xk
zrz9cdy!zUEhiTlD*p@}v^$OVgBDPB&X9^XcvyQuO>P)n{DTfaAOh)Tj+#HVlHnDfx
z+Gp|4=N-HKjcE&QtPFtZJY@yygpNU$t^TlzMSA8$?!(wJk8L>isq*K~z-ACpoPCxD
zN1-#?!D05@l_R=>Ona1Ow(|U@93Ssa@U5ak@=hcbw^;b0L;2`$Tk$HBrRRf5+>_qg
zRVG1FOoPE}3tlY0)O?7Ey~Qqh9KYoC)u}hpf^UBtkXO+5Y9NA;KgyIW(#5T(#I@|+
z5{i8J0EblY3)=EHvAmq<4I`MBR?Qm`qY0atSye=J_(E$9V!pX~==54V$izvK-;}TB
zn{d*kqa?PVbk*(zmdKqe=}wMB(_VvdCd(c1{4D4=^Hzq#Jf;ej>U~)$!WK}FwN3Xu
zYeS^eX6Y;dYEUebCnO_xYfKgj>EqyK(}h?8x`@iCnSHgDL(!FH(@{XreI9V^+D>Q8
z=)~eWrs3L;BK9*C0%=33qamB>a$oIRe3vX<5fy@smA-WHkt}7FNgRvODobOJrVaMb
z%bWMV{T}yy-y31?KjFP8wG@659kJDnRvxdOsbbH@Cs3E6=O1KJGFN~<qnBJX;ylOH
z!H~$SsH(HXfyT1iuqTP5L2Nu>K8gah4I;@$EDmXBmiy4CZr`@em#;TJQJ^~;3obf+
zTI8ssN63w_ncKd{s1&U7O^&1lXrDn&UBa&jn+0#OB`F2@>fF9`cA9)G96FPxHb?Nt
zt&S4TKLXR5t{KMc^td^TOh9#}LTbyb+vV%*Kf!*#dp==_-qs9Gx<Etbs^e&x;{J$#
zt7RwkcdH7D*+r^0!)}d%eRX6f*NC<dk0)}3uC9i?X3@&D-(p4JyclNn4H>!d#23rq
z<Axth5dl)fsjY#P^MtdS?bILt6&QMPmLR1fZi>5u+^yxs=j#PmDAiC&a!^;b(1^>(
zbjYWz!9bT?PYU{m+6k;D*krs25_9TEPIi6wxI(NV%kz0?Q9rZbC|=ybDA*L2fw6@O
z*Y0O&wn}&qqW-$r;N1B+$wi@MzHPDTxY72At$^Q8eeHYg&pO`&J>}dp;~MCb9QMOQ
z64;A(OS>Rl3O3hu)LJ~2g{yzUk-TWZSC+W%^LK)}nwq7>+?ork=@we-NbUr=eTyo&
z$aqYBKc%Wt&GB-@rq^3<_zKPm2%bPqBgjSw9RUj~>tC?6wcRHyCs4I7(?yeJg~pcu
zq8>6K%6Fqc@BZOt_id#U#8sxHLGtxjK!(QAT4r|3zcB)XUYkr+VI=WdN1-~J7lyWQ
z?NgW=cF$_Rmg_{+B6WS@VMUVM`Lx04Q;|=ZPK04{T$ZZ>+Kf9->sgKnWXrZJ%6S8v
zsr95}x&)01fF-F6v3!2Gs4i4Q)>uE#c9&7XBEb^4k*%Spt&FIwI6h~$HlUn;phTHA
zSig2SXrBOZLND|>rhcyHO#m`Fu$+KF^OgUQZIfShv&`F^Zek;NHu&)+IzhG3wKqpt
z=;5*+j3EAZo5DetW>|vc<a~k+2FIICA^mRltUuy^AWDk=+&!r0&sOfQL!|&Tti@Yz
zW#~^E<?9Vnz4I1%aHAK9%qd%-sMSvhuruGk`bLh>Nb*HF-Fhswiy%M|l?cP8<Fb|b
z8ysyY=XeSW=6nU+aFd@duONHoz89T#%CO&abK`0fmb;{zVmBIk-qE^52{O;_t3NOU
zlz)y!l>GGf#L1E?3UV{7z-f|(?h9p8EwA4wl9%gj7^m@zoNf-a9pARi`3am|aXMJ6
z;t0B<c~sx8yql&C{4vd5rh>KTB@m_Q7lO>=V*qG?q0R9YmGb89k9h-F6Lkd}V=*!N
zm1{4uRr*nxyxh-{PlOEglaPllY43M29V|96+|i63DEM)uhts;x&Esv45jkgdPS^-x
z$TmlPk*^y`W1mx!BO*^xv(kd;7tAIDE0YBgP(gP|rSrLmh9NEUxWVjJL5`XSqF%~A
zhK95@xZVZ2;9tfWu<@RGdldE1i3esff$t1Kp#6-^hXGPlg>2w@!|tXxh~@pVhLw4F
zPWUvo4B*^PYN9Bxp(F;>^B@T&%}q;+B~ujxMn!O76b7Qm5<yNr0MtwsT-^v#$)~5R
zyinzVK9#&wbo|^{TV8qrQq>EpbrZ}gK%T<Wjl1QMMr9TkH&^JdWkZMkiKlwl0`xTR
z)gu*~l;t+;*PVkWy)UKP=cp1Y5B?W>Zy8nB)2t5$NPyt(a1tO$a0qS*8iEIRcXx*n
z+zufmxFoo{yC2{n!QI`RgEKqH`+M*G-}}ydocS_qu@-B=-o3lKy1S~Ms(K2~QDqV3
z>pfeA5)}{sbf(Sl$h6xoiQ$?O_Ijl}M6z|T(@hfvDyu&{c$*{(kw%5F@=DeI`ssmS
zQ?FBdK}W{tLorpNH)%BU-AYYmt}eK6$~z`bt>?3p1NPmJjrcuZTAohpD~vpcGJ{G}
z^U)m8Y9=LXtrPC}c|nx#l6KEPT=B?{I6?vn&mXPGz0zoJk7_QK_t!&90%%r$bvFY3
zhM>nCyOBCD|Ged7Pd`F!j1`60*~gCZjpS}3Vec1wHMVGK4W#)KSi-s(5)X}NRVIIE
z3BLbM(mj6oZQ}!p$Qx(!!1Qw$i!iVdPR~rX{g6U+SiU0GZg8gn9H8CZ(D;+JQ3rF4
zrDvBl6Kwh`rN~l0Wxm{T2W^NHr3;d!aXz4?k%z3_7{w}l$Fs*5wRmT36o6>swcO(O
zC8>(mU^i5^ERz96&CPnQ8KhY5&^z#6QrnnSw=3%f^lr>>CDOq@XV{n@sG8-3CI!^>
zOBJ19Z9p?1c6YT!ZKy7Zvcy0??u<qqDYf%b&R4`Wvu$;qI6f$10{~-Sz4PDIIk9{l
zMJvxy@Jplko)FpO7Ke>eZZ+dP?obhw8H<~eqEl{suR8B}h360FkL-Pk2RmGBD`l9X
z{Ia3ne!tWznj5SO1iXmACX0WS$uaSGxpa3U#eD_=<~{$obz~<YGZiH}JT`U?76mq#
z@nUY@W<6J+?WqbgM%AqCFMOn-B?)C`Jj#hXNa&V{CzxQO!U$xbUOQQ)G&N~4j=EJM
z+yTvcI)82SoR8~Lth!)=)o+-IT4O{V3XmzDu9lk{tLb1er$v=rZ*v9~z7b0t!}>Xj
zm73!JIec97jtT8>7QUt+wceE^q_P%4St|^ZKZrWglosOIf*WVcAM!@!O;9~{!eSwU
zwu+Z);RIge@Z#$jHz95zPNbkoG<pU)M$o+hbJDnLP-Z4-+<vQ~rNc6LSZi1d`8bCP
zv8QY5CuvwZ)s!}!hlYjw&)JWjhYbAA?jZGOQ}ia~TPKK`71s}?#!Y*-3dwsK(c>4}
z*#u!sItKPs&GlN3V)oWJA7f*e{d@=;YVt6V`1!|egh=EmKe`Mosb8sc)ptC(EG7HQ
zXAAf=96Fl@A=r4ap^;U1fr5<zF~!N9-%q@%+t!H2E*gt~h`XNV1&*o>fuK3X2tSGU
z&XixrI40)j8#t|`46YT3J5E0qb~qmJ1sqeqfvc?@e%F~KXYT^*DmjZj-wc`Qi&5vz
z=Wd!OTh^$wj@XD-_Qs#t88II#;+>zLXNBEXo6i?Ln;n>q=&B-{Uu1=gs*ll`n%VwU
z@^W{gB!bFK)cKlraVaFH08FMc&$b3x>s3C;d_jxvXPXdqqg!Hsats7xrUg@@0%>KE
z8-+%=JOvE}I*kZ&w^tUzeOWKK5wKqtfQ;AM)#b~2psadT8)~o8(uiuDpEr>JhkYpq
zr64B)j0+}_Im@{+sxQ>kw433(Fk44#sTtUJypTUs-`U+vqq^UMcBq&TpBR`b4aux&
ztaJ@3-(4pEo+cpH>>hj-A1v<k(w0Iy46(qEhsWy&v_h%iK56vM?RP|M;D_Ii19!iF
zGJ38dfg7KxixRk=4slH=EG(k8k~N#wDEJIYKcW(iW^xux<@qN?HLh(^h4*SC@OZKo
zsNCX|9Nq)RF-J~@e|TxqWw~|@L*zkWiwF~hMX|F7J$AFSI~@t8KU<cjX$*iBBKKSi
z4#P+FEtj)k&TZu>jmFHf%1X&vIMH(33-)t69n{WN;c(W<hdPgLXLlaepx@YX?cryK
z%#hXjC|b+a^w8|g+m3ome8A~g6j+v$z8-yY-_TamK+flC9f0T}I8p{hyJ}|jPKLL@
z^n+|OUsTaqS{a2rcWUj?qa9x9@;}&KDu*L@Yyz=J*9Ybyd$1ssJNF>h@y=MWr6xy=
zkU!T^Ja%%Byd}9B_M2TjMOWf&qP%A7LEq2n?@(<7*(<_e2~CJEPf8a^6W(`MwEF;H
z$L=PW06@P*b1%)OelpG0*aZ+2YjtkrTa0y_x>wlY^KqX35~)#ZMg)BIOnlDPu-9p-
z#mQ?SMzAj>+27#FblDKlb@r7PW`DTO`6jTL6fG_nYgUt(PdD(xfBw+$k@ZK}e6Fad
zOF9!`98MfA=ppRzfW(5q2(y&We5?kYFX?PlF8inKTpUr;4jCnTzhXDzbb~9`Zo^E$
zO_lf<_@2#W)&5P%o<GTiRi0n;XMnnflK<xNowMx%)+GkUF`z)W4rbNYo2zf!7zS?E
zgm8*w5kwzFjxcC`Hc4s#!Rm-{(K{JBBRq|@Z95?=G;A=tvYoxYyfw>ytpKk3G7E@q
zil7q?X}rAXeUgv;T2S9XKlGFI_Cf*MzKY<)5g+2a=g;e!T=+;PoJU;*cauBcPlbD&
z6b|0b&o3y<b;J3D$h6%N<Bk;h%DVWu@H9;Jd_6FWF&J7+qEA&AOFSsK2cBKM8&@AK
z&TeQ)dMz*M4B~<-j2je%<mlcc#5&2MrB~px4EEm)r7b9gsE#@l8mt)c9$wNM+@`M9
zHzw2e$fSYs=P+Nss>}*%gbP|!mEA26;LY@+H>lT1HZ4dYQ-Bs`l?jx2G4K>TY^Yeh
zxD&xWx!Z@CYtB7$#gN-(H|M+DpNm%EkjT);Y?$?V4-}(dBAEydh-GMC@nm8o+%z>X
zt=%lpCaaSEI_t8hzt;Ws9{+vK<GU(5O-wnA3l(jOyeUVtJ0qE+z(_*Ek#Y?tPKoKC
z290Uc4|BfO_qIZsHRc)V#X1J+$k5^>?%>p71QPC4O%ZkGk4_a-g{B!lb7K#U4qfI9
z7UG2MH^=Gmm*A@`R0$#8RL&Irl)_XL(v6&=vTC$-oECXK0X@_93+uT2XV>ZGlj<Ao
z<@DOx^NOY7AhD$M^y^hTP0sUAQK<;KE<~Soye^H#cJm8#ck|1^CA_<agDYO|r6V8}
z{^+dkquylvPS2*8)4O4)k{yF11k9X!Mi+@&rA0}Pf9TTw7y9?DjLgS~`=+`uilyZW
zo|(L7b#{zy?78$Q4y&8B-?aBNNI8Eu@+ewcRL+-x22A$p@owr76)AVI?(kmoYF@|%
z$Fk7sF@kiKoF9m4qw$}5=vZ%Gs7gjhLP8q1m_|Dz^o_ze;Qt{p!J=3wZZ_{@9V#V$
zb$`pbJr~wdN=Qb&U&XqiSV^<_=!@Ue;`ZF_((v+l==jt=ARrZef1j*uZ(P=ehBzV^
z7P#<u^>_?qq#yfQ&gu_{y?jXEC%8B$=;#?zMQxIPJnn&h6jmF$KNXa?+z;(R-|Ofe
z(bW<^JA>s6Y8gUfpuO(H>D=8r?dpxzT%OLmpK>m&0!ZgZZpJ1io&j-|61Q@(4ogQD
zG>(X*gy46wkb>Fp*_sA~mKi%H^nCU4R-}~HyN`CtW~Zq(xd8zm{HiUv>fDc7u4gNF
zt4)QH>Ui5G7b%8Hz3p4UkQ_~X#@kM$d{g>t9tI2s!eNoQP4tzO-8^W2p`57m&LSp+
zBCxsK-QdfuG03wjKY*pB=yS^%7v-pkItEWU{sD=H#k<J#F@B9KfA}A%vYb`w4ruKr
zULWYCY=Izfo@WQiT!D=dA2R#3iW{PS6~o@%Z5%vWIyFd2a{p8jl|OTm-qNXNOC}*I
z-ym51eL!GjdL=hpRea!dPHe?hR0XuhH0kz24O@Ya20n8!(warr?X8-xxGG&sA~!L)
z7PqJkW^AjqB;b?JUqaUL8VK~0VXsiaJ-)aavd<1`t<1GN6Y}hA>!`wt+@8Vt?NeFo
z#+57;64CX2sp`Ck!h(<K!^rZ{r_~QaVDF%6GciIus96m;-r2)`_|V1J6J9#oK5>ZZ
z(!x0;>~kP|cT%qd+<0pVjO%}_{#ZRP(m*}nckRBSXNXC$ra+nyxCP2%ENh5Y>kyiy
z)ISb5r{K{T9_*i(>z2}_kXug>tw)aN*@-*mT-3XV4hv1xT4ppvk@F1;e+pFVI7O{e
zwyElmKWA#e!X61OO9^dBP0k3moU*m`Ii|jQ^##{IJ2p7e!N$#|Z(p(Tr6+pIXI`a{
zf|DMp@1>}hS3Q=BTwP|Rx><R)dq2|Lkflrwh`X=dujUlqoL7ie7jQ1GC?a77$eJj9
z0Y$-)Cv~)Vs-&h1NxM;T&W-Daqp+XsoralDb-fYdY4rGMRr;V_?a8+5?$I{X_bkA-
z*$7Y*x<4#3J@YiP5qCKg0<*Hd9(~XFOy=F_j@aO4o`2{vW)t9|Ug#<~ae3QG%ldOZ
zC~CDsK>KckVWNagv02lF)3#PbKRkcTB&YkQc;`)-%EspMKDdNI{sq$%o|djHO^XH(
zT=8~8r(%>{TJ^6?dA}l!Hw3zeax_b`NJo@Z4ES1G=i;$^6a~?RRr$Uev8Yl7J~FAT
zI5WH;3A^98!2dEpasxM@A%2kc5m7dCeZQi4$EPE+gWbv6*Y{pB<cpXA6E03}+Hbp{
z%GNVwi1)V_?Z+{CYhghzd`!=1WR#~aNPmIiZLgA|HE9KJ=z&Uipw8gv4lpjaVnS@>
z;GSBB-cm~ftJO<*QOW_eBs!Uhjut&`{r%n*qBoZ8Epr~o4t+q;^h%@q6KI1t5u5Xi
z9OgSj%m53Il<?Fg=I%0IA2$6V5&@=aUd`zRBlR~%jELwIk?)LtM=V&x<Cva~+CK~*
zB(VG90R<dB*E3A6Y*ubNGTptF(S!#-UgFY#NrMbTLku@lG^XA5DM#6hlSOVp3jw?`
zkg}IV?B+s;Pc`T6Sa2IvnY;7+5!ejZkt07EWSzKm*`pEjp<(KNbFMT%PrsjIvl*~g
zk?*`{&R!$ta%S~yUC#|-lKy<C(^kQY%ch+A=n6H+BHAo6`2unzmfrFXf<r(w?7qx=
zUp4)WW#E>2Q<k`NRNy@7P2@)lfbN9O^q@H`!OdBo%z2NIVDJV-RGIY77otdQ9Cyw_
zy6*F|k~VtGMCGQQN)l~sSjX*@xX3kidhfMxEUW#m7mSMz7-89~G#2j&S^YM}&`918
zjj7p+-9f`&ui4Sw%`jPOv!P}NW40&IE1f|7$4bTIYOaZ6r#D0N&x=a2GjFQeQ|}|#
zTn65vQLv-o#ve+08zN4g@7m5b4UgeQr-!__T+tXv=EI<(8S2{MAC|uGH{74$!ORT7
zYzxJ9S|(K;O=m}Oa=2L69Y}gZ(iw~nIh_!uVl5cI%H5pFC1mNkdRK4&CJAa}`2c?Q
zmU-yzgrkK-kj#iizWX_-m3?8POQ1QDI2K}5R?sQVUqbn6&e=fD6wh=xrJ$#^orvF*
z7U!!BDzSJ_zIwTN@UB__tLOO?GMF=(?YfVr>3~%5fpN(j%faF`NYbw-kgb3`k|avn
zzpsJJaN;aSmL&IP)1GnGgWQ6*6gMv35tAcVzN-x`fX#Ovrz??Lk&%(EEqEe=)qDFz
zB#9uRp9j*9E+Loh>tmsko-{TpHlv+r<ZxNh^?TF=J_od5Fi{Yv8GIXLJx9!-r>d_&
z5WRh!KKV<WDGx78AM{s<Wsy$N-0`u)SeeI`ff%h?))^kvVYiFS^@k1lsCbSorcsjT
zebAwfDWzQf=^t=J9KP^!LJ<trp~`{Mezxsh<y5S06Y|Ir@}j>k?g2ix-PTM<0b7^e
z7Vnk`4~ESnc5F{URen>kZtb&ZD!rt&E7sq*fJpZLNx*d%EA+cYYJa!knUE%<u)FEP
z_pldtTL0<R@#i3rkNenh>hm}yH1TX@DfIu2?h8m#!PhsK<FW@#bBpxF7GM8O+|S2H
zV!t!*{s-LnCnQQpBOK*;tn2yqNC{Je%Ms$^5Bsy{e=_s{+Oz+GYW(39OJ}rPOfK%p
ztr}O(%Fh1z))$KU==l43^mFugHy1&_qbLCCxPS9i{bBh1PoD<3^2q*Qd+|56>cqkE
zg$NWfJ*}Q)Vw#yZ?VW*kTJiDAH>|>vXi-mB=0(SAFD2zK5$joEsU?Bm(AEiki)a&j
zm0P#gCMpd9pg%R<PUtlN@Oaz)XMuK{u8oD1>5mejQ3zo1%Xv~=FqQ7KNhg;X@4f}9
z(!e9x3IHUpS0OYUyU!<?0ZxVhM8h6f2zJUbo1Yos+Ig@Yo5%4BG;%%)wL86p=-(`T
z>7@VBdz@9~y%FzXt~ZCTQsC|Hp@m6R-UbZk@a_b^Vf+zZ&)XoH(@&=p^1)>`!is3L
zkg34;8uW&u84i<5I4)2&`~;d{kf*dEtz3BM@5Ajq2mxdkIE?-uBVYih&&{5vbKV{p
z$T83dA`k5F<Bkp!BTLW=e|*4~EE4p*r$T{Fu@%YlE0^B9N&?@*MGIAw-R;$3=K<vW
zmeb>156Q5B|EEuAsvoKkBTN*k6_=IG7b~hL7w;-R?{M@Q&r^LiDAZ7f#>6;Ps*BE5
zqx&aA+PmjJ&A&H$$0>{7OC1oCn5hIGdxhh9D`S2rK<^tHc3$=7ey*NU>u|$3xnx*j
ziqz{Is9{F9`GTJV-C}3w{RbJ<R;CZHSLV-I1a-Q<$CwBirUG&G#(8_}m1pOzZn9*r
ze&@+{_#ynK1uKMa;L&&4dQ8cVLil(?zEpHWVl`#gkyz;V<?Hngw=F=?<LJ%f&79uB
zlHAf6z9C(9Id{S1yea_Sv8r&~^QI9wjLqO!$d63;u?|CzMK4@ssi<@1jQdMWa&*xz
z((FK!*xvi?RXFcfOSU-1v}p7>3`%w(6%b4Rpjhu%<8-Z6rSE0I#Oo5Jcr2Xwj5K2@
zxQu}G)!xN}E7J`}@3T&VdG8xMVK7m+L=ER3B;#t}KiU>}fhMH<{4%<APXWd8mPyTP
zy3miGZ@P1&m@Dqyn~0v52D%7PEF_rKviUiix$`M2I?QwqPCS#ltSPI`51tg1SS_`B
z=%r`fk4ME?_kvRjcJ?n6MF;Y*+EjFo4D}GI=Pr8!+K}<O=NVoy-gXnbyft|e4BLw=
z(DQ{ug3V4l-e6RbJISFiAKhagkWK}r22fc}l?3o{>MZM91yE#ewZp`lG_;vJBD8W@
zE3}+=W|f0do2j%@$rTDcyqt^Yu%hNu3~2wz%Ir^x`2RtPIGp=}k-wp?4O)rOa6ued
zf3{_`TldafdkS|5d}(j<i+IcSc5m<KJ62qCOg<Rj<f%c=ue7paO?2k8ixI0{bw=H$
zCrY#!lCi-q%jS9r=nZl}<RBfnq~$g`;HbyI;F?%DRKXNPLhHU0k0{rl#EVSj!W<UK
zi~+g8s>=j?ap4U=+Pfb-edAmV-mNJiYCXiF9F-Bd$Xp{GsZK;H;CD9|i0q!ezSX^Z
zIIG=W$S2+}RBP{2;m1nW2y8O;lOdfamfNkj)pZ$hyK-mLeFHKIK7X64$yr@@@CS(Q
z_`e<Y9RKuBmGt~Nd?GWx7{Un7v5<_MOeSk99{s_V!ey2PNiRKA=n}=nBqZ&D3$(C1
zml+(zbR(}9O<3L|;q`2~!Wd<jXYQv&b;0!U?Q^^gBBYk|XbFnTvP!3(ylYadq^ntw
zqo<?5>4e?xxjv|}OdFr6_2xMe%({EoR#u^N2u??mvFEHz?2NoVfz5*2y3p@=h^NoV
zZ449{**!<(34shT8s;s_%A^hZVNmw+qF(Z^mKY>!8x=mYB9&pz?;ZyIr~~AS2qmsu
zWrV*I3|A`uaN7P4-Lj>G6=$Vf8hovVLDgr-(p2cBmLY0nHmzJ5z9XC}_Lc9_{qfsW
z$0?g#Gw;$(X-{XfrpkC(zQ0m@>8=<0XH36<mce<2Vow(tja&YYC?CshdsyqH^599M
z<#=2e+PqDqA_s4+l~b642Sv_u$X6`v5Ritsj(v&DTRy~ifnp_{{fnanEj@v7t3GTw
z@a1e&NJM4qO|4)7H_6lVEeC*G0g=R0S#7FeWooRYZ2t0SyFk(WP!*li@{jxAnD>vK
z{U5sbEZ=&u*8SFjn$-3SzS@I&*d=;u)x>cTQ*KNV_&Z*l&$&wkZDfGYL;<i9{ZXfy
zF4zLLot6yst+<s7RmpK%ugU3&N7Q)@o}?72`pY&i)?Lw!17o3M#5@{<tEu5KA2*_&
zt+5E=v%R!GHIKUAI;0xD;*D{J!$qq0kBTCnCvodIc8Fy)n#GezWhWlXk?W2m9%HjO
zk$BoeV+h$j$=lKv&#q*?)V}19)L$JgmCVd9{6n;o&JWU2|3j!R4Ul>E<Hel~bU4Z=
zXYrZMj*DRhPARC%{lhf29y{GMoWs|{xDZ)}7fWvEV9UqFLIU<Yx6odIBgN1`^4k%b
zRvX1fEETHuW>4Z*5k)5@ExNmq&)OjA(R{{J;mE96$D8qCqCma*p6*mJ6l4}1oNL1g
zIAI_SOL9~ku<8SQIaeAW`tS?Ix{YIyV)JWF+1YR^e&4oVmo5fMnIyaCiO-IH;Ekbo
z8(dk6v5e<^eCBEcS;^2V+Npb|I8?Yq;nkWR*`v#~TQ3JNSo3^5m34ajJV3-qJW5Ex
z#c6yd^jnjrL^Cr&1J$qsM~#iMnpM=n;K;Xf;1zi}tfv5bsdpFTj|KzuyUDSX^`c}g
zcD0t_M2}9L(-FnPjSDAVZBc2EHY~@-{(1$~r@6Fy(+8;gK+b!+^Dc5*6;q{9CB&vV
z?aFozZobuxP{<6XuMl06r??^QK5iGn!7ZcOF$K1kxD7s>9TYF#)G0TZqnK~;A)I1P
z?Y`8R!^Xx9NjaV?<vOwwvZaDwb1L_`*LJU;>CEv&m(gi_CbjGKY^KVZZ~ma5plY%$
z(qw6Mc0uyk?*<R^aH-p$3F>g)B7C*CwlYJ$Jv|^TIE8qjdD%0$gt?Y>M82=dkIO{r
z(cU+s!F7ZSkUb1sn*;jKk-bAybbN{W;-h^0i+7)&8W(`BEG+0l!QsC;99&&%YJRW=
znjoSK=I7^!UOiUAKy5DCZVfEE1-H7XumZUSrz4-Ed2U!r5<f>;xgf`-I~l}CtH!vm
zh8o(Rh!;Q|&byT&#rio>pXM#=lc!W~KRt08qJ9ET{r+=rOz)Ezgx1=YYPW!7tTOTN
z_fK0vyA1ma1{VMis+XJJ{gGd8_NuOJO=@m^1@(@H^7XwV9zMbJJ-{F*-&27lf;@so
zZovrB;sBN2UEN;IwLW?^UG+n+21|YYj~+XhRvKk&PVSFZ%vx^*b4sJ%+SXg$pu*iB
z&kjHGKL9nay#{7{;7v-}rz>2Ebsz6pj@SIIY46tD9^oF3VL6dUzJ$V8?U=_MpohSX
zMsQ}<q@aTj1{ZTuXuR)*(j64Wd%rZd^SJW(pmn#)l1|CRhI^4nc(S9#vSRlz{K(=v
z;e~BjF>u{^&l7oYkN9w6_elEyS-R6xuj51RHkrt4!Ve=35blzHJP6?eox922>p&lo
z?iSo0pZmuUS~Hs~n;Be3{=C|Ve#BpTgd8R9JS;NaHeOw%>p~cWAD=xOfF3FQZiOG7
zX$@;vOyB|YabfOaG$TPaIsT)lXkhcbtW?WyqnUc)J1~8O(a-ue{VXkkJ%&<5KRK?x
z2@4NL0m^E;m?0DX$P*2I`PJA2_A{%ox3~ALg+=~-^Y?PbKr9h~50WI%sY^RZD2q_1
z*HH`VqmRLKohk2)-z8gv&n&v2*F{Ihr}yje!rqu8gL&OVXA^Vow+GSK?(97hjQrXd
zm|b1((laGthuf0}O5T&1v^VEFA@{kNEAIW6^pew)--*U^35E6+(H92K1%>zg9V+7~
znQDnHJh)k%R_&W$Lvuu|EJR^2ZThW}L-p_#!6gU;<QMAZIoPv7S~5<^S<j{}Xour@
zu?;?45axs)1uv%ifgg-amq&|b_|ZKSk|H@Hax%?o<*muRE^gqpz&bsX8baHT?Tzk7
z_h~$2@yltN$S=jzGF75XR*6JaR8%fAxLH^*HD+dd2L`@T@9+Y1S6^R$8HOmqz`>W8
zLljLqbkgau>(8BgdUh6*8k=bpN?qUW<4*{^^Vv8mGJ8$@5}3KV?e|6+$S(uk)68*=
z5((?U_1e0+wtnLlI8tBFy(1v-6u4xf100$&?YzFfv`yD501=!k$iiNVGoS+R>q-7y
z<U&;q<uYVWiG)o}$KR=?PVu6QC_qUORnA}#xP5;9?(2C|#I3ya?H6E2oHSAW`J_2$
zc0fIjTFO(KGrQh`TFO#a<abB#h@rr5vD;rXf13W?N#qgiUUdTCud_&h{`vb)FB{O<
z<ASh6LNDL_`?*l&fJhVIg$$oBf0hN%999PO#lOC0%=o*<zrV4~{{KaD&JrXf3fdac
z;SETeP=s&F<3F2n+Br*N6)kpE4R(8yR8__^n;PKARh0fU1AjaIyT`K$;r*K0()5s%
zITIf5TOsCk<;-!C9$h+S$ZRFdp0RS)JHNXDmp8Od=a6KokH_N;p(IYff|-z>kOQXT
zNj9BBl%?C>@gMx1qTkbCE?R-oU;g?vd3s561h*>9YBs*x@oouY%21(;{0KZOe1wJW
zSu)P+!FbDa%(@7Zt#F++K4Li1*zy&bmvs`icS>b9?i7dh64m^}h2`36I$^67j^mtf
zKn%J*t!UXWh7(yBM~fW!$HS~2KYAx}OkTapD=H{YZ^Ti-hbby6hxS`8Qh2<VRpAZi
zZOR#vSO?_e9{NXuf4WCy35Bxpy}$-NHC;B1F;eGzAyf-b-;EiyQBc5V{B3;Iw>ZSb
zrIZN4EvMr#4ysOpmk@}*1tNh?a9;GXpM6sneuJ~ON1`CLb^H$D1H<kYrOP}iiCs&b
zGki79Wq-)(YgzJ&4|@uGoFUx^%E}G9ni`Mxn{9*i)6SD7j3KsC-ATB^>E(AnDsa$W
zy)vg`@KVmsc304gMgn%<*;J2GP7At=i#aQ4*3X|mH3X06)d#;g?$8l1YlEe0Ig;4k
z7M7dEf(Q`P#Y}^|ei_9^ucTv$_qL#3&aM3N36*_+;7GG~a!j7UYeE)>7)V*V|I@+u
ze%y8-S%@NL>f^7AeP>`k`2M|Y#gdPoAYo>&oVC5t?tN@%x3b8S6#2k5Ne*pK=_O+n
zObog5nqVFqiYWJHfeBrv40hk;kumakVmg>od`!>{{FNXgHcuz<YsM=9Hzw#;ayFe~
z@-Xo=tbA`kZ~)xfGYjqRWiI6w1pzGRPm|@>_0#f2+rCq-&#uV2|N2B~@oKtv2V+zJ
zx?Uu!A<Bvv`nEfciH?L9=hYfSI3q(bQz8CaVE-4a+xnfWuMTSpTt<i}MuuPXRD<vC
z?n>!_vx<{*(Pj|Z&Tw*g<QF8h*P)<%wtdOa>;!-B)f^R{bMRJsC04WJ715X#wQGoO
z)si8L-do4bW@a-+AUTe#^=`!N1orrVQzNG9@3chiz3{Z@_~`LdkQd8Zn4kx+t5^T-
zYG99ta{Z(b<fb+1=@Ws$N}X<9DLij!4bT0x#l#2=_iMz?(LO+`S3Q5^Wr-VI4@`I$
z38h4Io^&S=xf2F-I(<<+d*T5kK6&ZDFD@lUeX$BU7Ebd|XO!=XbKf*AX@A0DQ_4il
zV_%F+%1p58>Og*a_+9_>Q2B}s3OU&eA}V9UmL4MbQDiX`7_3>upC0{;_RRiu4%R~4
zV$H?R#3r2{_V9-rHDm8B{$5K;j6z;dyzX?L$$j_NN39QP)HVy@fdex04K90D4IXDS
z{m|yEsg^pUS2WQ(5z&Z)?bTX|hd;C68sp_UJFr1Nj(Vu-T!(G=rqo_stCBJ6@`PM9
z66c+TzAY`L>lxgevOihH&)QmQ?@h}rKWcl$u?fc>TcPlAcQ-by52$Y7WnR0P{p#nB
zy788}@{AYcuyE*?xVUhu_@OmbOK|F@t^^Kqx^O_?H<@uy#>z~MH4dEChaLIjSif7f
zrbQ>b3?=PboAF>N_Y<?F&eeN0lBkWO+gEi?R0KdZ)oPl??3yRFc0H6_naJO*KiyDL
zCtXI#^^3ncYE@oeo{Tcj+92Rcngo<W(O;$T=d=s-Y}!nRPj_M>hF)BGTd|u`47&Mo
zkE{Hc+7ufQR73d|XP^*~&r0#5u84%2qaWLW9lg|6s%LSZZ@x7#ptYnW$i|H)I^yIZ
zU){Ut33^?$kk*mDJ>cj4Kp~;PvXmbDz&~1cH0eVo-4u=Q^>u`bhkOf_B4^ipy&Ykl
zK=mbaF`4uoE*ob?FG(*yf-xgu^F0@P>lwK*H+IMbnJ{=&w>gPie&hb=k^gJ09i+I3
z5wMVNtv<Yee<fjbeOHrxJckoFA}T>ey_y9bcr!j9(NnhrEq56~mO<x>gz`EIlG^V~
z3th>ON4>ni)nCn`=OIszL?KC2xkg^9C+-Zv5NU<$EH{Osc;88Y_M^kusI1t^Z;i>y
z(v^-i9@(ay!qauENtOuTDbmW=J+s|U1NTL!>F?}T6Y+05d9xX_XHZ^J8V9f-!gj#6
zK9VaPgWu$EuVsv`)r38sQ6a)03@mrFJy(c7n;zi6c8TD4-v=KnMzzG90+f$sJ~NDW
z7tt)sTf(=zLN}H?7~*C>ZWf8XPbX2Y9&!t@{7T^_rY4sUmhKrI4q0NclQn|86j4tA
zi}g8bEx9A{FrcrW{g(o^`OIMGu{z>yRp*<^?oDKmbSCfK@}(5cDBvsWkvg`5a&Y@g
z*~kr4(^(|+x&(z#m5?zuFE^By)5f6mA}I-XRi^N@N;aA|<dSC;IU>`|uh6Z)oBlQH
ziPP}si_S<?uDNT!7977#O&J!@uZ2|N9MiT^1C^OD3y%!djVZo<0Ld;XYUu<}v3aPI
z#RTW`e?4iC7eExlqZ*DxjVX`Ja9cdFWdyhtE6VTu?m+T(jCMMoP2dc88vIamSag?&
z9K5X0tc#{SkZC(64ZYjov^hzO_-@e<Ws;(LBcA6K7K?uzr$kF242{s>e2=O3Ic$vZ
zC0FtIP`W!i@=@~@oJfY@V6CRi4ktQx$Tcs1I%e7@AG4CVozTa1|7nk_Z=7*<Aw%zK
zS#H(_qOAFu?RU4_4_NHx$bK0w)TOCYRDgm8jdgaACkM#=_3pN}rv27=0JI}e@9t7%
zU)YaO5w7z1l%*AO>3&MV>atlUB6uxG?+#BdiYPj}#pz^=&^PSS-Av%nc)s%&i|6vu
z!=+8vVy|e|=a=sHQ;(5;5Am(b+Rh{$1aj@Aem6K6y6^2-6p>%1`OJ2yZ<0eAW=psH
zESFJHljgzRzZ9aA`cb|mgC1@-Ln<mJFW|#8&(>TYTX;wE^Q@Z!u78xwJ|sA*%erJI
zLcEzvA2bu!-|3*g9&j$nt)-aeu6JDQFR)ZrsS}<O5Kt^AHJQQJ^P=8(=aZV6=2BSV
z;(H?Fk>e}tQ0&C<9s9Ql09f`R0&Ou=J6Fa^B$VvQm2ri~iGGwhVjg0QQ)-59^(hI`
znBYFN*fN&3Xook9vU^vtJ!i;-?lXG0Ii36@uH|ng$mXsX>GZ~cI+s8w^yh<(2l&65
z4GIxf^Ej}Px9WWlMX=aNXl22##2BHt9E#f0*rsqNj7co{N=fyRjj9Ptrs0KAJqHoA
zMZLlSv*N5`nZt$hlA_VF#3X{%XI+`B)g4tM9)Z<SiO4YgQ(bW<tIHwU)d6yMnhrmZ
z9-`R<%V!yqB-B4lcsE@wJg@VbzN>CAvy67X;#xZ*zd5%tY6H(($e8ldiwLTfljsp$
z7rBw_WoDS6v54;0=BqhvE`xzAT6F8xe<*akP!Dp`esBq?G(CKOcNg;b$p%tFMfJew
z*?O(jwBSbIZH56!_q(-I$03Q@4TnE}Shu-5HfwDk#b+q9lV|m8x<>Rp8Pi+MnUT|?
zz3gOp*zsHLkK&0W8U-oQx^$A3-V=C%^*X+th#s$QjX4Nb#uk-fiB!Sc7&1;xsI2an
zzo*W^=bSC7o=^$pbwdV<_7Ez53Fb3iXfgNw(Sc1&93~0@uUUH1_kW1M#=$WRCKnrT
zN7$6y!|S)QREQxC`JLFJFGlCOzZen_6Jmd=EKnfe=qG4y&T1mD_Fg$Kk-6iW2i&ub
z?{&C7@RAthV%se`rXJX#e1>t~6YO$I#pkb;LPL4<_pnGDkkwMWmC;pt>nXy2*(=2n
z6S}@2n>sZ9S&@N87)>GOi46)Y$6fXHMUm5~^S|*F9Habe{M#$(fa&>hN1VJ!E*I%K
ze_Pa!jZYs=vU~G9KYdc--L9p2);=Zez<eTvk=FaRRmUQ<zW@$J`uMuWxTv*npk(68
zP>C`wjpbbs@ggnj^GYz`>cE1d^>lKe9$+FIMrwXr8fu?wIU&OT9una;c)EIayqiP)
zv@0$VwVFg*p1wOj>$Wbz8#CQnuA_!jg$I-l=%?87n~!Wm$qtfh5%vtNB(exnrMiP1
zgmbawmzwlL$&M1mGH)Ljg7gJ;FVUscoeJ7Wpk7=wM%OW3z12?D!sMomtrx1$p3`!p
zMJ0nfyGPQmwKiUsMl)`m%vs5YIDY!{1a^xN3(0XteX}}sUZn)QW>XqQyfs91b-U7$
zMBFISTu27cxIyG;oKJ0^GU*r#I*;4+42J#b-14)Y7<ol^9F`J86Suj|Q83aP4RR@y
zd(cJfv!LoN<z|R+!DONpdk;v5<cZN9?;zMmTyY$im+hwuw+;}&mP`j?=#u#IO5x=#
z+avMS{jgs^Ys)pC?^$8GzPLNuA)(oiEhM|;Tj3jG8kw}<i9*#5yNeHu8ZGd=9?$6b
zxG|6JS3;(V@gvg~ggZ~D+KKKaAPEgGpEP?mMO*l`(|NmxNCF3zhvt&HuR`=`<e2(y
zBXT7dxrj?D)V!E(2vR_wzILUfM(HOl%R3av*cFcoKY%%gox<Zo;y?_GN&Nb0YUzrh
zg9>ALxy2^oO$jDfT2oj@6;BGk3vy#EOGkRhK&O9zr2V0{Kmp0%JW`$C5wj^6<S))J
zsfjydcg;t=z64p=Gjn+32=dPL4ss|IwZH1J=vwT5dsmJXxg(5>s%HBZsI#>>l=S%_
z)(6Y2lmcDlSzX1ok&Ip~LI{SW!9|9~Hn%syVU8K)xE&&awV>_P#=Aiuvc;w+R@df{
z703U&x(d|mfmIYOt`5Q*-Mub!nrzSe)5ua@uj783n0DpEJt~pvASC^Iyx5~m_THH^
zR2)`*rH(;4x-B-*!TlPw(e4*(F{H<6=E`0Nr@`h!`)RMUj6hPvn1@SmG_)tuN6OvH
ziv-c8CBkizrk$l`fTSglu6y36@5){Y$J0)xBjc>Qw-(c3lJd%#VDVJCW6LxRlZ)C2
zb`Zj1?3Bm7$41MD4l0osNw?WiuV5f<G(4J9CW2sYz7QzEV?2~G#<&zG%<LVScyRt!
zu6;GB#njpq-Qzf%#?;buv<Mtrx=|Yt509nmwr=$%p{IQVMISv$E6wD(B>g<`C5I*F
z_9n;I3fa6x=}PdQ)SD3+49sWOeNi^t+K3>B?(W(MYw#NpZ8Fb&D#B5Fq0*Box_uc>
zfz0bZ=<Sr<fgByql@4VyI=0`Rc7w0pWUtF$#a>%{#3O~JR^NZ(jq?eJrtGsJ+oCva
zpFe;AcI^3rp5aW1Pil|)Wiki6@O^x%<lAu*HCAmCk{ry#V9>*|*Ht^LH3T1<ZPT+A
zWemyp^U?iY^a>%?=e?;?s+&>XE)%u7G~_%fF_`>AIECO+=g}fr7z6hio7?%5ri+!v
zs|gl8vG?QGA-<tlBF=D{3+g4sP0<_=l~@itG^Rso(dU#?(R$)iaFa5RD73K@Bv8zP
zqqX^#?+L!+XHnH}U3X=@r;Cv+7h-y05%Md8^&!hBSiYa`#xt+FU|6rO_AZcJ>f-H@
z^&<8BPffv-m<7`I*0<Kyz<Di&{z}7*_2Nu7l;PZ)v6zJ341ui;#`@v3(q3>|dOy;o
zxjAkG5fu^Ev#~CKmj%&3{&e#GH7o7MzL5kjTf~aj0?>b{=+Mho*OoLifhNl`BWG56
zF5k+%{rYh5n(nz!8r}Sqk6I!$Njj~jxP)7@xW8TQg)}*BebG@4Oi4*8rDtG3RZ$tj
ztsHb>wr3+KMs3$|8(qz-USqW%m+8uFaCE07*NQSA6>;E=pBm{_f8zxo$E+3JDT%q(
zyJAl!-x5N}QE+HWO#>zmdB$+(aJnykWp~`2{%|I^FStHbKJWCpgGxuSSrUHB@bsK`
zx(0>?4z}%9J8BJ+RV1A6Ieo*3A@sR1ng}W>7`eg17hf*m#p8QA>}M8bVs<3eQbxG&
zc<OaGCVWR82dXn2T+15sCpziozq<Z|cP<LAK!op~#ff!wYD5_{3v~)V47awY=N!HL
zz-#Y(LU;Edxzr7NsN^2%HmlFY5eY4MS4avq$%e7|u71oi*<7t?#dJ-VuW-99_<&kw
zDzPL9T%H_L<|>~e#38QrhK<$P@4QB_BKZ>QOM2vcjBRLW7~{^52pFOUGv(CEvr7=o
zbsA6)Z3LB~s)=2xu!w~(<z`fBIQcEcszk*cmaCGQVkp&|slizgyizXG`*8k%v`p6@
z6;iysys+byTfvxA55jW(mbOzLT8Aw;O6D}dFpWynm&J96)hZjIv+DuGg#p;B+~g06
z4hjTlf6+5B$*<1z<W!eAE1?kRZ5lUUzxts$&alMla+q}87P#WIRDJMv;|!f+?%YtL
z2i}~#uBc;}(~4$L@3IRKzadtf^=yb&_rS(MhQI;I9f4f;_%qTkiU~o24~-6-d^3^x
zooOy!*Z?Da64nGygBb@+WO|?xTOUt3EwY;3d_~N#hT0|NsiDAOeFRgK@Tamf?wFm$
zH$iG#tG}`fdoK>-Ye^v@wMM&viabV>2P@e=f*J5r`lop-p^;KSvGq-qv~d1~n+B^_
z4##r@!Jof|*tl6PXv%=t$P7lLTyMVCrK)qek>y;0L|pTgJ_FklU2{U+_m@J{eu7Ry
z?HZaTV9GecsA-ty!Qp&}w*)?e>JmDyh7MAqTfL{z7rf59eyreP>8MA{4^TIqY$hLT
zm1A*)_y%GI+rD*);!ulHGfJEvZU84{hUkyZ<Ma4F@LA6L52p1v`uL#Zlmx95;%_M^
z-XEI<7@L`_#bPdr*W^n&>tjZqXuvOtpB)d8`gO+yhOkuA4c3Dx(tX0(J98;Z%YFaa
z%g7^a>+?eZD(Dev`vx;zI8E&@`e_FYqJ)`6bUAQQy_Oco0pOhPsK+Imtpu$eEl76X
z8x|$bP#ezVbg291$Mi)v5mEAU!hw7yN%3F7uy7kt?rE+w>qbN$OpRt<ZhRy{JSPX^
z)*j8|?S%9=3Q-8;iLPE4T{(BCzLAa4R{s`ND@<&Rept8MGL4@cv^p;~kUkCa8d`9X
zH?jPv8LFSore3r6HRC&g-~Pd9asR<+HAmEaKivjdY)_c++|?emJ^Z?#Zg%2Vm7$2-
zSYe}M9)R4;+&i$%b&8ZQxNWEleLbXDrlbXW>U%@nUs#~1rU+(QYweiKba4L#5N=Ap
zjzmH?&wDLulG&#fkyp)8t}h?yllWHDB!)ANJ9W5H!pUHh9Bpq2mzHJGSypZrij7_V
z%t$r8^M2J@d+Fp^jgA}#6~&MBL;7<H9@6~7c%tz*0!qsn>!)Om&)oRT{{<*xk^hA)
zGknZBjp~2aka5G9I}$$O9%}b8qu5e(#~W>}%2^`D$!~-4`7xHaf$|_uhXSLHsP?bj
z;XH?zJ_ksGSJwN+LcxP#o`wPsH$%5{^bXmrEPbuuw4+N&YtQ^^)##K)q?5^c1Uef_
zM(*(pzCFGSxwQ73F<OVyE(dFEAzVpYw%m%u$_%WShuHE>nG(*VlOHH<^4CV=SFd>d
zcAv_n@<nCRf(^%yv3rZTOw=}33La^Xh5e=^l&9udI!m76mYJWus{~^zsHp}bpwbxm
zjHCY>Zy$O7_ex)dS!~KU<{YK@hH%TyOz`XEXL{DV_<@d#ae=3|gKdO@!ri$bzd)87
zjJNLA%!bi6kWVaLt7G!Q61BGJMm;I-jkB}$d-i$hSW3%G#?`(p@8>*6jvD4(qWHnH
z#h!ztCng@X^;LUZ72n`!vwM54kyJt^EubzE2S%hMr$S#shVk|)igMf|tAuVC47n@6
z|CK3e$2fyGlTeWPvj8hB#K)fJW#b4BGyVI(;c@&rwZ83bM{ShnZS92?deXW72rT11
z=8ua27*5ik9rD*P@cw^+<XAe0{|k;6i~s9$7!mq6;)pzA^3VMIaZCKUygC#A|IPi&
znN#rlcx$GX`ug|hJhGsshG1f1qL?yn>L2G$h$?5?o~4z7mJ-uH&ru5+tzKw*c<=(1
z*Z~TGQ)NS9PEO84hVD!8e>t9df4h+W)hbDp2}x&mcDDShxR-x~x;^{f|NU1Ot6_kk
z{&|DC?~h-p3m16)UyT5*{aG2Iv?4tf|8Dwxy2nvmJc!danRM&@-%novE9l?t2*#Cb
zYiNW;Mxw26ZD|G6*IUs2T{csIhwQ&viRxjOH6iKuy4-I+S%Vyu#SNJJhsV|@)LmsZ
z5RfqR$8uz+%M1{PQg{O@Dk@9||I^ds8Rarcya2wwva&L%jDdz$b!y5C{WGoxA@;ae
z|MW4-6quf>nVFgCRzKm%5*@236Zz}w>zOK|XV0FwYX0d**BRg*`sW4ed<~<-nBJ)p
zol1JvjEsyV6?1dC!^LJRs$~9%a==fx@<8(&Y_Iw66E$8`F2i;ck66jgMjpH+064!n
zY$V^k6MEe*+x(|1mK=TmO=OyH;##BlM%6c^5ji+Uza*#rdFCVOhyONf<0g?NYOf<5
zVcfrWZx#N39}}|)<KBi3phd*ysEn>jmDRK&ZutHgK-N%ZP2J@`;so|A;e@i<&$||0
zw%7C$77j80$mL^5;ed9!vWjZe%|*Ns<C(bk-Q$~#dd7dRA=`J_@w){djB|1+`56%E
zdH-vzke5__qsAk|pY7e)EHP;*c1KrMRP;|tA<N3mrJ|x*(+WG=+}QZL${Kjs<Fv4*
zf)t<dY7mpVictRrB(P-ZdmBSCI_|jG;tC53uyAn$L_;uErpt|%K7?R`Bn%BHEv>8;
zIBoU*eVS|#tXnXusi`$iDf~HTkYDn}-Fejmib1c{ms~QMq8q5)+4|j_d8ye;?eA*s
zjwzr2{I>yMw)m*n<C_0*!x}TzzW5{k-@+UMG}+OAxks7)E_PtzGdL)XX88Z@b9F@h
zJFmd^w<CMiFTs%}D^lXJ2;fB~$Ylb~)9$!sPr2`2kyxqG=U+AVTQ!1hMqVMesszv9
zx*W2JILrOVuVO}q7w$T25BUu6#)Uk1RUF&ulL*bEf!S7g)t!F+A{oH1MlT@_+<q!H
z-w^#grrv$&d_vgveLF2bJ1hNbq^*w(zuM%O#AwBO{&)X2w&F(%5P^)_aQrQlvMXny
zn}fcNU%#yP!3^(=JABCGnxdoP!;d!(Wn?1zyH6{hsk@b95stoA&|%q<b0(vW?LW!!
zD>#U~IBZeZfIV@F-k3?IWSdcO|H1s4@1@SHy6bM|qr4`!9LqlnWn|_{`93)@lw8!u
zN07p~?CiUJDG5u7R8KNoJ`pG}LhvMe8e1pQPure!i5Ms12rcSeEji#=szfUsA~fvs
zC%c<udEVJk;ZREc5u+@Mgrq^@Ta}fUu-D!w@r{L&<t|8F$>VYGBkYT$hBG@z2_t#U
zH+$4DbVxG(P27r5ouGMMt;?$4R3~e+p5*^2VdpBKj9t3j+)A52Ygbp-kNzqPD+M*R
z5OpPrsiPhDPtx(sFZucB?(cW<-%JfbqCui^a^QOka-U)qsGqj&Vqs5RKs`^IGpKL~
zf7Q<P)iQsl(Mc-X$<@#_kGEOVwQ$cJcc-pqvUO&1fRS|Bl`<T=bTdqi<g0^&106lR
z1Exd!f!Fn^2_8OveMr^72$kfQlyB<~m)1@%7}1D{cMk1}5oBSNX2U|NS~XpR$=pDx
zH`7`*rMlt{5mBHN`ZC2RZ!dFkCuD9kCSj=w_Dx4M0<$)I#T9i;>ocOKrzhXxd`nbP
z5((@VZ2;t?P_5+06@5+E_N+6#(Ts+#oGSsC4BQch3)$~e{mfe?76>YPv>*_c6EyiJ
zO5o2H8H?#TE!L_nv*<*OB<CQ}^F86+97+rr7?6QY=Vn$^;3RX~iKNU3$@gbR5XK}Y
zTM3U@Yqod;#aEjxTWb-ouRVwaEweb)`-0K;9J=r81r54R6G8!JZECciraRISG4>vN
ztR!UR`$awxep*0lV(h1*$OiCHWD|IbE4vNm3>TM5|8|m_2#Sx7zkRkrSi>av^Lc~g
z2Fl!4YZ#F1^5RrK@Ky^-O+!P;$yBW*&Ydpc0RQY6Ci;wRx^K8ru3UX<HAa)i>e||w
zy3Gs@zZ>G(`Hs>cg<oB<(EYlRm5?xcQ~Q^gm=z2?Z%^AT6{F)8>)X|qO}bK>wp;(5
zx|mzzMZDYLP;9E>Lw-BIJyOAam~WvP)ee1)l#~6fcAY)k#>U3s%T<kRX<}&8nWmyI
zh`+|J^IKmmtJ9|Q{v!V8?g)a}qq`GE#$N7NPH!U}tvPkyBzB4|Hgvg8egy%nTEZqJ
zua&#&p2kroK(e7{rVSMp>@cjqrdn4mpy}O!OJ+_Ohe5~FtLtk{lFx6xM?^#%Y=J+=
zBm-Kqjjd944uu4YOB-pYQh77?MNvCKsF9=m!SJPT3uRvtWQmwC`jK6T!t5)9eQN^+
z$VM9Cm%7ZJ>=k4@9e;bB%JSCtdWuS0@MpQO@$n1N=4%^b4o^G`P`IO?(@2U(ljX*T
z{h8*%8FLu;!`ks=vR`+1#MZ*nr(rKxP0Z0S4nF?(oW<rZK!FR2(}M&dAHI&x&g7`@
z2QF50sNTJj18u3t(sms2gN6d)SClly-MXqOJVBv7u$r##PX1JV^@@YT@sD@!Wo2D3
zJ!<j`3Y`5szr{7RmEg6_zKS$quFYvc$$r({JJkOMX$8NRgBDlH4VTSo6OFXkyR`^U
z3;xdLjgz9myGCN@8@+3U!-Ueik<jSqT3W3%T1_&)t7C%{9$&Jpq15Wmx_Mk$x#>n5
z2$;Outs5Cy2RN9)$rc_VU(&DFzQ)I!L2Yl$<+L0QW;vVAS0kot?Ml7gpQZ3Rk+3u!
zYia#az(DBD>ss4a>H!B1@88#jefx$7tECnFE2PaEFc}*>e}G#<h(LdHlNXQkHWr3N
zAeHmugCr%g-BL>wGDphJv#UH`r~D`CzA`dZ&4*Mnl@6N&K%E0062LAhe<v&(^`1m8
zckl{R$Q^`AFi<=7E%L2^+oAT_DKTen1+!j5;6kI@+!0V|x@O~Wp>j@l*nvVs`fPrt
zGN%L^FmBRiJ=#5i{UT(@sMp~B^MoW}qv8(LG!dwg&1QpTg3f}(%rdWC84`R5>5d>w
z=2Qa37c?Nb+bF&6!0kUCZNT$3BO251S}7FNpexD~wN#Aa{QAfu!GswNXoaBdR&G={
zwFv7pExRgX#!4Ha{Db+o`j1<_ZQn2&-3}@?3uA-Z#?)IJs1_0RIiset;CN<bxQ%9&
zljXXJhieRyB`E~VYoHX#j@i5wl@(aT9$1PoF*VJ&xJT-(pWd0PmFkv51w2jz7bcr>
zVDs|wiJnfx`w{aLa`r@mVZtq^C~-_$rdvPNPE^uauq!yGZH1Y)y293??gQ<4Yski?
zSaf-o>d0y!QCIGB!}TR;J$!q;M$u!B!$}W=+pA-_at2E+K0J8%7riZm4>e2Qh97!`
zbWCbSE~fXQ1zxpnlw<6>6%9i`KIS)W8RU{j)T33nFle(EjO$QqeiA5c>zWEqKIp6Y
z@Zm$nLGQ}_&1LugOyyvWz<Dp9FuI_dX;O>Fk=1=!MGjm5%*<$J2L79hu<uj;y$@%}
z*z@y3{{C7NGe<=JWClG>BodiUsTNHjA#1QAQoY}ir2mf5JdHrjx4Nwj*Y!6Bo9f-J
zTbH>k-S;&;=MiV7{A9e2(>E&C+&Qb}B(sASqJx)@SDDevN3AmykLpWzpW(G=ZE<bw
z4n+qS+zlQh*nRvjHXSb$*6^au&PVH*U_4NlSd+`=wzmPMO9stavu-U+`=nY32w&VG
z)uq@E(cF+Zn>qMFJD*dk&dfofDxbYc)%RB8yxTZEj-o!PoZn{@OLXfai?tA9Vji}2
zqEBy4xV|O|+Y=6@SLSdGZpZD;YxbNTXw~k+#Un93<k2Q=0J;F>sOjD{6K()uZB;yC
zd2i3k^|c=wNNC^?Z+<5}!Qkaf{&L4|lt_^95XH2UlM}1WE}r#b6EP`w5#-HTKxe=c
zr$zg%wKcT^IJeJCaHd;Q&g9>;J|kVAlX6Y>nm8_2J&HRW|Ak{S7|LxANCuL*VWcdY
z7T%FWLgOTKOTZm=ai>?Ah(92J)plR~X~G_#yi>%KRTD+3pcO%l^^9TZ%4DgYUFma=
zg<8vr4+H7k0F5SzUGH-H<g|rlnPWpDhnadnOe8r!VgMpW*QRVTt5XkJvgev+Y^Z@Q
z6fv2v`DQm=Hl5UVkc{Mq&#kY?**%V~-|6!u^10e%$DBE2NZ;md5~mfb*(Ia%?K!R$
z4o;FY+TyHv$<dYA@zwLSB6?+2)o?%~YmLSH($C!y4aOu5&cD2I!3ApBMNR46D;c2#
z)z$5}{$IqsS6owD+wScW1q($)1wvC%5a}e8P_3ZSR9p(ugwP_L&_Y!~ij;_G0-=c@
zh$7uU=siFRB}xmu1Ti2b^aR+`wVwCg?|1Z_?ETw^z?{is%u()f-~a0x!i<5hZ6G~8
zZV|PL(s)n9%J<x&)uH41fqQx>rpPtFc%JU7j*A>4@}Jrz`Y&3RZ|_4DC?*5)m&CH=
zYa!%hbiAWY4N63vSKXtkPc~$EFIY&$K?!%rN6Yj&N<8b_UX*OdtM=7-GwCEWI%>r!
z69@pp$mV(X+TEc~u7ry~2x|fbGBSC_(Xco0X+PJ2;f?im>yZVXBY9_6Qnd&>hrxNK
zEml-I#K<CCzsOWbkFu7UkfIGgxf8nnH*EMQC^G)+?8dAQ7q8Hhou|)6F}Sq)l^Ve?
z*PRh_Dj{OABrK25Se;SXxu)ka5HN=PqWofeXWiVjR^?(BfE~M!3ZF1Ab@=)EoWCCM
zsUNHdc6OrM&#@RaOSLf6)!gEOaW+ynPjSaCv)ih6dq905fd`8S5D*~OtF@2yyth4h
zVghxNTA3Oa)t;NtUMRxa{4SHcsA;UczrWLN`#L?{jp)omj2~5DwEEji<jyt2ZZ(93
zk~csJ#v<zWYoG4r$>-DD`A?sQQ{g3wUb|Qt=Xg|ZGbrSntU#Q}EUk7tDbI6tpFNEf
zs#0W#AfBneR0j`+0rPcfR`B{lZ`D_%8*p@-->(M@)32(mAaCW}+&Z<7Je#2&l5`H|
z{Tb!XmC!^{-T1$DSwkX!$DNUHJw)Bh@>}u<-yGDH2xs%_CjiGsJF>fdUd4%rK8+x#
zY{WIx?p5pLtpqmOjU-BvHm1xZw9oW5&XG&<=qeayzFxgO>vaRPh+Cb&vq38`%S%B%
zf(`a$n^$>df7KfB+uiZQ?H}Ug97YZnXVE#)(hJUOLe6Qk%m%YZdvoOYA#grTL^HDm
z$&o~*zW#koo7r9lJAmNe<XS9=T3NI_dP!DZnJXP!g<zclR;ZY@iU%`uqb+|UUMHw?
z6*wBA2jMPvf@L@1368&8+1?J$dG;{af;D%hn-}4nkzBU~a*mhNv^CI~ikO?^ZQ{5<
zoX#K%J4s9Ofy7fJcm_IU1GvXBCLx(#&{`r%LJ{4mr49+msL5kfYOdvz_^e)9I5%sB
z7IH0lXw9nzo|r;iG7STwzQTJXiBQmJtsy~W8`iW^YZ=&`zI;-AWV@v?BTE{)zn#@k
zhO&p$<;*v7oLLHiLPNG(4w>FD7pKKcBMIM;3y}db+bxrFrvL0SV-nA{qz_PMyeQpi
z(?M>9WNNj$>-*r2WJzFa2yFF}cUc=#hUE#)-PqWapDw{XXIybwWE2l$facO*eeT@P
zl_6)fzIOvE5dZ5WCEd0=u*fKDYI+`|mQH3iovti}0`Y=K!JLxgs>1?}#-`@RKbu_#
zO{$(YHq@0jbipcPd!M)Wb-j}XqOYUV1X{;+8^OLyA9@KvDwj*0QQaj(tD03umt<*E
zH^@sUpJe9Ig!9;bUdS7G;R!54R~KP5E8NRIHd6L+<?#~DYq>wvD28-%;>Y=rfF}14
z=RrR<IX=xCQGY_Q*wAP8k+^sqsxlwO_;x-mdE49ORsWk(QimJJ*W~kG*u;1rzxPK4
zPa}K6#PvK1RsG;y<)e>PDqWmb=`UI!X1c5dX_7Z7hJx<sB0*Ry{D|7^K3yFWBV0T<
zees%$FLOA9b(#E>AS7iqZle=CTyI!q1Bn+)ITmq`z`M{g$;CUkM-iPqE=a2M^A}Fq
z{aRpP8_}+!r_NO;ScG9#fD?XOpX19qV2<;RU7Sw$*ja<;B{Yx1#HXgg18ZbST!T*#
z=UL6=g6Ek!LFT4WgrBCmdmUqkKA^7cPJYBJte|YTSh(r0C83-=AQ#EIoy~`jFL)QJ
z+U1rl6&z$&&a1Bw-v#t~dY%cZXDjRtz}4Nx-Mv^hQHFP(ey%H+zR`yQhoWeiwCKgn
z?YTO4-)d<$t=}w@6Bi~+-x7{sS17s@!lVut9}ipc03^qB4xgS&$m8sO;0#{9-KwDp
z1GK6?Nk~h=?!wk!FYNBGQa5pFw1UO35Ok^0eRHg4Y4DcAHQQKqZc%2MxR7UjZvMxi
z#m*<DL2e5uTBZB-O^;E~oV&bBrrz@MvgjRReHir>;Ys&;NdNrXb`>IWWHnHw4I&tl
z{&TA|r{A0&0(rL`5iq-YF_;Tx*y!}&;oG!?N0HO?iRyMX@XFC9?dJNfAY!JTPzd~B
zfDysmX>RWM4`nZ)8>NU%W0no<`dVWF+Dxo8K}0=803Et96QNhD-Sf>s4#BlMWEyV2
zRPSB=&2?a^ZG4{sBD0ewtg94BR~@HXkKQu5jpO1Ndrlu+vb)YD=|b?I!E$gcz2Dyp
zX!sWJ0V#+k?#wENc`R|So^8=e@vK|Vt7ER4?r&MUhB2Qs`HC0Uvbk6>ZGv>d+<4g9
z^?wu~diz7Bpn#C(>J<f<@YjJ)rbeZ7&o>f2gl)%V*~Ko|2OpUK@kKgFq%@O#ZW=|t
zg0P2B*(DkQ6aVI&ejW+DsuRXG7f~MkZj~o<9TuJR#S}>YEdjZKg~lV+HeZxJs6*sV
z=>%_-^nMB535iwI+aJLO)k-m~r{Yk$>=U-3KM0^c+Z6A3PSWbFcUQ3>V*GoDU@cOr
z4lPg7<(Tm>zhqPz+?u}?f)>ILyU3*liRvu8vXKHiks6<KaE**V$@!8h^=w`tid#Hp
zb1ZnEh=Z{`D`-3DlX@^J=^0s=7=QWW_DqTYB1mNYw#)sxb-GBxtoQze<ZsHimCEeN
zzm_-9kcD{prq&KCwqSjgC+yfBas?R4Zld+zDb2m6IW?0D?{W;hG;#WZ(;{V0%*Dse
z_h$H+=w6~x>J=%IlqbcG`DtqMGH~doTFx8zPOrek25Xh5XiU=uC74L2$Q;97Geh62
zi#N&N-q{OY8akkaZcF1+*9MNtau1zsMh3&44eW<Z4L_$pTC%AFRmzy%vZ`nI1m=}4
z+$c*1j?o>2h(Wdom!LY8(v`B3ro!6o-VlKdjJDcGC~OGvST}>RK2_i7zYeJut3vhM
z&DU%Gv|Pnd0H^ds*wuNC<J~uM4E-%b`s>na_SbQAWgY|Z8YD;S?fgcVa86N1&<g#W
z=aC;eZ9FGTRSX$Q`!~e*+;(JGayiLEsN}e(N;_A0#|GcNdN+6Mt_AH`WbNfvr$-<9
z4fAJlmUU0xg|0rEmk3OM-)m~xsf^vu<sbkyK(vXQ8{m4Ow_&`Jr5RVQbSa~S9}G6w
zj_XgScxgyR&Lc`kfhBk-#VI=Uce1G-yx-hON8>BC9TH|Ct<e2kCPxaZslF>e8vq)l
zn4Keeva`2;=VGS(>GfSP6BF;x((->wu1FCDZ9_aZ2by0*D}Fd-YLE{`BYj#gO;tR2
z6djnJe9^@8u*cC7X)jVa$p9{tZS>h#dOCpqP&aJh$WCem=Ui~l-TiN6qTfE2k}~48
z@(=?rp%H=3-FR7I@^Nu)yueBELI1^LrJSA-1>gY4UJ0{NeNc2OaNwn0Ej!zlVor~p
zTngWOQOD@yI4=>4WRe?(C3MHU_kfZ7)KnCzXUzDUeqc?af&CJCV#Qldg3Zp?D-B4&
z$Xma%-6be4=G+aLd9H_se5y<nfc0;8hwtR<QnboynFiogy(c7ATa7_T?Q>M%?v7r#
zW1EEP-0xG9SD&G9%Um&lz|^xIt_SW*MSWa${7d$sTqRY>K#+$S&gyNzCV$w&@#?V$
z!g11S+A+ue$%FLXo0)N-5y<W{Wvr<m*sjp}Mx48;^JRfQfxTS2O7=D}q>8(2QgW`A
z{`8o{kkg$O&ks;o>Q!ytkeS+xu+)KE$cdxH80`c{P7t(RdNQsv#rDT@DQ-kXU*RNd
ziJXe05Lu5^&>0m%k^Do6r6ZN560R?BYSM3hPw#$(Yovxq!1(AB;i*DPi4W=%_o1va
z06y2&oV=~p;Nvsd@=U?gi^e0SGDzpz0I+v6*bw#BCIk)lEt63C#JFPalEc+=s^P~M
zZ>8qbrEZl2&-T;;zDgTmdaY=^TgQh>TXxCcLWS?@+eYZ0H@?B;;kpsW+9bMpJ)-)-
z4nd3SI$29~u4WjGp7-nVDRlA)5OGacKVHZVC25@P*`((6;eA?Pdg(%L*f}G+E3j0S
zy5xoq0SeHRIXF4&ph<%?<brT1DNRS+Sc{aY^TnbeI_jbsq-XBzniJ3_zg@qcE;ZV;
zpQv~9<-21LhGeQg==#i1hW--YXnpr#lfu1aedz|0Jdgtu`zhR;Z1+}$`j&)MrGjP^
z8`#msskLjNfgFt%kD8^A1WLx!Fz#gk+~=eT-3={*hE%+dgof99o!@1l$d;B^PA6K}
z@QYHTCHPEC63(cZJ;a>r_FQW^f{+5gs)kqd6U-?c9VO$kva*GxB+ZlhR$A?=O)(K_
z9rr85GP=w?J_Te1rfVVE{qp;Et8N+2U%oWZX?oG);>eAZZGN87hVHzoLFcfoX1>Uw
zTb5F<@=Hla9Q7f^Huz?JNTosIEI}EKPwuT+hoIF9ZJh%yWxie<EFHymMRM8Kcc8TN
z?C=ay^-3ctf{X8fae^Z~cN>s7Iy1SFzCM4RfP5MFg4ro8VQHpu$t5}i_h>1z|1ABl
z=K;OjgFF(UQ`6$<C`FF5wPuDb*gOU5-|Urlm_>@AdDf$Swsden5?sS3c>QlnfA8DM
zdpp41B+Wdn*}yAokC`>ZaaJNjSoLWxw1ia72pn*$l-Q@CmIL-T$FVpOc>bKVFX(#&
z={7$zPC4TUbGc$|`j7SxDE$OC#VBCCj+3Aj44Ine8?|^<An%@$sDc(g8Zz7E=!#XT
zib|?n;Haf!_o~4AZWLNiJDY7Qf0Ho2Y{OJO=Gz>3bkM12V9Q4rCy{0Dek{RS_w=t6
zIK*?iqk)4X05~jQc5mZEf84+wl5Ll(DJVBS-s#mrdxU0<v60HyTOx#qx3=Ft)2X?(
zp7i&fme{D1#p_$QDv1|BV?x$lv(WbSlI-gsCN$ZRh#toD;dK?uP1{wD#NwYLzp|<n
z8`)BM;*_h!8NwPFR*41CtIPYTJ^~GoGb7&*+PmSO78wFLMBT*|+uC-2SfnfmPQj+y
zg@-sZb0K(_qK5F1YuN3#MCCR=ffQ2fA$h{a#9J_&pv3xSe2?#hD(l5I)BT3h?vXt0
z)VXOGS$#tyuS`@YXhzcXfB?1!60?0srIOEf!T^S%D-rE{gRDlbn_+qjjKXibI5F!?
zL!L{pF6{p0;YzsR@R*zadDc&dB~SG8aZI)VJ3ppkb`!)8GlHjPjxt1+IggNaZN7kY
zI0mwz<_7hsF6B&NjrLu_^Q4M}>9r$5bw-kJ#ABE*Zt>>FcC9<<q}NU^gpYV?EZOd@
zR<9ck{tjhrd^0`cWmA9Yb-}B^5ue3k0g&Vqd_4zi)3tEmKGg)+43^;$S?!7+3PioX
zaA*C#W#A8nzGce(@>U-81HV$g5_HJXelIrU!FQb7<#N7deO?wuAY-91q^}l#Tk%!s
zYttC!?xT>$FM6BYxO8t)Fg`#;jj|i5Os$V3_~JNFS0PWK06@h&huCA+YP+5+--kvi
z(&&qo<7IzE8{3Hqby7q;;~(dx>IJR21e-;wcc+A><!vc5En8=UnrC~`d`Qc$UisA8
z)t4tmGK@LWX(-wo^-KQ0N8ke(_0T}kx1QgFd_k~O>6?*KUJYTkLpPR3YeI*&+P?$U
zVBUN?QsobEjT298rwkk&od#zXoXLEnxUZH*b5J`oyP4EvV678aQO<ZX_2CTBoews2
z`(+Xq`$8F}PwS3E)hd1E3OG}LpcT)&?IK5YaXM7q;=xSiR5r~FwC@E3wQN1skm+J9
zcX+FdP{ZEv7k}v)?V%xyjimIfH2BumDT)2}G9&}7z-z4;ST2FQxe4n#bION!!(HU^
z%@IMLfEi8<?dSy}nA4A5Mu2+F=~pL!`U&&5LU?@O`^nf=&v2$|jeFqTxz1zES1XMj
zT3d?j4RyK!U7n^GSk`poXMCZPNiI;>8RQUQw9o%b0R43NJxd=%c<FY|A@}wwfO4V<
zP_MGG#a5a;*5e%QVf)xn^jnZ?9sFu-61GzMRH85elL0=6Xj^sM7%stMGN?zUzn#sI
zKWdx%TX_36_ziy;xhV#=aZ`7Lf~g1JmFX9Y?Gg-t-s`#0_?96Y`)jEI-+P7B)m71c
zGUp@wm-19{-ihMWZF?l)r-K3<^g8mYP3C&;_RpEsuSG>ozz|xH+&M0&P@*r*Q`B#7
z@4y?x>3mir?+{Q0v}4ZNZ)GSp0!2NI<kg>s%=)7qwnbpiGbFGdy_%_+E(J2P)I_Z@
zu~?bIq7PGaCv&@>ygHu$6}d?99vb4K9@7|68(1^Kl=>EU=0K|gd#{N+`{vMjG9I$~
z>7&2>14RUsTH^fl`OV{k!_}pGA-&?oqheKG#jdBbxO04wIu!S&vtZ8GP^DKHN&QBu
zcg(yxPmZ@Au{n9_lmpq)28GbJ9V0+6^>Knj7&=tytnK4@p=ZX~&o!JW>H60L+E!;#
zTjxR^r->gPcuDmB)+tnz2w`uBNz)bcy~!&h4MGLP`tAoO3Rx8eW*{?YkC&6BPlKZk
zqTal`nRHzs9Z8sfbV8xqbNzFBjJby?s5`#i^XZuGQKNvBU+t$vO`q-s`pGs7*GKxS
z6dd#&PqMRJcw{{{y7WF<ybK|oD52$%$UuS0+zfS_D0_`*nT8>uUsov82WegPF}-f;
zxVeQP@K@<J_h!sC^j_D3UdS=K-y?W6l(v~Mw}j^RAosN@7YMTe(d?fCU04vw>>2zx
z-sUS;d-QMHN6w*VH@wH&;*9mu9f+%IeWF#NE^oAYDcXA_OPYQ&)pEAD!j+@QyrCx(
z=d+r#>=Vf$x9z@e*9m;Rp09+q&RgYRxo}C)%qu+-<Qbm;%bBF#x$ETA#`Hwy9NmFt
z)e?WhDOZJRqx9o2*&)%{SH+lqolaoS#7=A2nfSYiRz7g%^^}FB2H2<E8o3=~LPg6+
zr?8^*%8WJ}9acg}k<x-jYTY3>Aor1Hr(?(NGhxjUm-&8=Km!}+#J<zdqw!$nV_U)d
zYpB5WZ;w{6y@rZ=;_76+BTKIk`BPU@P@0k0)xeY6z;=1cc7Ha@{qs@!<EiHuMZR3*
zf~XaIW^YYe4<`+(H6#AC8%wxY3)@Pw-Ota6!Xv|2Y2$+t!N~2<;AK1OJ%_HT)iBq*
z>CU6H=ld2Ez5NMR;5J`)iL{Aa1abB@r|DaBg?z)?w{c0`q#<_1Qh4{+kZ;(j{|sR6
z<(s1+D}LYb;&6Efx#0Yqc*kqtxB=Ac?CJgqc%qM4WnL8D<Qin=F&5=G(BH3`=*$W-
zv2?Bvj%&`j+FD&IYQnHcoC_IW%UIs&2lt^Jk^T7}yCa+K8xyDZnq1p(Pj)|EWBVa4
zqcbUl<sP@%nu|Q@OQAKpz2Dr4Uk3>;@mh<W`;m(a_<CbnGh%coQGS~zJ#k>mxUy|}
z&E13`xGF$dlFM=*zdtH!9$sXN@UlvPKCIfA%3-Qmt2a*{O?YgIwanunuDdnlIj$n8
zj$T3C^)7Sp`?|E$btyl3)jU2#f%;8e!Xp~p-_6vby_v;TD4?$US#yMyE$}Kh<3ynn
zVPCkzhhN(xl!A$078<LAcTA1Fe;Ik#;cYTY<Yje+%kjA7nZC9-wd(p$B|Twt73qZM
z1Wix()*Xl{a%dmh57>||Ed=vs?zZ>iJAE?NXZ;1f8b*r{6AMBn*-&nwo^D-GtIzWL
zrbL)#JV6<gYW5QUqKMEws9vbj?StRGryKg~!u>bNZV$jqN*70JpI0$T=@U+xZ!tSQ
zR)A`^mV<tj=fT*;Rqd^JZ_&dUNdY<;hh{2Io?OVe40!vM(;>|1bQQ++z%oKjc<u3@
zLY*V`wqkCZ!BSh>+GsV6A-VHgE3g!z)%T&HjZ)wUW&1wgZi2axjy8PikQSfB=?Mx2
zb9iTK3j&(bwwMt!?3Yno%B*W4)Sx2qZd*SO<=a72maahqE()I`uYp1yMA6ljo@fQM
z61#r4jE|4kD<c7KjSb2fTT%z1Hjt3Ub#N@(QESBjjk1(`T-9jO-QnoTb@$)maP>g|
zV*zUPWk1uGKRV~|&O90L8!&6R=F556RpLp1Z}2VIm9Rp&&kLeXmv}5WnY~7Ivm@GL
z-~+ESUvtyuFuba0sLoBZR474+vwJBKNfNmD>Rvm^@f3g9d+*HRcaAqwY*S~I=I(m+
z@VeIb1?DQ(g^g+gYp@cwpZso8Cef1zmWsC=3*XmC6YOAm+;MHmNV(Sx`Jp3m`ag8M
z@1NoDk4r*@F1M3Imq1?gq~Xc!^X(rEF+T%Y>D26Y71KxnR&W#;1V4S(g4Msk)Vc{v
zQCzF>U3nokR)}{qjlAr=H)27`0MqFCmlZBoD6XfeA~>)4bJEyE6yjk2<93yt7sBpD
zt2>!?TVHu3{Zbhz$cXe9=YL!2#=xKI>>u{$2CYf7E2NqYUp0&?x*jb|Oh+S8un)!d
zwEiouN7Pl{iFs?}J9;?OlTgUyI{7&M&h+Sc#jOmc%KBk54{Z-IsI{xmAENJ1+}(@)
z7yAKz_z?PYS(FHQCZVo+IDh*1HdbW(LHZc9cWO@ht4KcPzswkZy8X{PykPip0Q33}
z0{s6=7ya`!um4X&Osf#I>(i$ru9yDJiJcIO`~Tuk9m?o(F!kQOdmbjkzy6CCd!zYq
zeZ2~kEDswx4nY%%vLoaFG{{3=BoNkFj?*KFe)nfznfsqV_&;tr+|hN*;I?;m{Op+y
zBJp}ynD}qZyE}iV!|zeQ`r3Vr{Z4n?F}(Zu{>Vb$(&thp=9Hi+LPh$&V7Bkxp9?Q}
zt}}{@9ORsxa%mkN|NLdx#Jb<yKjYNj=T$Ery&W4+c$@A1i-7#!-<yoB@kc%`9Vtpa
zmNT+z{O8@d-^8e+snq+g-}r7?iV*)BeC&>>ep6bA**yB^8r1&)0dN2Nnlg_F|L=?6
z{A<*p&Hq1eybJ$AMuF!Y<P87&Q~%{*S8n{DLNPD=i&vRO{@;B-y^HJX>;4&xKP_4C
z<r9VFiT@v8*cr-m5w=acZ*ecN?~VQ2cj#Nd|9c<Pvs-pwJ8-#i*KpI%K`!80Y36@7
zgM0z{DX=udTYVhm!h=6wmIWy`|A8F~WIwUPQsZZxJAot`zV|m~CGy69ZmNFf_Wigd
zR4Wc!Fb&T2L1YtLGw4OqnffZ|EZ%=!#r;Rgz?~iDPP>6BZ!%I7YlETxx%d0U2j;J%
zr#>{B<Q_aVGwzBj%CO$v^jTcLW^vp5i|u$-QMQ9zxaGeu%GwzCL}gei60brvyXW}J
z#@hP75ZvyH&!0c{^z=;B+yB&Fc7zmKBK&@nJ{J^R_3%IQ>KOB$XMZ-H@yb(Hm}naP
zPXiTvx!t}Bc9C;-%&oC}@b6r4PW<IPB0xXt|BH2gOLUOa%V{sGO!xzk0+$4aCH+In
z{dxHBngCh&-w55ye-XO>*MC@)2BFr<KD}CHkxe9ZYTlHNn6$4(MD4VzO&k@6e=2tM
zA4az#{~I2wJ@*eQ3B2E71MS}{n>n9K4jkS_ZV25{G~q-HB*o9Fsi7^TjAvieYPaee
z(3VC@i>&MH1LP)}V2T*(zq}~WG=YC+?rLl)DK5x{rs5Slkjd_5SPHAZx#0Kqr}c`u
zq`I_-0k6Ti#&7|)x@RM0;;a=a0T8BkPoF{AlF5oXTELS=0V~W*Rs7bLMr8C$J8Be<
z269S+k_k;v4g2DK>GDbC-U0F8p>+NB)d9GROUcQ9=l2ftJt<&1u!7-^6YGGgCV)fT
z__<f7A>@5v#e2Ydn*1#<UIh6647JC;17=PYxkCA-8Lf{Se*Em+H49lD)7ttOu~{gU
zC=p#(6JViNRD=V)JAImrzNjPe?=vBn-~Yuw$yK82b^N!~SX0+&B7fDz#;~zE*+Vtg
zt}XcH;#IVNfZBbmt;K*^=?Q**0IPM|y!-ysrz7efBY~~&6XN1p#_EC>!%aQXlF>Rf
z0g_Tu!#a_S?E?Tq)3mqCdhK9x^7iA$pyuXl{1OtL4V8!grnjo8te*8xi#R#(&s2CV
z#yPgN^~M&<Q~%DLSHT_BKb1`DHgo!haTT(~Ds8bj@#}N*@}P?$g7U4OPZJkZoq<@O
z73->|ufWtS!>a%t_OT&E2!4rqba#<<aAkI`4p3GtO-=KSSJHjDyQ?RuD7^~0O7ymZ
zP0aOsT<#CbJ)Zs3fjEI8)#UB#Yu~;Mo~deMHx`!xSIwm+*9POE8_dpWLaE#Q{e{7L
z9*m;3TY4oNnW*s_o-nIY-aFTw6+KVQw}`09%{>&nxzL1jw^VkfxP2cO$Z2|;k)9rZ
znuxLMdMmTcWP+(<xas?5W|PkS&RsLN&2etAsu`}NqjpBV5VYJ%+jqEGsrNLembIG^
zcYC~e0<_#Il(7>g0BPmo6L;XfBaxk#*RJ#LFpi;^-oJlR$`~6{IUYt#&oVU#3aSn!
zQU7#y>n3wLE~Y-{uq;`X)^{<^yUogU6^m99(;rzkFSM=fPXywb^o%(mlJq^C6TORG
z9P<qfF1B=4DE`W@`MteeKd){)1O1wjHy^O+YaFdtq-oeNz1L^es>gcZI`YYGdjyq6
zQ_RZa(NIL~npQVd=1LbF$E0H4L>`@PpUB}GYjYmeZ4#^tdXfs|b*F)17HK&9>78#v
zIzCmZsc?k=){G?U?O~qzJU@C_S{H&%{rru{lv4PDUu>SHmhU+nWhlV#?|^(~#bvn;
z!kae0Gkf*ImV!+rz<9ndDLKFe^dh8Eb7I3gFM;E9z_ufD#k}gtRhWTmk<qL5;Kwk0
z>p~$7=kYB{uCueVDSfD%9{??G#+@0m0}x5Ir&C=&h#OkuX`n**{{8y{u57l~&UYED
zbp9>?a=ZTU;h8h?Rxy^99z&A=^&PeE6wXSOCj8k8%j~+Z;ELMX+Jtn1P6ciLy7=$p
zI0Xe9)VKu|(hYp>zX^_sW3xkoGqDboMIC&AqM)-$7S5FFCuMHRX(yMW$EQyE*8Jiy
zQ`vuE@S!rsQ7(ASLLF^QH&zJ|Bop>RgBMiKSMn80Z>R3#<?6em3xqIoHZEpLYR)CN
z3pTRlq<)or&1;2P16uN`v#xmwRFlk>;rni^esl4Gg0H_!z(PM9KNaUbC)lAj{sy)E
zIPH|q3U<V&*3)%=k=7`X^}iiIskK1$J}>2bt|f6+LZ=&UTNQ7NsmaIQtEj!&B1l2@
zNB33<&%;qhEce#;*Exk&!x2u?mF^rt#)4!|2gGcch>nM~2G41M(9;o|YvoZZb9F&y
zpD^{cG6|B>Tx@{QQ1V^A;;Oy*t5=LMP;@nHOs8g1hv=J#p_G34W_I*jf7rJ1l**k~
zab7?)U6V;s!RyL&-mXGQjwO1csw-ZaFDcl`F>_<Z*1a*4nlevCV5wS$Wip7>T%hbL
zHIkiLWVcb6nxcw`GUlHgxku@wH0Q<&xLrU1-VM(!ac99`s!r=+iKd)Vl8<Z`u{3x<
zK@=J?nCZ1LvvkEg1sa$KTS!svCtZYm3=N?VC$I5{3`_&)+{O((-~BMr_#>5$y>1>r
zVe0lwrcO<%2N@(XNs8kD4O@AnSe!AQN=Xq~;O5o$D1uJd)W=)bTqE87d9M)6l>t=L
z5GwENC5s60!Y_dtamcZR+hndXNR{m-&bU;gUBty`J0)%vjvWUSH~xc<&7uL2XX*{~
z6F8$CARzgHEX?`lmOqXSRCf)fu3*4c-MqZLJ8$=ry!<!mw&zBE_In5@4Y0a_QqRaS
zD)2ED4IUX^5pN6Pe6IeZOxG6sL-(KtI612h3X1}3OT^}QD53srNAffQH3<w(gIiv&
zgKrU9ZaH!q02>(sXex59w;bq`Datun!&Yb@U++9>PWQ_l|MiYO?36FxP4&h5t{enT
zv$CS63%9#cL+RDBUU7P5Dqv9lx)jB*#dUm4r~mD49@6D<iAgQp-F=$CPjr-U7!`LG
zE)*!<6rQ<>7*&3K$tGMvE9lTXya4q>d|ba!n&=;2cNejk5;%wZYDR@O+;+39(J>ws
zPS;1g8oTP65|wy4{#cx0$>M!pf2+=`9(J*+SkwrqC6Nd{Qjd*$?TR<|S2-R~9(UK$
zZn*TlkO;-`+yzZR<jsrycX=Da`1S<LCc~AvTqzEcs+EISVkU8_x<sr>H?u_si(fnG
zGU8L6H%&7v6k)z)j+#UE()U`tYlS;DomPSoj0s~a&u({UD1eJfjLr*+nnWa-eq+*m
zlQ&E$-ME|vU)IBB*rs~EO=gSv8RMQ$9T6LYE5^GCRI>qCj<Q3~0pI;KSb13TJ@ePj
zsBpH<hd`sL`dU}#6FVWjG<^ln;gT`XR;J%XP`XmXI5)}Ru|)s$_fCO+r8ysM%x>-!
zyY1#n{{{ywJvh?scu~tVg|I%QtMzo|NU*5ajzCTY-X=}my@K&0DRd9s>W8E!IF7Bj
zd@8QYsLRg&U5cLm&#*ZjaAlvIR??QfyxQ2P^--k1xO}m3Wkh*P%E-iknj{uWMSkHR
zl;(VUSxRDeLC_h=T6tw#Q_SwKe`x`Xor9A@ir6_pvwS1vjCQ}1`YjkBgdtHfbt3Fq
zqRg4T04;q9q9t=1FkHfxTA5iVjMfB9>xFF}C#6F<TB3Q{xRx56$%}A$;|{>p#VvDi
z^=y7A?kQe+M0b!n4d8hM)4g4Skh;HIJ$vdndm&%13CL|O#BNoU=Jd`H6^)`5TG|st
zRy_4~k}`^E`B{TV-pHu)Efqs?4dH(^u-m$OyWiG4{c+h9v_Fq3enO8I7SeQ3(q;7X
z998$UU!Cd9i<iL8h9n+7e&+p$7Xd6gY6Ng_!wHU^%@$y}GR_#UL?Ntd{CUCyS8m3u
z3jPHg3BIJam$a=MU(&v%wN#r>ke4YL#n&QRTpN#|U%2v56de-0bxLgfZ=c2Czc)_^
za{HIeIXx<_imtk4V$!_fPIH^FaDJB557S3A1Hkq|b>Ow~WT2TcvZR_H15sqABP=zF
zv-lilr@GH}`Eg2%Sn^ay_N5V%sv(zK-WmxRKV&h}Y&>|QdZ4^EZ)z<)AXa9-E?~Tr
z6O3sJV(JxVZ>Rbc6+m^01K{6Fy1hlCm6zju`f19rOWH0aev_*}dT{!iLVmDD{6J#S
zj*m9akA*@~yB~c`E_xN>U@jdEID1Ty=FM=ta+og2K$KlJ%UwyxSb;+HJC}}e^wLQW
z3J#ldc79wGU2fE$T;jntVh$^BT&hRJZkKEiAu_fzs9JeqnCs>^uvq0^#xniy2+G(g
zxvX_MTaEzd=pPXFpbf<%hI`TgG?^ci7PraqX60AZh1QRPkC}nCB%Q4cO7l+nkdPoc
zO0N(fAuDq@&*S5upQ>Q^V@wR{V6wOLmm@rXJDMXeA4l*yKUrCkW4q0}FT_%Ao|a4*
zCEAJfRj#;+^e6A*!yxE@mkVyS*;l>A26@vd2rVu5Hstn@MYyv#damLN^%0ar^PgEu
zkLuYPt+ETvX(BE*!O`;8FOJW3<0~g~Li6Ce+6@S;5~B@0g@~omRRA1Cn`-D_x_4v5
z`B~B!#`omu3{8!x0A6X6EW2&Cn74;R39r-hhbF-q?wvu)U`Z#qTM$l|Xx}is^cA+I
zZjGMPTm>>m$ezY9wfxo0(Q`N}Y)g$lXIh!R{Zi&APWv}eGK!~^vjQjxs{nxC%RJX-
z`%b<~8wF&M@R{XvmeTo)8TDk%@(gpu{@6wO+VPFUXhUddY*yT{<8DtAb8BKZwC0?V
z=}}o03XXFyR_df2hG?&+6|fO+9YxKma%*<fWL$x|w=Z^0m??D6n`%2r==cm~)+~d)
zhtYl$Wf?x^>fKAH@)0{<%Ihf*Q9@bz&bN<lI)A#RND2T-e>--aix0=eAXuCsluyzw
z6I4XdVh)QSJ=)4PtWmrDjG6P8@Z|K-k$FLRt0zmf8X0)JicI1(#2qe2J>b-;qNOH@
z?9R|ay_0=(76SR6IbxEg`9uG(0Eh^Q5+MKO&DwBR%V<vp=ev*n1UzKVNTLyC<trPO
zo>Sf7d*w0#dJhZD69vOqBH$%qk>^I!8|wo$EzuGoPk5zd)XGxkHEodFd@%_L-=yES
zMDaEm0FXS{21|y#@sz$W@$J#R8xQ>c-Pb4#S$nB&vnXL_i<)IqDsAxY-MjwRVRMU>
zg+kv*n)U2H!$ILwk-}i7K}T<E?V(CfiLiBvhKlvswoX>w$nVkWAwO8=Q_!qVa7ffg
zr`^t1v&5CYxCTOIU9j8bq(AhD5_0u|mdQWUf_8Y%Ysc1;<L-UmANYTQ2tEfp8L3kf
zD&~IvgMA~>365y*jWwA_i6htjlaDx{$(VJ=+>dJ5>!&KknAp{e7LY^8ufO75FH`1f
zT`~vCAU#3{{&p<NfcN-_7T=b!nO6CQky^~p3IR;J^M@GTATh{GA*0h3uo~6Z=3F*{
z)W#`tRz}lR|Hu7V{GZQhMST71Z%Z@Bf$8P!ORhz|qB;D&?7@3~NMtu9zH!IaSws-_
z0WjjV+K(|hV!8oEg8g>cM}M&@(IWMm5z)lFtKB<2JyQ@!kxO8&$V7DzHVu*_gzsA2
zPIVIGXfx;Iopz>#U%K1}GKhccv`oE>kT;fmM{A1}a<=r+1l|T8KC$pPqkVm(!aG9s
zHQwsbnO_GE?62LvarJ?&RX>4VjhP2qNaJMZvSr%+?J8u8N8#;0LJZ1m$?r!Bwq?Zk
zvBV&?$~u{i*yax>BiqNWJB;XXkETVr7Q9qzyZN;@;xZ;roOGq*hv-}EVzSxY7cmT^
z+BIZXlkZ4}mvAox^ViPd(?4s#r!5t#^D4JfjmPa-6jg#AjtB8f%e}?VK5bc#*7rm3
z^J3t}X;AXWL&$dv=b+1LcZEoVjl9a{uy*&R#nv!F7@SoEN9eDX8*lxV#i<jWXeuXq
zkWCk9X^!Af8I}S|hM=yB9?Bo&!iRVu`cs+Z4W+zpu3^quAI4j@w=x*2fD1yrxN4t=
zVwi1p>ww3jusKZ)TBIY@VNQ+iwV|%R<RelpXVT(>4_nI^<Xr$;snJNv=ppeD^(xfz
z#Vm*-lm|oBC2TyY6LvA6Ca*uCAwcNvd0{+RdIiazt0+89OJ)I=Z214Wjsy`|o4-pL
zO%DW_p>+F6HgegzqH)8L*OOxIKm3f*xl_&~JVajqfF~}t=ARhcC={8SthTE28S)Su
z3$)9cD2=6hTl!?p1+9Rip+ql_VXq-MhJJ|EG;VHHW&<kj>~f6>#(eW>^Qm3I47lIW
zB0AE%h87e@qAjF1gn8#yH54nm0hHZ6+<QlW26S?XxdgCyWtCfh0xiS6RdYF|Bkklu
z3&ryYrfD~0_nmta48%Gz5X~%c+i>^D%HJK`mh!gF1VqnV0%{kSd#jDD9gi|Ul{PiN
zk)m@#L^%D5-BMu6>Xzh|@l*x*-FytSM3Ty$iIQIEh`-|$o!vy@5EIGrdMy4Vox=d(
zc)t*=Woii`M&3K+S+||HYm{>AMN&2Co3<T0kd-1X)6rci-3I7sQs5?GVnRdOfc7kH
z<GJFl>r*+z5X1xCmk6Q7DauXqUCftPXQ=xx2)Xw4ouH^{$x!W;UUs+^*S}g=a0@=z
zwMdc}oS8WlFEXcs_G~3g&+64i^0!3OW|tjSMgzwDg^6%@zps<tIiu+n!XumZ@DxpM
z@NSgflZv$hvwS50#CHur=)gbN;(gjcV@8gvE#bR@?Ai5!MIxW@H<I5pZlZGqC<q3t
z4F_RT6B&%@X_({}J;vB5+Sn{CANu~EJwVJ{a!JqKLO|_u_$4{5i#NpHV@z8j4ZBD?
z3*-m7%SuVE=DOERn9U&nSw3Sa(9y6j4=0-O<^GmX<}wz^0!k3)SE|3K=0m+7+f?>l
z`SASObR6eJVTji=V^ovt!wq@t1rwzoU%~+kE&I1J2VEZb-bz&pOAoz}HQOutq4y^9
zl@oWd1pG#M?RH)<b?`%z)zhLHp<PnUyf?ktYx2eR1{Ujdrg&YKJrP<XE{F1Sczwo9
zU}3y+0Hh7M2QTZbh1LD!?-{hKDNU&Q4N2FKFunj%f%w4fsTEF<VDeRpDL8pIGY>TI
zuAPr8jqYZc6>(t<T4FdAvTnRjGAe)NxVxUvFvzgSx~y@!oaqzF;cvxEn#n~dlJkdJ
z%eFqSSLi!v26^K{XPb}i_Ld~$TuFk9jklOKhFGSNo_CUbLBCmL7`;gLmLn>gqzOpA
zN|o5Qve(^Nx^uIFW=_|@Hm?Z3{3-nQ#m~0~UBwYX`FiNr(WP8{-qiTwFPFf(HK+Cj
zeUz4NNlCrTmsF^0JYBlr5gerICQu|mOBshl%7K}VYBcTdEb&3FIjnU(CzZGlp_rdx
z9iYWH_9!im7Z<C}0B3(awvb|-&_l3F#auXjYI+aMRJdt@N+4B38|jJa4+d>U#zZN)
zH^8+8rKG(M_cl#=n~ENsqRz36+a|=apWa?jw}2uoo*Ta<7g`Wb-DRxP1Me6evrzcS
zDvAAV)9?zqJnIss%{$~^CSxw8xR8%^fOUe!O+$^HWGN0LtDC#rU`p|@IB0R4GMfU<
zVj5yPmpMCD=qDNw<5QX?lm*if(;;0*<4}WzAP#E$5XaAGtX}T)-^(x64tx^sD#RjX
zxHGN<j=cYgDP8a?msne5zEpjm21dJ&gQ?!*6KdH_-MC!4?rNsc)QI_nF_-Q|N@(n2
z>n-OZFfEGqyroKy38uYT?3xYzF=rTDYiF4tsyy=B)9OrCqVu?eSk)L4*uleuQG#yA
zO;}R^9=GWVsuXP(5e6R0xyl_`=%_ba8bwRZQ$`^&+f~B(1`UQJ0wZDwJSN@Scm?iT
zvyejB0Sp~F2dgOw@z4_2Ll(}~H~BdsMVHosaTuztHVvoRR+e=eHngTsD|lFBZf9(<
z_p>y4^?-`~pwdY7{HWERvJaM$8o9+#_Mhvdbd>~z*2U&|6b(J!ilABHPcfP@{0fST
z7e#B+NHwxnoa#IF<t@%-aycbEp&QX?#hn^Y-sUlrJ@Yx73c%iK1aG)mD&$C~&=T}7
z+xArYF&-La>9$}?_tMm99S(GDCn)K8dQy^IK;*4*W?$s2NlniJw;aPC%uh7gtIFD)
z8800(s)4cm5zijOjjb|W0K8psa37L|=kNiJ%ORKFBOfP)XW<cF?T8s_ii+KPN`8!u
z*j-YE0I;W0bUUPlS;>*u`$GPf?i9ui@CmlGh>MIiN9ExiOamKl{qQyPnO7Y!G;zZ7
zR_5j|VL~R89|dh&Z4k{Z5-&0P%UmoWPUiKc!O|A?a%#kGf=J-zXaMPI0c!hdiaifA
z4x=#i$vtl@Mak}<|I5fh$BI*_|GGj}>zexTjz3YTXOR8cDgmd6fXwxn+3WP`IQm~?
zPS6oi%JE>({dlALkd+ssHWcj<kH6B?&;5E5X<ZLCHG?|#G`@%4acS;JIS+a3@~X_X
z)ChYwv6rxR0AhW#xD(#9j7=SAuYH)CeUtf8pF6?k8X{`I7jnymqBIw{_RY25Dre<7
z$1)IXeshw@zCA@UOn#?-viKvMw4#aPJVCy$kT$SmB?v^Zspf+H$qbX6*X<xlwubxw
zChzq26m!f!2;?kEP|G{l#t7=qBIY8m3&iG~0;aEc$hu1fKTapd4sO+#0t@!8gT@o{
zVmsC)t@uE<O)jVyyA*9YkJb#$B5V{;d1^W*K$~(HYT2SWA5NKd*jQ%F>wT{QM;s?O
z+qT*7Nm>aHmbP(<JOvIAS4G1$9$_bsCpy|QK8l_?wNm3+l^lWZHCLlz&~NQKG9RR!
zhc)$bkB}8AsHGtaY3mMI*;fttqQ~Kby@Sqc@(E_xa4Rm5H-tFkJRi~1>S&ug(ELo<
zCQAV89`Y-d!4Qf~$J8I<F~fd$yB?%0mqq-@Pj+t?5m^(c;;~RmaKdiX{?#bL3&|JD
zdAA<0qsh`BPN~`9AqVhvm-<nh;JM9o4C9LATjHb==mQ|Q_8|MBuT#<b7g*d`iFx=A
zzxPPu#x#W8z2SwE+&qnLQ5g)d;FG?b?j%E;<~fIxY}*CqgmuR{i$`-#CwXp#`6u$R
zyI0Z^rDQ7w7~Ok7WCTz5n|96*-CC{R3uV2h5hSLFV>;fAYrU^lRV>4$?<TY8Tcxl<
zz<U|_b;x5xVJzNp?8%4d_O~D1Wc42*Xr&1*ynLcP;~Vn*u`Cdw*TGqsTV)34G`gKd
z;Km7T8gB66PP0xCCrc9u{2S-6<!-Qid1OR1;jayTEWQxTl1C+sppYX^vh469grRPi
zAc3(<69MR1KrxKg9`g#HRetT>0+aJRxE$CH6JQAwO83k4ylsjk^_ZN8Jb&}^&V{v1
ztDtVWDT)U}t*QR*?%vk58RNcpV5wqncv=#49Adtdmqhqzh@^1w?A=<4{_t_uM<@Ur
zj308U4jh4q=uEb&GxXVh7sgCVn79gE?XB`Ku9lXs%9_2t8e<j?(%zaU^s<z=cJE2*
z5Aq6Edu9y)TQ(T}s~u1w1maH7l*=y)#6>x_=;XBi##z2g#-k}eg@Ckp3#7d=MdBbX
z{GMHQ#@tM&fO)M;l6>$U8>zOFGV)Z4ppt!5yH_-23&ut+0YQ%1x2Pd+w48<gFN;?R
zfH0PDz@lGULL%*<eLpGnCv8(!L^*`8Fk$2hq~$*!r$t6V!*7`@@Nw6+P$nU<7H9ab
zP>!#;m{X7J{raN2)n`Q1x)yK5d+b;lgVK#rurAZ<;df#wU*zJM0(=*SF^5$S8~7T<
zhr-WE;-{yk$tG!be3v0f+x87FkDqz+9{PIo*AHrc>iU2926>>snc=KMP)RtmZ!F?X
zwaW6T@zN+(hWBgm69HWz5B}+_Pr9~u;Y!f=awCI62{IoD4bg@}dUGdK&k?|yZ?Brw
zqCdJk?)m9><9v=9e7Q6PBnQbuCQw|h2p!qmZ471CD`~C)l$PzGVwWe-drgps@FJxt
zbOAT~6;^n`uN>w>b;wI<cU83s_qG8!L7L3@6w+q<wmu3I{icJ;cSV5&5g+5Gz$^FG
z-IoKet<=aK`Z9f=CRH!yBv|P3oW-U<keBrDP!G%m^~QWCH7t+KJ3-dOYPoTM`mEHk
zW}*c5HpjjL_N+d)5BKgQ$I`7m5xcjh<JUh9-EN7eeOE?XC<gJk$ri~Dps0v2h3G7N
zW_mQED+mdCLoNWs3N61+qbI0eZ>wQbd%Mzcz;6naK9fpz?qKNRl*SJ^!W~_6$Jth)
zNsJcvpD9Ib${t-PNK~IAd3>HxQmnCe%vfvVoQJwJS1H2EK72wul>AMn@*FK{_eJPi
z>WUui^=!%FU_h1FP<SA-_4e)*-hCm=33rqFKnQ{!B53e1x^+np1V*9?!N%q|=%xg~
zqfu%hSMhwk@iS}joO#M5-R2mlBFRdT@vCi)J=CeyDjoPkE%jt`@k(h-)2Z_#kG4*!
zZ>shK=}Mk^*tuGKb0}u9X*ZP!i>xZ=Ed=a*Lr2O{UeFOmyhMo{E(`Y4M+*|V(`3<|
zTN9w<+71a}HwACa<nS%uEEYd9R?3raq_rY+DnO^bXdkF%6c&&$D=I;$E!srHug1m3
z-89z8&8wU{D^5o@^%x%)$DPS`*zUxYF8@ij$<o*<@5tS#MbdhnMYqq8np|=g{0Ji4
zA<at!%2KRU1d>lZ-{~74@ud3eIcZF#OK<$9l=|Zc-2JiQ0)%o@nXR|Z;GRkNloF^V
zzLAb|93AQ(d0423a$ewA6F@FZRF@cE3Zs(`{x%$uS}?7ZY0~r>(vB+kgp8WFpDQAQ
z9p#u@@fjKV=lOo6rWUo%nGCU?PwCsw1*mcI-H=zT>GCg<{+sEja|+|EygqqVTO%-f
z@vbEq#o6+sTm`(y_t4=`_yudoqr`l3DXnd)5V6h4`J){X!$hK+x)UdV-M-n@A}A4f
z-(o%p`dpfi#D)ZknM)zgQ%`w3mD5`O80U0tz!@A)O*TZ|vm({d!3)zWWa0AkV)*vD
z6-J6dfM4ofmnvEh(;&$d&--QuDxer66Uy$^))~eUQ;j}YS4)6{0gB<n2LX}IpESy=
zS-JG3h?eN{i)!9R9OzJ`sRJiTs!BY^cwrLnEo#HQW~tr?lxJ9=^EDEk6cg-h%KLmj
zLYr<~!DezF{E&1<sMCNW!YMibsG$qGcf$9{DH$FxR*Y>_{(4|JzAGoSeOBc%irL$0
z_gbhp`zX&ftY)oE&e7Icevm?ZkYmFI$VZooo?KtLV~x_!nBLLEY>FMA&j6LyQk*PR
zuEY+^N76+J)GE6R$~@<=wI&Bdh%+j99dkX<cSz>om|U_`mOv?~8rU^t+udwQ>`}6}
zb~%PDQm^F5sl{8nr1akPM_+{vDdSw!PU561MT{?d$YR|gLxVU7-durbFB0g1Fa^|(
z5~dw3C3OWcrU4&oCMp1to~o0T$JJQ4P`Rh-TUhvl4k_M<FuHL5L7KM-tK75a$;YI2
z9PF|HHn{K$;I5@*d~bs<=&~qbkFcI|^w#wxT7*}ylIA;RNkh*w#KcB6l2G4<1H@vu
z8DBR<vu>*{pc>$m7(n$DPUGyt?Q}A5IZYk#j77@Q$V00$3{p2l#zN0o&zJrYN!|gL
zHZE2vSj_keg*Xf4C(32f(9<c$-m0G*JmY4taZX<np$VuAyN>ujT5BMhJB@#Y|K2il
zL;S9Rpz#uAI)Nh-VV%0|J{s|Ue(0;^>5lvgY4?T}x(oHZ^ERzaJ&x<&1Yc}7kf=rR
zjRkXM`LS9-K&d`a{|!92o)*`>3;4b-l7$qyWeEJy-cX1GJcTJlzw!HIKZd2d>DZs_
zPT1)&r<cB>MKTOwsRU^p*fYp`+(8S-o<N>w9B~%sFjvPe*2=W{Sn#sMSR!qo9MIj>
z)CH$e(LstExc{B**~t~u?%Q3;yy-$(ZEtf}qwcM$ulU`n#D%4isM_tOOYm--lg`nB
ztlb2HS$`Jc)P`w33L!2Yk?yz(p7V>+qAkE%Rcg1L0WDEp0qGbsQC#Z)lfHVET4BWt
zlk}cme!>tX>Ey4RnhQUv`bZz)qb3y2uCfb=jvU-)+szQiH-3+fZryrSxdWXl!`qm`
z<iNI;Z|6U$lM?6P2P+R3v0E|ZChu-D;V*L0{7rwHV?>nY{{?+qg#QTEj<u`UP7p55
zFqC`y1E-V{Wn~m@z++`sQ7vX~-jui%6sum+$ZXLe`m|0$OkF}WoG!BX>@J8Kt6`HN
zGQt-P5U-Q6ft;^e@Avnmotx`DqB#XOINoN#1AD(`_g-sx%Xz$b2;SFsW0DQAb;&Hz
z=1l6nl+8~}uZVAk2sZi)L#(!9@B+I=5i!K~=ZvSLsS1{5tqN&TJP9`a?}+a)jqABr
zTgqGtd$oPI4T=;o1_J5s1_A*S&;II9$@#0*e=5iu4;h0`^}hblNt`Vcx6<oJwN!;c
zUj8&t(nL$0W;FWSr}Z3|s_u(-pm_<A<#)Is-0)wBApPXBdMjrfUjn>{14Hm$Gcb4F
zk$@P(-<F1rWLkM*_uP*6XU!r#0!(`^>3Yjb==kSO+_{sTU{WNf*tQliZyv069QpF%
zr^^B4B_U$c%BE7FCzjk~^~mC>ZNK{dEvbi@UG48j3p9iRy4R2c6~Oola}ya8deSPL
z6D!v8)-NxK03Y02@Ep-E)Jq81fC2q^tnBOHZ>s?P%Ls9tawQ*+Jtz*c4d3fM;jlmJ
zPiMOYU~Ao^cfb&NJkQ|6#BIZtH1{r?zY(-ZD;l9yZtE2W+Fzh1!aILH+0o5R`jC#X
z$1k)jXr)IxK`}%mG;!7&NwT0U8kfIu^wxnF^<8naHdo*=?#J|2j-UoTfStUwg*2MD
zn;04$8nydUUxy`0d$-sI<Qxa<7cjNwns#Gm&C=28u7g>~mKT0@P&b%D^la&3I?lUw
zeUdG@<U0I|nVI#c%G^Sbs7LXQhYJ$OUM2>J)CPGIE!ES}RMC%D4JA{gE;A^*nVjmo
z5S-v96vwBB$Z&a6UX)l$ddqKR+aH$)PVfWmET~&4Dnu-{?g7RsVnciy@+=Tadc=17
z!e5xS**`<~HFKHslqY&wuTnC>*+YV2NX?|7))#-2M~^C)g!_zgb5}Zgr=~{{IQp{~
z-7#>^@2l-ch=@dHI%YSH(T%Jct;*`@$-|RGo?020wCqvpyBFI;4v+NLCJ{mtSjpve
zI<(!}Z9Cd#?LOZ3p6fK0@e3^u-%n*{1FL6r4z+te(|>zh-%2X{?cmA>UhxVsd_~2e
z_^m1+jG)t9P5u{e?-|zAwzmH+1px~vBGN%cK<Op)rlLWmskoHhLY0Kxs{+zP5$R1q
zg9Q)>gbvb60uh4rUV`)z2p!JAwfBDCwf6u2;hYa=UF!pv2+nI}&M}_xJoo*(1s4Eh
z;)!W{s~E>;#YhX*x{R*MF)GwM8d}<>i_U+Tdi~`ny?Pf5)VQ5!J3;LdNy+@s_K#}t
zWpmbBRT!7K6X9phI85y8<{Fistn6@sTw>SGl9i>RqrHH?uV&=m?c<Q;WrGr1ddZ-0
zFYaUKhC~V)^0+hI^`4>=XUbKGtqd)8N>TxNf%S1(vsj;w2<tTit`uR27rR7=6ER1(
zVcj~*kyEK#6NV%d`9U7Zq(QkmL{o$yOg0#&18cuWaDfzA2tvm`0lQ{Er6HFR*ttv4
zG6_HBHw%HQrntZ<Qtm?<Z5|QcPVE+PYI=)HQfb`B@F~k{X%pBS)XiCy1Va$@n;&A^
zEQ&@U^<|on9_wO)N7f0f3oRtrx>3C7jR<Qt%M4uFPBrCCr&LbYy};Pb$z77aGk>k|
z3+`y?3_SFSrWo@pbrqR$Gdf{DrvA0J>Ai}+aJ{P-<F<RdihUb(&z-xxRnK_AwQiRU
zJ++J?hF~2K6fL)=$d+I&&J|ctuMJtc&GmYz0f9rbld~S<b_QxRGfXh4aY}&)nU=h?
z`ea5sHch-Ac5XZQAc>a)c`GFrLQE%{?{#m_6!jlgnbtXK9!<y<oJX&8d6<t)xv=A>
zxRDB@X={rr84H~?EncMHKlV6ExsVTf!!~E#rXZ04M7L=t>niQe3Xkwj*WGgqO%*?^
z%#2OT4fqn;cFK)%nL2crRp8DEbrtB*#W+ahK#nd~RQ6nJ&9A%oBEx~caxF*BQ5n-(
zw|Rn#Z+Rv<GA8|YlA^O5G@3oiLd|ChGhP^jC8y<l)}iVP36@`IlA0mE)5ZGX{TdN%
zyN>AtZh~>a3Vo@dtamz^*mbJbaVOI!sKSzhzcS2Wi^|k74AG7X!fVZ!hN4>-T3TQu
zo+<$d{1i=MTSbAg<6e={BHn<?{?4k*cky!0v`m7ttYF9<F}5KjR}42(V8^a{6xS?c
z|H;8nCep0Z!7pk`p(^Y<dA!0ob3%?F>K-)!_vchCXBSTOecf^eLt+2jA#=(_W9aZf
zqnDyYvv`v@4O?#cT87hd0fv0~XDPk>Dbs^=FGn3`0_J)rmiDmtKa%u?W8fvwwV__%
zq{3t_1oK2NnOgmz19P-{cRiTtf|goF4J!-0W}JeS$0GK9o-cP2+gC4joS97_pfiTa
zo%{I<Yt+33W=BrFVPiJ)vIN;N&yh}>v~}IfN6wrHGm+V1b?asDggQ^zj6Pha_;zN4
zuGFj}Dm!hah+SV*0yl@&&|uJ<>It-vohm=qn`p5nk>i}Og2Q?m^pVfQ2hxH`&Pu|B
z&ukXo_Bup6r-~UhxLR;1$6rY(NLZSev!0(@!opj;oHKJ`-Ha1^NTG1X(qi%ZSx5%Z
znc!Z-x#L$-$qwhI+)+i=azafsL@$X9DoBpi?zx^6Uu>)Aj<GYzkwe$2_vgT6_T^&P
z5P}PeMRh8gmqj~Wj#oKb*v7j13T#>eDLGo^Fc`A*Yk*gCPaeB99K}9c98UmMaHitW
zApHW?(aldHkI<VdvT&y%h04eo(K%CO)G6mAFTc<^mtLeJ+~UlvERVI(;|y_R@2eZ=
z6vU$qtXT2l3PWj=;^|(V`69~l7LthPQBzL3T2{Nn>0GPefoF-rY4%kodWMTT!m#9F
z=>9TXJ^?$yPV^x{3{Y0yg`=IjPV9Y6H$%pDk`a?Qyk|NBKarMsq&O6xneHT;eqcA>
zD6W{;M9$LT?Q39}4Mo%y$#&|}g`mgerK7A-(g+EVrw1}3cG6>K(n6%mt?it5I$bg{
zb*X_+fsQ1&1-j;7nO-LeVz{Jh{+(QSSMAuq_*^XErX2(H3kS^z7)K|V{tTbdDTIf0
z=%=KlnRi5@pus(2Svz-N$-FnRSy`4Iz>>S-GkE(+!Wf1oYeNhJcVqJ5%g2e4`R4wX
zcSVL`yP6|4qoX5yuc3=1XL=H2`yx#&%|DULzeN}&z<x<d8##sfhSf4e8dxgNB5%xs
z<`O|0uFXn@!~>%ZoA?++%QhSvTeu(jAEN7I>ak54*a@^DjAg!QOC3j@B`{}#8V4V%
zC`8ppN$xYPT>FKkMYAE%jz0+UqR0~+?m1e7cUE$zqNZk};3_Ruuoov#O5^TUN!JxW
z_q%V)*VW+PiY}7IdNR{I%Q77}4|$8NxTcGM+MD}7xY%vpV}saN7Hl_~Cq-%T>{IU)
zWqj5zf0^JSEB!SzAvm4qWP<C56gIvGTKwb%z9lV=pVStD$|`^V4gcaQ|CW;ffBY6O
zfBc(3FMDQvxlM;0@R!8@1xK5XomC+%>-<70$Cidu<P2`(=^l{)r2hZ5V|-9;y!Cc6
z3mgrF0KEQKp01}Vo-p*-z&}HM7~28WaQzca@Q9P}hw6b}J=3o`d~786{l7xf!t2Sb
zJOBJig~F+@#&|WR#RpAs80wto{QnAE2$Ft#rU8I=f13qdufxhYni%Azyf%JfwGe{d
zL)L%EwL@o_ph8$3J5XQ$TPr^t^`ARtZTpuC>G%SU?^tQ}e^9`Kte_(Q7s@)1n+3b{
z7q}Xf>!BDR*9X3#V=Kp#h5OA;^8aJk$@{xr|Nq55HFpERD4YP#ve)34-2EZ{%5ECC
zaS#53O-CS)88jdu#&+=AmoMFz_s19QdJ3SM!G|L9A8CBC<gxeb@$c1o4e0I58ULk=
z1<s`2|K&3RmZ9)Bh5If&PoGaUBRxK#P!%EnG9{$^ooFoZ1>}4wct(VUHP?mGEDn`Y
zo0`54MTR*>FL}%_EaZ9mEdHW@3aHB=6*u_#>z|C>>u0<;$+^A{#O2YUs}6u)R}u0@
za&j_YP;voeH$rQbqnkkJSUr$&nx@fAlQ9h`^qrcT0#bInV2+k}fy5<;-yMc7*S|~-
z;FG+&2ja#Uf3if*bay}5#-$^{#%I<PZjq$u&D$Kw`YIs6XX_G&8qmadX39qZww|I{
z#+&tZr{hX(Z)*tvME%AexPt`c-aP#f!0TZLyl*!TBO^{9AD@EuV(hU}91N1*zI_WM
z%{0IgY`U{P(_dyv!K;;FP5TQd>~ZPx)F8e_S}%k}0yXrPLHlms@kr#aM+OAQ&OCc+
zC6@49&^R3MzWP^=mB~sjqMDg<VG7Oxu8LArZEX*vz9fU3`tikNf{gQSae7}|E>4|Y
z+3iwSUp`1nt)o-Z(n2=?-GAZOgO9p>5;<DBjL9>xZziv?#rquY%kEj4YcVIYGckow
zFN@n`IqfLCGF+J5G6003(Hd`QdeD#!7@Pmu+SXRs0LT^r%Ogr9nFD+nKyZuO2nwQ9
zPZl4b<5Shpr=~u2Rq2q*vNO#z<j>@Y03J}oZ2W#@vKEf#(*Far1|L5Q_Wk?4#Vxiq
zM`kJWE5LP->nZOw?EoLU99r<>ptYl|Ft$M;L8M{*W6kPV6+OsXwzmGHs=gtat5ZR#
z=F0@L9lw0(@}=?KJj$TObM-_GHu|zAE=R{c#PyA35D4ek;Pn-oC<4gJXJ4H-)Ty=0
zOBMzX3=2k>4&YfEHf*#XKQ@Z`@S#$t27db4H$9sLao@p9LCfwx4?KgGYRz`mp)grx
zWv&w_A)6c2b^~TdiK%hsC>+h|Rw*H-zh6giZBue6`wxAbi@Y1WCE?{C=)BVRSy}ap
z@xR;9zs~&Q#h5?W?4+y9k|4C%G+d6pz+TL8mWW3Oi*d(krOUi}A4r|T(8Qd|X{tYd
z89<%RmY2&)A?vHkoeLympbos2>Zt(;eZydJ?sV-ZPecKc7Pplg5lGD~>fR}+o+>xM
z+E(r57Yxk)gAA%Dv+-FY#R~2TqK1N~zlPR4ctc>s^nkQQc&=`Bdyo6+GwURJ-zEO$
zXbzGANaZeAQbbzV;oor#iTMr7;4&l`4i8fwTMkO_@=|%btrQV1Kt=b2jo|izqE4Q`
z?2shuTd`9$WqVWgcdMZheY}qR56L|5Q>U4rh+z>kLo>3jeFj_Lj^}(@hHPRWQrfpq
zhmnEH4?HwoDc|V;9JeWQjsTYnc7&;B_q?6?zQGbmMQ$0C^y@DMI>S7}z?c{lw)85$
z5!UUUy!!W_?x!*&p>8<y*z1(`qQ*^@&9%yK$r7lmvNumVTXqzGmZG8k0n9c)b<d3L
z5))&V@OpcIBcDEhURB5X6Y|k$5zluzK1f2Mh`y!qYRgmBAe%?bGdKqC|NH6?BAdV^
zX_d^q)3`Pz)t+QQx@)^uzk?)R581IF4FdAFaU#+ql2x`!?7T#|^DG@SirLb6$4QS!
ziTb?QBO$lT3T`ukc6N8yOMVdufSDohGIf_9?~T-nB@muyi+cB-3kqH?Z7_`O)-JUF
zCZN1Q3I%;09;$MWwQIZ@X(q~XYD9U`BMHXlo}1dkDyD;?mjL~?{#Ah}C8Yu+Z7bRD
zdk^#f?LA}0syh~%)I@hgELJ&0uaYKILPRY$XuJbjR)E>1xLMd)*nWtWW~}KfSX!-|
zx9vtQzT6=Z2cMn^xyHS8mb~qGsKB*2f@X`2rKV?NfQ5trZQHNI1Dz75Q=mB&_;%VH
z5WT;Tj#Q3IxYG$6RgLGrjyNVCdtG9@d_@qh%&V35a>P<ELEfzYQ4l3{d5+KFeJw5N
zA$uhdv#_|;^Y#+ky&Bs-VYuXw^+APe?^Da=86aQ1+6reNJ{hgDiPPY70$RfDU65#N
zp2M;n{qyVdiD!2Lgw%d-EiSbGHvQ5ZXN1_@bESfnx2Mr$C^!zI5?2KSGZ}#6E7%^i
zn!Rs0C`$E0S?ov4Cg>^N5CQ4OVed&bh3R|phnUaIS=Y{|m<r^!scR?iBvMG(V?^fV
z-8Pu#7uaIrlfwX5(KNg3BQHw)fu<(LqPMSapmnx2lm@_K>8<c-g`XuRabb(3Gxq1e
zWT_sSAzx6PAYx2cW4>1ZI%KJh!4k#$ejqLF?ILG8(@vAgK+#7j9x9PDzu%v`eIVB1
z?`yv3zsn^<w!dly@E42E16$wYzi;0E>!tfgF#$N<!XmZNp!#`xiRri)>Xr~WM8zju
z^4`2*Ay}IA_o@Vx3ZS(?>AB?;lj*K?T-IdxCX<l$`wE~;;rS2H{&$)3_KXU+_10XV
zw)w|z0kzHl>+AeqTix6Ll=b?@-mrh{7YbpOZkzn%#nIOV2YZgQortZZ-ig~P6u_q7
z$gNcKQ)3k{=!a`u&(6)+EMLW+S2&^MP8JlGkQi3cV@mLz?|HCQN^EOyzth@jLP>pU
zB4L1zuBtUu!Q(<*-EEZeNMQr3y7Kt!I}Z7Rp^cK_;*g<S01w|IFE!*FUbWOmRfb4u
zA?NmDV`KXZedQ;oCWlpOqpE*|A@7-)WgT?ZxKB0H!pAVQ0QFJWpzv9okg4oX2h1wt
zKi=OsE@fK&xY^d$k8%B~yL|hp=Q;P*j*gNA#_^SCK<m6OMTnc6G-H=w(kr$1_sulh
zgWe4qa{Fy;w-)&46Mh+1{^`?&6Njl{fOU-{B?s=1d@dBj_O#i)1Nkc;h1(#FS+T$)
zSP$0GJhQB|#%L;26<@{nj#-W&j2`!@C-=>pr!%*fk-)qLG66UlXBd;D?S-k%F$1i+
zt94_Bg6GMv&+;3GWt|IN{A_P#Accm~=!<Y=mIIp`x>*3JXXFBK9=MH?a-B*y<edM#
z8v+8y2EmRE?1Y57u$28^P*L}jttXrxKYVCRDfILETIf)Ba@&41a{5wY*w7`TcjtbM
z;aO{fq_12S(hKFOsnM~Vzx?w9etKp`my|TqNm_eVTU*PK5gU5~AVrXulO0KUVWY)d
z;GS}>RPW^v_!CX*_B}yjOSNQF+%oS3K})GF>-E`T?TSy*zU~XXw|uti_CC$Mi@0&T
zvMX@?_iilSG4{ui2D7A@%<lq{$j{G@3p31;tYIhR=3_b!`8H`cJ2EyvF|2Hc8L9H5
zkg!r$akEU|$cT>*`(@k5`B{KgQn=+6U^plwuAI&Zi>e6+s@*Kn+V8?!&+eRjqWxsi
z1MfM%z~z^p=UqlemxjsKG|5bmLn|qS8Drp|CGVuWneX-dR2)QQAk?j=<(8()71?D3
zm6SMDsLnU{eAXUOsioUHQ~I^x6@@7%Y(uL>ljK~(myFHv86zOHBo$!`<z?usG;N?t
zQ}n(pCMK37hN$4^+{~I_^&5YAF#6UOb$)YYs83VX`q%DGp17+ULe0uo$FDX2LL{3q
z9jIc_hyr^&r|tHeU%#v)IThReh%%s=CCu+JW!4x<PnOTlE~TXGpNRZ{^28lw7=XM5
zwFE&&e+rEKSg?@($(ZD1o1xfX7dyKsZ$Wr58Njy+ttakylkOca&RKc?hhiI)T+C7~
z7lbpELHy$d)|Zuc+$Mo~88mjRxYa}e&lkv>Y3K%D0l$sZ$&z>PzO#nNcNC0s40VKA
z2%d>JQ|L8wW@9Hy`lOV75wEk;lZ%>}ZXf?N8K`uBeZ@iT4-Dlt2rN`_lhOK>6gAbj
z2J5du2w)Jj#U!sciSFms5(S}|BFZgMz{D{aCGcE0b#4+txio;zal9hf(;G`d=Vq(Y
z4b2q5q4nK&BavZZ3q=k2__{!POQXcoySXuOaj*`x44O<i&y!5T2G;B~&a<7+DH&xE
zJoG#Rbh>*nGCcgw{rfca_4SJdr~-B9!tzKZHK@y+&TrCnJWlWiz!}?i@fUrscqO@C
zE1GikSGWoYCo8$GH=bs@x9C7#WMMlo!Vb2Sx)v_~=|ieiJs7Y*_7>BgS2p2Jd0=3`
z4utb|^OtNedv>;WGv!>*07$oro0}9JhnzX#S;6S@e1k$)a?n@{k}YC#^4gH*?>K@1
zRre%6P3{2(AWz<SUx@P!K%}RnyvWWh&y%tnwr+78a`2{QmH7cxMvwjOS|5l1{O{bF
zEV;l!b~XlNAq@H+*OPq{kgR}<$Y@o+<YFu}H{5U9Mw@p4!UC*oP1}yyj%)Rvwt^BB
zko{ZCfHWHfEQ8zv5@*@^zNsG7_%3dMRD<zH=GTe13>&RMx8-xd-Zz!|xzh1K?i`m~
z|64Ar#DUte=e?A4bc1%N%vYyKKDY<OhS1LaeT7^pSJof3-;lSeJ-Io-Dpdd#*SKdq
zb`Jo$s|@p3vR*UGyvxk{c0@#icRT5G%k9*a<j>01LC&(;yjl>xV%1t#c{fUF`{C~w
z$C}6z9coY-2G%bCy8j~bm&I;K7z3XkxBCz#PiKB10%WrcxG-?5M)_P95jX7-*60F<
zPkFoE+~j4kQCT}-8fL`~#4T;NrNNSAv0HcUoFw8i$E@85{mLf0I9BD_X7)y$?c(?S
zmZ=t`v%mKxqH%^LCcXB^va;i{pw7!eSj*tqfQFFs1NSY+Z5^pn*Fd$XnW<#q%*nty
zeC)2O@%7diOR*sFkWL2E6Er!k>r-zCXk-qW4~G5_<dSxal*|td2q*xOTPXL~#QKby
zrT-j);3xVKl+d;~w+FYgZn|%N`4h#NBZl9wU>$&9lD$))KDTbY{A;f*zWLvuGL9(~
z$*hD+DbX+u4~*pw9=H#yZ#8B`gX{#F^XD6e2PBr%h90UtbeL~+WUH$}EL@IclQ^@b
zhJ_!F0aA2|+_V0jXfDN*pr(vXOA8XqR@Ku^1qYFZ-n_c?k7_Zo0QElAd__p|XH?~j
z!R7?_TAZJIXmn*%TO4oya0g_j7kHJkW7Qsp7kX_zgwwhtzje18t515&{m95~4AX@|
zvK7F?MDh)4f^Jjn>T`=<+y4V7nkWGBk`;;Xq|<;wC;WEXT6)vcA&%EZeYX(u`{4V`
zCcQ|aP<d*SHR-bR_NQ2G4P)ozB#29SXNE{Tj8e{-_nQRBS}3^5Z&~)_X)z`8S3$ue
zHlB`OFsCV~LT~OGI`ecbK7AqlmL+RcI%-UGKJlhH4bq~ek>}U}{J2%<c0($!lrg!b
z_!0;cbB><yVjQ^t>tHYW5a^?)*$WX(K+a`6-15l_3YSoJ*49px=1A%`1EF8bR|}w$
zITn=1mkGDCUY5`Jp>x;>j|R^3As?Lj-W{Fi#J867=UB<q+}Ci$&kOq18%#TX-u}JF
zO8(U!`dddMa>K=zGh}gi?s$oX!=T8!xBY5_l*PqQ9{YJcU2McNmGN(>*ZND{&l7Pe
zufUO8ia*Ixyu%VI6U`<+n42ol)TjcJWr3+i7ok2<AWfmroScuQlR=Jd1J`#4{{)}-
zU`jxSC{N3WFyX1fFBQA=FwdowpHi=>%N<EnfJI=naElc67>7+1YPyHID!OpdQFJ&T
zn@q@o`(`pGmAZF-2$MSL*1RzXQe0Rq@fnEhV3sxomsXRlw*~ZQv{lC)gJIWm?4sW{
z*q&c^HhoNgSwwFmv=DdSkhRJuncJC*<UCemJaB)EctZqeY%GQmgQFyK1u3cKUi?JL
zKokyvTWURIFvCP!UD^dN^<srgnm7}4Zo||qXRjd)V%a`_LpX92^&aPgSJx_ZX}g$e
z7a0644xdCn>@)DrY81v=E%02h^yV$SfM!YVrn6_y467JGItmv7^A!8h2LF}~ytrtp
zEnw?KWc-yD7xcUNm&1*;P<qgMi#~%-iq`3KZf?Dj^Jr_L+H9(AkriVNO=_QM6`jwM
zjE{T|K~L02;<&0$2cG^mHf<eIi&F$G(UZyLZ$#3Rtu&0Fo0gTvPoRPD>4Nu`DOXY(
zl7bhjhYeB_%sO+ErFIj$(o{mu-Fe_xC<)mk@0=VuS(@a@aKUx;okrYkXU9re*%Z*y
zF&sr97sOsnJEW>5^KpP5D8}+83LAYNe?^gd`qu+M4cOQzD(xVst9Tq!{>)#a#)>}H
zAnCD@>Kt+&7x>$;2=gVB23vvkL_o9ki%u<-eZcvadR>qHLrW%_OF3!{b(palRAXFQ
z<CZFDP<G+OiPSt#Ez;Z1*O=oq1D$_{Gm<G2pev2188{!DxJ`(+5lqtB?)e<&mcps1
zgl=%sD382OzOJN1r|7*=Kp>eX9hGy~_~6rI8&F7-hsdS~Ln=2P1NL3NpDm~a6Aobm
znP`xO<NZb!tBwyfN~uW8@O}CDaT3_w?66o%qZ;@d=?lz?IKPItC6$n@Tv?yZdB)U}
zQ?0QLQl+Hfa%YXqayw^!5ozDo^xdE~74xr&Mna>2*KG5ww5!D>8T+JyC;+x7i5*$=
z7mWTakRT{_U~BuXQtJGK8YN5K@FmO$U=ARTV7lNr#e7z{4^9BpG2=4FrRML9K6j9_
zmmzL(=5Xxj+mRXmGrFi~M8$CR;L6eAlz+qdnk_AI)rRiO#%IFzlz@o;Qq`g3xT~=C
zk2Qt#+oIr2uHo3I+D^q*ofy08YnZ;dJy`$sxVZ{?NaCNreJv%f1NeuOWIZeCX!X5H
z?}r(+J$CIxo6FnRYF%yj;hHd1^?1aXb(&b_60w7=(0$8}oo2*7Tf)-`Iu$)-mX#gr
zu}2rhp=gFR<1~VPaPsT{M`8K2@(i1e?j+vGPnH}hP?zp^*|F*p`%r^4$@=7!mm=f8
z-G`h2xPY1Y+1t~<OXBf|(AcW)iOn?V<zvHVdP7ll+k)ROF+uFhIWt7<MF?sjvm#Yg
zRn$136iC(YLMt>UlOj9^iY$7Qh*AaxCQ8d5cLk+i4<+*L2BFrQX&08PLe3Gkn5(f&
z6J0$sY8P0_)kvw2J8@|Ci|oV9^!WQOH9w*Vq{cT;A#E2(lALjs#|h9ul~^dC*ds5O
zfFqatWeF=>K_-U>EWp*Q2F6+y`H<J(DBV&Q&<aKIg$#}w6sZ76j=Zgs!nXh+*jyt7
zx!+T^FQNVc7`%h`U$FMRe*IdiI|aG}T*>ewyEEC*x{0X0Ya&nkM}Zh!3MZn`KPzld
z)o;r5__*idp>#aiiGn1|g6Nbnpu*p7!uwm|a}<-MT=@@4&yQY#xQrBE_f~ZKj`Qpq
zNcKuy^662WZcCE%mIAq8ahAq%!a)}%*KP>iY}#I%THO0m<r%usxjp&`L}wJY*=PT&
z2i!zD(c#JZfsTbG8Hnlw6k`v0JubE|je2&D^{xg}Ar1Ljw$K6Od&ke9ixfCA{$7S=
zT5{-&{dRcvdNLRuHSn$Pl9wVtCIBVCpoW8_w*Cpz_wSSBt>}D!$KoYDmGp%Sc?m_s
zyLTz25X07}WMn}>LG$LM=O#E>Emb}*V^=DiO)FiWd!p2#8s|+ScF>#|G!49$_MJxQ
zRJ)6#fiMBL_Mn+K?)_XxX`%TF(`>aYkj?dm)v<#LxM)Sq^se|qy)E*`!QPU$ev)w1
z=Y8hT_0A#tsn=tNy)`1iT3w*_^l;*YC=|3jKO|C8Zc8s1_N0)47>OQu$d?QoZGC{@
z&I7HEEX4`#bCEa;7pZL5QYxyHIQ&TTPj_b1<*La1Y7=uOeU4UeBWSK>@crvn)ZFmy
zFL>YEGjp~KXoweAI}THqyq{Wjq?l@#7*;QeCp`bA_xfrel_|&&@R%sAEhKe4MbRI8
zJ=*5k_1QUf8J8JiXPGg!zuQOV5WFrUL&L3lt|e$~YHfGno7w94Z88XqlCS`voo%eK
zQOl33D)27~s4-xC&qc(6kjlNHt=kmTCWAdUJ%Bm2ps{buR?B-m>|V{5<#vH-lKFgd
zg<zWUm{H)552!+1&UWjUcmc6@{>tjf3IpoOmyCTzhf;=s<9*UyWdAak-|8!0t8?13
zOM{F7$_HzV`|C`~s(8*!#q|tM@BnDhX$#N-exc<bs~dsa5NZ1}bexbMs3kaPB^>u`
zBFMZgX$s<-tza!=)mr?0qwe+{kD%lRb-<3uB=0|3nW(YV@@WQS2bj!unxyV79c+!3
z5OXQGv@PYzM=f`y$9x)UBzQ!W&x;&Q@TBTR0Tb{PuvIjH!gJA`y2dsbwZV0?9WH5;
zY_#$d_;pLUOb5V)*GML@6jt$E`J?s_f7A%<^KiNH+ksRQnf|L3sZa7{lbl4AggG;P
z_G3HPG+=Uaa)YecG`=C9qXsn*Jy`Ngo_^)!vArDsVtQQZMZ1aUZ&d+Z*{X_fw30>G
zkG^Pe?LF~4z60mS)SAYUzYFDW#fi<#w=)VXYN*zT<N<B?@r>#(n)Ux|*ERd)_G91R
zUST^*N@N}oHn&{T)!_3$mZ1ORZMD<p7n@Ahy~E^9+dfk;*xKICK98UjBdAQz%<4C|
z9UUGlzj*~R00Sf;2^}TZNYZ;C>J`EQDKhrn#Jg3laqy=tlb0yB48F%)4HSdzLY(t-
z!yd%(0weS;0|*2O?aGFlPPfLA>1|ktGFDHkLhm_)Kq`2F=X;RhV`EGS^k+F*nHZ6(
zL+rx0A*P^c4hbr5Xk-Dg`IJPOh_(L+uEl-A<BoQv`!^#@G+30ZIhf0FIV#)N&)JXD
zg7B-+PjE1m{Aagr&I48+t)W)e;|wt{29LZBINkH}3oK#FZQ8~8#AyeajQ6W0?N|&k
zpm)R8kros4vPvPbu*wS0>E2dw6S6%ySN!&pEwM9G`TWex7X2l5IPF|gk}Y|r&;D?e
zR=Y-^iSnC(4MZzLrVFZx-%Jj~SGe2bW`-|9ij5B&xYP%3TU&b^hsyvTsK|;PBta|v
zj*m~8MiV`Y=MTkM6*HLGYBQUE-DhpS5fy_~i&0~rL)qmSUs9zhcw`lno_{mEw=$~O
zRcow#ofm`ekpF9GI9`_jJyHexFsHJgg3?~D{F5h7a&`A-m@=pA5B-n$uAPStu0ev0
z4@j98ID9*5L|%Kw=V&HJf<d2tLt<<l0AGnN#DpAe&xl-LXNS*n+t+TQd~c3{z%h75
z#N%uzAUWnqJxsEZ*uI#vvEj1kRQ0W99+p^QL*T92u4EELv|mc)O2%3=if6}{+7AW4
zeEA2P>ta<u{;G8gUDf(JHc1*!4f4p=$f^D%bE2S8={VEQh^F&z1QDH&K(sBuYGr|Y
z-49PFX~3zH6qJ?6pw_h@D-b2Z;g~odAo9j*ZL1c&gQ{&CzkG*g&0Ms_H+V<LTIB!m
zQQwCpH_wAG9|XsJ9qSvH1(WP)jq5QWLyH;=5HV3|iQ8HJwKY=Gq>Ciaf$opwCSM+&
zkH?W$lD-_EL-+F2ryE205M*+n$7ExePB{p(s2fX{&u6j#xcxsUs5eS)ib^HVDR~?z
z;vh4L$>OJxW;IpEnP$wgW<lv0C^R4L<01&l5f0qU6hp8+OP;xO`SLZ{n{Bxb27seh
zLTFAttY_M%{WaE?GQ!@n!&0K?OjK`dX&IVhPnw6Ve|YeVFssH^4z#V41NWMp1pYoB
zKi+_`SnOjxy%*W>50Ew#Pzvd?Z!6a0mzkKPF|^<I&YV5Fs798FEJyB?gPCZ}YSf$n
zJHU`3f(ld|3vGR>lM}GHpFcZBJJ!how%5RLN5o}epX>a|L&-#YUEO5w*1pf*><e6B
zhF@@1Zq>M1Ic=@{hU~|k=VLN6t+?X>bS5nyMO-*|*NoGD^k}t24j6SkFn>+N|FPQ4
zL<KjyZNH-EueN0Zyfnm%s6JzFM$k5P)H;4}i#h*uAkf!)@x}M<=j;iNb%8_?)1yOQ
zsTLh0qm1eyLp{9!Fv(4ht4>&nD&^&AYRaGSEN2t>y_7eifw*Et0S{QE;b71e3^tzQ
z9qQPa1133pv8~6n(yWqySCm{KdZl)>pzZLQn)r=-B7&nC$@2PTN2<eSJL7hqkp)92
z9}l1Dbg1clE&EC)$yIuE*0sd)jHIMrdKpINuFA>2X56F+7piM_J_VA4TVMR#x%1Ul
zH=0<@0N%t#(lO@q_*zUW&Ji6n@84fdng3ll=^a0&psAFWY5Z~kZFTM1wPD2%Q)Q0a
zoUoS2qReEz#py5x5W(sB`R3;&anEbu1z9ZXMZK@7OT%%3OmEdCcc_{(m{>S3xvzB;
z9Ic7Tjeh#ISdbryTgA<ibMKJ0HI5+aGD#6Te548Qia)TOmydDcP|j8;JnEXp?^^}i
zN%a^-S{&bx>VMx4<CmiLqXu{H-5X>m2koqZUo+ex=S{~(N6O-3UV?eo;+cUkZqOub
zHA3YAKt)}~NM(WdbDGI~Wgm$Zuske@66eCBYJ%06MEWNn;UFY3Iwrj?G+bf3q=!x2
zyRgTde%Ei4hrBXmYkbaeY5vc>_28$h)p5L61Oy10sbJUyj^l1S3So#dTIXyYlA`1n
zI6Pyp0tE<{ExRn=;)sT9u<#*mS_phvCey3$nU&ojbexg5%q9`Gf|&qlBnXoR2*LT{
zV4D{&zUU@i08@#M;-${!8@4sfp!45WQ_yf#TAB$&4L1Y^Q|+ZgS5Kieo;-Q8<X$hO
z<U0R>!)@ai{niirVBY|HTgx#UArGg_7zgxEt_GNKmCsJmQZ`;LQ9?kB_ZrjBlKg{O
z%)|-1;jhhwl{3F;xH<eslL7)u+hdH4tXhuU>XSQn|2f?fPdLw|WUc`_df5S{|DtyS
z0t-zt&hu)egpR-CSk<q-2<Rz@wB;Y~?=Oy4p9M&xKz!OjtElU{6CHSLf^gks?M@Iu
z3Z~#LwoctoiN%$70t!t>^dv^dQex@KWo47>=euSjMtgl~Jg2CR<&+DBg}n+NyHexg
z5DS%_Q&0f+swV^5V4=^=i*}<9iIbD<@mLW0JBvv}vh~7ti$C|XmNgYSe(XqBM<+E{
zsb{{>41hW8|Dp$shm)WwQfw)yZ5k<-Nuj~fm!}I;CYT>#5W~-|kCq1>Cr`NQS`E5@
zreK-FVHHQqaF4=+u|inofo8s8WiUuF$y)39F>HB^C<48#MR(SGYPujW&e$P0W=OMT
z1PMIPzXEZo-5VmPOv$?(DcyxC=_=NoHYxy-oRo*DQsp5El?H9Ojja^2$Yw|DJ2ywq
znNX4x&kZLcpZDgB|3u#WRmsP2^B#xu``@YYQ9!`;_wk}c0t-t8V(1wzL$)CbHXnB4
zV7LF%v-;r{fRoUJ?U3{I%e*$jk%t@-FRp85$V36IBy4$DxA)z3h@~%+2!!uNd9O)^
z6;bgLV;C6LnzW9;GM4v*O_R1AVT-c?`#$RF3iQ&GQ+b67h<S7K4>=QWW!Kmt1+}`%
z!nP*~J}8^T)7-JDbZi0g?sh{ffU?+7CYHUV_6Hc{4Bnsr;p;6ntlsbo7-oYvZ9(#C
zt7aw$hy=k41Do7+w{Is&ctfYWT&b9StBwn4q6l{tpuokZ$6NFs(Sf9?A3FB=eH%7}
z#Ru}HcO{TBV0jr>Sv(6GkPYQ%tGqe;Yyul=F1?|lp@p-7ghnXeqMNk+Xz}BjHB0^1
zA<B^_iKo2`3=ClHrxRxHenD&U@bFl2IsDA4-+=X|o12^Wi<cXuOaQnQx<T>gjn-1E
zfTYC*6y_a`$bIIu&K+IeT0Y)Uu}!VgsdBhc6{VeLzkNT`6z&xLP{%9jyE?|b=pV(j
z6Yj!&pKUcXkQ{iWM)rve-w(K+kb^#5E6v2j*%xPfZz?O}{dm))>vEm{{24cM4_K}2
zYn}vwl)NeU3!cuLKPO*UGV*e@Hyz0>Q4up+RrCsR#|zn{=YPF#kvepPg%kn_Lg*=L
znrIHic2-#AOJt-%Xt}ecK11x|A^==0gzZVGCqquF9upCX8vRwC+3AVw04jtkHSr1t
z+9=bxH%+MhrGAzwiX6?1g64ES_0&3ctN|1885xoQrj3!)A1ZrWImO^KZt$TOSTl~}
z87WU0c#^)P_dVG89@i5#)pAW%mgSZH$qSucsXKg{%(k>ISV0HodD1#&U@n=;to`i+
zGG&}7Pa}?nkQ>&oYr-GmIMrNHt9YhV%fTUL1Oo~tgd9Wt5*sUPIEXMAh$Djm43KRx
zt|rgIhOYdUf#9K!AIECg7W(eF*(QnSwSxIA%}6cRLT`SPA1U*P=xDKHb~Q`g%=X^i
z)OcMWW)ZB^$%h34AcDg`Wdrh2R_MK0=M7ssV{#yn5KRDmiPXXAoPlx)8Zh#?rRj!2
z+RY-V>TBwp0s;dIy`{BNg8GYeG+*i}wSc_ep&rLf$xqTLyBy)+^_&Fz<FHrmc$);$
zq{YIs=Y}!|&9rO<*q->K0sQH`^vtmra8c4)Fco&l1~uWNf^$M^j5s+vUtlh4TBIH-
z^d#`w#xSJx8*GhKx+NcS!jVqI3uBW~=wy_|La)%LuU|`prLZ#_xqRFuTufT9<dBz3
zVogb&8}Cgu+*;y6iqwVZ6`?8wcjC%(WuGU%@n(4He>VLi3Kgt61=)5UPQ{jc`7#L=
zO%<Wh@ZAV+Sy`!oc$<rs_!JxG^XFNA;8{xw3k#D#^0_95a#Sb<_2TSM=|%Wm^vdKt
zRPHIMinpkBpv6Kwy@|vY_dKmUr<EiO1Eqs7OjepHt~t5{C5CKl1Ie@Ks4fC9bJgXg
z9_M+YiP8&84_sUz!E~IVfKoJg!w?GDOLC1AYe;@Er8&uws+M9&0=h0ldeReE*vhpb
zPGN4Zw2m2Eg=pyp5Oc}J7y6JFZO|i@mEc(!+8QkRN|vBCL-9I}lT$#Qt*fhhJS#@h
z(4854C1It>J?KM3Qq;R;DEU@M%CZbp_Plir30|u4WwzX<9NGu4766~*T?Se2yu7Re
z&vU;|G=wa<rHFeLRhNxBS<3<H1*~JWoTxko@x>M&jo+qNLY`yokyi&|LFMzt#>R`o
zEbzT^drbD$22~Cx*hc2$tcjh+G{)~O8kwZEWLq$z|KaE7C#4F!zed9jhkzmj8yl^b
z(!c^m<WL_Ahfh5Yd*8)w1+1^8U`Bv}6Q?XI*Czv--J<aoQ@3=OkJ*n+mbLF#I*;e&
zg-}WRJCTwHjzC0XnVMF@q|(I0({H}J+x=0^aoFH`2gn%)0hg*qql!SY(za1P(i=*=
z_w-4(VI-II<vN_A9l0)9!ZPV#am`s-+DcGMcDmx~<b_0SixAq=9nh5+_3Oigvj@i~
zt6AEAXi`A;8g;td3An1|T<f7Z%R{A1Y`uBtDfpQP7D7yBq7`x`TQ$lAG?(u`)U5C3
zsR0NlfRs#<cE?Eatcaa)&EtBOV#BPfj&|!h$tAzikt&^AR}O}O@Uz2a+zF|@$u|Wp
z@o9D;5_eoDe7I~MS$zP55q#%qE|Rjy=4J`iHRn|?)TJwsm=IbPb6O3et5LB@4KnCs
zSgS#ox_8~K7?;akk0ixc7I*mx2!Lk3+LqSSO=EstaN!PjI?7o!{g+e=*d#=O`faN;
z;eDZ!RTLJ-gX8K*Bj7^R(TPL*AV|V(NK~VZyp;cG35*5JKrV`#5-WNZpN?)|X<DfC
zC_K=DNhxwS(D8vmd@uXV>(_BcfdyPb#+aTIw6}(C2pvaJ^Cl1q!iNj!!2HwXXFCY&
zm@Na4+VNZcC)n<3Fwdzq#2b|Ruzaf}f6*wXzkE4dNPoZ3G!W}j<2y@Nv->3)$<C{O
z>JCH2yYKPg0iPe~SoH=niAG)^YS5sl9Zg<Dfl8H|U%We)<f)z_I!b4izp^#z+afFh
zgjgp*c>P`Jp*W}_=}-9rd=#5}GgK1z<eu2mo-3Z(7Ow}V^HM6wiF=o@AFp=aSODSN
zh2Z!pzwGG24jXv?1#{wRpPIu@9QW@>;Ou`t0+yGAk%}q)ke4io_QZPnl&C(CyW4gR
zYxVR-j>V;$gp&s4E~h;`J*D21w5F?Kva0Hp$arz<E8h$Xs|xMZ*}mT}OR3Vxj(lKh
z`bu(DMv=fh92$+b<aVYaIe)a_uAf1lgASljN-3m72X<{!QT*}_+6oa)9dZ(U14>~2
z_-c_kz`(teiH#w!sQaR=rPIM_g43!+fPtOWtJqd>swm_e&wwbhSjm&j(__&=U3Ip7
zxrJRAh{I`a?~rqxK{MFIflIX0lT9JbPTQ|U8&mvll~sLIOSmE=^b>X4)X1cMxL%kb
z(+<6-l_FC|$2UwD`P6b+R{I&qr^BLrOror63}U4Dl7t&x-IN0e!f;7HKeGJ7cWaoP
zD(fUy%~1yOk|hK}dg+{AHmaT@2J*qZ8(#g`NJk_zojp|_YMRhig@-esKA9NiXr%V`
ztL_A-vR3+>Hd_Q>XT6ecx>+Z0mlaEbrMZR0;33{?q}=&z1XJa;5soA;^ZM;IOk^(n
zIfrZpHZ&@#t~Hh$UMyq!A_@<19196H?K5(o37Z-UVTEab>O}}WkDyQgOUCUn`hSpV
z^ac@ifKY02lrca9RK(3L&}JjMtqQS|iJnOU0tQf*=Rqjx>=z&kgS}B|(AD-zehS(0
z3pJ7KI+)I@oRcl4NuhX6f&IAQhwSEsSSBZA`5zr3E#)-!+T!^1VVNQiKG>*P=ZYVk
z(l!@$Jw^Kz>KVc!W=O>yX46QxKU(F9M&7bCvP>C(WU|~=1f<f`y`-^ZQn~S1P45pP
zmdvc-10-GWfr~FcTkg<32M>`&w~IwPEh<IEak8wOM)rjWrH4e|<G#pSMz#q|jEokv
zq~qkSr<}OdD!>!XH7M`yP2bE)?g%~j{{5CdFTtds6I3EYsVtB<CSg76M7)LQ*!u3~
z0-XOGN)>QT_9HtjtIHIi@}wp|+!(HP8LVlO1-iW;qjphF*tlkx_-6D4=BFJYA2PJ#
zRR8YXl{AHkicel|B2uu)@yu+owwOFy{gqnX@V381d|j0Pc!>-<bSxVk0rfo9F8~Bm
zYay5|<QqO|p<I8d%f=3!gt|)1ig8Ep6e;;1X-E~N5QQ`>bF@U=MUA^#ZXoKd^;t_H
zw@wd*%_-G4G=Rfgt1Ig#11f^F=$O<*1UrYyAnT`BuX-CT?Pfr@dzterhNI;yMM^Ow
zZRd$X@2el5P**#PS%Mx<`RH<K*t6EO;7*;^STCS3C4Y3IQ@1TNIrP!*!{G!|pC?;L
zthfUiq@?T4n|t+3_y`85Ab2CXio5*uc{}v!xFZu#r!{00v(p9=)Q#(&@&~yp`H#k*
z4Ej+p20(!t_O~rkcltRY6E>}AIO{@?h4?8d<F~De9O4gCrfkF+SliX*RmwV!h4la^
zn`>R5EZkSbzt&8A8cBz*D{k2Op?KrKR%FFF=65Goq4uBZt{2BSHKO84mUEry@|gpE
zcLGyI2-!Ce%0yH8TUv6|#!O7koU1+inwc>pke=FUwXPR}lk2T2Ow)cAaqG9*vC%o~
z@0#Z0nM1XS(l}WA6$uAHHUdd|JC3G<bi^<>qm$bT-=8vTpO?-&ll`uWPX8O@(2d`T
zFbc;1xH8asz6+cyPlG^VIb=OMdxDcf%1F4eRz$5aDNvUD(J!j`?)1C9&T|`5;aJC+
zF3{HlEtKP^;D0DRLwm3DR$h$Db`m3-2sca86D&j#(8u@Ey<dPMz#RpV|NeJ>_dEV-
zdH)W{`Ilby?=BDS-@x<#U$vco@8og(zWaZ9GycnEvUX&(qMZFj5AAEef!W*it61_Y
z&l@?vQazitH8Q*C+^J-fS?s=K_-AGPmp{M0m{}B`6?{V}W_IVP6V(Z^i<E5-ZpTEL
zoxDVOH|sj1v)+NyQD>UWJ@e1%0k#MJKfUyEV$JLmEHFL%Hd1L9h+NH`-sxaqj|7h!
zS>X2ZvWCwTzSlWEQ}a@XTgX#2i68$l_<LFJbvW6=EsnqZ{Uhqsh5I18$p&uyqqFBJ
zX=6@XR@>lu*y%MCY~TjR($YG}Su6M5OSqJVOT0~ZX0KvsnD_Q=TGx@1|Die%j0uz^
ziq!U)R=clc^z<6_x)rSd>f$bUnakSPB<rE7#zAY?DZAw7df0_K&G>Xx{Pohc{Kapq
zF~8>D(|rAv7}w_!2;|X?N{<AiX@6g&xa=drAu&{-4kt5n%)9S@+!VZ#w4OW5Cau@h
zWm>|n<njn0p9KzUl=vM}Q&P?I8u-(Xc*m12PDZ!YRF7V~G%i9-*VqaIg(0b%i~Yo#
zf$l~$^F*R$dhgiSx6Cf8L=oeQ&zbnbl)awjysD{DdZ4CgI@oR;#VKo+{E+7AR1S*t
zUQqo-V#%E0WGq2wL8Hvd9cv~b^q~r0bP3$V_2vJ*)L_w(nh|Z#_7l`bMd{HPTJasQ
zCAWX%;prah6X?^=$5Nelx3RY;c*559cbspEr)vZ5@rR-!gOt>infadr>*IA42j2*T
zl1{T^1h)Gc?elN*#YSpw;^Il?IpnSnDU`OOXgP`d=jJys7^%}|Pt$L?=3l(b`i0Q?
zb-ZdKC7{(`y8y1H7BNHEpsf8S@4kG_n2(_;Prvj-KBjj)Z2yVOh>upUh3kWbJU*v|
z2?@^)mtSL~2*dLh8hSa6>6ITdLA+0l`)e~#_>F|)FWX+34Md3<Hm>Iz%3tT>)0cO;
z!S>i;{sU-`sO=YKJAsUA#v)ZZj<>nEbBy0^=sx~a_hw5JXDq1d+6LzNv4eMojVrFJ
zMzbfpoxc7#_ft&w8wt6Cwy73=pIBrhZY*_VL~i7a(#jh7&Fizo2T#lbT-;oKZS7H0
zO?#<Dz;#x5IXIRo1eIVc@Y+H65V`+q0*SP4-qFtJbg+vpS_cDyN#gu9e5N8=oqnWK
zjw#2~w12c0#e)0zk%vDKpPtt{r=>Bpk&1cv@P15ds6)CGN15YPaGH3!$5520T(hGi
z^)wh_du8~YF}LO8;c4&64w=Cvn<4OEN}q~XogS}~@%{DE`H<H{IXoibV=pvn63WfT
zH~Z0v8)Gui+Is(hZB|NLeAwW5$jse`;mg$DJ;P~A)s<t{ACkSEKTo`#I_10ZYX)&;
zN>NB?vt%!tnoh>j0KK->GX2h`^b&d`){MQLz2)&Ehj#IqKfS!Xu6G$Eo?csXYA${i
zFGbo@fcx=T!wkM*Zhd09eECHf<0HdAd6w-KHdeY`4l5xNYC*HYqWwakJ5@&wV=Jf!
zg|vgoe4uB#uNgJ(4h_J_`YAj(YIgPSFJ2NOrA8~esUPX<>3tzNi~<!gcZh?Kx%vIA
z(6M~R;d7kgwe~(th?koa?m@nqT3Qmd2P$t~`0XhwinK2q)Q<8yQq%oX%JLn1O(wg^
z!aI%c+^Kq-n79Dhmw)ZstTdiBK2}h8YbW*1n~TneQ`Z~Vx$|>MKNc3=rb~j=ZH7^U
zW#chcalmOErQo$|p!~c<`9f)~-I~GxH`m>g)+1-N^jw*)o4T}B6FlGrv-{@@7N^sR
z#s1lLnSnv*>vQ46#vsap(iVLK!?c;!Se1+PoV=hoe$qyBIw3Pv;4|No>r!5|@Ue<}
zr>@LjvzPD(X0K200+U8Cu5k*G^o}=^W?_&8nb<did)y5?{MYt*2BZZOX7TaUQxBdP
zKhH^SWD+s>;mQqy$j~bCz7wWbofK|9ZYuhQH!6qRx$o-g`tW6KG<ZUVTdsbVmv{Bj
z){Ya@FS_64F#Jk~Ryosma<cf@4F3nn-R*piq3O=_A^wgA6&2jZd(6F@onI3T{4zPL
zE)`eJ4-O6*I}jtQVt06{C@Jr&yA<DD850>Dt=wd<jRM_#+hFqHr~C1lG4(N@bfoW^
z!Qqj*A*CNae$=fIlPU`atIf>*4vF9DYPI`f|5Y#q@<3P}fHC>xOo`f2^EyCmK0TfM
zCQTu&&ET<-utd#~pLIofFuX||!*XF<#MpP|^+R=mvSlA%A9JAet-x8E$VIWV(2332
z<PUIJ`W$t8<vxA-^x=ya;WGs6JC0}$d6b34m4^rWAU-+XO9*?BjV-Tl`0(JdrQf^o
zf%j51f*^G!R!AT7%a!)ZORJ9k+ee(IDfua@a(0lnNA+wZYokB4(hL;aWXsMzmZL?`
z0+`=IHsZ2%e%So{`;hB@kg7FO@kwjxeo&}VK81q%cO_wc%w2Ku?oDYuU0s`~7A>x4
z<F5z{jZQFFcDQaXw~WmF-drOgU_kTIn5+z;<Lp@wyK&=DV#^w33gTX>E#uI+a~mL;
zQTo*Rpn~cj1&<81tnY^^!EY1Y=ffDh)PWF3?1*za*;(=WifX{v6VH3EGbGX~U7RBg
z6UGRsPGG7;TKT0Jh79W(<03cg7L04W)EQ0l*IriUyomJ<_nH}7L0ss=*$upP*T$sJ
z$BqR_V~-|uMQmK{pW9}D{r1EqEKH?P9qh^KbeBNJ#2jzJ)yWvgvJryz?Ct40je2Oo
z^PHja>GGJbk%8MnA_DOrf;=1@oqAY1TCb7C7Xsd$YSknUEC`Jl8Wvd)py|}QjLhRA
zU!Mtje<ZohO`g)7ozL}$jaMN#m*x678`n`tPN(e6ih<6Xy1-XXw;CeXt{FwgU#QyM
zH<q)9242IwpOJ7_kG4^T$NM14Q(x{Q!$w8C-Ml~R1mCZ+BDaj;pTG9<^-X7&chZ^N
z+@!UTP`RYRS7>0>dE05-acy&xBf<BRhT_!TRb85!q12~z=&lH$QN&>fDY5)yU~7pt
z!Hn+@xXs6&s<7<f$MTsMD8+vH!VfBf?$w491`JmCXA8w~e56g{Nwe~@vevYaySkOV
zx6$_zpTB<V^KGagFAaU&qiBnOv7Vlm5VujKc;W({H{zh9SYOX0l$aka_;1(592l*<
z5EN-Dx!6Ho?mBWT!uC{4$O6{_VEWdp1#sx*F)}jpi!XE(j+dGWq2I*Ef9$)_uD3W?
zZkThz`~r8}<%OTNi@zQt{B4_k93RID8Wlg<Vj60y$h-1YMpE+6d;CRT^TxMgEm100
zTAG{bv?4-jxH_wvhEA4g=0cL$N<Ez|u|$njL2aX#)S?%FYpqr+k0{N=%9^Fym;LHM
zg)LH0I}kVbhrhq?4OlhwkA!q(|BOTA6KQ$%)Ds5wsv7#^+uyZG_S}PP_AEL_0015~
zb?0(TNp)xP0!R1oLqES7a|_EaWu-<9We=Jpf7l;t6r5y<mcHh|FwosC2o%mvBkT+J
z3lNJG<R&j#-MaF7!Ls?z=2#J<;`=$J7|gs<wMH*GPp7#H`X^oMXjURNpS{vU|8PZ<
zX~un`<D&iHadkLK_4h)t*#)Q5{N3e*pP$?cYVPG7R(-T58jUue#VmFAxM+a+*L4YQ
z!<l7h^rn-zh}J!!BJsTG8DjWKjpA<m!Jy<<N!ttGMsu!nB^GtRdH#_5>9e;H5$J4A
zwdlFwf$*6QHpLGEaHavA?elL>Z9-h%H=d+SkB?pY<7N<URsqd!q@{W@vL%{Rmq-^+
zaqH%}(3vQ*TSxEcLbX0!V{>Tcw`iGMqxT;#es{Tuedcfo=eaCi>u6V0Brd5B5f{IM
zwz*n+g)8>Yh{eZmLvHO*hCVTuRvEmbbB90bIzCO`yyj%9Mo&_+z)|aBqu14v*w<du
zt)?6|#IAhTdR@Y3UL=>i&^oBw;vS<>;eX`En0Fz@o4nZN9739dCm@kw&(^F@@i4OY
z$=xq5Zw?O+7t{`+dZA#JKd`;+!B`nc+@kdI_TISKb{frL?mDH{;D$yQ71PFqDT<$E
zJFga#j_82gyX<k_p#a15fp73)?Fn#wYfzhnEmNV}C%Qa`+12jc2}r=++IzQu(of!+
zN#Rjlp=l-@Z7MG(SF9NO^Xx-x`*Z|eS^IW4iJp^_-@-zL=Vq>np-gb>hbe>R#$RJH
z&kQJTa5(L{yjPkoOmLlBobNe!88liB3(-UejGf4*-FK_oAxRc_5};^h;ufNpc8zw`
z{#4P|E?#Sjx3L9Tvwa4(t#+6IH_+;ipPrtcpr)3o?LRMYgX?5ngzqi+Y!@2wC^S0H
z!fU=5a<(RL>P5AqidV_7YL<~!nda5`wNxsd^PJ%(oQEBCk}qv9NLTM=XSr~ATnJQO
z26~k_3i|!as}3i|<-R*k+@|QfI=D5_pxO=Vl*}KZKphk)DyY{<E>EGgjyN==NHOJz
z>ZsA6SToror(2j50B1I4d0Wd_Cd}1>X`gk>bK0wmc%uZK;#RHOg$h!au*Y9c-ztQ+
zB+;3bmzHW_5JO)i6Rt+AR_rR-+oyvl!gB#3kudW=CVzUpt+*kpEr?AJ?Cq<KMO2I;
z(t!>1q2{xMvTx3@XC-G#f|@v2Mp6#Gt`o+zfcW95&z;=&Q!*FLZ+&ys$!iIiDG=^~
zLuG?D?ebG3!{AM>!ktbvD5(6))}&%anHax*srkFoQV?ri$q!ON%w+fCy1lgY-Y<7?
zo$Wn4!07Vld*nF-VA~$3Y*EWdnd&2lMR@ZxxbxqZJrSz=Rfm(+M^sZyE$H>@@Q{#7
z%;`azf%FSY7o5SNK7okhJy-@Fwx?#3jDD?06J)X36Uq59My<XyDy=fDhBTI~PtyXY
zTH^jJ%Ay5g6BiJA#=_El0oxlnlj1yU4(xw&9JA;9PBn7gdM1l`)h*D<84^j^`mlG7
zeu6(d77>2#i9u;hQonMjg?YuK!bkn-8#N&psXav3#}6rlz{dEnI@}^e(iRfI_73Tg
zJ7H?N%X0Ceg>04EQnwV8O1NF}7Q2}~o3vfejN`tH-QwB1^5QSKuhkb<of@PjfUzDb
zxjbg&Mxu##17++HK)u9kDevf5@C7M~$0_!H<MN{kB+;zNKM{n<U-%?OEc@gC;qEQN
zqHNoLQ4r}g=q^FJyFnTeP^3{9x}>`V3F#UdMAC<nZcwSAdyqyN21GiBSQkF;I*#>!
z*T;SA{b7G52JZWc^ZeBrOG-%cqEeKN;m1{vq&wxgR6uWh-MPR0(hWl<#qwEw@6`>h
z6crn_wzi)lF!6kL525$J_VX{S{zrR+TGeIQFW-`H_B#%wydyXFCKL6KucC&vk<wg)
zgN_YBd{c~h)q58f>!|*I9A|fDEnXU%Q~&JJQp@Q4>;#9{a6D@(i5K6TpHOQia%Ku6
zE@qls!zJo#xhpu0QVoZiWQ2reB1w|*zIPb@w5nAJZb~q&@=K>-4CUu*NznJ-9)G6a
zF#IZ(g?d_Shz7CXzC@oRDIsy3=9sZ>-tn&D9vWKheVEBa06g5)sXsGf{RVTS_Vn=A
zQG<n&Y@EPxtCx%-s2{E#gHj?S0QKJ<`QSf2a=W{o%n!Mc!h*HIc&Zx6*LzrumDF=}
z9Oz6B`1m{J-k%5_ehNY<-}GS+)n7m8KH78_RqvF5IALI-+kV0JBYnuuI%>-BL#{6N
zsVY<S{3fm?HEU|{Hmh;4y%iR7gydDZ+3up`kd%Tq?qrIFhKiQ61Nz*1i62*^%b)W6
zRn%X8i46YL>bWQ2aAWpHNd1Tx(S!Jt@ZfDmumkRW+EZ-u)GdL0|M)@?<F6kr?7(?$
zuB?FdN&&PF9+TzdWw7yQMLU-#zqJiL_2u5b7eFI<Lk{Cj9tg@B>Kle<RKaIk@$p}q
z_Pu*%>;O}-YeI`qoBS1qQfo#$pvQtCs{rTO5jOlD6H&+Xo-@ADjvB5f)rMmBfSK!0
z{C9`!QYlE#8xJ=(9z^q}-l*n@MgqWAb}uYwIK7Nth&KNrs-XC#p-D(9ij>ZkjPMnY
zGF?!K5=p}e|2N*Z;^+H9QCJP{5tGwaxi+^x#4)g<@W+bS==%#TC%>>1Soj<hrtB>W
z^tjl>I00ET-GREsyd!0Jc2wNO7b^M<?NMN$X-a;hmYnEAWdjIyOG}f@HUZ?e(xk>f
zO*qJEM9aKY!J;f>VneuNabe+5rQqvVnbWi-@oL|MJn@HDH-|&slox-{JEUu64Qw+)
zGgiBu>T3%ouNF;e(W|4h9#J|pICo<Bzj-&B^~i{w?B(NWp#a~;_7_K@931K+!WGi3
z&w`ikRlJ@wz_5N)D@w!mmSXt9EGeOpy=>b#nDnM6g>URxG7ycaAwo*NO`h=}F4_T4
zDuR!NOmCdz$~O#?OeF5L`rOLpkB}_kb&am-6hs4!8e}R+;8^<(W%71qh4zM-rGp|j
zor)E@M>ZkLA<c`B*<e#3EFh|mOh~|vAByBKO^*F`Nv~m$k-6TxIr0i3XRts)#xu}h
z-Gq+fjTJmOKUubp#}l9HzVu@Cv7m}p=J8m5>cAV6GPHFx6g~k;O3K=h@LiQFd@Tq%
zLPpWq3W<AQ)ol<}*Zhz6hk9b=ZH$@#m<Icq2GW=x0bUPQUT`p&LP<}Pu^K!ocfG!8
zom;_0TtD$4!Hk@lB0kRseH|^{0>_4M#s@$cPubZYy?#w9=>#)+reP3NulV#4Bv$ST
z;{=J^0?rzB*J1e$>OgXyK|AcnGnISq?3STYFUT}F<Ubm8R}1o!EkC(`=*9%Yb9XZ;
zO`ov#WoI2(UjC|RvG{wzgbf*QBk6m}G1U58MMY~Hn>SMSnuN>fO)S3>Z8RMkG5H>A
zOAwwF!aa&(2A_uJQux~eD7h7!5>YCYBFrGD@??%b|Hvua^9w}Q=gqF6q<7>PHvCi2
zMF-XWN(erRv73)+3xsYQI|bp{k-oONHVzgByMmC<wS2kZt6QI$q@%JQ=%HkMN`Spm
z6oo$E81^=0Rd+Z8fs#0dqbh%%iP&E2lbES<Ew<Rf{Yrp$WrJ*~L7#qF;M&mS-Pyid
zk2f2UsZ2#0OV7)zRkKAuF~$|*`MU%wTwT%T(Y#wvcef3BZ1k~!|ED+T(??g{@`70o
zeS@&k)ljmf2G2^19U@pjL-|BB7~*A-zTYS&o_^g}?&Pt&q`XUbN?7P(FS|`3!Bg|z
z-W&3><0;XAq2^+8@krQBd2~hli9wao(vk8Hw#%n?a8xVtfA>*z&^_$_*HmMd#o<g6
z0tylhj&OTzK4&^c*M`(o%lUiBi89;wA?gehkKPlw5Y4nakBz-#lMbD)W>%|xiPrU`
zJx&`HX8nvr1j9qV@80CAu%J+7b`FloG94_j%4~7L(#Q7*KJ!R(YZkH<(AMK7*bcd1
zG>++2L#iwl(6Ia<LuQ#J;;nX@1T(GPN&SYChuvcFGq?#6C(D-T<ke|mKJ7%?g@uJ6
z4}vr0itG(Rdfz}QR}z5Izg)@BJXY_$%*xIlau%}NTNSj^MF>oKDvIJx{^}0Ff-v}I
zdVGB!&hZmNm5*+YRR6FYd8*QELpbmCiNrP3h8rR+AJ4E#JyQ>#ZDVB#rs#xiDW(%n
z<|vk1)(Sc{m(fMRNBl-E-=I`qP2V1~Q{xf5r<(a*vTldIi6Zzxt8<1V!V1gSPKb*}
z<kPWYK_S8MbJyXoG!k^=wl%s7J%Bxag@GpVP9{tQW3T3Yy#fi(&PQ{}jIn?U#f~^_
zVKS<R)5@=26>`PdA3EgZa9{g|W_HEL6Sc+OL%V)ez$i}Pu(4jJ^MRwH?_CW(Bqcu@
zhcCieLQl9qZ&~aEmJ;Pk^BllR&(IOyzWK3^yhor_i;rZPUU7law=Rbt9^)W~XKw0Y
zza(YENJV)6T{O|u+q}0vzrUI!AAJ+j!a+Yt;pgYCgJ7tZFaL^ZX=#Dy_sTz%*!tGt
zN+|)i)7Xmm$}?mVm~BLhA7PPN#?=Hr(-XtU?QdT(Ign7fYsI?){tI6Ua5N*=#;TlV
z)FDrgBg%l71(!XO)U#6}V}43!PTv^c7FCUklHNong8!L-yuE}lI@*ncFb^v)>>}PK
zJ{k6{%L=A}_c9E1*-g^(w{;{ImUyXsSk?zW`JSiu9US)7-)iB|{iX{jcYmLob}QFo
zmf46Z%V`c1n^%_EFk4DUup27qK6@7}cD<!#JgxlBPjB;Rlbg^w3^c>2d>hUZL?1J}
z{eEXvP?|LrHa#17{*&(=0@|;U>>fN=R$88<=-P=EpAvT+EYY(Z`_mK46-yQGI6RS&
za8Lv8deowzVS_aW{C_Hr&tn6Ya02*6OkoNbtZl(%&X5H8$yFoziA9|HkZXk@Fer=W
zzyp<rPVf8BOfXs%n@m+ji>GNB=JEXQm{83<{b)Wy#^8dUrXQkJCYUHr_@Df+DtKEX
zQR30#5I;z2iPyL)7$<oh9cd`&9^P8!b)nNRE&DWk9V9+iIu)$X-%HE*M}M5?TEsNI
zSA^7SG{|5Jh49fICxT&2)oc_Ay`W=oRKoXGsPw+S@r_?2CnxWm#!#rG$)72550ZPK
z<GNUO_Q_J4agGWZ>>A|%qx$FKha*8Bd4IsJ8t*@-p=Guj)`S1C%tCmvN>kY-T}19x
zpL>P-ku5MR7W;C#n*P16U@bELvsXB8ioBykoJRIAN0_erKZPcrslBnu<xsXIUE<G=
zT0a%ngan=h85Q2qDTgFr@eI9;w3x>|JvmhlH02KY{)UH4I%F%s@Y>&8O!a@0E%6EW
zQ%?q@!-WQJb_~T{<O+Tsv^vXj)OY?YPl5c4vA2qXLyh0v%=?AY56nRgk-xua-&clf
ziDIi*FQ@F&-RJQoexxMqLb~NriFg{C4KGr}>K%!el$ow@FG9uROt_GDd`~ob_u<d4
zk1+r{@h^Mw_xIn?J&*9gSN>&%lF+)VsYCu=*mvJI_FtRe|6f01x(;9@Z9P3YNl8iQ
zQ-+X`5SRL9RX|r+rOPcQBR4KfDl3z~ENi`@yQdTyZ%T3ZE~vX)0B~PWz%&4odjOo?
z7;xQ8B|*kAG&BT#`bf>ep`1$Oos45`y+KiQu2LM0icC-km8NPU5QVBaJ11m`Brr5M
zEmU&=xAR)+J@B~A#Uj>`XZxiv2kS<$br%Y4Q3j5eD+FC2X)2YOQBq@eZmw|3%~qnp
z9vU0#F_5T(E2g-<ZlP`DHp^#WE3?_q+^l+ec?m$KLI6fHFftajw9N5YL>Lx5N=-{+
z1%E;cVD^;(0&NistFh7?64YXy(bqROc|>&0a&)wwrr!(HV9bn+3w%n0O*`>vTh{#7
z@fDc!e4E1CUWqds4~*NJn+=N5+&<+qFuHpi#YsOiG|XgTp`E_Hmz4z4=0yFr;;F>E
zUW|`FPxB9~II{mP81~#=MJ3YW<Cc81d2g($oL_4J6U)Fvu_mXh2}ZB)?5?5vtHJ<9
z7TP&6NPW6}yD+r11OBr_80V)ZyU0dbn)L#UA#l2IJlmL6)zGL@|4U4g)BgJc4uc!@
zE;2hVIv@aD^NF)8{PamC;1;>08eo!R(LXn4eVMoQ+QY*GyaD{n?v9I-%AvOB2^Rf`
zzJZ}BsdLS2;bSK-bvW+~g=ipih<7+$Qmvw)Ru4)CmOSydi!8p|+n8J0T#o-#tn&Xj
z%x}FFqa<?HVTV>uP7m~3sGankeESyEMJvg$=io5=OK*RJZEsKhp)*@hYu!gk#5BVM
z>hMq>d_)JmngXaQ*8mj-eOfs_HugkTHn_QrQ@1KBF_8gie^)j)OS2{1N{)_>y5{E8
z;9_NCHkD{{0*s9E&(qxLO5Y;u9cG^@8KR?Oz-~%diQ7y}S_*#cyfT)0`cwtoPERk*
zYj3u&nq&zZ2QN9q*%<)tjJ~H{2=74Zg$3h>#N_l~>@EdKmpq{|jv(&6&z{p2)GlyE
zBQ%(M1OlH1(d~-R%|0ES$6DW5gE?|@U*m&lsuCs|paL<l=v#UAkb<f#H$m_od5p(=
zi)S3f(sJiGK}MuFbGWs56PjA!4KPShLmcKZ``iW$B-8()Td&cSPAF6(G5mMiL=yt=
zFx|Ea@8DzmQs9kdAd6|>Nug1**LOapHK0X3yx7d`x0#ssCmjWT)0TaczR&<_kZgC@
z*GsGBt)C8FTe`GU&bH@%t)Gvp$M2u?AV;spPFDcz$Og<vPc;(G$Kisd>tGx<^vfgM
ze>aqcvW#*gh$Qqr-A%W|Vr+Tng4mt0^|mc~yYMO{McdTW=>q=Z)Y8J@!^@Y+1IyX6
z11}-5Qpr32uze{lPgz`~0aW+b!3X4ITd9fs-7fBrANT;$6=3{O;sNN^89g*%>>~j{
z(!)+1xg*!3ifUfzYw=oQemy<3c*@Q>W-cd+pBzdiu;&j*lYxf}uU@54#BpZ-+}zNs
zYUA&I)+_<!DzRPE5eXJ*q;@@QVmam0l?dMF%s=C{wyrZA@U-kRQKMJ8of!wjnV8my
ztL$;BN#_?91awF@iRJ1)EhpR0RO?qpPNQzy6OZU|2@5M#rZ+c>IlCGbPoO%I{OJ6_
zksG!pIGsJx?muoeOEFEtRFeV(tSN()`Nf+>AZf5<l&i+gtBSV1BUq;xM<A1I&t>>(
z^}Op!_YV;|_0gj*EVcZ&@3QIbDASjgcV}Ezc2+)vAsfCkMyB%99)W=!RN_7gKjh?@
zg@kmAXS8*7|8WTrp!-BfD^@lDgvk0uACogiIxc$y<AM4y${kGo1s46prW&hK6qY-Y
zK^5lRUY;^*8lTtkKblHi+23R_O~38wrv5reZp^V7^X&w&V6hs8FGlOH46|wFjkpm>
zd^-G?R4r#aH}GsvIAf6KD4e#oTxn7GGc93y>-SFiQ!ih;#NN$Z|0l%j>teKLa$A`#
zBH{xT+2Y}9E_9J=OSgMV{riDu+|@4YI2sRs%q2c}@T=M}yYz|6GN-1Uv?M+KcRw0~
z;^~TPd9#Zi{OhdL)Z+A6F0SDW^ceHI3o+rUL?v+ec`RG%0mg;cYtj>QaCzPx;gRdD
ztw#PD(o;q+OvF8v4-c3QW*U_E<((6rDTdmJegs9m4ThzzWf7IQhXQx|Pw<vwa3VeF
zgbeOoU9UxK4+5G+)mr)Mwz`ClzVG>qEFe|aTQM_NFE091=-)mw#oW^7(f{MZmH8>X
z2?ZtP;OW^vX^MTp_(iLeQ&TpvXYCO4Ii)yQUWh!RMfCGv=fZbc(VR3oDc`EwUx`Uc
zh17I}p2D0psLqks&t^i-&&`YS-DDmP2GX0;zlqB<?{x`A4Pg7xA|`H8dFH5J`zD8q
zZ@{EUn_F~7|FZ2%7aR0|X!*wn+-l1c+X1RE4{_&}P}SAZ(bwI4VqROV=H#_XT3Taj
zn`ru@Ue6pjs_fOAG~;&XT3)N^OioXw+kIOCyB$b(tL=JYQ{hW*PMxM>v)O#<Bl8&;
zI9wG5WaucpIpS@i@ytv0>d~{8U?s}LO{{&vfgH3_ep*HM(tqeyML)N*uqd>2@1+$l
z+Ka@bB<gD_(!o85uK&T;2<Of;kE{Y0>4s-etVFd;e7S_dhDa<qwRIWk<~{NmJz-WJ
z;TKB*M|D7)V22?QWZjF8TA@McI`mfz^AqjgL#lOPKCoP`UR`W<uG@LfK;Pl=q)`*C
z(`;s5I{4gNscxymA1O4m(e%o4_)0d3X;fMfJBnNCRviSLlwPaAwq|N9`)|*Y9jWL?
zn>I5a6V77#iYl*WtaAH-<J{uRkvpB=3VJo*6v%E>8qPOOmr<n&_|ONK;eso>YXxUk
zN(8iUJOrWil}z`2RmWs#azsNz!=foreJM4>K&b7HDg!T~+L^Ihhdk(@W73L=*s<UH
z#>S}Pikk=}r3yFS6UhbKT(PnYc3j8C+6~=$ZXzBxJ~+oAwPN}54~1%LChOlj4WJWb
z^3dj{W*DepY8m;a-7x43C<iwsTRc@hb>z-$pbc$En7Tek995V!$svYwB;2*<r<+Rr
z<cBOH-ojQ48!(szL|zE#t2&-%Yy)CF5mTs|kdzlv9+Dm~;pQhkJ2%*D<ZisxXg~Ya
zgdaLGJsHutlj5@VBCFpn{1rQsAai#$G>_#sOxwfNUAM{$u#vR_!iWP7f$T5IYpdgP
zbL_+x7S;BB3@Xo66VWz$Yupa*9kpqvj1%QOD_RYUodv4=mm>N8Mp@KD?X`F*2@%po
z4!kLP-F!L6@_qrg3k^`w&oh%S4zFxIMe(V$`mR?04ZrBJnJ|iJCpPF94J#ok{YL~5
zS^zM{>2GBCe<`ITY5LUE)NL>P(#6H)ctaK;Kr3#U9yRP*W%(iwy*?6?2EZx9v@}L^
zNa}Uocg81aNBE+6UjvDH;Md-kMds9oLQYVSr&NCJaXK%0o%0GMA787OVoo8PJbiRI
zc7|kU>f+*36=W4zUdG)wyA0h1I|JXMAzzV(uK-mwR;0o`o}va!O+$gC?f$GX9*Jqu
zfD7LhJ}|FOdNi3|9uFvgJb&ARHxU>!HnK$-c+tJ7t?i;HO&Ga8Qqb6_hb#ex;wFwX
zY12pYUv~p9<8Ea!dng5vx7#eVr7smt$9*JN7laVuw2GV`P|2_N8kWF-wuyJfR`Zls
zr@|d$?#n|k5D1Vf$WKwJZ0;A|aqSt%xV<fJUOJd@(WzF*^LxHM9~seb8}AOjaz-nV
zfPTfZiu|?qs8mn!J<(;4R}?oduk2>9u!bY}vk#$H=lMRoEGhjgrY@1^x1nfNRgbt*
zpWeZMS{$^ZE_xq$wuFzehPp8x;PRv`o;u`gh_@v=K}P`j!LpGl<fR<oSYgS&ALo<c
z?E~7kgM|hqJFB;nZ}aFA<B2LQn9V+)*_~E#T9uY|O?9i>Dq`#^5_)o4p;om5pPY@O
z<9M_!X>nb~RJ81JyjIMf-giP&<YS^g)yLhX`W3^m%^J0@TDQN6lp8ZfT1tAo!b1eV
zX|;uRCS?vr;|<lH>g^XHLa&bWI!we{upkORB4PlS5(IFIv`=#Dw>TPdRNYZ$1(NTG
zE<TxJ!gQdKeD4~2qUWtsHSgf44K%9)j6Zy&=r<e&<YZis=erYpjPb+qwL~-VZ6i67
z(*(}INoHX)_WanflC+Rl(OjS^8u3{3XX3+0Czs?g0E?W~{j?pi`W<Z+O;`}FjuYe|
zuR^43g5`vD1h83xj{0x{uehcMDr#yIC(%^rgoJOP+=grqieh*&gsbBZ;sk>96shg9
zlqU5nN=im4Cav><x9H=X*k55^=ugbMBTuy|`atRi5qME)Fzp5CjKNHCrJJFSo7b~e
z7|PIKy`G;8Wc+KDf!9$Vt(g?dgwI%jM#LnRRuiu6N_%}FPwh7XZA8OdYjNtBT8m6r
zcIcG$|I?e=o&>n`LY{ZGNg2?83b}ygnl)3%;i0gwFmV@*4@22r)^tWpMsRVm(=a-I
zqA~Tn;r8^F4+$+fQhYQZUx*ZQqh9hqi?QU)r@aGXZoZj*3obWC{Q3B@{@(2e;qwCz
zoSQ%^hMU0jI|UkbHy>a8wSRa4ovNk`mVA~hkENwW|1jV<bm1AV*lRZq@94}i^R~ws
z!^>5j;R2=PZ!Un`>i}pbjEic5v`M^v;M0qYE>+6yUtrlp&YHn+daB-Jaz|MZ+BmdT
zxc{IF1$BQP^@ImeCVaXJh06!>jB(=U<>YnWL~(N^%&a|dKj*h$#x|3vSedqL1P3al
z_;bO1RTG(e^$XS$yMTY6MHlRWr|-*Ctssd8=w)Sn@XjmhAop&fRy&tqlVMr8tUM9a
zwvSdtv@kcr$(QsuB4}tahAA~T^8FpqS%<L|xcYVUydQz31&<`)4lUtqtoquogOU)X
zj=qa_e+Ood-I^GVNrEyLQlRKiS4H*|ibNurq<*DY-jC~6uJSwhfxee)_}#hE-AhaR
zezrp`K8=(N-agNgA!3<MP*7ffNY@r&Yq5$EmpY5<fae|k8Z9X)PEA|;GyHR>OyHKx
zDy@rK3F?kP;OTa82L8Q2pS}U|<VFKD#zcH30Oq%3>*lj%4m{qJM#M<j;yLm7_b=W4
z_N<2VnQiawO*p@N3Cz5V4Ngmmgty1RaJe3Tyv3r<z^eU5mW!nHa3);Ccx?QOXcu?J
z?VTMcxB`<x!@~`WBA!(E{ppp?K(-#uHiYRZUdYTR{i3Q%-_w6~C~O)iIbV4*Hh)VO
zLhf(MRPpKMeBdqewg}BQWUR{tagz5P`EC&x2Y2wys(+ByQdwt0F#Gu(xc99lZ*2@w
zPz^M3ASXu^qR<t370CFX-T|WKIKM?tPQJ~?I(8r<X%rN^1m!d-5DcRqr0b<i;GUd}
zh{_MKWMz3m^++jv%B848dB>K!6oudqs4k@T6C^i2cR!27+blN}va$U0E5teDS~L+1
z0MKu@ucE;%V21mSxmo|gfv(O@8Q|pC<jbG#osa}d(?-tFGTVG%dATwB-lu=jqy@51
z<5Z4s3<Q-pom1@4ZMtBTkbQ@<c?SCLvduJj5}301U!t!=MF?>4c&J+i55Mh77a(?0
z2I?%2rr1whj$!l%XD12Y#XZ+RS(u>`lSrPHlN|phz%Rr=hr<2S9=?KbzcL*q3Nteb
zM!$@)8Qx_0GzE_yjj9eEF3QXgqIBKS_7ZPu8?ktz?7R(e*m2!Qub|k18gOS|V?(md
zQHTub=5DuN-?ElyMDLsXHuB08laRxH3cG33=Q?NS)#8}cbs`+cEcIaqZtoIMX=zCQ
zA!MNY?u@@eTM63BI(ab)kxlH4*-rK#6lR_F%R}7Aj~|nPyT48W>l83K*+O=kq#X}i
zo2@t{QDtLd`Kn{8a$7w2;SU*L0X;!bn4hAqa4dFkCQWkto&NuErh|EIRXI=1Eu)19
z%}dY`Dh+h~d|w7Jr8OOz&5`tlK9^^q&bG7brL@r3EjP*w{9F7*lir<#Y*o=rVbWJO
zo*7<m_B_#!NdvDDfpDQ`KfasZ9wt0Cz}T19<?h*5mUNaYbaip5UaZXHzMWgT@@d@7
zAWr@vBO0~P(t6z9FZ5ugFRA#w?8VLDSZ*C*G*WWX>?Zv7x})~^S;w|(zU5Ir@xc0I
zpWnnS_k^(cSOX?3OL1>aej@<uB=7ccQ#vXsDZj}{BtOLDHurYJ6hT?KjHqlEI15J}
zJ2A0?dD$=a_j$fvK6TA%ybUtCT}z4!$J7Enm6`PN#`3^o7cD~q!Map>mBbK0mViSI
zLT5h81JRQ^e*1^--TtC+N;T}T`|@CotWr2{4RwdiJV-j3Q%2@KT5^_5&r>nX_%bBG
z58RBB<NHdYqW9mTv?j>Jl042D?-=7{;}R=>Pe|TPHi}=@j8ee5_7wig8XEX!){$wb
zXd-m)6Gsm~TiMVxNl9SlrEdg!L;Szlq5Ra`rHrM$N0KNa&Mptq&bYg~pUqypPwTpQ
zL$kvnY}958_caMj1D+P{8zF~Cv8Hp%%JMviJ$!f!fynHPE*YaaDzzMz(NzqGgIl~7
z?a-`;?kKssx^ldE(JHq0+=S}{pA}YZ%d4AJieQ26pqTpQR}v9MZX|;0#ZzMA{7jN?
z!Y@%SL@2jG-Rakz5u@=<WXA+Z?0B2t@h5PbExpw&d6_tjVN49KS{iA-&IAXi1=2EF
z<ogRU!8xH8vgu|AY<!4#eyj*h*z%M#Riz1cF>W}mg5GyGyLwDj-DUBgBo#@;LfLLS
zlVMhF{`GWoXu_JX)35#39B2<5Qjm?JU#TxL?@&aD#DAb+ybOWB#rfBXj-w+cAUqdZ
zB4dLE2t5Y0*6VQLbrLSUPfm?_(UkWEFIzxFz*NJLy{t5)3NZ+18~>i~(9I`v4`21&
zV6OCQH9Z*@c_v0)%r~F*KsBH4&ONsGSs?2b2jc^@LUEoyv~aXOeBL&91c`>&#c8I~
zF<Ed+W+rq8%`1u6g&g~dG8{zH=hHB%e*b0g^$AGu!@9VT{Z}0`lLPXn)d~%roZ_;?
zeRb>YXX&<WzD$@c!CKJLKR#y-J%t2^W5b5Y(qq7>3JTRln*Z#i1_TeRW-l{DH~#*_
z__+OL=QUf>K~EO(@j!x>k%_L5kq_YyvPi;ui+knAXD4=txEKSJ_^sWT&M}Zj$DLJ@
ztuZ#}2n92Y{_ipB88U|v4h*;$zuR33pQn~~xI9bZMCsyBWRdYzYI$-`HjMEA6X{>H
z77aZBUcSSlFi;X4xIP-#Dxr#qNr?FK0viWw)c)<q?`O0Syw-|GVp^Y)u=D<2Tyi~x
z0Qy$9h`Gb|*HZ6;3t)Bg2~<n<^SVzIfr7_Le@g03=-=3CBDtdfR>6&E{BI{k(H$`P
ze@Hm-{w=XU<*p$AKY4_|c>NuktS<2X;*S7j)5XDR?;W;X#XAN(01RWu{Iwq!6x+Xd
z61zgru@UocuK^JDcx4~9H`h=IbNk^S{tal26SK290Ww;pPM!%;#3vHClY4p;2a+4m
z=A@h|QVbg$_5Xu~Z)5#W&fxD+0|OG($kM2!-MEj*otUcy^{3UK#p&xOR$Kobf(d2r
z#f0nlHhJjD=_aT2d5o0b*+#C_7h~aYUDrhqWdN&N^vByvxfY$rh<Bg;UP$`qA5~*g
z8Xf^bK@}^jVvFCJ6LWKnk&)OgK%6x2`0g<h@lpS`SB12SYI&c%H|Ze&=dBxkUKwRk
zt><mC&W0>5n#}CgsWpp*D_EPF=1!Wl4@R$h7L=E30C{umBYQ%+E0E*C1O|lEt6$js
zUh3cmHNg1dqGS5sPm(KQ{GYEZdYcKVqgkL=g!h(sU~8VfRD_)$;O{>)LbsQQ5=8a&
z$1UseFMWKOB_&^hOyZQ#bMuF7(%Pp=&y?SOf7&GYP7Np}A-}WqR}eL?KSq6g8NJf6
zTqO$a3@1?4Q~ny7v96sMhZ~DQUN>WDcyZzVkcQ+l`P90F#bvgsSbn5M*1*S)INmo`
zO~<FlX-7LO*w_b&Q0SAqB8QP|ajW4Y><M^y0f41wDVCpnDlB})pFLfs&-~!m+wsv+
zx-*Tr;-aE{>>599v(E(uc*eBxFko~6P!VTU6)y!fHMLmWU)n=m^Z(Xx<PUQ}_I(=M
zA5uML4JYX7%LZ$xDo=L6T*BvAnS!FCA3j9M%+9X!a5b(EK&09RK8md#zvDsD*x{Xb
z$XJh#=C>moIk+WMO&srVP~rx6uI37PXXm??Kcy3NbhT1nkz%jC-^7Zuv&#bk_tOKV
zIA!(Y0R7Ds4s>+%@u``ov39y&9&7N-%^>y)=VXd@xwFT*_zIlfy@;2>lG(h;4LD&R
zVjUhDA_nlvL$lecZ*H^spBe6iZR1l@U-bLq2d6f&8e1y)H*Y@)2pWU26i9k{dP|e^
zg5u(+X)bQgbZ3dDDtA(228scn{Y8zx8f_xJq5ocSELFQr7B!amz{YJ;jKfE!P3G=P
zpETVhqGGUvE$VR`(b&?Y?C4nkm^d4{H&<_)Z3=0&w6rXV2!r%|3yhx}2IA`?z*0ln
zkYd~0+f#ec6lj0!UJm#t0ebHke;h54P4Ja^gwwE~yl!gnD1LnWVfLb1xz_ab!a{j&
zU|%#ivuM2oUnYNC$0g;05%OE=ZA5@zk2KfBPl1f3^JC8CMjZjh{2AQF%}i)$Xb*{r
zzs&TPH2CpwJ)b80o@+a-G#`uxs&Q=){rrV|426&`{(4ZG><*}<pP&SX`u|}Q>v1C*
zV9g~WTV_co--bSw|MWNvDMs1^L}q5@pS#}<v5BVV7N_?B_2SepDW8cXP+e@3MG%HG
zzDiE*gL7sIn2TO`fl{F2Rn`3be8J~gHo0;$@|lWEAs=hYa$?vX2=%uK+l3Eh78Gq{
zJrCFGk>Zv2Q072hToMq5VbRT(n_aAYz~x&-?z=bFksS72`Ca=>Wf_7K;w|WNR+z6H
zt*s*jgoJD(@ye_~27&ggSIl6Lz_?4>Guz>*h+@$Z-Am*p6N5z7X2{<=Ipe<$=`=1g
z?}q8;Gh0<AD{<5*YXu5T@A4FP5Ic~ee~5u~O`f=gJ(YWEwl{ryI}yYIi2298lA(!+
zd0@qY$(bK)zrI_her*Cm<UzoVvTnH^*XxSOQY_;(+a}P`WUNY-o}_5OSHO{IP~%;9
zL14?@n|_j~py;jNgrg?>+6p+KM*STceV)N9O#1Nj(PmvIiehGm0g0e(Xvhw%!3m@B
zM8pGvo5Oupxqkl)eAacZ7WLFmPrqzxZ#U6RI~t##FDvA+wY3G0nvM==|KwkZqyjsS
zBLZ$Sw1K-hQktx2CH~}z!PWJZ+cmKFSNqQiEs*|up8Egy>c*_XBlkOm<lwCQOuKg3
zT1F*KfxY>ltT=-<`Qnb_vLLdt`EvN@7ut0|(l*M9_{r;?6aId)E?V)=%=};Hv1?*;
zax&TSs$xT&Ew71*$LA-R^vTIDsUedLEi=tGyJZ~NvBT8WsZO=^J62^ZCkoZj&GW(#
z%zI>d+|11Sb6_}xGJoqpfB&E;QVRgH%umD&QlHu2CbxX+ycZP9uiy&U2+Ldmlx~Yk
z`JR?hNqD{B2SXZ?hh;P@B5qsfjjp*0_^Xq(8puPCc^Ld4rS1+>I}ZCV9~*TSUpwX(
ztP89Q+_C5pqJGW6o0*EUNPUcfnEL~9U9(U9EcH`~%h1T{bl*DQ)?csnMcK$BPa)?>
z=^K&bY)?se?jvioEL_kF)blFv%wjm;=44*fQ@c924oDzGdjrcif8g-JoT>F>@qfP-
zo7wP<?}HzGJNg@Y&DZvSKlVFE$Xz++{a?%T|C<`(|M90BwF6nisSv>75&;JdY@UOF
zQv}?!T8?xexKaZu1PCRdIW3y&N=F@MAHFM%tlN$-Hr<9k?_4zMI8hLDluod+H{gr8
z^Q_((P{GXskby+tThuF3CjbZ<e{aC+hTHmOJs<#NX6Ns8%+{=x-HCkcZ7tTbk0$aP
z*wD83_Z!r`QDaf52ZS9Avv6yzhMHUtft7W8Ys<@NHu&!icXd~a@uvW%$yP1X6RIRo
zCxDWNg_Y-pQFiv)<q63^aw;|fj=)?*D)>kAi&`m(CajCUh-peI88}HM#54(8z^jDP
zQ-5;t$JGsVS9o@i&b|7{ZsQ(uczmIW4CcHLUbjc0T_Yp)Zx&ZK5ABn!2+wjQrcX@B
zdIR=2f2aJ|KyH{U@_i4>7!I!%YE!E?k*rtu#vJ^(FX30zD;p-Gv&;TFDQyR}$!U1c
ztHjoq?k(~4`0er?H~Rg=W!ipUG>Nv)?mrL854c_;V`8Ay)#JR=!QSyPt9#LU+XzHb
z#Mc*3IYskxX)}khPuDeK(Wo=P{DD0Q$;QAXK6k%Q{H?a#E(_sjs95U@CMFNb$ljzM
zz6Xl5$fVU-VJQ+fys;c$pGpQ*Aeb36+$dK6_j-W%@Q#^X0BWd6I-MJY4evjWA6Ire
zXa2bEzu022n594d?#_carvuEN-c6#jskHdOS&MyqM(KG7CR<=K)Bhq%da<i~aDqG>
zc{@}s&?H|^dJKanNsbE;d~e?J3RifA4@(kO)`}7LRHN_-uXiumfI>{EsZIi}#wKXj
zw=TrTCvSfvQ@plgjkf%(;ZEsq<edlnFD7mfE+7lB;_WNjVoRwc(lUv$r*oPaflD+o
znjHDY69`PfmaAf{QnL7muEviJ#r`+lPv_&~2t7U)7)T!Twy$?T{_}R*djG3BIV~)@
z{GYPX;vKN|Qgw=-tKLmc`u$UeBUj3p)lkSmU{B~c)V*~Q4*!^0I#6Kc*ulQAuu$#N
zjRT4n25{{{zkEjS*Er>tnbhr+ul-2}%rbBn?G2hQocaX)jWUue%84Wy0QNzU?#Zye
zzP|tX+)+(!fLogb6B7gW5Ai_3m+g$ji987U>@T40AGiE{L?i9<YJ)zwps-0F+-hsR
zo6`Mgt^_n`NQOCIxp~ssdXs4zknx!qAO9&e^qrGa?qZar|KSR!(){b=Gr}#(7-3&W
zRZYz}i&z^**Ek+4xVp24L8*#ptLaz5!t%3j-h4I3MgI$j321O{MzCGs*`f}ob8wlN
z-4|SlxM@4KK60hC5*Rb9teo1IpmSi?x>6ImQP<CVhvKc%7OoCIx;R|McNRiwd9QwF
zpDBm=J;PvwcGrKEsMb1In$3)JyHTdg8}XEw+(*UgD;6r$`*U5|7FSTUUzODqVA{?z
z*D-m$k|Afw!B^lgXYpr@pS<x_okq%^>-C_gvytwOFHPUAon4!%M(u)m4KOJBZ;I2l
z9~+N~p1-Wg9#gDaAPnT|B-L+9ZKhGlwh1(J%ybR&==R%v1Q$>Am~f2Wm1g$!9c+JN
z>fBx~5ny{0(}+|Uc@|<5VwrNyof~w6)YLGP66iftH{xpnBCASA#LX)0P^;D9q!H!M
zhMxA<ft@hDUeWF|2QGGR`}QMP?bD)PKfltbPaM6ekY~r=04cAR&Gyn$jHyFnCax4P
zZYrSvx~rmKREu?X;cFWkCA;Ncz9h_N**_A!Q*7LMOP>z`UuU}H5#~(2d(?0*9GJkF
zp7?Z7MMtH;5!3Ge(iyikU{XL5fU*0OHIuX_R3v=s4KOe<*Ix$YBxgN^c6E6XH|bSW
zoK~xvxfSVhn%cILJ^^g5HlzqO+4bAm!N;_^Cu!w+0ruOYM$K;Eb`0Dt*+yANrYtXa
zSyA{%^Jr^lC;8FSzF8HDt^Fj%aDp9PW4>&Lpy5AACaAc$c(?DFW2E>yQ1zK}=nUNk
zXA*3erSlJYN5WlkN9m&lHu*$E^!nNR-6=#oe`f(rfQr#Ps)~vfS0py}hQvYwFjDO4
zt-5y&M!Ol4?1hbhK`&GG+wb4sYtlC5rnk)Q+h{r4UrGgLafDDsEaM#DHo=AXGdJ?_
zz!oM0FRI1t3++AQdrQx>L+kdXX4ISXOq$f0xfQBL+S`iasF{A{(O-sb0K5OJBFdSf
zN+fo5Kz3=r8PMjtE%Le&hDNWML}5v#<Z}N;7(r^9On)@LqXoGtd3<EoJ{<c^?lnyf
za~#0*XhSX;<PM6@wEg@2u?{)S*I)`w%>qjzQJ}ii^*J}+Q8;<EbAI^DQXW#8Ps)S^
ziktDf51zEqehMFT`XSk(RxHcpDDJK!w6>V+z~U<~F+*RjGt2pTk_}3a^$Y98Z?m`B
zEf)a|gON^2Wu@Hx5Dty)(TA8{+&$MiE=`k6!vzO+CZF3-&{NTWIPk}MjrA7Tq8A#n
z(Iu<ts*Laa`VAJh^qte`7g2GZFp3&3h@7<7VSeMLo0{{0q%lVCPR0x~yQbTgCn>d4
z>e91X*i=rQ`H)j9yWMzm7jw<ru5UQRw5^nZc<D@F&Yd4w&AVUZ=X)OZSZHa&JHGff
zF2<d$1WgTD5E!a}DO-5mZ2FV5jI@xt?B2{o?Yd)4>|T+>>x^p?`whdn0H$@}-*z6y
zVl}kq`-zYvr={$?Q_XV9WdH8A>Zct_^MfAk;x6(y6${kRTFhaBG@;)wB0IXW#IZKU
zL~Pnu;~h_@?9H{z!Yxr&{Z=G=(@vVx5vUHltIDNard|hh^o6If71L9-rSd+-ITH&X
z+I+IC41Nz3wK~=;8CTC3k+Qa}y!y${aZBk-yM0i`yCh$9WbfLhSLmGAbjrYnTtDsH
zbg5qrwuGA-v#uU?jtLD}hNZ=ok;UIGPq5M|7*7j*fUrQA{`zp4pht%;Cr>@q)oX#H
z@F|E1oE#nmeMxP8N@5}h$RA93F~R$Vl{;y}PU9i*g9<qcGhPm+E;rlRx`MDx=+GSm
zuc8`3YNdo3x!7Tv`>v%)EPZ$gqo$k+3`2bH5tjIHb=}^*&i>CkQlQQNArpBMf12SF
z#Usb=T--H*<m5J$5f=8FH*LObDQ8O0Y(z05*0)NOhr&GcYE*Y@?ds5=+1bp1DYfpk
z3xqVTWv*%fc)HuxTs{P-LO!;XB77O4bF;HdBCN`G;|{!=Sj$(y^7`eC^t<ICOFkJk
zrTsYF2Yx@O_CYhE(OacYG03|=SEIDDy2?yXFMH~>50V)mdy~kFVWuuY6BPx;donDv
zxix$>wX55^yBt8K<#OefxI15Ee0Al=%q{%--o1MekV`rE259Mk=|fSyKu_@@PNMRk
zrGxvIzd9gQ(Yt0$y@Qv(eDx7u4b%*&q{vuI18%-NfuS({_B%Uyz2bC<VA0$_w2@Uu
zH>4r|0i)9iRD4`>c|1?mXIjVPk(-STm%lSBnHeP1_sJ8OLXlk2uXT)#3(xFiWl>#5
zs5&Y~q%Kx!;yC-HW;Sk|BEe-Vw=c<M++2V#w)<Tb?`MXDGkJTmIZC{^IMX_IPj@df
zh8DZo_HZh27BQQ)GaisS4pgrZl*{5ZAx*C-Un%A`duWdDV6JOwaaMQO%J3_{E_Uw=
zu90Wfda<(-Ztn2V?k39RQ9{b~VM~Oi=o0TSe1GXe$X3!ax%2$+MQMLmG`lC{jRLhX
zgz%QWTEBaZ-xdG5A;_*;pwRev#vY4tvpIZ%j)gM3fcO5nsw*C=f5P;;X{sfE&O%h@
zEH9gqmyBJ1J|+{??1?9uL+`}FH=>jC`5D*W>U9e}l+{l-%LVayB`2uRFqlIHuEUp~
z%;-!Oe|D9B4rYpmU4`ym-|jZD`942WwU|Tm{<CJ0r~l^kBvW3Psj*D+<DfH@RG?u1
z?ab$D8b2COd1jtj@uMB%3(}g7s;TSd{dzj{s~WWOYUYk!zq1O6NmJ?O)2_0!#Z{|^
zFX5Gi8u!#LUlOe9(d8ug`}I)~c3oq;&ck}bU}1W+=_;`!M~~)CekMpp3*9hOysE@C
zLc8^F3i<eJV(6@^qxSVcgb~8GAiX~q_%+3Geb<sjD>^rw`lQ1I`eJn?XK9p%cyIk>
z@@+b3uDL1*C0>*`27c;|^yopuO;+gRbNI^o#dwZvrVpFc2_ZObcQY(-bQ^U+b6;$h
z5P3NDU3X|Wj8)0EOn9kNNU@%lKImVv_z(;Yg|uwK^Ss;IR=)bA7}?oR#*%b#++bju
zo7WvZtdUmDjpf#Fg}FWF>jqYLf-XFZ(ZwcL!`3zrTTU)Fc)jByt23s_;G9E!W>WT-
zhkQPP1zkM~h}Mc>f;+E0H6!F%rKczLa639sEnRo%c)RuJRvNv9Q<u&e+MbpIHSO8n
zn|aifQYk6l!mVSQl%HEf&oW|PdFhpasR^29`T2zaJ8f)fGc^<Cp_9o_M}l}2wZ3$I
zgH%V5*e^zCM&9cJ0&Fj~Ithoo4<1z-w+vnwaf0!)I(b>pjDHYvzMt`W4honYjz&j`
zhQxvkKt^Z?SIF}KXXh&Tu$_$!iRQ#9nK8wiraA(GOX2qYwYB4MJJ){;dfRmCs_0OR
zW69n}dcEAn9QnuHS4}nRTM3=eCI$d}B#p+u8N%~4K+w%KcxTiHUI^Zl8w%UG5dB^P
zLs%GqKtOi~Vaw_IY-tb=p8)=lQhE5|6v5pMj4(sbbAXCtBgeV|$Hv}jX1sg07}Klt
z01)0b_zue}YbE;Q$|ww{sB(`B(c*1d_g=;k)Wa>F=Dz!9yTTG4(0JRNtZxf9+47?c
zjIbxCaU+x=s?gX^c07`VN&5vHuQlOp9yiMlXv<%n1=+cL_Snif3q%)I*+|K|fVF?f
zqQQ^Yh%+COs$HDkU0w<kR(swVbrRru9>$dEzUY0dextN3_@(*4wn>$Wu|8`5*3~-c
zu^=I~@ryS%HzM_~2KXVFCpSoc{KKg{$_#ID_I8b%rMU{_S9AV-JV>z#zj{k0Mz!;X
zw?myFI5$eUio_@R!Gk-a)v1{6rb+OpH_ZMSTKK56S{Ezl^pyz@q_nH$lLM(H%<8Y@
zFwB?QrCsFJ)OIUrM$5M5p!-vcekJ;otPg_Ac5YXe3VLgQQq8eo8oc@)M^($y@T=mA
za=-Mj&gM0Tu=E$>8z-*RHKSg6o3<0Z0Q1-;n>SnH)+2#94sZl(e!vU<pIWh<I5Z?)
z#HamjN+Zm_R;W`DtSn~e`s<A*JC0K0u2zN&1^bIS7pAfrY+VyO`z0J<$30EAD{l~A
ziS`9HQ3+`(40eEDU6DkBzB1%L8wn))GkqJ;-2CM(;Mw3ln;>H~VBXdO0_W|D?J64@
zJQV*-N=zsK5igjus1JO<$rB&sEjV)0uA`!2?oxnk%6TfY=fc&D-n0-6%;=M6{34<u
zVHneTAV!FGDEpidAu7(VW0rqLXvL0Js@H?i2U$}YW6{M3FP9vP&!0aVol%GAc{wh8
zCLfAl@zf|LC2x-(^^%M8=jIS8>@5(4PPa)H^3cTrm#<(x<!0}U+aVZ>$;7}Q=QCI(
z&yg=h(RJuDLEh~x>9+OB(ow!yNg>n@&i4)R&a2y@Ku^m5@`Iit%j0|Gz!^ONdr|-X
z6#viJbcYtD6WD4Q2mb;zMSqp7*<FY4FI<QGHNu8{PmjOgtS*0&X$v%Hw~zd|n&9Q*
zIJS;4$cI{#+iv~K&!#%L0maKsKtMom|LmRS=GIq50$`MTNT6!8OoPAqKt(RiiFg3S
z^z#KSQn_|$<>wx>8E@neoH=z#wN^Y1BZg$%SatOLO1xi^A|ae-{OnUo@_;8~D)M>L
zTc~q&gvI3K_0o5Z3=4Z)zVL)XJP_w{in`(sDdGmQkXz8~p3U`Vg$fP*c(x66P4Ypp
z3f<NE8+rP-w2X#>XQsf<O(x$C&ouv7Mit+YaU$;~U%St`l>++*b-U$OJvMVyAsydt
zCQ_(IQrQC{6w<LUU6MYSe~_SWb-132*`V|^uI*Wy%UmsSwR^&~1M}B{rNR9vJX=FL
zb?R|3lZOMsn7J^ks&WGzks==%{sbrec1-=7p<hBN71rj;UXb&ZpB`YHj^TO=;Leg{
zN$+yU5)aVJ^&{8eomK{~y?e%ln&8rIH(LAWXB$~^9QpULVzJlR%E|_I;T(=egfIrr
z{w;tk$s;jBYMDC>f3PD9yRzam2Spvpz38F26228P2aOwaP%XLpe4-7`F9z)O?4;!t
zZ$+D*t&0ZXDTUS4t>Mr!=G_5Lq*bjGZUlcQh{Y&Mk`OIUxx@1Cr(JwIMENxzSk}lO
zgxM8q1*-=AEAVflc0$4}EiYX@ON5M=IF%D({MxP`*5`-PLp}F?K0!xkard?-{Y-9l
zQL&wNALBeSb^5vYpLbi>t5fW+kEhs^S7g567}7y;adBT#tbUQ$k;p$K<I5c*i2sb@
z@<?;-V2#>B62(^0ybTtLaZUiotZE(Z))%kaM<W^_D<G`=l(*23wt5WYYG<^)wA9q)
zfvYKXfDzVj|FG(B4W)e%N%erHVq)|;s}<m@0KLbyp@rrfbHO$Hcwjm2y9)8Z&<Y4u
z_#hw>*sdszHh6S=oLo`Cb^V`J{+HTyG@H4!`~`yg?~rgdsB>j~z_plui$~pE_e0GN
zGRQIlkS}`ps-rv3uXKPEe#$$$D6qr&yC3mD<Ni#$L+K);KJu`Bcdns#zN5+3TOvLo
z!STVs=E)HdY7N!bZ%IC`A|$G{1EV(QyqMa%{S7op8A!E>8?In9*RPb1)W|zx$u|Nj
zmWx#1h9Bo?la(|fPk!l^Guq?sELrM9_^P!4nZQi(Lf%tA@uNku*jKn32JD;07ygb_
zrIEFLv<jP^J>@d;f%q6!D^x8TbmTerFHQp-G{GdT#CvEbF>61&=L|A`8fZ4VFI!Yy
z1^%{)->DzthZ@&3YZxvj_X<@X8P;TnY^ock+bq!v_P#*MaUgSnVqJbq{?xF>Ro4C_
zsBxKU(VtE06<T%vC#!Q`R*Qp^JRwP;2-D>D^QZ3|>AjWM8G}#Wc9f&-%c{zA$Pcd?
zeP-&83V$r!&w^PIWfc$y*Hi4_8_sr@`h7%yp;cY5I&6Ls*B&Egotx56dA5GksB5zm
zSRl8c%TcMmM>b5=OP5%0<}Is@e5WfxpZ}M>uOJ@?kdgwW!i;%arjbaXi4xIs<%ri~
zxJ}XCtdhaAtwaqasA2o2O)k$cgRro1Mt%BP07oYec-xjzLy!G=t`9<Y$6h+QjR9Iy
zYuQV2w(u2#Ex*b0!*`}EG>!<9?M5K*wD==6LGNQ-A87!2@GEbn#xoAuD09jw1Lahe
zpvyc1AyC<28G|5jOJGiv^_yu8v?_qQbzgEo?^JNJ&%ovLq#KoU7RpH(uNUoozJen#
z`v?M<U$!vk-|x7_zSlx~WuEZcR^$~ZT3LmMrX68d%`Yt#laGpoBhQq!QG!a^VzkNH
z+uOM#Eha56hz7tU#QZx;++FYSS7`xY$c+Ho#d-bN-Y}z^(@bvWr@UI5vK-u5!b+#V
zXUhHe@4_wsOlfdQ_}&vJt`<C_o6I<^f&(P_tp+dOhCNw%6P?8^g?xE$sErUFEKEVl
zoy83%?M{!sCtDt2%S(7yYrFpOSE45wn21=}KKgy~d+graT8-w-KWEf%)LYoOi0gIx
z)yStOLqClZW|`Hr#R`j7gR`1FUQ5L`Io<@Y7Fv?SEGAVdIxb$^Fn`vUifOArYsn+o
zr_IkOtae}xA)6WeMT~YY&;ahE$#0s#jL4c{mZoaUTgMaQoT(42DVD9tM(uxd^`uM%
zn%CocJJ2CN`SaNYIt;?uMl@cAv|6ue)J<teA@9wlu}(o(p{~ACD5jDOR72mc?960d
ztd1T@HzEE3t5y`n*_{p~v`%cMIoj`A-4uh--Df=|FQk4!N<I;1(pXqml#q`9HJ5cM
zDB9qUmRl6`_UEf}xm^RBU0)8<452XA?r$E}EVT>nYATU&pACm@+TNj>p!*v*k)@B<
z%S6ln2z+P<HwU9|)6C^9MP}#E)N{SoJO~2`$0-Hl=|4No2Yh}{Gc#1eA0vyaW4B-O
zvmRah8X+%yoCUgd?1x5++-JF0CE)EBzxD~c&x5gubh?=?Xgz6%ev`T0>`1G3<we#%
zDVM*gSrVMd^3<8zKQ9zF2wQ7mbZEYIB5deyuoQ<$^w8LIZ%v(kM+s0Ha{to{v-C&#
z^Jm*t)NFXw*0qAJaH4WPp()bAK!==e;Nms?^xy^Mp^)K`Z>>@Psg9)BAIAS&4S*Q?
z^6~PAv2ph7*tf0r*E``%9My*O_?VaBIYyr=NNq3R(^K14$z`l;V&#S0_G+}tDi`QS
zZDC=hZ0Qr)IxoehP1+06hrTs00G{MJx_Fc9F%h#M3bc2^ExF7qh4$pBBnC>?8Hn@k
zc$_6>b6Tl)dFkU$5#;r3(*|<%#t^vo)<7`iB{}s>Musa}{u1Upu6H?fk*Kq{Cs5R)
zUrq=KBT7+GQL#}P#mxHmyAU@6=Xsc)BR{or874E|AJft4Y3{z>I5l9asDBX3E4JVj
z^rmg&k8x>ZuLMNJutW1N16B0*=m$#S26<=A4~GwbVlut|)JpZO?K#NA;xcdB7xg?X
zYk%NFC#2ZTov89|By7E`Hz>F-fhW|0t$*Mo0RQYAyo)FqPr(KI;fEIlXiic0AWzJB
zJhF6xd^>eO%-0RUvW7O^dCW=makhU@iF_EZ?d2u(cwliw%4XNUth#pXGV1%t3xj1<
zz!3dBkx|q1%Gn*u_*OC(6|G}8gNm01KJu)C?9cE3M~F5Knf;J%@)M(G#%az%!WWvP
z2waXm+KK~vbY#$F5A2^F9{~Lqy8h|*cMVuIwy91SV_pA>tQF1S_ivVl<@C^b4nZyG
zL=$GBE_+Z5<wNEz(k{@Tv)}3#;<`rsJgsw)0*}t}W-#%VU%Onl2hhrV%PFCxl6o>J
zcFMaX?sjupBKHXSew;LqSRT=4UvG{cf+cj;A@T%I&a?hH&(V_!Hi^%LNaY#0dHX_+
ziczMA8>6!(fbhLIa%bUJb1zI$(FO+=m_-PoFl@hks7DBo;iEg}h6jHq2YgTk($<)^
zK1$urPX8lYjg+Kfjng^TF!7oYv{NwD-VE~69H}=fBu|c{a;!kjBDH_C3G*?Q9ZX$l
ztSnTggGCwqwjn0~Ar|Bhl6O!_$YW&j2&d-Zms6q9p?{0|u4+kHD@^SN`B?iv#Ur_B
zVgMTKDyPmbIu{wnQQDMSkca=OVHT<X)sL&g=1_h~h_`DPaHQ9VwmwxFULxr|cJvm=
z=z9WrcvnMR&3A$Nle~&mFqmWdxc23j(l+~aq@{$QgSPAMGU!-IsXuQb?_aKyer*9*
z9YFN#VS7;7Jok!0oe>7T)Bj@bEu*s9*S2pJ1r-EDB}7U<0SN)=RFD<{rAvW}4k?iq
zQA9wx8)+%&29@R_q@|HYx*Ohe;#&J&d*A!h`+Rtw^<j;%#*ih~y#8~}GmhhTh?s6N
zsfKs6YJ7j=pZ?}AdDls=`qqCA>qLkYwEZsD@iA@A>e8J;*9*J!*BvN~=y7q@BpRPS
z05RMD@iO!OA#vCLozHT>07$*gpFb&~j7HwC3+F&A_wP>e)~8-mpFTYRR+V~@y?F@P
zAV2Lr8WrH8POS#r4yAR8Tv{@>Ca*6(cAu`=SQ`HJYhMZ|8aA#74~;!SB{u3M9(Y)R
zT?H#v5<GJLA12$o>oa>iK$ew~YHLgs_uE)E)TnfL*xA*UR9!vF24clqcz=88k?p_<
zxEL|Y01l%Oe1JCx1&Y1eM=HmEFEFl8w}hT@6`Gr0%xBzmh>VH?=c|5t797R3Eq<q+
zAExcfkgCS`M6^vwSrYZ|otHG*YA}c<)@NEn4)?dKdkVv2W0|jAn+kn=6LM4JEDu1v
zh7MMSIcPBWDrEaP9-rSuiTpWi%ir@;+huOAr;JeECC0%#aqU+M3?teRX^U0GFF18;
z^WeR>0U+Y};XX-6^(cOh!vkPpNobh*IPLBl08SK=9*k8Ll3H6bax&P>go0b0ARvXu
zYSQ0n;}@3I-KEz!@XsjG*2YHTlyumnuTfvX#^$DEjOyd4{%K9?BTAC$y>a$_FzsrT
z_onrA{@|$;h`xaBAj8+ARmB)XMh4m)n}Xu`s-bE-?P@<WzjJx<^TsBdDseyc^mUId
zo%(XLi)BbYm1jt&s^-7IYTX3sMp7U7zyiQ`hq$)8oSiH6hbwE$epv9d_4f9L6=CG6
zDJz?_?Z%^;yC)_~dZU+V`b)lvFl$v9M(_p)_-wsB5H||EWj%CLq~X0ueSg2alhc+Y
zL<SY%W$PXg&E)hswQubiam^ULcp=xme7KKS5VJHYUcT8BzpG_!?OjA4TH~5!6S38>
zm$~SLV{eMrH=%L{bhTp0K;nL`%*Z*Lv*rc&qGZRJ{#<h$OpyU|jlSb5T;yS8oV$=a
zvPi3nO)~p?fd(+SPxl0zc7#9Oq}E%nzm#W-z6JWgC*ZfgCrzTT2XU5(nQEmP&CSgl
z`=EP8czFG}&QaOrpYs$_-LEt?)YWA=f<tv2)%!$CD`oy@hs8CN)|*i3)vNF#@mDJ0
zvekUtG}?aTJdD}QvicO9&1&El*!gkadc<S;-B~Otx%g^PvA0bQ`R%?YeE^LuY$KJ_
z7b`REpQRcsG7lIow@Z&cOA;{$5aY~-*@Y6N!E+6`fH-XAY-eKNzyHv_)QD8M6cWs0
zxq=rw@9kH%^*qF_uWPC--!8cH!-HG4z+F+Pp@AX@h-AO_zA$;NrDH1e_0&BCSD#K>
zSb1pvmoou3NG?->ql)0lm8^AkHnxpotCSKI2*{xa%WBuU2i9qj6-Is=>g>GfQYF}F
zOg+aH`LY_&-BOz^EjWk6nyiC}5E~GdtLy8E7nbMqmy-i;baZqm07lp~j+vJUs&mi@
z(p=V$!rujbE+;}IqYG^+Kb1RVH23t6xVCf9I!MR<hD?|bO8vlTyD6{^n}d{#l~wEA
zc*OY4kR}9Z_vH)z+^k_3q?I)i!L8lVvCnaZDDQG04;1v*v$c8%Nau%#?hTfdq)9-y
z3YD9F6tK0`yom<0KBxIZScTHo!m3h&C!<p1%p+1xLk|;k*&?U?%`gT6G+K(5nOR9c
zVl!A(FEJ{^yCr%xCR#!=^!uAL5nOhm3tI!Ub}g0JOyH=`dvT=EKe0#)Zsy=-FDvWe
zkx*|U=4Kd>!l+n$`wkP6V%71MiKMJx_UK@tb@`Ir6Wv6Ywx+hgcELlH<eeDxVx-$(
zt66Z>(<@Q!I|odH0LZP9diLyf_A;=gThqk$dB6$?%<S}>oF|giwrG9pqjKBICv`9~
zqXpN0{%7oqvXT-KU$lZw&FFS~I%h@6sYLq%JP9Rb+|tt0`ONu76POn+U1IHfnB_vT
zSq5y*O|C+{Rh{$#{-?rQdHF$!*@++wrQL+eQa^)5HBUvSb#L|Vsl|eBCuY_~eaL)c
z3XF(I@9$!6Yb(pa?=v(RY|#gv*A+w~aTPtONlbudvEv8o5-6!y!eXO_uc9ZO@p?@O
zjEv;z^eeQc*{aXn9CbQOUii60KT=)^E(IZlIiF7G?MGd=KR#7fp4$d5KQqPADqdvz
z0?2X++v0A!9voJu3BUa@T=KlKsF;b4DYrY5g`U2H?cqK3>k(h^KmI)O*j!?W&dOA&
zdip8x(}qRnl{2JM*I&cR7a=O=e>N*M%a$j)Ev{Oo7ocZga49VH{Khs{Lz$?wvC6kC
z{}7zjh2?o_Z^D+YHKH*+msqFm#Xbd9)r7v*@4M@$QLW`)c{tERhHOsn<SrMDy%Id$
zxYGJ`Yot<ox;2Ig;y=WhNZ3MJA_UZZZwMx-&g0jvPq%esn!e6lKmc8@Psg{MW6NjJ
z;LeEyo=5>x7Udu}7nky}@5c`TknwK6Gv;=Ka~>Ryoz`cKoK~JihmxnK^W1K0lkFVf
z4d(GR-33rYhEq|V^^7b;lXt8aS}bd|stJLv4aE$MD>7J2g1UT-`EQE9I;e9SKub`h
zVEbYv8=hAWq!ousIv8+Gl;+sdzLCOGKPfr(hZPonW#hm*Jtiiy=DY9kwJKgz-Qcy6
z3ws1G9UonZ*-PY0ATQoi7}osJH<&TXqaRuf{JgX$75Y64pnVFy{aDKh?+rH%oy4)n
zSzj+tVl9@*lsmO+=T&h*?<*xLTGEVuM9N>#wl*SAUgsR+J+$Bwz=QLl%Bqe{fU9w&
z{)kGNaB^y@iYAn(C5oD4ZjKi()7qAEpY$$cS(dOri*}J{GQ$8SN$;+`eVK3ir$w=-
zmV;kdmViuw{^!E^^ZtHE2MIK_4JOVep8Bpr)xQF%b}AEa*`?Ir*(21tQY5uUl^dPt
zn&`n9YG!D7x9^8B59khLSr~W)7(-XTo+fEe)4lYC9H9Ch>@nXED8Lj)8+~4id_B#N
zg*$8s7pNx9{*qAn9OsuA@X{2;aP!YWXhAlAK1rIJ48>pg8&4)U?7C8QdDYcksyLpQ
zd;9x!cB6v3M}rngnVC-?#sSN=_iPcFM7xyys?qLV28&|e89i)~f`Q)N!ZU8(rq6>L
zzns&t|5Z_{7WnOA-n)QzKG)IvTMGdXv1g<akJ@{gNs>`#YWk+8J(5m7MjE}HgXa_)
zt%816(M1o+KUE;Y1L|wv>Filum!f}Vnhbg0q~_!1mSeXOdGKa(y<IS1ugoFFFObA_
zZw$|BX`%mlu1{pM(w9S&G$A@9Lz(f3$7>r~l}anMo^xV@OQRIDuoYJGI^%|QUcJav
zX%3g(=TK}>_w~Gud&A!I+=co1#Ld90G2rW4W_`W<OinoX;RjDo;%s>V1xAsLM41a;
z?ZA5a8KsapM)mbWaBx_5HH0Zd@EH`vV!%^_^e<)A#AbZ>?BVqBS1tYk(FO*7M$uzw
z#5!?O%GVNlO|7zq==Ap)<Q#0aQ#42R+$r>B!>q3v?N^OpP&{pXHt}lhTC#Vc4+fia
zmd<6>3MlD%uQ!}al{IQQEB>BCZTd9YY~w{(^n$6GdT`*27b?l~54P5_$@pyK${Xl%
z#>N=|J@U@0DSOEr&ehZBJ_=X;yXl;Be>homiQ$D5!TgK3?QZ?i-tG=gTs4T=o0_Mj
zCp{i|sDWJY$6gzLqDp(<L+qqI(?Z<NVpJFAp-<j*;)C|4j{Esh-+D4O+2-FbD+(r#
z<YfdUf@^WqsF!oeK>irsQ1`>mwYEOWd)W$%xREa-kI?SI9@^C-I$I_YxC(}54FJ2I
z>bR<D*T{_+y0imJlqk*Q?~o+l1wl4Xbk@hnzO*aOK#mnkO^NlNnjSiP4)gc&dD^D{
zK7UWU^5M#D#DUvkrXu}rEF47cn^c(O5|s0$`RjFK0rLBaExTH`M)WlsUmQ=*=g=@Q
zJ#wWcF2E}+VZBTF`-Sd{`~Uco>}+j~8mI*h>#k@W#PzPxdV{j8pY5H@?SDJ{40UTT
zT1GI>b%r_*D!d-xeBmVU6xEA0w)dWBQ0#nT&>kz@TAFXQ@bhwr|Ec~Ym;l<SW?q@P
zn%V#TW8d}GiYvS<?9?JtHvzKL*NM-=({Hs8<t>b!YaC>=Bb~oHIpOUaM!kJ2GjV5n
zUn%0lVcO@<0A(8Za;`A?aZF2CqBuO_mimAH{<T>Q8n>4}CZq+k7j>ej9KS7K51e1W
zYj{JCkIiq@8Aru4kgDh&P<ET}Gx0uM!{~A2?IKjcN=X#RCChjbWBO$o3<Zh$a@6W%
zs?GQ_+^#z@r}e&2OB46kpIWDiU$?SWd^$1kE#6m2==D7B9rh<vmDlucYnQ)#RO~lr
zh=J2$aBjZ-nR9x2y4Bu>5n0k@lFe5?-1b_zk3H9C+VR51DBt>Xz5CN$vmN2-R1Wg4
zyNX4G((eduDp}g72xv5<LrHmX=rpzRt>o9SNKMd+{}?3?v7PX7`$e*AKEI>l!ZJ82
zE@D5fTo(-ZON)P=st5+0e$eckyn`>CXvzrDvL<93is@^43abN!BHDEfjNBXtppbr=
zw5vgRTftWv5(I2)UrOn{3eVIk)rdRQ*NZE_bbIUlU(Bzc4|4ehPrm8D(mjB0`KYU@
z_St2g(tdzsWpSC$(m_5^8@efA*V+KDZ{@*z?0$5(htCw^Y<R>{@!N*-mKwa;Q^-Wv
zEM<aK#Cmz85-X%_UcUS-a<PJwLupL0JogM9vzYhMk)ZQKoScJ?gg*tv1k6oMyZg$-
zFjFQ%zIJQ@0JP<dyRHwRat>5>tgm`Z3nua~%{{e<!u_H`?LNfDk_*(E^oa=x%2*h&
zHW-9{v!cdm@VH!wlq75GZ*}aQ;;SE?7&c`1PsBWwq5FFdsQJ)GRyTJ`P+k%S;_pki
zvwH^AARJ=~DgoHYH2o5>WcXQRI+EtTPvy<S$0wc4mNb%3f<bVF45f-4L03;5+M&vF
z=T6X4c7nXCnf=a6LhthDj0{J!XGex^yvAv0j{xt6i#WJ!O2WRrgv5pzRy*T$-ih_e
z(qTy{DPktC;W=AL5U!=Bwl|>r)u#JApY8A9ULI1C+mB;|*Ve2m+r;^pO@zmM3H?XY
z_B~9Gb0>bMoi26WU8A*TOieB+nGJ!TdY-{C^DEEDJHYbW4btX5r1PDexlp&Z^Jg@0
z66S;G3;jQ&1ugtuNW)+rx;`5wETp~O-(*9u+?=H@;(mrw*M2IGRt=XL$e2(C^~}ZR
zR6phmPWx6N#4w(GpV0HrUO87oUY;sLIg7xKi|f!rPwy?N4WHQOw7Y=MEzT^r-NbWA
zY?CvF3O$@+LAgb4_xZ%IB~<lp_}zMU8NUX<g_f3<!CxFRMOjIyYK!<TnN=A;Dj-&5
zT}oJ1Sy?%Ql6<iwlU1$gt_~e_*&`1&-v+OaynviJL-gjR?X-&2Q%XM^nFb8<1CRMf
z>OMG)Qvr!qh+%hf2IGH!)>E`NH^0}^_IKRpw9sJTE3!BCpcZQYy)HgDt3hoX<ZhWe
zF!x}~@P%AF0RBbZoWVe7x_oas<O2u@Zb;<vf2;6T5#wC>taxYYs~d58_UFL2Z_lbO
zFJ<@7D$#|WAV%@mT>kU^&;<B{!II5$x5=5Q&y@L{y1c3&vb16o(njlp>UyyUg)JKs
z3`sU>aYXKi9Gv%j9JL#NR)FquZSq6ttCg)0vj{d(RmpVI;XKuLvUru0ll4X8{{Q+u
z3DA>=zrgv)+hk;9Wc7Pe5@=g@iH9N4ZBzf09OIJ{Gh%I(a5y+oLV&Zx^hE47E7g5~
znJ~s7#>`b{kYS#Ck}+{oLRLuETWM*<)&g=#hU5&}&*5RS5{$>WGJpP<_{wqh++2D}
zj%5$P<Wf>h0)xXT`>vCMt4_F@=IAHu;c<KVH0Z_x@hMoKO#nR#54t-{Qby*gG7%9E
zQm{4;f^*@YPZOj?e`lAT>qDBkyFUFn`W%q=@_?uVw(sutQ#vGXuD#i@eSWQl8pDe4
z%+<}ZhKobQzGRDu$nvM4sK}Qg<T5@QzsA22g+k?=O;J`<tb~JgxHg4m2%t(3$9&6f
zj%kVGUz>wnFmKo~IA~Heh#IIiY7r*fHFUe)56=>kCydI<Q4=+*!ohx?yj@~uT;?im
zfD(gm*6lbaipwAr`o1C=lAF{5npHasSDIQRU<PuN>L?s)64$`YOc``=`Z-jC?`_%-
z-rnBb-Q6lFxB+?r&7j%+B4f`5)i~Ba5~`3scLliW5udY}+w!0*bE`NvTd}{l*BDsm
zO~ZFbIu!;Ga&1vjWH>|IYSCP7ZpUIDe;c=+M~Knjl1{7#k+_1E)>b5)GLOUBWRpC#
zkdQWH+h?gZ5w(2mYy4`XxBINL&$;@`7rC%+Rlab;2u@A{!N9!jj+^om;LoUj<8BLZ
zo7)leUA2{0u&QTNr-C6CT)l}Dl8BDP1|!Y)UV4q|0jp(mp>&+{uQibA-iSD8;H5g|
z9*_wSghHAW8J6B;O;_l&eiJ*e@rvK2VEdybB_;FPdKCAco>EX1^7C(9KJ)K)CB%u@
z6OD*5QcJ&dfBzotC27Y7@B1Y8!L3tUU)%gU<jxeNp0CaR5=n;!ox!tH{!?cQ-;<~J
zjFGV$RCSV02dt73o)jFA7zB7i=kCUq7XR+<t30n(#?mg6l4j(57#G8d5TwTFy3=xm
z0=t_ns)`^Sm&a#eA^^pl2`}^Z^z_?M?$~xqJboOsu#hQ_@!)zxKzR6F<FOsUTcDeQ
zb_3($wxyo&_67w8@*9tp8zx%mJ@dN>P?0rm7B0K)MmDq8*2sP1pDw~4=0_3sk(9F$
z^9q#7B%v)6kcH*+@8rx1Y`_b}3Ar*iT4@%y^*A{kZdy*RJnzr555kGWJyg|O@eK_y
zJ!3_3#=d}#i9Vp~-MeXhdP&+@L(6f|<~t91uPd=SZp?PbPkiZb2o4Tr1-8k1s(}2w
zJgo~d?X9gnfy70$%$aU;jh;mpCp*sQaIvu1b-%t*Z|MV%U2d1ma-hROZtWVpC^8$A
z^ae5Ca`g&@st7*O$W&ENd<b#R-4!X>)JW%k3$Jksz8A2Pacu1$>;Jb$M7oL?mH^w$
z2M33TXEACL#Fj(uY_gpDy?2X3h&f;XC?3W3_oI<5H~!#f3}11p_SSs$6GlH6%pw!n
zzar;??0!9}V-uqi0&W;0*x3wrc6Qdj;0j}-jg70IUn>w1h?FaWGjnqHJV?0>J=UM`
z@*i?IGIV$qbsasM)Yq#;Zu^zb1VrnSynK9x>}DasiRY&8llu`qOnofvq7{2Xz(LfP
zjE~othNjk!;n8LMV*D>yxHpJ7J|!m73JPjr^=G`9B)<$N1t%aj^5W%vt7p8w8FeZ7
z&riagLOh0N8y^%z)u4UJ)3R}@<4j`P1h<^7L&4Wo-C+@o)B4o};l7*CB0A34g3GK?
zw_AanBwR~HE*^u`mvGL=Xz$r;<c%zZ_+}emB%YFTt1FKAhv+$)8yXch^3o|Xv?awp
zA3p{(dfv4j-cU~o{Ez~^z0Q_OY)p#9#l;>Y31;YAGedbyElj$KWmkJKpz+W7du+DC
zsk3YL3b=+a?EOe0kkTb!ys;r+XIBgl$mWlviQ-YEvhwB=wjCoQ%uGy7IbganZv<8)
zE-yFRU9$c6wiV{X{xd(@`_64qB%*cC?sn)Jk|jP=R!%j?+UIr{+ZnXETbG@!jM0@#
z&bVIob+6;w0>}QIRQOy8)pfJs^G-yIqR8zKhkQf2&<A`g!N>zqlO+s%%(I#E48Q#t
zMdH=2xL(}AfE0(Dt&jQ`pNx<fI4UW5Xq3Eg*{K4(WH5Nd{nd-LTs1H6zjma{(d0wH
z*oENgRXRb(?eMM9oazh9!&;GgZyXB;&|w@22K;>tZ59Z2V-O}zPm%ZzD0Y^=i=JS4
zk;gakVom{{%+7A}8cI58tXs15#Zd*s&LC4)HpgBWWJ`%k?{hE4t3F;LWzyWvro?zT
z<%Lq~ZEMa?eLS`6C&X0LwDWb@pt3v)VTV9r$I*}YYG8n!mVD{3Wi!BG{4Kxzny4!U
zI1^kGv2b;Bt?I1OGcxj>ZbBR$QsbXYq5rb~>tMqZG5pV%pOk+nx!53W<Mh`-b8Cb4
zPSc)pJ1pCQT@W7>_c3d7^4)n7D|9UX`OY0A!4PR4O;XsC?#(V3hJ67E=W9WH(!<Uu
zlUGsZu6l1@mE;7)$Dd-#$Dduk4MQoc;glRdzp6zK1!EXgTOE%$A8P69y1zY()eJ7}
zahP}kotBpjESU`N&ZW|TO})r$_~x%)37uvG!3X!SbaY$oH#_HD?`<s&W+Wf_=lZO<
zg8Qfjv~zLJExQ9H-)b1GzaO}e&ut7v->}wdZ(2<f?T6TT(TMer^Q3s#l%HKU{f;TI
zTQ}cWYEfohpweSQHh*%AL3VEc>?~5$7<25jQ#Y;6kV(4|qc#I1_(hgheABIb`_7{o
z>|m&#&({>>UMN5qKy7=UxZv)*c%Jn>CtTwYNclN*Y>yqbx=E`FrhZy@EVVy@l&{eK
z7d9{C`iaRZwV5?5(sb>eHtP(=tJ)Ov*w_mX-UW53wI)?s&->ofsAOo{Styc4e9Ap_
z@=DCww?1CFRF(t&>$O&8Z3!P$inm*Kqb{^ybJJrQ<9gP%pb88H!`%&reMTLU?R|(U
z3`k3(JFL9N!6gj?Seje6E@Co_7Fxd#4hi`U9QUOw1_rmuZjkl2LDXK)^%4I@FbxDF
zxg~v$Q_a_|^#ZUU;_o|I_@vOne_#sMPYOVyi4f<g6p6w(?K7R2KARLR;z>{TCTikU
zHW;3PAu~?M_cU^bcez3g3i|B__o4MaJMns9b%cq%#YsZ6dr>pjG+m$GUEHrlU@qUF
zEEazDcYKG^(2xeIf%7p*1v_1p;J!_iZDAoVo^EQ(&K9Ypr(a(?DOYCS+QqD_zNy`H
z16XokTC(r=4fiCkH_ZbtBqw>Yg#?|doO=!35ES_I=Y-R{_wSmPG|MLes9O4RF>)u|
z`tADLQ3Vyl@P+;frftT)dzfr^*w|#*VU_xu3}k2h0iAK?&z8=f=--A2FfaZ{DsZoy
zxbQ_^wki{FP6&iT-aFR8JO#!cRIp!S2(I4WG9g>Qd!~usG*WK&JI}wuL@CSPAwM=N
zic9jv3;$AFtu}?l`Nfbr>=|^2t~k>Z(V^kqbd~y3{kT9wSw7cn9krmO_W<Z^zeh=#
z`nw;;3HG%6k2mU=ms^Sm1@)~T+Koy*zwb8Hl>s*TRmc07<xxE1Zf<Vl%gYAY?=^YH
z#^WQ12yQU)^!L~FH_|0Qj(LiE2!`HW5s54Rcod!a^Wr+6i_`=%@2{h|%C);`#3bD<
zst={u-(X=aBPGw%5iM?QYTLrFsewW<SRKj*r~|^U>Tvo_dRpd>W%J=YN&Ul>%HH;e
zMmWK_hDJucZeyGlYyM=h>YLI1or7J89Fai;S73lwyY}+&V-jLw{9@Z|q_SMEBr<#Z
z?Pz>lXVb!O)0}|(I<M1_)7IiOWrGG~Js$gO63<Nd{OSP(_9HO20=2Hs<Zam#J?i0s
znPvZR-P7$5tQ$03Ty`pqiOkloUX^IgoYL8Kdh`)Nd<7wpQ+OL!VE@Okj_2;z$7mVg
zB{Zc6?J}SYoQ^;CN|4V|1b+PWJb}$(ixE66REyJs@fDdeSU)j<>o66SQyrX^cD}S@
zfT5J9pUq%P<^m3me~L+8Qc;o8???Rh2clNi`HH;DgY!&aac^!4vPWPK+pRnr6))T}
z?W{w9IBkaAt-LjqrwV?z<gur2PREN}0Fb37Vvg>+e_XXceJ6i0VU3gyeVO3uJ*T6s
zrBy<M29C})pQ*T{(ddanT$9@VCi%~wKPMIED5GPZQHmYha&mSq2tK#84ObWXKMV&K
zXq;+?qZ46-6SZH{5ZOP{)s;BEvA!N;8s#&^W?lK#!voiQ%A)E>imkJ2)2V|R3Mx=8
zAThfCan2d)tRVI=q`px~E8jRdlv_g3MMGLn<^HYTZa;}FZC?gnnjd~DR$Ndp%ik@G
zdpAy=fm(<~87!R5<Ktaw1Q=+?<*h(u*_0jI43Pe(%sJMUoeG31cxO45Xn{atc!;uC
z9#&&}zN}@zROx2zet%SUdd9mvD&wM@-b0Z$)Y#Xd<!!yu;Pz{s=rSP#$TX#Zmf&(r
z*WIB3YXY|s1Z%bMhKSA|wpyE%G#gE8lxP*K=lM?Q3`M>}mX4N`l$R;j=>07=wumep
z1T=wrerI9V`p`##IDB+)Fe8rje0+v?KKKr&$DH5#OTPd6O^B1%(eEO{clxg#__Df8
zgUg+*3n&;nkIs<`9qnkCzqD%}ix~_}w7>R8P~sCvNGC0)sG88<pqWFmf@?+OJ`(~!
zjLp!{Uk>%B2+GPnOJU9Dzd?O5HCseoYc7hvCuVOS0e}nVR|0-5yQ01GA$tz_2O{h_
z57k<oO#7s)t%I`j6Dx<=Q0Had$BU6*{^;#ZQ7ta9pt5L#hvZau`V;70OMexKsH;)1
z3FC<Dskf6H(N`K)JpqCamwCmDGj#VmM@NMYNUB*RT;`XtXA1K26xfI6F8}l1n8hC|
z8DSjOB>VfrYHrxrNm;bF8eRLDy42ROZC8eswDxiSk%RUsn2k?}c}V9ejYwKfTI1U(
zHO`g0kp+Kg1}efj=$IaLF@AZRxHP|y|FP34>;BRRS-}ROHaukh8Nz!~byN`cxFq&O
z@9+Qh_v3ij*cRkpt>^y7Sm@+%a=)TL%K!7Z=cf3%UyYXkySU{ayCnznmr%)L{6{7K
zZ*TN}pB1wG-qbfhNx_U|XMa}$Qb7+4kFb!~TDF@Ssrw7V)T|x*shRl(Q@`A?6jWYF
zd3nno>!5i5`RM#dJB2`nY{p+YE(W)fay16jyw@AmvgoI{mhipw*Y9hp+^zuFu#qG1
zB?|!$sXfe7rlKZh=DJclZ5AVe?z2(9FJ!pIb&p%(-S&Ky`z9wRr<A5<C91g{`=15c
ztI@i(ci1zCp$v)+rY8#+OU2^=&4&ePr4S8Vr}`79c$w$aDOYXiN5f{?W6|%{XHa!{
zv{tL*=Sm%twKSr8n*k)qC_PA&X$J+`#d)r&{;pI4(n@V0`2+i)*|{qe7)<bhZD5<4
zIrq;GER(F_vULy<&1a_s?F`eCkys$$uJzw`4S_R;z6#}W3+OvM0ZQ!<3)4;iRYcGf
zE~~RE+H85~1VeMxeB*bpP;G)!kGPMz#4%#L!M7V29GsTSCMTOXYm-28s}^nEwablv
zg{in@PuSTk>+IhChq!h@9w$24vU1+3pB*(&xjPMOnYOr;a@?haMBDM1^7c%NoamPJ
zzU2qP4R!UiyxS3r3qPwK<!8tfQbQ5h_hIhBYD0k&)=~K@XaLm8#kP~HtF=ER-mEhi
z)k3!9fHSnIT)y)kZ;evmx@4-)Fal|*K*rut;c-%9pSCkHmI$TaI=vm9(ONk$A~16D
zQwx7bB!FOjb+i8t(Cqzxh8wPK4bX#c_fdnf95|!(RzIBshKbTD>}ls&gj|n?)*i9O
zbh-3@8PVK|@D<ZC&)(Tvx}t1w8|FDdpxi*kc;|zpl74Z~jKLcQbb&zB`EVXvzEnfa
zO02lhuH8I6GgD4pLrIMRuqzDjxg1_eSXkufg>Razya+p}&}cOu0W)H?pYIHOH%ZM-
zTr6DTNJ7J>PhAS~TDL&d^P#%`7TcE&Nk(Y$o4qbdO37Rmf3H}!{2y0C5r#v}%x%7F
zVSa*F?YNZbS+~V|JKX`!6<OlGiUMe%B_1Y%J(m-HT`I&!g;=5&T4a#Q3@WgEtFkYk
zU%5G{Z&%Fh&H0GW@<BESXEUw!a)GOB5=^JU_r+rbWZe2?Up#xQXMno2jIqSpm#LL5
z$q!Sh!SgsPVH+C-%5DA7)+5eygSM-4&YJpS9;FnfVLlr+m3<=p4}OdaQ8u(zl5BY+
z%YGy&9vLp%VPPrmJs`hLdrRW?2fZ$ml27Z`Nw4ccLzQyH{}xy{P3(OFbnN?l7b7`v
z+9D@Z%JmE9u8u$sMy%wkS%2Z|?CfA#ZzAL2obd3&Jfp<-UdG+hVuZPy`)PwAPW+Of
za|xGy`r6BA0VB`n$s>dF{2VdSEB*<af~*aGscV3pGHRXL1Pu>=;uBBCg@Xey1I(UH
zPEBrh!(b)Q<CVruvF;w(I`UHe=gl6@kc-pdEgI7<w679m3?1GSL`wpN;c^VQ;gTkF
z6&$C}@7vj}WczaE>vcR>T^pbuEOwNd-<*$py?$7%?VXVk1jOjZ=m_@O;UQ96n}Q6Q
zmsU3Z!0|^PHA=uX2Lxkn;BA*0eot<_0Fs$K!a3MA>+R;z?xoDOE-}X}gXPd`3JZ^-
z5d=;&G&Dd6(qJyHtk@v8=)%M^${$jX;k8$oZjYjdc6v`~PKVvK2{ayyYKc|9yigsz
zh-@KKqe`Q#uY1-21`X9Xf2~&&uV7tpgaEIu5B7#B6)KONHM26UE%Tflt_6n+r(#U8
zoWlGljJa0nXxHj892P!H$K$jU9~>6a1YC&?`W;~N+m_BVF?AvW0EEGO2><d2q#FoE
zW!7KV1!X8_hZ_wln!7hZs)^j|YOksKdQ5<!Ka`DHq<&&Q*vk|c62W}v?96-qxz>ok
z3Q&jTBAk0|y7O8b$jFqW#U0Dr94Y>gr2gJs5ul+S51NpaWV2Xew0>+0L?p<fM791_
z+!Lc?3$Z-Tvst~#6yk<5fU210Hmww}2&<lZ9g2NwyX|@?5oGO8cEfeU6OqI@#BB`)
z+WI(B2J?z~tQ_#<b4(C-k`Oq4JK%9RewX*=)x<`*MOE*bn~<O@vq|eV)W!h~(;5^U
zXqWA*h_Fxw=jqstyiY@n`yolGDUr4UJ;lmgCFRoA*7+K+>*Mb&M_2IVBRm*-Mn?a0
z>(jG`lwX}GL^+q};jw&hGUx(MjSub(nuT0yamZsim0teh8-GY!nxan|W>U&En_ESW
z<~^ycr*f=*UD%1?bGI6`xhv1I`y+w7)G|@=rRjRN@+YgjJQ|1;!%F>H1R*2!ml%8@
zQ-My_*Q9{my+uD2HqWR~k=DCJGlc}8?dVn0TAu#wzO7m1)MS%KXq>WX*;V?+Q<jS?
zo=?A$ZaEj!L-fqdy#zOi{qK(2v;lms*=tJLg_Q(tIDrH{LD1~mw{Hz$pWK|_j+KmF
zbGUI*8`xJPUFj25T^?9?E|+G0=K%Ty(pc}^n#J_n%yXEs+FfxMl7Ki9phEKjC*e}q
z=Pze29PFl2p!@TC_DED)@?F9czVG(u8$>?$VKvS~TyQ?RKJVSlplRLgbS7tu-ga2-
zEmn_->HV#q(x~#%N+Uy3$j`LxN?wr2n>R_njNO4py`Ox#8!iD2q_B3rjd$E$j&jUP
z<~8IWaBTe?GJV80AG53rUqD41(pRUrtB8eK-Tx-p6_D<NBC8arM3j;jwS%KxkC8PS
zlb_kFShKQ{xjp{bMT}`GI9N{;Gomid#D|S|wk5uo5OW^z$yjF|*Q|<Gfdf}+TqB>n
z;=wi74G_`9{79X@9T;RgCTPPZ{|Q5fq%e5hDlZurh1%!P9Im%(8}RzH#agEf^ebO|
za{aNu9($mxPTvq@<Gj0D%J7L*;@5ujAb9I&7&Y@$I=eaxhC!EA*cJh4qx$%i)=r=9
z?*>DJEJzH?he|AK*g}vg;@h9te`FCPh3~0CS6|Y8jh{f2tQgbe^z7^+R(bi5p`v4L
z(VIBMaNy)L`5{?0_Zk=gRq9JP;z7Ad*b<e|-v%yZR?|$=!6HShNq3bI;F?|e2<?UZ
z9elK){(wN&tu|i~m~Xt2xVbh^*mZFDH807K=R3@u(%H9dAtSz<z)R@`j>K7GL*g=R
zQPuAWNhvjXw(GZy^qgVHyIc1cFO+1|J*_t55w#n>sCdUfzlZ_)CEpGy8P5DEoY?~5
zv%0+FtBDOPwz%>lB=g@~&AxH22)y1L=4wcC6?(;8QJLUensHpWl{sJM<U}!8ALKZg
zy1m`v0RL^HCyybMpLOl9YL!z5ft=ld6dQB#JNWB-MHWFwz))1F%PoTFsFjtwyFEfj
z?$JW7BY!U7<P6?k(W@u87f5tZ=YDvlj0|M~lUHDq<>#|kThjh*Fdloly(iZoGhXBD
zlEKYKao1t$6=f;po<~G?KRhCq8BwwM3Ssc_@fP^zWvPfYVc%&~8JSqj>Z4_gm}!eZ
z(O0fMh26XnJ<dF*KhMYOXl|}oSFGyoMrWfk<CBt9PWDL6jdH9X7vt~U9LNW@sEb`&
zCPhI#Tgi)GZ}ho!$>=hkS1Kd)QnVZN0<3@{vp;@Cn(O06tQj4neR(czczU)(DU?x*
zhLoTGRzVR7Z$3~O*M7wb{x~fKrvzdj=!NUg!Hk3Sb+4XJfbe(w#Q|EFScKAB0OAxG
zLJoBfed6%1K3cPO7P)%3mMD&g{`79$hEf2E4qz0f;Y1$R5OWY4;?dql24lc8>h5&I
zN4xIMiqO;ZB+l2?;B*VhJ`zZ9w)8ZvpfyGvI&k$*&!sQ=F8;c%Spcm$X!08B@2h@?
zN=@_S>i6A9|1%eS?hl9n<T62(qR0;z^5?_c+)ir}DmaWRsIrYN#Kpz=Nll_S!HzdU
zeD7$Y+9_?~Hyr!jDda?*40y|-1)wvV<A_mcoC@0A9XH`kRWYa8X@ejQ=;0-mvNaOi
zZ78D-{7YFMsCx6+nVTG%5)m1+dXzY9dW~GA8r0e6e7p)p+xVxOAp@^2LFRK+Rhz~(
z#OGc&uFcXaRDiW{A-i8xRzbnN)vXaGP~E9vU+-U>rR2-Dy-PMcW%b>r=)R_A)&krb
zHla^8dnyQ{0?Fx|A-U;}G$Bi`@&SZ>{r-B3m}LKFhpvMLJ(QPyZ7~D5J4?M;>WX>d
zqN3rxtNZFFY+b4@JUydqJ3ElC_*LBu>%bbQbS&Q4-}5!W!T;+<kEc0H&ZtosOe~th
z_nS8HEt%9&;XN+A?HT#1PXz^{F!oFSzA;1PWD&WpuBF8p&A9eMCIhzB;MJ^roCzEu
z&Zs~eKuDD_%@4*J?&syPF)^tqDyH{0D7D4q$g`SOzO>A4MoZcHL_=LVtgQaKwJc!K
z$L&nbg9o+GHyMob^cdX*QgW7y+8%CyL`uHDH1_sH3sj+5!b1Spmw=cvR5Nz7lr*Zh
zC4xbHd)Y6LLcc{W0K0U5+x2*~7HtxC7VBJ-&~aCe4PUbU?(q)AQ6;23sfRLY-aKBZ
zK2B|k<5K3!wY0>VOcZjZgI2)*$?eBYaln0dg6OBU!|l;#3)e#vvdh;=@QFnymyae~
z{dw{Y(yw|vtsi9tsx1i#eVpr7`pazC!%kWp4_Ajk5{m|>>B`-hVa#Cz&+#nvqQ=i5
zcP2%xyg+Iw@AgqXT{%;QInL!E7YQQ^({`bXjaBDxcbIApi7bqPtTgE`#>*Dg*5b$=
zrSq6_4I-B~*1H*I%gW0OmnUXsQk}zBAsA2)#@NRiv$KX2p*>kyS$TRLXBN9A4g@*+
z$jS2<IlBUb{HoXd!JW{^0=@H}fzSed=<2|AQC9Pprfx5AFW`nAZ`d8n6EcUh0I}2G
zb)U<X8rP)P(17(Wo!n7d%RZvhx@|C9*xK32wmai`bQ^Z$os7@V&j}s<+E%cd_Q6fs
zS#5CbaT6aJ9-4eianNDI$YNY{w{}Haa4#Ql&9Y9;TTK)$$9zrg?R`;Mo}MqRwKm?;
zDtYF15aoK9Q=os3W-I6Dm#Z`gk8N!2E>TeUPV`kD-QFGZbM=P_*;6$z5*{dFdDK?G
z1XIjqKS~=7T9&Eatkd+|wo*rjqepzZYwPVut+uv(yja}~JzV<y&6B~x?Z(NC7j{TW
z-Xg|ge|`hA0ttwf;2iD0K7EGlhLVvH-ucPRrTLaaiOMz+BYqm6XDfmg&m|BF^M$`>
zjX_kQto~T$FI`}@K<9S)v>F>mPQmjeBTv-%QP)l2{5K!(#T|=S_zFYR+`*Ez%bj=c
z&h3%pI6k1HE++=>YIFGezF$>42l>C07vyf^_O~d8DDvKIEFN_dh@Kl;UcP<2k>UEZ
z=_3Ith)xmx0+4CxT=%-L_S7g|bBool*THaz0<IAn$<Vd^Zkpd-T3Wj2MXAMlFgfAJ
z(M7T@pUMnLZAUfL$Lf|=R)N6NL(hBIm&qcpZhS}gwNp`C7NMoqGg5|zX_`rFU~U4v
z<JM_fz8|S=5|8^_T+3Sp&@g>ShOO;}0s{<`S+4(mWNrbWfSHZ=Eq((wVG9vJ^O!DM
z4%+Nd`3vpMima+EGlNPyD5q*q0R}9|$gDuSC5Bynp7a>PTmqJ>_LU$JjF$73TE3@z
z;^NLK&2HTB#4_Bk6wod|Tw|#|{8&;_79JHNh)|KM4#ur3OTPk0=0NCZe>7@}(3r`9
zBF-5!2T$l3>HHy^&5j{(HF6k27novWV<YJ+pB?e<4lf@)9O^CgDld;pN=ll&)SmK)
z)J9w6!GlSz>LUZD2}?*eXF{*e-HtQ7G!0W6V}o#{tkL@<%=3Dp!Ef*p10*l~Z)J+N
ziU%F}C7dI-j!)uVsMi7USH>q$y_pe_W(&a2)5p|(QCVn0*3v5H*E|`)UKIv~9NEf*
zJKhncmX;P!6Zn~!-0q9NFw;pgMp6v~JB<ANgl^@xI#2~{FAm-TXG<UBR7nYU)(6wY
zpYwt=wdfWK{l*4}Ie{HU7T1kNHLXJ95Pd3L8dDInT&sWFQUP{|rj(DQkcF}<5z4Ij
z2?HNEmRe{dB<-<pu5wWNp)Dfat%iWC-PuH;C?n>YocR-XLj}v9vyXi4|5=AG)>>6&
z+P?VF5y>iyIhn;l8P)MYRz`-{c17?`Ru)%MX{jXNU|OYywl)hag?aHJet;^9!KeKy
zk%=Vs`Dsv$m-bsf2|L~BQ=eg3lqjYvSFO)}3B_<~3v092-;JNG=6Y9TWaLH)#uz5%
zV69y)qu5uEyG3tEuSm=+EhPke+27xLnm1a?UV!tK7xSRp&SDnx%;FDlcsc9yAjj8#
z`_g~=YCfuX_-p3slrD@cCihnr<$`Crzs%O#bhPTxx#d^)?Y*=QCxj$`GlRN#(nv%=
zd-}gMF^ILiK8!^>bZsq9`AkF|#31vIat7^a-Y;TlmbyD1c5+IrkRIfZz;W_lD_^Lg
zPwuX@_4ofpeeusx6HG<nbNr9s>7SbU|5WMx+cNGy{>pz_?fhdt`M)+I|G)mixy4e+
zTz*`-Q0=MN4r*YAJtw(0;~{gY<krN*L~`rUa`hd1dwZ}-M)N!Gb+b(^re|k|ZWP>G
zCv`roW`&wD<?n^!3jDm0nGqY=81ujEPx~J3cIN61-Z`)z=X^pRYHgLLSL0v@jK@1|
zz9w}&{qhKx1(<(`K@SS7&H;zvwYlLEo7FdfP;P|n$L6|&9an#aQ6iA~=Vm^n07;x#
zyNYJJ)p->Pt6w5K&Si3C<z=wr*XHHrtpzHesztV2Pll3LO=OSN;ogtZh2`bGIil85
zdu34F0S(<*qdE(?Vo0hu6e?<fly8I?^j`&EzCk<chX$8jODo2SZ4QRnZm(drn_RrZ
z@Q2gdZ#POFu~~!jfe-%<5JizTxFvSCk`XKfk=dGvyN}YHh((POwoNciC8x<YRaw3T
zjAD?lnwgn(_IEsA5{Okzkzp)<X%1tM!?lCm#}+Ig_=2t?00tnT^vf)8Gznp`2J&Ur
zrnY9bhAGMqA3iX&V_{*Tz=c=VQciH0oVmZhe`3!pq0)J4F$lbk2$A02?vFzTc?-fV
z^Z|hkr+_Nq+zz__(!6#vPBv6(7FBx?WbHnAbeMpnwJ?foz5TY$jf~8DjW`V20Uqk@
zwDNw`sK^A&5B&LhH)iw<n%WizlPU^Cg$AvD>s5gvDH%nWtyReo@ay?ns?d?vIa@u^
zw-;-nglbMd2%2_Te~4+RukW!ikShXGwF;YT1%*I(M?Cob+nDy=J<+^;Hbtds-19ad
zyr2Pb8+;8-ziP0iYTyZKt$+B;w_O@Y%eF8Q%BbsW5I=L^oLpQio{G{>LAQ{MqP2zg
z<a#4?tD$=V+G#Uvu}WQ>CGO#EY)hM(Zb(N|l|9OdQ5%`q%9?x9nUI|=3kd4uYFA+)
zgNP!i*1AT|w(Uyf`aqK29KB$Q=8NHhwaK|B)*o*W_-)Q7gDf-W9jw`}p?ejG8=qC#
z%mp5Ow0^q_6jPG6z#^-;@rQ79-b0e&Qvw14ny(tE$o=a0*8}3ul|PABfOtuJK&l&A
zINIZcn5h>xf)b?6!rx`5!p^Vw?Ae_rULpfTB%)zq9tzQS$j8bL&3c{Wv@@3Q7Pj0F
zQ2@$c+H6^0L~>B4<LVj*YYmX@VYifRHC8!0CWCAnE^ia!M`M;XQ6#{_!SQTxuv>-I
z<Wl&$720W}*v>CgwNQawnJT`olo$PxRHV>VptrnfsGl7K3>sjR4TunOVo{AC$?4v7
z-dPFgFP4J^JYEFZ4PrV_Cj>?XQENNzMr3LfJ<Sib7%rooX^-hbecBdB%n7KTW)#rA
zX*f7$T4qpdQ$%qeAle?3KvFODLtEGeGl5sTICOXMT|4MPrg@ziFJFERNuD&9Q#5~!
zz+%fjBH%+ka42i!J@fz@tRN>BZ}xulY%N<Y5BICPvH;^$+#u(1QsFdT@s}o?^WklI
zrGgK0Vko!}MyOU-$Nsj-{+q9_Ppz_{$08qa+CYY7ZLO&E+Ui7JlZKFzTTEo+=b3!~
z{RYOyGC*=`7}K=cY*bPn9Vm#n{+O9gp5}i=Wq=HVTH0<`A-Kjc@RX2tf9~)TpxRE&
z<r|ETFVGDZoAtZ|i(QCC^{y2A)B6fK6`87)3U%zBzP`Z_IV&k`9dxnb-TJhYm{?i!
zpl=(l^^kkyhcd%&{5&>y%}bIlHnW=!mMLOBDhCN-<ASP?VG4WE2cO?L)q4-vS{=TM
z`E8bsfSXq;RW&s~(LG|CSwKKUwO&as(GL1~&*~h%Qo^`M6DwhI{#WteNs@&QT5LQ`
zUvJvj;`VHqnHvY@R3B&n(+}hP99Wle4My}0Af4~`XQ@M<y>7@XI@;XaYQ`INO`WgL
zy&sv_Qfu=Il7aI~=M-AGwe{P!;{<mSd9uBEEuM{qdQI)^@fuaSXhKWl59M9Vd)-y8
zzK0;-j}3y+%m>f&%J(n5aLJW<s+R<UKPgClZsEv(WWwt{7XQpTiw3fuMb?Bm8N&<(
zw>O5a+SzfnMvIYLEx1O0OZb&~em#hEAdCj_Vj`M(_!3TXz-7d9E1aWJxp^}K0R8M0
zl<4lX-x?N4>$5YNLxK1*6}xY`Z-d!{oX|Il%b^kOnV??Em$1a<$#?ysK;oaRk_v9T
zoC0>eN$|?h2p)x_ygbVXdHbJ-ihsa`yevq&uv2+(CX<3B=adf5k9G?cDUtC9%*Co~
zky*kw-@n5|14s*np8lv{w&b2=mz$x)92PI^n(v$7JkP%W)}gDhyMD|A!sj0IKBEx6
zwGLAZL`-oQ4bc_(25rQI=%37NY3yBHg+mx@p+vtqxr{uDY+rw$69z$v=}3X(pdbs2
zG6BJOok<@vlii!q(9{{FkamD=5`cn;{bLsB4CG%f4N+~{+K%hAZPs~<JQxT)l$XzQ
z>St3ev-zN5;v}E%xD?%=_u|``{tEm2SK;f$5Oa0`8@oq=w9&Y#V{3dUVT)ZV5Q$r_
zCI2rMxll!n{sK<00hB!tr`sZE<u70E?CZ<uytYPY>-TtiMq09oq*dqLy?1g&*U&2F
zM?*Yn7f+MaKYW<VQA3QuuS1>}NAc0nKyQ;-i`(^SF3#LSLGOJN3L&SRuWWV_jEM_p
zUhh1NxR9aZQ2}3#)5B1AzUd>PH$MkWQW-TX<UW69P-M<g%hh<}erEDRsn}^_N!@)=
zV}S5VD&IGY1pSNZ8$&4T3o7A9Gpg(chV}P^L%A?TMd@+wzOs|^l8x)NebA_^h!fHh
zj{7t8`<JyE9}?I^$>qPx(%}&x)3K-H>z4vQGtVsx1m+9F>%x%@2|1De_C94o7A+cR
zw?fl@*4wFFPXxGs{;;%^bV0#|-+Idsd&!=Zm6V!nxgz+$6Ic*Mx<CI2+u?*Z8lDh+
zyio?Jg$j<ldCjQvqK%ImhxE~u&M*h;D*OKNqX<daPv!Y|2gLdtdQ*s{uVC~FVx)n9
zS?|8)MRk!WT3E;$>$4a$3puSoOuJTJk@%&lhY;6l^e%geIcvFmWcbniy-~6o!MftU
zX`U?-kCp9l`u8D?x+(pDs$+g>n&CMWRn5$@tquu?gQJYP`@n$o8ce<Ct6qb5^TYdn
z-u%a0Hl#4o8p9L5=(^TdE%7ZqXpaO%0SRZ;>7TQMVFhMnh6?^ET=^{6Px#}U5Hzng
zLacJyImt8)u!&pSHHedtTKmD73TUr{l*LSUE+r+U<_df3sqgRB8A9JnJ@3xw)+~RS
z6>D*)kx|Tpo$VXQX%(-Ia#f4}5c-j`=t)47)(=5T%y(KiY|3T}+O|Qr0zOG5y98i1
zG5eXAOnFT?2%Ofyrt^N|(DtekLI^<2-0%AwFZW>On}Cst8SC+T9!fj&QJsGQ419<z
zXNqop8v4DQsN!-7YDszNT^KxQnVe+_=MslW+^zekPj~)!(UbQ!?U~p|R7|x_L}&mq
zhielVM&WpDPtC+h!ERB%>H%fq2FBUVGFxUu1b`OWh_aUt_?7o;=|-#E2&C(>KcT{d
zvEgI}i(t?rQZ5M)t2Ea_Sh=Fq#DS=oXyd1I>$YP;3pJ2iulGX+i&*dO*LI7YgGKOl
z0B1A1(AUh3dvv~1owgK8P+s9^+f%}sc(%c;c>8ZppEGFP(PB@O-zRa$R>MlDp|noB
z@Nu9s*`O^=<`VXWP>bp#1*|!2@Vr*LY$QNhu#x679ETE}U4`MtdQ7@stLM(tt^w#8
zX-Cz3zk`lw&DvU#aDpq>rE>5^>(mYF11MAo5glOWW!oT&ksHl7%}q?Y+zxwrxjnt}
z^J!>rL3A^xjYlc7@CTy|SdXL|dQ3K~r7ij_$2&<n?*DLq4Rra)`TCxML$wQdcwHuE
zBD#9bE}!JU7U}vZGg6ZaIK`8kcNXAE9zBS=^>>~8?b%PU$97>u<$Q+Q`z+ABbqzRZ
zN=diD`Fq0fnw4_cS(-DCNnn~kG&EEKcH+@l*)B$|xxR0LZWq4Ad>t&RdY%zG!jR9C
zoMr(^zd}avM03<cwBvt-&>=NWjG2Ojg!?sWBWJq4XzJyGhxk6K;M)9{RqsF@u_+$y
zH8I@4?b_&3X(AS5reEv^UfKgJ-MIC8tYoU4+#dNoifSnd#l_0(Wmypor^d;W?`P7A
znh#(1_wur8oqhO{<@Y6OzP<F)nR?FLQ3Ee;5B8K)Y{NcqMP=zmheV{iGvCA}jbF5k
z?k#IJ)GokiPPj@$G%x(NXpC3Td9NV4Km%Kae0-!R1{R1L4yVI?O;`9U3ENDfFrM~T
zyjXoR8MPQsMireCweH<{2XvTPNTt4ok3Qdsa*F%*?C)bPR!@D!k3!(arj`!>pMK82
z7#YexXUX+hX8jxHfm1)PQ?T#3irFiD(q#TI_`#oP`Pcu5I0($z$cy!l|Me>RZ&?oJ
zg!838JL!r`e=4BAyEXUKDiG)(Z{rcnKU1K8eYLN&|ES@qEHM7e$Nu#jSLFQj*S!Ca
z-(aNgkMgH+@K0^5|MzDkUN-sD#{O|U%Q3S5{keR$IsViGe{&j0{{F4&_pkpy@NtSL
zDg^`xK*I*%Pu?Jjv6_;qM77Nx>`eHDRyXd;I69V_4vkSEA+^&jvB}4kK&n734F-jW
zQz|MdLZ@eq4(^+nDwJ-E6SCL^A$!n&yPT#Jlo&H@vGm%ms}aciQt)`;$^~4UyW3vw
zp|oPRZ{C!_r4Xb8Nh0O)?ZU!BsHkt|c61=wStKMR5MHetvA;EzAPNl_zvEU58_H(o
z8PG}}I5>C|g@i^jfO`qXYF7}l;uQp=GvRy<{qylZ4ngge!(~I~{nfL*Fc}bpI{?AS
zF*sIKPL9`MLj%hU?^Yzl3(jdCBL^=iVuM?wI1eVR^!5~#m2dxg{@lvs*;h7{)6U*P
z(9lqH+*LI7g_Z3vSaG0l0~(JTIr_^{D)mPKE<3^wj%CRiiLEvce;)#z`U1Z#Qisv!
z%lpU(Xca6vmM>pk1*`%X+6rZyBa&)gA^2`2mP^(b*D9q%BKbM6iw}0)g&LK$oo>OZ
zHu%n_NHV+c4PLqoCB`6*3?&d5##&8?Wyn_d{-A_)afCe@rVo;!?&|C$MdHSe$KS1&
z9efT!+p0q*I_F|%*7`+k*$>rmIbh91^AZsmnVJS;z~G<Y1`P%w)y4Z|CJir3VNT(4
z%K~$N=^l-!biz-oU*FI1SnYfPbHv=tmmhLW>K$FyPoPa~*<HD!t*veOl5M6ly6@=7
zMYD||G%NY;n^qpR`7aPpwip<4M`_j}3sL?{XM<Lz3Fg`K;Bldh;xrGQ?^9=##(&^>
zh{)P2{B(AIxjUxl4%{j>zXURl?f<!Q&;*ZS?Ky59=@z&gm1Dy0&Ctv!02UXpUbhUT
zXK}YW2kr>y>XMH)VT21BWl8HNK^j#yk^q><I>RF%@aP;%Z~ll`jGlgyH0T-`wW~zO
z$8iz-5vZ!jRSR|ACDBlXed<a@^#|4=j`QTE%#4N`)rmFNTV2}P(IJ^FG7$pS9-$Mj
zz@K_Uz)3}LZv{iO=vBatd-LVa`=JYdKK_r7_lVMY>}0n&8X2*ToIzXySFt|ijxx-K
z-{n0!a#Dp@;8^wI&kM_oiy=MJ8gV?<^`g1J?R=cAU7g)&SHC?92og__7&S(W>sV^c
z$6FDzk$mR?27KQ~YnX?kThPHUZD_hTWBaZY6J`~k*Q@t_OM@7pbF-|xw5h7n(N^8v
z-Off3Ms#Npi|)1}qn+K$M(Xv5li>+I+u__iG8)5tLK{l8qu&}$)!<7G(S$Kk(+5=8
z*A#Zq?Ls{ZI%BY>f^@mNGn?ryFJEfhK|KBot6QP*uTSmnq1)?fh97}crV*ME1Yuov
zL%4q33niUgxLFp>%oq$lL<tn?9V*+9a~-;yDKV3bq*#f7$3jQmdMNP4&4|zvQsxo0
z#8AUF6+{hv@A1eS<_U1BZGO+sqbhmC>D~uKMlz_Xs_v<u0<Bo2k&lnANs1+CPJukH
z0F$z$xYNJcU~n|ga{=&H6&3vU#xC<PzEyboR8Q6TJPy8!h6ewE9kkR(WH3|$Uf&+1
zzRR3M5NxY5A~n4g;a@FUSHuW{TG73$sIv>pMFzX=g%Kt^@(Kr6+rbv`(hC+jF_9rY
zQ~oHQ!1Jfr?8;}9@|Q*25AF+_50*V-2dQw9gp^fYvt)4l*KPlA##7Lj=e>lLpBZ?l
zf+zAEHZLNQeiSpNH6Il=Q463Va?(^{d2~IxdwSKTadVBjFfZWZBD^aY?kOs0DH%tI
zj9d-=ejfK?psciHU;t&5eaD;K$Zt52k=MZ`Y1Y}<nHhIF&j;hoL96YMZZ8K-Xn>KR
z>k)r?I!QBK@%R`0%`Y<0<NU<(ToljjdvreH*?$?JS*-|mGaaqvKYltn@MfSa6&$tp
z*7}kTYLWV9fWp+gJ?flD()iUV%Uw!relUr+#R3cur9uxBii-=I4oa;HeBOmPJ658a
zU@08{o@QpmfkQx|1P`C9SnqoxnPNb2HXV6ba`Lvor%N3BJq}<-s&8(cqe4&d!Yg<n
zv-{gOHD5g%7z2V(j=oLSR{@0ksf7gvjcZfVQ{#0+B<SbQ6RdVts6xJ%#KJRsYOc#*
zd}&EggRtgevtfJ%X1E!3C}2*>wc-z8G=B00|3^?L)YQ3)2u7v$oaib<<<)`}sJ3<?
z?9=#7RS>_I@bXAKdmUH8&DRV&EDnu6K;OqXZ{_xinVXa+L}b9Hx(cwF3l}Z~0=!~A
zuRTsc`4{)Zz6Gj0HTBi<2rX1*-I0xHeNM+m7%)OB53Ttc@6!0@=-2)-0Or+W1zc~z
z@$O#M`Vu_$1$jk*p7bWH_6~-n`+rQfx~XWHwDDmM^I1)P>8<rxXgKu&%w@r4d%Uf3
zqhq;R`3-}EgQ(p#6ub}_S65dF@bM|{wAvSh*8iMeWa{r%W$=Um!p!x%CECb*2s{X@
z+uIc6FILN!t9ssJPznfWZc{_L+a41JCIJkD{>wx!M2Cb@o#Qs2Gzgibp6Zq0en*_-
zX6hi+1Q!zxwZJ1;B0>pcDKD64&TRwbtx(X~X2ZoAN0Z?ST1uK`NjOvg_H9~P33c@-
zW^aXybViqTLz(W)ul5%!V=b7Nn*P`Y$Wvf!Btvd)hZP;OY%{vq1ASAY?3FxB-(K3y
z8>rvq9^!&c=bPXPfkv6f5;8wt3K_ReC5TvdzMSxg7Sc{c$z;x)!eAKJNT^>6Ws0Ju
z0>|M3pTneQw19e6AjLC(ah!O=R(_Dj-R*0XM-;^c1y3QVtZ#0tgeNsE_Y#ugQ~Tjc
zV7UKECmU>{E&j_bp~k50c0<%`h$609!*>jPyhv?xNQzcD#%!dkw=+!@V4aydI^1V@
zl&=%x5lBKR&?~)tUe(9;BR?Kpjobgn)>no_*>!ExAqWGAbW3-a2+~MNw@8<ObjT0_
z64D?g-6-9S(lCSq(kUg<-SF+v`+np3-oN4jGuPhN-fNxf3>)#NswaXvM3}huE$kOO
zP>_i2aVqU13sp0JUsSUz2G|Il#q_|LkBTriFY~sLy_vUbCCF_0UmKfwJ$nx~Q9*g_
z&MGuA#ex3v(f_%Z$7I-49|0~zEqTvZWOQ>_K_t&gv*RO9!Hsl!Q*ZrG4W%w0fE`V{
z`kNFbatI8}NquaxWI(l?3Ge#<9o0xOkOEb}1%0SRf>vl$cpMz~!oZCmjf>N%GFn7S
z7}`IWX0-ZjoM1vtpbAo~%q=VcQ8yYsdulO;11}63Y-aOQ8MVA&cWpbT6_5X6UeoLm
zfn)SY5ky&j_BWHhF-#C8=G2`WX&ow{>*Mm<U;4_r#sQ|$&_8?}J;0Uqy4@~5K3zyy
z$oL2}%gCGD>9E;)bS2!Ci=ssm_J2V%uRAc}{b>C5kBGkj8Gfzx1IhY8Odm1f6v&d0
zL)^7?Brwi|!lP4}`xTmY1UJpq|H%<PynXt=(}I(&D<e(<K&k{`KNx1L?q>&9&Dtda
zctin6vjJJ9lw^=rJgNz2wjxPawwGI6Ty@KP`9lfd*a&;^7=QZwiA@nZQhRRPb%-sA
z6R6*7l_-8Lv^G1hD^;eI7n4vj6P2U<n4H}527^M^R6<vLU@X=T@UFmTOD>>z1){cA
zzEKVds|m{TcYlrAc#Qt~a{{>V?(X#VsPt2*!IA8ixM%rR8t2B1^OIJslZoP)TD$h<
zPwoq<h9lnEFJNmtR!U6N)biSIshQ$XB9dK(5!Jf<lOcnM$Qa>qgH=j9$IU~+1%aF9
zEU+;D1@UtCe)8<-Czrp>h9~yE%Wkc%NSI8AOr&)13^>@niYYY^0K19o5wyoutmh`t
zve9$7#X&;@s==UqZ!(O?-C?l|sanu#Os9h<2xL|gH@a;l0<V2}ckP1W71<PV#|$7?
z`dl<OHN}L5b<h0dw-$&!rbowlu+^rU5g$*_s#6k!RP8$ipaZ=w&<77~pjP#~%H-xX
z3O0WZ5;&Qe`>Sk!JOjLnr2AwOTc_x_lnFuS%=Qea71Fz)<k|SgAyp(A*nU`l>1~!+
zLSA?>*Y23<qR^XFu}yLBk7Y}5Kt~mBX?2iA!qMshov`z-m{+>(DmV}Jl2&>Lj)?`!
zjN{`OqwF3Wb)ui;gYjos2m*BNkbd%Z*Fql#rD4kyd!tRupgh{nO>hAB7XeV>a7M9a
zHkn^N!2f}(BA=jOe=JC7@Uo2)NwpdjU}k0>o%)t#>I@8f9B?~NlOuAh9kV&)rh!oh
zQ1D6;=7EsSM~`3SP!j!g^3>HO+aLr_a2J4u|9qoS0?(7f{8Yxd#plQwiEgME?!+77
z+I9A`zYPxsl8ab@5ud4P&YHVXx{J;K@kQ4r%U}F{1eN!5`t>sGG4xRPz8@!>E;YJh
z_{kjrZhvu8%{hJ_hrkWhylXaIUp~`)0_?52q~&Zb?}@(t)zR6>XFD}qtWjvb+!0LL
zkBuh+jEs^NKQ+<=&ere2nMN><>LTrJUS1H>YkQTVx!6(+qY)Vy=vTwLEYN#MNOF-_
zfsHsL_5tk=-o4p2uBoG_E!%`fG!;<(eklkl^Cn%9TvJ;UU~if$1W7_kcUKqa2ngBw
z3erzCT`Be*4+`d|DswG9hV)s44rs*3J(@Wmc57GDM0=3fDrEvMTQ7v3>z-!2S$6S^
z>ZcW##H_)RY-)Id)<KyG#x+Fzsf}R1o8E$(bJ&(ctJm&OYS`+mcV=Hssk@-p!ISnI
z^b)X|ga<}Zp=+QR2dt6M!GV5v;nCNI8-p3_;Kgn#tEkvPK>B%*ChW56&-@vXAuTsH
zV1UZ&Mv<nKH|+n~2Lv4d*<lzonFx@?l@(J9K+PVe$6;YrQJm_EsZTU}5v{OHkpFtb
zVI!^#-FH8kJJ+K3bO-zwHDRycnqlCaovn8iO}Z6eVtW(P0S6=woxsMG+F~;yIsLtc
zHI$u}oSgNYOdiTDDn25tmMMQSL>4E)E&~KK=40<pQj>^_xm$!krqi?0S)c~($Y5a^
zBJoTZwR&rf=};%l0Xof(>CPZ%pNtM*9&XP!>#PrbWCgzOW6+ptl8a<+?j@I%gpQ|!
z>HLZmTK@8DZtFsQ%}RfsFwN>1f{UeuXE2uy`V&igqa6bn%~Z#RkM;HbF3S1?5>d;V
z?S)zmUw&T?Q0g9}(248*f9o?HY+?8FaZUeKa^WFcAUFwLs{$0By>}q$)5~kSE#Alh
z3GWDCnyF~nqr}X+Rl(l1c5@Y;_Y%YyG|ajPIT;$?gF&2^B{&S~G;<5Kw)TYTt+CQJ
z6_%Hsfyy_%qWriI&*=7Nx8gj}PhMvRpkj<2D^zV}Sd}_Hgmb87_~nLIL6GUMi@TYb
z0nNWT%XzbE&P)C%Xc6&Le&;XZ;tMaO|Gy8e*WrB8ztWS^RL;x-f*;RctQS9qQ9qPY
zT4=L)FN-AgysU^x2k`<77oBfr_~FelB>};O$<4Yl8NAkKk*N1D@?mD9L+1%H4DC*~
z#(lf{S%;Iq3PtUaXFgsr8yE8F_uTwAE{kxLl6tQrOTxkBbDBkGb<?+LkG)3IHbe*q
z@#YUc7qbq4-0@(Q&^QtM)PhbS_wD4a?jCCjroR_i%&xqeTI?YAt%I_1txJE1l*zQ{
z1Nf9FCK@@|f{K(}G_;EmsJ2|JSXQs62RvpP2ktfc9JJ^l62Ef`)tBX1JJew0A3_PT
z^FKk@<bpK%oGRrfd`Pq%KW-j4&ac1*Auf52na1Xl&$Cb>s2F4M;`!n(wUr~4R24sj
zWz(eET>w{{GK>x7j{=}b43c#s7xz_4B_*SW_FzNZxcU-!9n#v@a|4sHO-OTGy7FE}
zy0_U3lhh>LLslEs{X_qgl-KcZlv_%=#J>ky$gY4BNqoqe*si{9<H7Eqkq^JnSP?B*
z&Zyzz_huWJ|JDY{a-96}TN)Z_y3lCWtQ7VB1Bh`SC{49Zc_OBjA?B6C%(dVq=0nex
zS&a#MEzQcxs!1&??Q~JBLCSv(P#v&VIkI$g&eJ%jfKXuw`o>k=m*jh(jS{w~6Z5@p
zU@la$LabLeef;K9a{vb8udhNq<Zi}-A@p{41^k)c1^KXm!$(Eu9&ALJjFuSf^qhOU
zl0)uU=kcbE<)Dk6xCi6w)`CKnv4o(7FXo2|3Ye*7F)d^*jqlMF(@}eRe{D2OzVw8h
zK`BjJJugPL&no7x2%r;V#H29F)V9NcPVU!+<K3jy9w>votHtThDTg<q`^N}-)729m
zzPQw-48#4i9)x_TC1>Mxy6?6k-e3g0Zn$Hwz!8CA9f{3TeiJBZ{DiSt3_l^kVdu<7
z2kqR_S;snDd+(tyM=qHV_J9}*YyJJ*6gMfVVT)g8K@bM$m?Oz1Kc7c9i|sfHg4fO%
zkTpo1<_M{E=KXJP%)fmJXx|Kp_yZWkWS|6F?78Mww0Nzc@p6!H2CVcdJpbaE^76I~
zln4oll(7{tFYkA3Vn7B3Qh7LEv@97OE=yp{)|dp&xwcJ*)sc#gs-A8ylxEH%6O>2u
znth{_!`a#ZR))-T)p8qcH1;-N#9I-TUFCP@yMez5s45OAJi;nKb8Rt@&|l@YrR{aO
z8s<`J<-RvVPaq{l&%&ZE8%=3(xy3LE1qt#->7vYRuW}+NM77<4F)F@Tbu|w?$mRnP
zn&w^mCZy*U0T;13xjBy>KUV6AAYt#mdcUanymyKM(FGM1>sYiCNs{wz4@2td80K^3
z_MnC>%(<=jm7lBMvZYKXp=!HbVKn-(HNun44qxp7^IUqC6LeG8*RsjpduL3CfVnfU
zJ$(Up+}Vf|Tv`C?|D@1R1s)sq25dq5YU}T`gk5UdlGhK!o-E|KZ&=$DN1UA{0SG`S
z2{Ou?4bJ~+EZ80a_ce`s^KPOnvvIq2zA10ohpOCsQq&!rH>&HbCM2pWsu@Bw9|$R2
z;(Sn}{Lc4Hg#B*QdJ9AU*`m+>*`m`aBs{jO7;r=7G$G%?DW}H8(Hwik<+9q78(J=Q
z2g7!T&Ue@oVbsv>FoIr-nqoTI81~=4e=kg1LXc>_JxxY~Fw=E(uJ%N3U8b~{e7*Jp
zddEk+Rt0vm?r5OZta6yw7j{{X(BCOFSQq_TjbIm0lM0&K(W0Z)H)pn=23U2-)sBJf
zph(IsC@EII1elVD*(R`dP}2SaAtWbX`)2s<fWKkqiG<0(YJZh^KmNQU2>xZMdI4^+
z$y)Twmw?iF4_IXJy57<wJoWB5=F@954QAfU8y;B|G;JtYbY%oO9?7?iebM5#)Xhr9
zH8uV>SEniNnKbnD=rs{@dcweMfnjnM`C*ZtOt+2lM&rmfukE;e@h4jY$C@qAyGnc_
zf>K=dxvxAZ*Y=BTMvI?hg;xeotwu7mxPAJTo*s5*-u_a1{7&L7^KQ%!j>?GqyHZ!l
z9aSxL83=6?E4mWqr!}pNM<4ziV(=Qp^Pe^Fs&+PaHjI!hnR&_*A$)O>dWieeS$kcH
zS<G2lz<!PiIKOFDp3c;=C_IyYPJ=}|UzsZhwyVVLb?+j~-xq2TIX!Gdj@;dSrMVOt
zo_wrr&Z~}QnWviMe_&?eXp;SEu}-Te;xL}G{X8C<l20Ou#?8dnq0F$+M`5DOh^}9Q
zz%7dW{q#j6aQJW+b~_AOHMjb`deH2#m+<uFsvmUO%ye?t@fM0nzofS@e5-`~mRs`j
zRo=uO?(-s<ngL1|3c9NG7z0M=jCENfy?R|uO%a9>^r*lWt=WBN-1;Xyusa2n1s}_t
zhM#Q0A)sWWXD;BLg&In0Ntye;+?~V>2(U+aE=@y+KShz}`IT&Js;;q7CO5P6mj{Ft
zzoer^kd$<{AJ}V}19uu8t6_5JFQnHQ5W}4g*Zm-BVO{kcL<_8kY_Ds71Y;3t4n{^q
zJdd5jPb^eb)ySSk0(Nf<vU_5$qU9Y`&(!?JGQp{zo=Hx7R%64=vuH>qEg>k<?I_w1
z1sUD?y^yyVk;x-d&YP3SnA{{KWL)XfSXYTU>dgSOyL*6cE#h+@bJGESctVv-rio<#
zRzpEC8R+m+ueO4mh>ZPAiDLWJT*Zs)cerC1@_DSpqTYGoJy2g@6Y$g2{AQ*WAO8W9
zi`53~)P8mqaQEQlie8;-@%8zQ2Whw0+Tn+K^*ag?Pl<cLAsNF4V@6&J@$3C<_PN~e
zW6AO8Yb8e2`cWS~D7<)4cD#F%3*2?A`PkL5a43Z&a&vG&>$2B=qmT0;!I}hEF(kFM
zA5VyU0NT~|C$0S9HFc+nkLbH#F;9^#mOGFd_1(0PdM~zkLi4FbS*4JWd!X)kLk$i9
zW_9kZ*(%YiHov)aD@*G>f3rTAQsx!%O$U!ZqTcaq+O&(gyKjc<JS8wN_T{!0XQ!7r
zI%^`p$7ci9(&@6twCZ)a)WI_5=6MrmVD<5dhzjGk4Zvr8W@55zV8cW`Xi5tW{q$?(
zqM+^M#Bnq`D=l5rqfJKyTl(n+sHMUAaLjvY3Jly0KYtn>L5LlPL>;8#QwpdJr`wY)
ze+0Vf*wMs_v=1Mc?Iuc`!hS&<Zh9lWyGS)*9Zx<qIOg6hj!4<8^8Ud>Sk7+w(VOP}
z5NN}WQ+3^H%rIe)QpB#+gO%Q5-Du~)A^r|wG?a)Wvf(<JW@;!V<zsB}Z|#xE%JQl~
zpgWBGQ+tD6JFglXzv*QU5;unXlU|7XmKQTz_eM?pG7fbJe&eqAMaYk^k;_Eq`4=IQ
z4RP6ELuvGpf#JCFyUTn<^Nw?Dq;b&3=J_o?VF~s6S$2vl=X!jyHEI5`-4_nRMMg=d
z`WLUCL$;njl;#Qz>RwNlLdQ)AA6sjpLaC1R?Nl}jM~#op&al%iA9d^VBLf2%e*Pco
zaM2JMkGuvK(klXhW=sw`As#A9P00ow+8u!gr>WLXN&F-uV_5^)>&<&*gSSmhv#C~R
zqxtVIy#RBaMIbjCsRjzNb?ZpV2oA|IAA3noE~n<_<rRH-f7PG<o`~}qs3I#{@yW<o
z-#_FSf3pXb_#IZ%hcN`h{!WH>xVgD$&(LRFZCU$D0E&q>@UX8slF1OG5aR5yGgrLH
zo0^VGAYo~l_=<O}ZR938)VjGM!X-5$aiV|{;!|%wpR=e8=`7V`dk75fS=bCD1xEF#
z1*`9-Dp}H`&MEj_`|n}}w0$MVg5sY9Vo*FFroKDJy)%fS5-+<#Rx(eqDkI3bh-E?E
z<STKdaDQ#|4wvlH_hGu5YxBOPucXTnA#zMq_QB|4KwXw(KTB>ODFRA+!IP3v==Xx4
zV{>>Z`A@kFkrW{VMds!+6EF7{Wf5moxxz-VNe_iz&;;$wRCdy{iSwJugbrX~Jrp{_
zFaBKmAqMj)kM%bMP<m+7y+xER^o9DyLS<wwr_<pH67JfGD5@CaVMuqENu1`OuOmgo
za=Kc2Dz{ph-uebhOINnd=p`mB(KE7tfZ?MEurji_o$G%8(Ds;7U1TcQB5yw#LcH`W
z6T!rFuqd|5(Kyzy$wy%_okKi->j}||cJETWg;wvIy!b72P<!7UN8c^sr`9{zv$9E*
zL_~%qf`rh|uQTK0SM<?i?1*o=!jT+tLlfxaF8ggZI*}X`K2UrZAGb+;*MV<ClR?YV
zRM4a^9tf1+iYCjHItic_e$Q8aRB2{W_J)j^bAKNZsYK@4v#NrleLlPl(cKQ79PgEt
z!Xk`Ul@(c8%3^a)M2U!$->7Fup`>?mO5OxouL5?Q#Az3KbHWd((U^t4-7=4<^Tm;6
z*+VK{<#SdBZt?hDd+OCxNTA*#qvQNKqmr0KLq)aCu$3-CPu_u$0KTbuD|#g*9t^UH
zx!DgtaMk`siqQnQ3V=?3>_bP@x^7gYFKd(2Y$CgTkVWXoM}b$b%iLbiM!;|=9v9^t
z<?V+#H<zh!B=20EZk86~&3T!W`8^xZR8V;~I!<yGemd~w7J8x!QUu25dLhko0rKc3
z)A-Ou3|N#IAhs&WMjyh5rV6^&MH86RTJMZ>L1aUtESmvA2F+W3etJC(`@Bc0A6n-0
zMpqN<E;Z0|ynol&q<;1WO|&iM!2!@f7)ELaf7$M1-iD}iFH_Qn(3sMi3h?rd@iS90
z=~hUbb>AFwa9tSMY~pP&jx6a9XQY>JDs4-$QQiZ-Va;8d{_=LL-lUC@G@(DAzN2`I
z@U^y%GdetCoDX-elgwnAreLKRS*<11unvRw3@K>wbpH|C>{o6ejW|?sqV%eyNnOc?
zpe%lifecZJ+2&;)UvA1l{R1zjE7eUjb=v!5?M>h-H!9&Ni(|torgY~EWoC<~#DzDA
z!G9V4lJZvY*3pQWZDZYB(N#0(-aGew7IB6(7a6u_3ihqZQnxa~NQbtSK@Bo-i>l+D
zo9gwHVC&g-W2&L(h?b$gW!r#LnI_D<X3y)@N?@?602o+U(@kF0HBan*Bw+i}y;Im+
z?u_zj`0#<nA(8y`>NAeHRs#*otg^oDSD3I+?8xK?9PP)u^t@wM4Tp$k;uxcjw23-4
z4(m6Tz~P*MFfq1Mn9uyJ&(Vnv2=<`SS(qI`y>l|-N3Tr36!p-2DSa%QV@b1=A-d65
z++uz}OQ;U44hznP&Yf-x#3*7{Jd~TGiMb6&tp+_=dwHZa6D(v<={$I8p|O%kn-4)3
zaiX2!nD_K)9*?wz$8(%ZEa!X336V_3(vmBpCeDUwo6%7TjPB2)U%EVjd_$BT9Us@6
zr@9D_eb%XQ4-+f2&C9FLc)N)85|+2m1*h=)%95sp5l9)mJu6WDsEJY^cvOc4Yq%>l
z>@PweHKBe>vUTtU)rR9+#`#q+@4d^3Qc{w~)>&!78pVy3u?FOuPgOD=gJ2ML-ZR&{
z-3?0q$San)aUuf8CS(&~F0L;h(DFORO^%CVQ+a0w8t2O$sqVq@dchio{9CO+MyLNN
zK0yOOY9G<k?@pZ%Nx8`gFKSJ^5*A<UP?}W$(RvEx0kxT2WI}QgMkHJCISP$e&#~s_
z$=DfSVU7yKzkeDu+iF*M9!bn%LLkLw(akA-HX4S2C|w(IOv2;SNA1#r=lwX;s6oJq
z`@2X0m9w~15t)E%#e*I8@f!)>UABu}zw^v0i!p{IA;Xq-d9>p#I=LwFi4o6IaW+2b
z%j4aA0#wsx<4p0Su<Wlqo-h3-%`GyqetAf}!`9{=rNHR18*&TqZ#M0|M@VdzlWShv
z$UyKG$>=BDi~s}6v!0797$El2bJM&?<TNfg%crP0nQL^h=&CT`ao;BH9~#nfBK^rs
zn>m?c)+qNrHzHdqq;I4kI)d*8F}AvM&}#KorWNA$F@;-0!&btdL)`7z6?IPR)yWPk
z)OWL#02N2Dx62oZCP$rV;#5B-=ESyc@)p2=UQM%0R+Q~U%hcxzLv{6^N_Weio`?>q
zD>P@7nZ<OYwh2j@qkH&1<tV7A{nNZwX$B&pk&!mMdeoOLhvSb*w<0#j*0LItO7>_m
z=0m4sf8!{5k~}tfTZhchD;?!DN3|<)E^{olOXl&dCt3RYGjua_i{%-KJhUR@LoNec
z!slRTN_}C-WBk9@T;9s*X#M`h50Y4GM8tdFGa>J2m}u~)IU1Jvq0$fNNT+UUFM+27
z;Uq-MCd}%gwONa;v7TCXuYZFzC($I*8f`QituA{k@#e#rb%eK+Ib1Xm^X+#GS_lk6
zQpXImsqC+nW3i?v#oo_-1HOB%`R@J_VaLQSM@L3#DVbQF82+dA@9!Q$6u)yKPDquo
zadJ*>naP~#XJt}TV4|oik=C2_x<{Yk2SKHq=#+zg+)@LFdf+j1sBQeU_Gtpggz$C+
z`4gY1<Ie_Vz5$_D30A6Mhyf39rK6JV-NcW?Po?JBpA+S^fAP|%jzq8Pb(%%CSb989
z7qIpFd9-?x=lzOE!l(A=7s)#|96&sl?TEHCrKLk*qtEu*as0=R;{EyYsUj%Rj{n@i
zPQV`i+~lqs3KM!q^NlhRR*m>&pixOrZQa1rk1GLhuPz{?V}Bso{tjomty$xszx{R0
z?w@WTzv8+PDYj(c7)A(73R~RIE(=5KzY4rUr7cIjJ*5)W9(%9bv3KSF;89}e{D+r6
z2S(U?1!ywq9wb7o#nf~i_)l7l4Cvf?cIV3SzgzQ>M#|=Xx1OK-<Y*Y5xXy47wj*J3
zu@V?M)D^_c<Ju<yX34!)M5WtUkmV-JAyU9|_@+r1zhbIvu$xdwNt@Lgz%&zu@jX4b
zUfx2ouMiFb>Z=kY{?O0tkME6M{T_IA7z6(cfBujghy&Yit9kO~_jLOmLT-hUFDpbQ
z)?jj=T+x?I9xGt3OP)1=50i5`F(}3X2mY&~A0$R*XC&YM@ZZ0~ud^YSw}<o(>IfOd
zgI8PLpDL98{Ttt{|L0GhXzKQy?pm_f*KL;kLizh;!ACjuBI_af`~MEx{`6g;6%qC_
zF)tTw%8mO!Cvmz8--gf-9ZvIpP}hKt)keP&HZm!a^C-sp^SIz&=E@!|GvjX&zd&>k
z_M~Q!g{|H9<{9bkgd%7lN%%)q*|}b}08N4nDcNp+PB5zTwQkC-nBy)vv+#4a_PQrq
zho^N>i{n$&{QUEZ+Xer%7!<tchyU}l-DsPT;0*{m8YTg4gg%(buvo|`{`lm$@QrEh
z(`OycmR67Y7nTJhF&$#fMjbp+HZpu~L^GfU*N(=PdT(a+z_*VIzH@2=5{q~vQTJaw
z$%XbiYv2A|`<h*={aNNe@a`%U4h01!U($3OenGs^lBhd6?l&_EaVFcH2izlU<{5*c
ztEV+G4~~GaX|3zP%yL%FG3@JvJ0xc$U5xJPjIbYgHP-spZ`o?K$X*Z@!raKFQU>lt
zhPP>Hl&&p5t{~3@t>ok{8;k{}tMPsUd?GSd1x!rmn&VKgD?VLil`$c2RZ?_Y{JT=6
zZ^-^u46Z2fXN*gjh<?1sc;ew8N_up{Y81t^mbT4STqIO#Y7b_B+pIHoQ750l;6<T8
zDJmY6P(1APdg>Y)tIL5`_FZ7I1Nn@%nFid>T`V^~3q@8vSJ^EgR|w6deNV(bZXw?s
z3kDsQYvzg|stt}S!<v0I<90JaM8j-hzDhj$nSuGnsXdS7F%x_i!Di4Tjrt1^FXTO^
zq*LNEIW^+(mA(2|q-VEe{%bcjCH<{1<>lb7^cBRUvFtPvUR03QK6dSU34fpZOfiNa
z&ai=~rl7T-H&@4de_)dh9Ky^>`^$(;XE0Jr3^VJbKBjdRV&ReGNE0tq8vrvz4Mgwm
zLyOdr#_Mqfu_rn2X^4%Ry=7o?jnHObr}K#^Vuyy<OnB5)3FBT|>PNv<?Gt5<=*P^-
z;>MFd7Cv!X<n?_Y?F6}hOocGjVu{F0JvV1@zkeTm<irV@ar*z<-?(^*cAp#vI9vS^
z;dv0xF!Mf2NP`?u=^I+-Df~p52U6s_ll9Tqq<qie04Lo$+<0T(O<?`W{)0y?2@D7a
zS}#T8K5%P*c%{__c@;3^V6vMmnUJ?4r*bpm^2_kK`C)7^UKC3j9D!lmj@NmT_T18<
z+eWX-I$M_RZ0G3xy05G-0IuSIKd4<JB=ZjF)U~d!-+lCsjHQu6Q>3b9{~clGvkMLS
z_psP1`~SZ~DLJe!<yCKdMa1J?opM9%10sS8nzs#L2g*_cAnvSSZn8XYS345;s@ZjM
zjhgDd<^A0V^5H=2R3%6A;%JEt4-e4Ffxs@UIoU=?v;mll{TLwR5#`hgHe0p9!OX~V
z`{E0iLxCu=<e9dK>p|n26UCt`pAz8dgY}kg)M;uY<=;=3>&6L=LAahU3O)!w&F*jp
z)w0{$#~5Flu1{D&6*>!^Z7dZ@2amcAb$3^`6n#{Whv^Ph=VDafDu1dVi4FI2hTmc1
z4<U)AEqxV0>(;;8pj%o`LCy;F;To^~?X-0G<1WC2(z!if21NNVfG6l$dUQr*H(@kB
z5`L7d-TLoIz^8x4`**y!i2=VZsA$>fYEjiqsOdqI(&o~v^0QEB0z5vG2!-?T(}$lR
zK1Hkk*c3eSxglmbbZ(;3M6)u6(u|XuI$Hv{a*^Zxx76~vY#6ZQn(~urjZ)+&LJGp-
z*{3fvh)HuydDNZZJ`rQ~fHXglr(nY4K;E^YxK7;uY&k>ha4cH9FHN}m<Qg0o@m~Yc
z<bn7sNEusAZ3e3T^uPCLYedIk$k7z}S%B~v&~=I=xjJ$Qi!wMk+S)pEczpzw=cdmS
z5V*I)z43!W;$vN%Y0KipW4~L&7wx_~*Q;5Lje5WxlCIr73kP?|lk&>5$?qF3VE>)m
zx}%?6?abD%ZN@VW(>r>aCYrRLwK6(UT8k!xn6=>w>3l9#6W=xf-r9F7KD+bH8?}2+
ze6QtSw0JIGAERxh?WOEJP~9?a_0D&zjk0hgE0Jn_y|6op_L5{hzoVA!Zy9xJ5NzSL
zL@74jf5N4fQA>5}cez?A%UfT=XO|LcE!%`$^2TyPD}y5m&K4lW&dYu+UUqVJVyBfl
zlhg4ESE><`M8mM<uJWCzL*P)<Y*Z}4uC%v~F^X!e=AqSy=0N0@mUkHwm8n3TOe(gI
z1N2my5vhxZI12q><^|{fc#7D!BEf68W+wxLaq;QQ9$Q=KioT-qoSq92cu>@!vew{W
zIGVVD9}A?0sSXFeFz7~HeL&Vjpr9n1EZ5*JsXa+~HC+R@T}?B9cu-5fQ%cU-nNP{e
z1lCEgo=CD;j06%AULa4^3~T}D7BEq}w~>0P2ejrvXy{u{%w(ezfBwATc=`a!z+)O$
ziE&>V5Ya+8(31zn0r?lqP%Osf#hGhMMZIe@X$O4)c*HX?j*RHCXL`Cljc+v&9-T?s
z8FK%_z`Z@Ua;`18%Zq-1{2w0yGvi0}^m-rx(fl{4fn91g+s|LTMu)<)9Z4VPyxB^0
zDGmhm+f)JU?@f%!Ri8dPicGd3?obgB(8b2$HKk`RVx$N<mW6LZs+{IPd!;4ez9HdM
zxuX1f_D23MlDAWT561OstN4EDTBxb}_00_7_lT9omCa;r688%1?}MS?4$Vfhj5bqf
zTNUY|+9*7~%>qU;ep^rk{`VoE+Ue;Jc5*=2SZAl?8W?xF^gE)P?gEH2E%OPvVf?ox
z%qqW3x^5a^8yp*gOBEjCKOi7MEVYOLwm9A$cW&PHuV$H!5jbiPmzc=FYdIKW;P5uT
z+}~fsH?2K_QcQiK+?Z1}^QW?T?1WXR^QCJeU>V4A7&Sd|*%$;Vg&Urc&-?%d1Q3Jz
z`w19bsgChlPJF<m*@)^fO&_^gx?zjwQ<=3e8XD)dLklBx6C(F%A6Y+T1(ih6ddJV-
z(vxGTL4m=0Wt6~fP$zF_xGg%nk}Awl7qS#ylaWF~LMdbN{`i>W5FnSFEGWp*j5=CI
za1ttUGYhbM5#dY#NwGO$bPT~Cw-Q+3ozSd4AK#pY$(yrXqxBXJ8>5ob+CZM36uaj&
z9_2Rm@Ac7r%1TPckEle<LwzpRjE{ZhzBb)miQh2_dklNvMq_N=gO`R+q;>zhvZ^WL
zy9c9EStub_*7!wvbN=%JYr4+<Gq@mQLIJ9?z`!8Jx5Mu-{EB2#(9n74mfv!5POo}Z
z6~smz-{jW=@T7lD(Gg3-GoFu`=Eb#KblgtCwz0ut%~`dTs>SqZH;?-uQwle<3Cz6=
z3+Ng9Gw;sdY%Z2ZKk8A{K5$g~ij-b-Gur*0hac1BirgcS8a~QW$Vkn5OEO9c$GmZX
z8QRKC?||{`wH(P*dpVmyl`ar;18SWds@VSariOx|ax74X_1WPfKFdU2Q6hU<bU%aZ
zDGuf1UxqB}d-!@lId(4&q2m@z1D!$g=?%7k{S1>YoowIr#gV4&JP=oh-|dbsHs;3m
zy?@Bg1GW38c<y&nW&bfLQ-q#`*Xo&(eW^?TEHw`a-p<1Yj}Tlk1}hfUlWfVZJcU%#
zG1L9506>H_*(ekQ93+KTuOjX>L+WBByTd1fzmWnfZNfs;t&KCpO?n8_$Ux_FF$eXO
zal7w)qxNyjWQkrW9_+NuF2Ia#Xd{v=3Q8SrMpeT&d;o~~EKJc9y!vH^P8e%1qZ%0+
z3KxRI$ME9w>Q0AlaGsLdA01Egrf|{7S5;LVlP>EUERh!|E5?dn-+DZOvIfMI`NJ7k
zh4)}ZjQ>@kZwasWm)|{?YJ89=4gzY|;s93>cr~iGfRqx|l$=dW$Uzv>KylbX++%(<
zMjK9DE@J?%`{4lK8+8VZhwJh35m2fv6chW_l|P#I|Lo@RnSw-Opvq?o2@B}UMw8Nf
z2Dd!WCc`ab*TBey1#QFJ!djX&ih}$>763I<4v~5;K7Wbi3!`>cZ^%>m$N*QA?1{^2
zm+6)<KjA|3Sv2-d6m~hxzg$<=tMp01rV^R@;IIrh9tFFBCu#GGp*Q4UGWHe>IBdnG
zYq)||3sor^Lj+&xa`IXYkGHfU%z{ht#}+a$i{o!1&N;3$>&;W$%e2sc7A|Kpjr4s0
za4+34VY|R<PlwKZ)?g1a?@QP9v(T21a}iN-V;4dL2`+Z#uP63cv_4iN!(+FAP^YbD
zd&$s-h0tXu&1MkWy@!O$($T>%0AP&O#?AOp;wa!ZBy&ewegKRrB45ikVX3Zh=<8Ag
zrHZQzE78M;ws*CQs`3ViCM2=_2q)y5f|68ugUJ~TbaD~j(0MZ|g4RB+KS5|vS-HO9
zhoT1^FD+rNizF(1IX}=>^?yK8#F>ao{_U=HGyyW24sS=cY&v*;hs^b!{od=_nISFy
zuhQCje!<pJ%VS`53M_EiX^=%8jpynEbQ&gHipTP&goK-{XHsY<No%mg-y)%g6OYUZ
zqyjBg-kn_5i(1e2yhGbyjP2`Fh)WbvM&-lkH<P8q-K8O{e7^pEV<aE7d?%X1EUJ03
zF-bmI7){!~WMrs+;sKGM<HB<_TvMmzjQP|M0npz8CBU;YFyPEPzfbk4gV>sDHi}eO
zQlP}RFq4RrEv6y)mw;MYCc$^0F$T<n8!{xGu5m0P@(%8<JH2X48!A+5t32B;fhfl$
zd6q>*o&?|DTOVDwJWdkY3gfq%s9|MW@noWc?n3E(F|y>LPJm8aegn!4iw}*b>~)Xl
z03ke;ZfY3J(fKpEDD|l?y}kni-AUA~RX|!VApZ@kW_)cNPD?4f2)R4Syi=g6K}f*l
zCOJdzS_E-Bk!Zb#`xRV-D?3YXFgnU^b`X3xC9vyMS3_0+kBTb`gm0$2!n~HpdVBgB
z{R)SKN4M>2*I;vYgGjkJ;0pJQW>*bkU!JPU^T0Gxy4QI-(3{5AYw8;fMfeg!o~R_8
z*+~$*W~EB?xhSF^kvov}-*<D}g}06S#n2wdyGzd!D_pMeJNF%Sz`)3=n8TS@)0O=c
zX49{s)j%QWUgL8%q(j;oQ6wv^8AU1Fk({}`*sdzW>;HflfW$xA=K~tvSq~oE-r_%i
zP>bK}rx#FI+uCZX3DQB|DQ4Au339$QlT`#IC8*+pEDSwX$0$V1V_tUfOHZg^V<v7*
zmiNC;;-r6hEtFId@oNaL^Ic6!-u>Q;#5gwjdI%w287;4L|H%DSmUmyye;BuqYvT9i
zUbWwDEH)qNJI>E&>pEClf9pS_zLso|zW0DNA49j+IiHP9cVD}!DIFX-K(W&ggZ<FN
zb*K432FU^A<M=>&`WZpQu30cwwl!i0+J63=Nz;QInK&?YEF4g6EV~*YWHko`SJ@l9
z8xasN8LaQP)X-;x9Y6uSU(8lwZTvnW0$Z=zyOtG-p3^q3Ve){GupfI2m<erSdYF)$
z0N*12g24)1F#RoHcsfHW+Q8xYt7_D+aCDT;drx-~5pM!`dtQD+un#G^0|gvV<zwZ6
z0Jl9=X|~LQ3MFr$KVXrTZdrR|p|3r`G(4IOfKW}0_dT|l+1_M-4qlr|W@<Fj*)XI%
z-2W~GXoWE(Ai1om#gOq*G8Ic28CjZJ((|4FuMI&%l{BGjSRf-xQ;z?<UfrwWpb+H*
zv1a#TgpgnBBsRsQTnWisGWaWnzZTu80roHU?DXM7ktCtuwLIxoOKJeYznW=y`qMNQ
zu0CL4$@O(NxzL^FCQRJHOM{GeFuY5)*Zx!ysd+DxF8Mj`1sEeQmc3<jW+}`suw}uV
zBao-!2E+ZNsj!xAwOBlsyo|?Q>XrqCcA90~Z-EB(1L~<gu4;#~rDcKaS3!X`yuih7
z0HB*6{FEUzu|tpFQI4`_-Nm7L7wQ%w5pl_GRF$WUW9fgpoa{Lgd%6OIAnS&7M&D=m
zV4yK}pp#vBLr+aD0czYI*4y%9zJ3=!M|e!n_XTX|<CNMLn(Oz|bD9`Uydo|l6j<1)
zQRqe*u24d?S+G?J@Mpj)$Iq>{sQv{Roz+eDe@spERUaneT}b>{1dPpFILw}O57sEm
zf?*aXD$NLJD>5>9-*c}Y(R+QG^LuTa$ZkMue0RdBZrEbX__EU-p_tzH{MH~+9}VI~
zP|($1S(WQ3^GroGogonY{%g#*K(yodahv}2OEGnB`~5G7ap@`9wDdt%(madpi#aEK
z0|U<yacuBFZE9g_`nJ&$XBq#eduTD3I=7xQAV5v8h5RBjK&)3r4C2jYUpOI5Q|Y?4
zR;!$!){+10aQiXg+!MK;2+Dk1oNYdSf&TM@m1B_~KYl!W{yc{D<||kR^ItJvN!g>^
zDXnI_qIq*#07g>qOg@vl(=KWagpqz`dX=9hfn&OA+vc)S=Ub<trA065zU`?<Et8s{
z5Z|HPUgXN*)d>Sb(X>0_9UX+&-++`k8Fuo#TzU+2bn{=uh)MCc2fABadfij_S>=v6
z&5ZNjy(Vh=9{tU#RNnkC%F|S=IVp$_Xd=t}r254CZd=y<-qF~j<>ay>woRvHw%_Rr
zTPX%24yV}Tk_&y44eEW;;Bcx*EUHXqVV?K#Qg{Y4o(S}kN2N?Y$49`dG`-{-1qKYz
zddoB^L4w@#r<7iUrF%WT(5vUV3}Tc3%>uRPKgjOzyN)W4CUxE6k&pQ~+$a-Yk*^fn
z+uHkpZ7)AzM;~72BOlXH6-oi~eF?%L>R%>rE0(1~<iB|OfpRbM^DaEq`qt7fZ^U21
z9$j)ZuOh4<4YA5{$QDdmvcOa|0nfy+rv7=)RrH6a$d`(MBd+oVy%HyO80vi%H<c`J
z)8L^4tTG>Q`&K=Eea{&X0Q8BJ=0fKB5uiwT>B%j)5?`c0MJ}}ZCV-_fI+2-)dI4xp
z-QA9(UOp->otyDGLlnF&m;v*Q+L>??v*QuNESd1=NX@~c=?as;pm#xiYl=8(M<9!V
z<y-V2S#~kyK9}i_a6<c_=N>V4o+~|(93~{iDwkjc(&~4shjyQw8u{`p36Jib-6~s`
zp{fmUOw-!N3-Nv+24e*~cKpG8E>>^KD^ps9Rf2ccMj9HqH<+}XISzi;%WquRdVSAd
z?RcCHk`QJ%T?=1$v6PsJht?P<iOub4NE2}y)G59D=-%}NPDYovksg-n%78q`ldKYj
zRM5;BNKngBu7Fv)P?FG8lLgEmw)ecO!yKB3fW1E-eEBpj<7L@An#<5*XrY8I&i(sd
zTem2X#DlD*4pcc5p)xUs(`p7PY0=}`#-vTowab*4jC=p*)RV3ok(OX2t$4g>DLnk1
zJyz&5NMNib!j8+9b|i=2&E*F;#ohGLsL9k3trWGauVH8uq<HRW4Q~{(6V~@)h(KxR
zGmK{N4v~^zISmaYy$@YiENHQt{Nzf4B9pgMQHbTQ>sjBnK#ya9M4OYrP918d&W8~^
z;m(@G84pMX&ZVE8iTgP$d1nua8L>)F=?jNDMUG^O7k;m9ScJ4*jSEo9kt8GFLYYNH
z4d|emAKz4qQOD6va+VQDv`gl3IOCW}ie3Bt9#?2(jB%OP(B#?G3hkYE(r1rdz2PpK
z8T>NhQh&+to8!(Eg}85ta+k;@PE<5tWK>&iZ24wTN@QIhY7~-RO&!wZI<CAp7;p2W
zHf`TH5WK9r@__sf-UFxr;;*X)xz{(_k9m8aieT3yy=imCN<faC*RWMH#5GiW(<mf(
zB^Hk1e6{*6=veyyWL;dipuDAFa3<q-4k~%kIzVq4ABA`@`s_Ut^(|d=1>wyWR?L$Q
z1O3QoL=+uqiZ|~&7=n)fP=Wt9e<Qo%+G)DMBoNFb87{mU9hHgY7pO4GK=Baof3U(|
z?+log%Gp0D6|R_<nAKDMp;Z0__5dqy^VJ`+{b4WaPGk+55e4QI^S5uWRmVP38*`}_
z>Ta?F7Em+1TKeCkR4@Pm_wHYX%qcezlT2rb2}XS^gwF78|CJ;F*f0YXP{hEA0#1@A
zIPhybot-VW1&+3UPU1Y)J-w@J$&I4_ck1p<`JZxz#EJ;#=k7m#u;K#}6dW|~3i7PY
z>p}^O3=@D!t({lqHqBpA63zb0lgP7r`oAgP`c_yl;9I4I*Z9-5(NM@wMclZ}Rqa_c
zc_MeN+-6B7qYC*X#`>ACK;0%zhqI#M`|YVpso`|d4a2`hMPDIe*N>SQeZp7J|L?0X
zvvmR&98QomeJtb-7a&-AH<2@OB$kvY3H!DT)`GAAwoY$j3>c8zkJhVFk%)OGXlkap
za}XA{yU3y8k}^q!U?;lSO^PJ74gFx%$y3cV&dbXB(wKMjMX6gaC8eOPT^>~B=1cyF
zqlIVioBH)MaP4*Z9EDuyHP#aeIzBGK3lCtpTyEU%UPk}tyv}3=(}DzeI*@kxi#5PA
z2KVuQtkv3fiIUghc`Pg}0iemt3r1n@BV)gPd%ih;Wd%ND-dt(>k%}CF#igX~LZeI4
z^~T*X)tcY+&Z2cH&U?5}WbwNG?o(oV%BJC^0JuG3IB%~R`-l3SI5r<IF>&hG$iv6b
zI(|3mx2NrQk=P`Ub%9<e4&;=G)O!np;c?t_^%4IiN<w0ytrujf{SFwqHcqMnby$8G
z@S+A!o&uCEg`+dJK1PDnnos-|1p1J0k1BV-6`HQtgo}!`4$G_H(ra|i2jEBoXrY8B
zeTe^a?*vywtd)*r3=EM?y4~~xD(`KJmpb&Q$6&32?DPcuR37B&+@67_%0;NXJl7c;
z@jmhcBA|b^-)yz_ZD0F%o&5d)rlSL21L;|Qf($U#vk>{Kp-E#!5M}vSd(h%}AesJE
z%CZ@7#(qmI|Ng-u>~)wYQUn|ySPYXWg?~De8tA9y1N2^4HeEAAI2VUK$_p3;FbmAS
zfTwr|R{LxWQ=|yH6!=^uajpXC<tQ-A4tyY#-QC^o434kKEFc$8NfYvt3=a=q1#z>$
zbBztiso>UoPw7-ySXmzN@JQZXt{JcPoNPH)<VpM9H7};P43FLHT-&0F6%Gm~B-;bX
zIQ^uVDFlaN)Y=w19PlXnoyO3XiZ|uJKPAxB9l^t9FfI}reQ#2g6jkEVMcu&#!^Fv%
zlw2e~U29k95*8TWqx$}RSR7EJq$xI`15)@SA<wrHWVcSi2PAUQq=1{j>EUoN3tHm;
zr7~j;vao9nrQ7KkV~mEIQ&VZdw^YdW{>@pH=XctRLry=nY+_o6a&Ui+<}0p(h{SX_
z8~}8I@N)4{SFa+lhKm5;i^F1Dsp$>~$uk>fSIiXx*KpRA)c(y;<}K5KMu9cudNIgy
zusAd~BC<y#)ZG=gj0k#%@>$}|?X{PfrL}x$!IF^oagoR|q=ixWUQ#UGjrmq0`>_7|
zL4LQ(%g^ltLmvfCc)QHo@#tJ<omQ^tfp~4M$xRVXv0w7P1sE;+h1Z1$(|MuaHTp&Q
zUHe@Qpcp1Hv|k@q7kowV7!-z{?bN5@&Z<aB1q$DpyDXTQn_3s0M^k)8&ITeWJ7M5x
znFNq!KqZNW18Z<I%`aaNFz?@w#eDh{pBR#50pIySJ_FPc8tA1fv#X+p``7ahg|Gv4
z-G<)AuBR3j`CxK3@HGy3nBHi}j#+mJ@<BCSWX*6r>*uiziG|N7Zlqzse=NY~APX3m
zjj@YHZg?S;hVDWev>AT=%M$s4t<2+Q8~0#$noj(q#ad6w?FyAICveCjMfCZ3{^v${
zM6z+`ad+!zxoFQKZPpIVBwzu^=$c9k4NigJ#?rq%F$M+E@m{$N{pHyfD_|UcU{s}4
z3?mUL;oj;5vN>nspIj)5?N?NH@Z4*+C8s%Ztcz{aoE-AECs~L*=KIvpT710k7k~oZ
z_7foSq`{A!OhbXG3NFiU28Ku0D2G+~ifev%<#)`jZ*KC`x)bA5Q&O^f=j$CaDTz$E
z&@i)3C)h6zLZ}`A#e+Dqbn%km9k8(MA57W2)L#XLcZ^|Sm@KKiswpM3g2PsMix`bA
zg)bf^+fxtFiSr*y=2C(Qpj#sFe+E)Bo40~LmOhGk9d<Q#A^IqwurzRncuv1c?CjmL
z1@uFDtn}Cc&#_^G<am_Zg+tu^t^ZJ|UHJsB*^h1&W&(xHF-OpHMMW5omvb5%n+EL0
zj)qqgbkBs{X86+0Asy^pCUPth<>p_nFTeztPAUW^7DyuE;^NrG3i5wRzX8v3%z70d
z(6&uj(ll09Rtoz1pArLIi3(vbt?l{hUcBzN38a6Rp~k`ynU7_1V>&xKT)zbbgh}b%
zewIa}<3aO^rQu@)B<{TZ*O<Wg8w^T#Ja)-1HhZbo3aQ$XYQ}9urlw72h}~pGa4|Xo
z-HaWMZ1>8DV25@UTN+@IJKnZ5vfzXy2lT8q2$2Z7m#ikcAcU6PI^LbM_qE^6w)dyj
z+SNoAAqSnHXk>!$HW$iV^X_n5KexC)d)XCdD}oALoY--}3poH2u-;$*t4vcALHm!Y
zV7H@6#M_#H^Yn@RJNuXO;EVvcx6j>ty}HL$o$MnznJyyZYdw%Y&8|~s7`u44yU0J(
z{afqvs`1@LrUl4QG`BSWby#aRQB;BblxUM@2|+UL_UC)?uy%2EnY0IYm1cajq_GsQ
zpBEP9f6|RCvJ9Q{yMPhtqd61Zb(7bF3wz5ASltmO(kPkDMv_gyz+{Hcn^?sGq?8xz
zO4PW3uuoa?T$NCUg$m!+@P*gml{lLs45}F=C(;h)p_||px%;%H{qY6>C@$mu<Yw9`
zQ7W>bEyLD<eW4g|H3$y*?d{!#sIpC^1<X><Y?z`kLG4MG+3Fk0C$EY?21*fc+DB1E
z4Trpff&qr=Jv0r0L%Bb=M$9he+eeU^{U_9svsVsV;3fz4)UF{HWs`jm{X`lcys|Qe
zSC>muVqVwJRmeqI3RTk+2F3~(Y#`YqnWA)n%VA%CQ$aqF9&91K*AWo7f5CZotx75r
z(b5~r)w2q1thVe2wAaI4@$08_Zwi&7G-4nAWMSCoJe5yE{7ytrdwte^;mA_aK{Gfo
z7}I`t)gDhWHdZqTL~fs!L|*-ZC>JB*ky%LS%69QMKSU-hE-bVa!6df>U2~OHG@TAr
z+8l@i1<%_L5ao>9eCV&vb|!bI_i2?;qeA#dq|k6D6fkHq=w^toXn&v$6G#fEYf<mH
z+}%R?JBX27)J=0l*5t1OcBrMzIwV&8dc39iqN&7Hf;UdKCTuBmO7)BJMj@F_!=O8k
zGxok?14impYplxgcn)P_yrtrBYzX7R=MRtlVIqM0>DSf@`OeOM#nL?jni8Nl$+Dj{
z`a%{b&l=d|p5O(1SyWUK(fS}G)F-qH5+KUhjpIP<jr$(FWK?KxgYwxwT7T?)9p$@d
zUN$`^Tx}6bLdKZNZRb{N)<(1c`-kFmrCD=?fQ77_T&>rB@Bzo$Y_wD-?se{tuA_&Z
zxgO~xV^PFU3^$m6%X2;G`H9ganMx-L0E2H|cn1A6$A*!GT1egsN<-3WEsoafdj`&L
zzg}eRW_<DJ>Ig>tL?A7z6bEX1(aBI>KNA%OYaERNC2gZG1Wa^*esOtxA;XXSi$Gf#
z%y?c!0A0(Qma_wD9_p7ZX#IGj@qZXJW+9<#hw;7n2Mb2P`&To2@-x3c@=ogGM5`1d
zUD@9#(o*dL#+O1F^MjH=9K{AE)Hg*PJmhjddMmvI?mPM)wqP{?Kmpb|IV$KG)+-^%
zHmv(WWXyCivPiQp{p?Je7}phvBr8t>gQ!S+rUg<?kzV`nlgxgx={k6hmPVK0csJ_%
zvJ5>ZG8VR*Bh2ATjeznBNDikduaL$mPM&D!731{?JsIc<;_4%e#Q4>G;^AhHhBdsE
zruWX37=hp>UF?nQm|qQ_;1<tybdh};;}>o<+;Q|A(c!g>O;$+kfmEn-C8c=A>%)CB
zm)&i>c}lmy3Y9+q)e}c>Xcw{uTbv)c93Gj!yldm(<^!oXg^GqsHC;W@n+^HRT!5AX
zF!HmHJw(N0ar7J<vUEvdR^j2N&t87<)N6R1Jtuf3WfhZ@#HyIY@c}rl+}G_e6o+`V
z22hs*q19&IfhXNVm)n=*So;$k>td46`oU04LCH12F6WIBpRu7~2|-N3NHPteVR+1&
zT@<tfMWDQfMwx!2x@Gc7a^51@dDNGWZ8ulKUAoN`EeqpzyJ^De?lnrY+|Hwq8h06R
z=y31e-6zv*==G#1W}uNZP&*b9S2~RTQhBOQU_V=@{Os8?SA)T2J}_O~5(4qIvCymV
znr$F9k#_~bVeH#kl%Ad5z)#xyzJSAA5i@@!`)+9f@+Ay7Ptk)Z(6HD7*N?O_@!P$-
z{1vFAHxImZd%azvNem7Xm(X@jV^4l*l6Dx4bh9ZL1}rqE)xb}Va?a69G0*pWscr64
z@kC)TB+=ND3Fgp-4;SFVuLCOFf5Zkusam7WlhMHShlTJ3p8VUo1|Y-w82SvQo>~Gm
zfH9Fcbcu*{e|>X|(VKENUQ0jTz%;!T`h8u<3Z*9t8{^f~!vGGCy*cicaY4L-$jJMk
zgn!<joWfCC>qhz#`9<m-9wexWJzyBg!c2HTDKnNqAq?|!ngBBXyw{u8p;oR=BvEkl
zV!5T_PNV+lO4Gln#q3G|w3KRJzav2r>}`x(YWktPb$%wh7FctEp0k9L5BzdVAB!P?
zRGu<KHHz%)<%})w+_@!80!>H{e+nRs6q6$UCgSo<BNyF0kGRy8-~)=RZ&@4(!Q;^r
z!Z~-#LvvL;d$BX}sIFNJx)0g)A5~kfS+^qm4(PLDZKWp`cvX}@DV*cC@}h(LyLjmm
zdj<5$J-xR-JZBNqE8*Q=3Es|Nz>275#_#b}&md7BUgfzM%#}~@KQ*AXx73?fyLp9v
zLw+P>GR)xr2H)Q0*t$3a>k<)V3%I`toUzXMb_7XWB>7#+-B139++j(S2o>|9Lb1kx
zdHxL65!=_tV7RUzOT14B2vQf(A5wpR+@sgk_(y;6x37k<HB0LH9`DB%v`Rdpov9St
zmo>Xy?I+#*1*V3<GtDO_hchKokGL70^pbPH1$20p+adKth|>KfgDE`j$4r>m#EkJB
zl53;%Ax!*$Y6$4au?<t!VG$T(^#Vsn&K866;wcbf>fGyhcCL(FJb9JpzhRu_675g$
z!B*BZYNc%l5o$KY%siIkOqj%iD!Ez*@0h0mr7VgYD4|9Z5W!_K?yc|WFk|CjlbEpj
z=z#2rCQ{GU)}6c@f)h^1$#@rv9+zVVCDw+ZbJug|){zF%TSj&2rTbcW{&T<<-X+rd
z!FH7e%n*r*){U3f@;6z_($d$!RD5S!^|%+vd1Ja@gx!0K{oVWS_J(Cas%x7mno=xr
zzak98c<4b51UUrilr<f+Eei^4Yu=Y5%;x1Qk7<%Xl44IsIUe^Wd(-@!jwg0NG$Di{
zAsvFrvJn*XjHAopjea<wAFvGS7t?J^wssc`edI3<rWaTd{Z-qT4Y_YmlnCxQdeHf?
zurvoIq=(+R_tI2Fp8*>po>4d5N!+(?KGzQjf6<tR1fke{8VLm+&E`Tgs3-o!w}7nV
zdcKT6Gk+h>Q5?okH2J+M<_&^xUc>;UmF<U~uN5C_udAFmGM;#CSCTjX7nZUC$5M>w
z*>sFrS)|bJCje*t-&Ub2He>4MQ!!st?MPgPvy>TnyPqwT=%p^~)sVDDlB^Z}q(fnp
z4nqTpP}kf<!<jlJUI#fy?2e$k;^AlhS|UoL!(ptg2C>1QW|91Lb@*Pqm?@I)4TP-R
zu(8Bq=`Lo88V>H*YjD=v+L|XUVnE3r+MGl9BihHTlyqY8a$H~fw`ZV_vZ6#BC4pQY
z{xzzJt7wYSjU|ON*zhoZJD!w<v07~S0_xF5%1Eb@*l_VLG&OSOdn)P9X^Y>!2AXfi
zbvw$)pP4^=$o8#&lBSOmpc6ojTQ&|!z80gS>-->#0_A_qrZgra85$8D4h#+jZB&dg
z#vlyb2V%R79x-vWz{oz=nI=4u0xFs_L57NoI^zf7zVGB$AY0L{FzqjxE$CplxK4vv
zMzc=AGFNRdf=e(_u3MR-eEeElyYAI=)mrQB9Vq!zL{^)F)<C@BFZ0_(3@onVTT2bf
zT}J7%ncOABOPZWgJhfLu)dzxybhE)07)y}S`K@;kXo}Zgbf3INx8a6p&5zFs;POeN
z1B(((@*V?3xLoZt;Cb{Zke<t44hEfj>O2s*6gd>h6g)$Dix&F=Kyuh{=CT!F1tr|I
zwTx8$<<<s4MvnjmG@XMW@$)B5=@+%m!M?JZmTD&1tL7HK=FF!wwi$$%{6FsADyr)C
z@AjrU7AoB!Aky8vC`Axa>F!>1cP)^RltuvwX{5WPK}wMB4y7CR#eF~Tv-f}R@t*Io
zk2rt<gSCF^ius-MGu4()KV^9-{tcGI#3JGFyBntly_@U8Q%b$TG{7QIcz|z|P5*Af
z=jb9_uG|;QM$NJu8vfuf`q0N48^4>7(fV+BXRNE*jiB1gq>?$};pw|Q|FS!Vyht?*
zp+~dQJ@zh2aTclPdLU-euPB?p|8Ap*gMq^>Nm*FX`?rC51d6}K>cvH$eK-t%$b}k&
z=84#JmULF&3qa1Pg1~RO943o3_jOnv5ppS3^6*rbh!g%L0_Ch;r}ihEqd9W@1e++w
z5FPWO)O9NnjBmi&^L#_5s%P!^Y-=$D6%~Y+=J-2GP_r{><5m!V-1*1~hg0->5JN=G
z^M1Z=pAjZH!lB2S7dKqYmc=#&6wp!&i@7QHXXW0Pj)d)qN9@F`8cPvvXwT3+!X26y
zLqPDackzN*Z3e0=Q?S@<{i!Dm--1VJsdj+kr<fIaj~j8)e85F|Mj`|Auu~Y!F2Duy
zhky(B%SCmI+6a;N&&$iG5x6gf^=*So=}o_TCr$61iu(xiGHFkpd8x?GcjvxGQSasT
z51#~p+-BfERG$!2ee(a%Q^((RaCg;=e8h}PjkB3)BYk&yRXx|_AOnJ4<LWB}Uj>K#
zA_2?(1-p)589^spDFg<;rRB9>toc<@Ml1YW8gz_TzXE}G=MEkyp0U0Xqn_VpG*$>R
zv)a4A)r<sX1<yVy8X7)VqQl}9Vpe5DiE_hqRfs`s$6FGP5^&LKviLIDqk8s^5PPab
zH^-=6>>H?%+Kx+x+$WXK%}wMo3qWoy5gl+h8$tG_glWtetckPr?;m=bE4jIw^6<75
zB}rsU7r?ls$RHA9?ZH#?Pr{YW4RGZ=JUmJ*><N={a`=!a>2~*~?V<0>A86^IZ3<XS
zDB%fVuSgf_?E4j!Grz?T(#}jG;Xj2S#_Za08DBXItqj^muB+uUrdZeJ5BWr47{SZn
zHnoxsPcVl61c5j2J{GG>5C5bZq*8??nh`w`XtAgzeCKlDw_qf+8Sw0GD2+d5wPt?+
zQgKLwzHgGHF+y2Io83>lw>mRR{c-EIxZ}vQ`K-6r8_au#>TTF|7t1(8OvhFqj^Y0)
zz~=*@#(!$V@8&>Tv)ZwqrQ?xmhk{sz?d*HPCtzz!0wU*@un5EuxhE!mh~JR^xnrE%
zC%`k5ezd}54F<GydlQA>&smKfMg4h+6mnF3cM^P+m6GX<<*w`L-o)mR#+Jj2gWE#p
zMl>}^jk2J4G%FsGtu0`yW4yf?iFBiV(bEO3CXhr77KILlhN(Dz_4J1cS{V2Vy?1>Z
z!(+Ec5;a!?PkwTyh&hlv0kMq{ok=3xpD&7ChqH&mlT(F<PB431B(KoIK6=WADCWMC
zL;;)-Li#DL17>@Jqejfffw`5HWA$A;-yJL8UAVOh#NwGsg9&R4=OjH=Er8TY$ji%u
zC+W+bExM2EO`U_8guFyhxiFCQUfqN1Z$59Z>&xG=6NeDdUKkbe#pPv+ulv|#AL0RX
z?vuh|i+k@;Y9^KF<7ccn9K&e>KTmdtHgsm?gpDc396&OCIb+cfk`!w^-H-_e`RJ+E
z*19SuUb$V8-*8?|`~jYk|Np>P@ArtN4lslse*%HL0VD^I_P&my5PZ#Arq`VGpcZg`
z$MN`tjNCI2{28I%@iGoetJmCyIEi31O<e4imbPCakp6a1Jd;I#a?vhgJcRdW8JL**
zsuBvx_;7%!uHf;eluoE%l!6gdZL!HiW~xUedVGS|_?1U5ZdASJ>nsA9u)2OZc5|Ih
zV2jy49{8E6P1<p$phlFfK2M*7=*Ubj?De<p?ztX4Y7dAxzw?K7aqrj@CozSnOuVJe
z3M|J_J^8dC@v@Moe`+{+G{@x6g7iFEA^ArtdUkf@aaEeY>Tf&Wu)Zira1ZJrD{&H2
zQhp^U>zxI0XiBApFbhrS{7PLiC;qz3=Y<yAG~VekH3WDIh#Z3s6k;6-C2sU(!rMnZ
z;;(gBjpbvKz$oD%U;^e3U#D<AJ`sdO8Bd?fP+624-g+ML_!zBpy&j(m>#Zq?zUkjm
z2QGWNc*agJjs_iPwsfH{m9nS+5M$C9fJySGiq;DY(U0DuqoEYIM?1;-8dW`@zT_Bz
zfug}t6FFTC+@|DswP_qhfw1<<mdj!Zf$)@|J<3U%R94oj`T!X{`ObP$a}!(Ux-Ng!
zUovtx93A;UQlr}>2)=_>7YatY(^cn)KA(}T?K>o;Js&+>b^gt_fGbM|F3?*5*ae5?
z8LjRQKqz|7O($`<{_>MfS)WXCr-`ln%NPYs%ffVa4uSoH0uIKe@A618Fz6K)+ysFc
zn^TdzANa15d4<)UgKAaX5b>86fo<@q{fhY%p2UYf8Nw@=4Gg3<ggjP)OXclMUb~z|
zOy&==ia4y)vD`|7*|Bm>m{U8{znAobakZNdt==a}Hl9uOZ_Gl)$DtoXT`g_AdA6y?
zoB>j-akz}>_~r+;kk?u9nV%aCyO!$QuMJNsiT7qRCkb*N_4#bAsz-y+&)-=<pRinY
zq)%T~`rZo1bch_CQStd8-Xct)Pf-+uTd0$$b`~4WUXE`v6mN<+kmc;xO?#RCE}x{n
zL$Sn{Tau;UXX}%`lO8LAa85a0h^9>jHq~dE+M0LKOn`BaE$*c+Em1Ly+f&sqBgB+(
z`^Yx@ndQU}VdAQ^YPL2ZDU;d{M|Gcy!ym<}H|z^hPBkoDY%W;kug)lIn4_PQXOHdo
zRJYZ@-`D7iKpiE%>k_Bu=if>HyTkqOWCEfj%tJ!e*jUHU?)Tb(c>-~9j~Zn?L#8h;
zOD%Lk<O}=%9B@BLQdB`X9{>_Dx2a>g$zVD&F#9nu2wj%wO#WFJ&X_IjJt;-G>}uQ*
z@rN88J|tuQbFBtsvh8pStWc*-6L1RvINjXKus<HX#;-7F=P@4+*_qE+Yg0WJN=srJ
zw0~{fYyVe{jhCz>P5U&;8e|<(IvhnFoED@ki(It9CnygJo@aLX4G1*Vd*v%@Wr@X4
zzW<*d_<3A=3Vs2;HyU>6|JX8m|7G|AN9p;Fy+|3&zZdM>#&P#Q>}rPY0skap{tKPf
z*TJn<`|l3~JNqRY|0fdb|2r%En|S``!T&E<*8dCN$%-hSo4G1VXP00&Jv|*}phmA+
z1VjqZy&g8qkeh#8(Q^%YG#!C=OMHoTjpxCpyYEDl1dtGPV20;-xPtn?aAfzgO44oh
z)dfzbuUUu`gAca6e@2l|%A{|=lz+QrkhYP>XlY{sV+Swv3a)qJ>_dNPKIX&ffo@pu
ze(!ro&GUl4SlfK&v>q@D>&&{<16FTM!8*Jd7t?vRugzdEM<V345$U9;4Gfg#-7x(0
zEVu|s&jzUA0v;pN;k{|cwO)cvGIWyrjrHL;7WGoWPtNQl@tf=Gih#N3q_`R6#VPI^
zQPW;iqP?!6nF5BB9ra0&BW7@o3p=aF8UUA)Pkjy*aol{0Z`AVo=Y%dBZc;A^02v_R
zA&O!S0}&t)cd4Tg6HL?Qw@>JW|1)l8N3O1}txDhO#h9)(4s&7#|Dg)2@HFc^!|Jyi
z-vyV;`MKRAFXMZj^VF_C&AW4f5C8c;KrD1aA>ebo8IZUQQo_M=MO|=y5}9N5t*BZ|
zg3)@aGznl@;^LW<1wS<{5AO@7JRy31eRkl&PJ1wzAtL{fBm@=hiO(X<-S(YJ9Y)5+
z=tfmz-)L%X>x|WZrk-!{(awQO5V;-9#ez8+u4w12;P@Oqu)sQlNx1g|?&*t9bcbWn
zWvo`CXCk0Ez5rdicm8vH(d>1wyL2TSOuJ)b*YY+0U?mL4=Jz2MYryZv&BCOe_f_fL
z=3^Ci4xKt0pnb*yv!^MD8Z@vSQr0by@U|6t5ZC#_&}NVcwqdTSdh(WKi#`@8%^~@Y
z<$FH;J^b+QHp#Y`g_$WIzw@7eI@H(Qk)v5l({7^zhI5;b9rQ!5mPA$ntJ3$ZDvIwj
z@b_IKs0_5(Yub@Y`aBdT+N=DotzK=xv3I>ma$NW^pkBtXsgQ%Cug{WiFA<MroamO>
z7e15E?Ql(rx#-YS&j5@TDyR?Inw4Qa@M;5<g=5+9u_?&3GqW%J(OE@sY4kV_)oIoH
zm6wT&dw%k2SZmb}oE>#;1HH_eP+EtP?nD+4n%(}Cg66$C6qzc%o5`@ertWUJdf)w2
zJ#-Oxy4>_s>ARHOxf&l%@kWQ$&_Wq70IYt4hQG(Op06x4CEVuF|01TBL*oAF@#gTa
zCzKo+ss%t9nK<rtkl3^^)2U5Pwh#hTP2cFK@Ys$Hv8!6tgQyGUc)ocINs$hfuKRcD
zW&Ot5S(4Ok$)ux0aKRe++m%$nSl$)(nt2py$ew2Ux3)rTC)jvqkxY)dy`r2AXLmV&
z)h{8$H`EuYbzVGE(&sh%m=35KFb+2kK}6!e@;^f!mzR-|0p$fB8tkUWzE*lomGVoO
zgO>~WVVVA^s?i-Y0qXJiDoG@iT_4OG1j~k3^Z??=B8C>c{x|#!JNh?JUYEzn&<i%~
zIEaL1X)^UQ8}xis3D|>tyn5yG@L0f}E0fAQjOV=?X4psG<YeLb{))QZEa?F$L;s<@
zCsWL8ZLKeUxcbjV{k9h%Tz&$cv<JlFK0Si+ap>u;>0UAyx8I$2+UlVeWjgRl^e=P>
zlp$p+3*LcwtI2pb?(kPUbFB4fDzO(ecGD|55qIyIfhPF$8K>kKIK1lYkO~IDu<$8`
zb2ml$PS!yrt?%!0r^)shLj&$kt>w7fAvu@Mk)zYB;4Ol(-c=;&8*S~PEDrsKr{Isp
zNd=+3@F%s|Tl`aiOi>G9RsD4i#-=$!_yZoDm&+~BdG|j!xoviZuWsBaTCG0SO6QBV
zdjCFe3X!ru>{tWP<S7<v_GjkiiU-b8Toweiw4VE1-_RjnpR4uMH_Q-(!)|_a@qEVm
z2)vNhWttQ`1Atp_a^GksnP7k5P_+$`bh?Y!@-bA2Y})+0iw8?C4GPCTkIm4m*7H?F
zK1G~K=*+GaDqazV{2+B2l97>Cn$P})So4g9<-y<d6lgbuvd&=4e|S#KA``Ymh8rjQ
zfoK~TxRm>MeifbCyS+98qYw~}*=6xXSk%|9wM&dOqX}0>;Lvw%+HeP9qhg)<H}|fa
zaSjbkAz=gVYD_vY(Flef3l)rtVz8g}T{s2Q%^$VTvtBy<qTg;Vmb;mpdNDBmX+!zS
zcJUNw+YQ7Ibe3NoN2%{vqVyj<0~xoe-U*x4m)ds+nmh;XznKl1S`QU_$QNB>4x6D#
z?0UI{JRMA-3jT+f1lt~q7jVOkV_-9B;PA#x5ShHFYnMW_s^C&3`-S7j1Mc9DR#&55
z#m06^;NqsxsAp^w!NkV$7zW%|cY{OFtRteZyU!7Ut!Bbub}QC5Z%|TKpxjTtu)uxQ
z8WAIw<h#%5I`Iz2P)a-p+YlSsGzA&O)79>1E|+tGO)f2E7XzEW%noxp$3W=Xtwvr5
zUO(QXTsa0n1`yP!%qxO(wm6w|J^kbt!Atg+kLMM2szK=x@PIqx9F0X18)fI10v-q{
z{?iwu3(dlezkv}AntW?Mn9Qyi9zG-R7h=3HC-g?$O?v>!>++G=8sO>xKWO;m$DuHL
z*KNa($PA*vto-Xd<utQyA^O~=n<x$mFV_~RtX%4mdGa0iSTW1gx**fUV}hB&!f~bg
zc+=nIUv?UiF$RS+HO+3eFu<1UE&N}rJ$GCDugFMe7sjJwGt&G%f_khTWR<PMZ*Sj1
z>&Vh^F$ONUyw6Swi$Mcf66gcRAH*ksuJIMA*Y6;O@k+Q6g{&(hDEENVfob2PFv%TU
z_!ozYiqhRcAA%nv*PD7*!jDlFak~SgJpLe`NjPtPHZeCZd={qO85hZeqD+#{>o&>i
zBKa5U1xC{Bpro=%_|0#-QR%SX=rm7^g}NG>nsjv0DjE&ikzCq1^y+A|BaLgVH<e4w
zfr3ATiid7n<1jZ|6)%9N{BCqXnhiaO1tS_(O!K63WRsTaV7hts<Wfg01{70$`)!B5
z$!XGS5Os$@NJywP#iGt`JuHgRUqDPz2kJz=skP3`Aw!C!Kpk!*H=Z`|4qzR+{(Wr@
zJWyuMS@MRYMt0!hH2Ga@gbKp__|b|fF!T?9r2{PL0TLdA02!<=jbb$ZGM{BdzTl2f
zYiVa~H-D&+?ZQR5(G(I&oyFb9`a(^BO`<d3;-pQ@uG`|R_?}hYu0@`^N(bWroQ=j?
z_uDSzS_8IPL9XPX2)y>`NU4RFj`m4@db*8I8j>oFJ2{ez%r{EGjskKt4_Ii07=<5v
z7QrP1BMOn^tlb68y^hoEK<9QA?}~aSa@818F_BK3ZcTx_AHxl6sUHr*>xoWG5gv3s
zxJC1(HsXZycXT3&*0pgh5@QTF#qcSvi1(zSGTDhGinCbdo*$8sHf<z%H`i(1c}>2%
zoZWk_$l^;c4rc7z_2A)Ap28X^duK4vpUhkqRaWKPXG9pgEE5QDYL7@bm2WvkKgw(K
z@$+vB76KM;lw^p?>E5(j6gw5~=d43x*X<SveZEq-n*LVkAvt5(Dh}`NvbwZr*CKPb
zekeX#EAq-;03~x-^j^JQVN=6s`Av)j^Sr_V`J~S(b)?^yX$5ZxFvcak&#T{(QTO0^
zC&hQGOJyXn>aDqB4_z$KK1O0-<CFEF7F`N!!&SXD-Z<H3Z<7eow>T8<I4V%3Hw`$<
zU-rr#0v?-ne^PXW6Jyp!<C)8gL*wTdAml5HtWR?%JrO1m=^K1V=6zAUkvcWCINED8
z7ZhEg6p<8EyZN`=_|HPKS?lb~VqjpPNhYbf!Cbk`^c%u3f|6+K4~KN#>v?%{LT(4e
zlaE{MGY)m#k`FPxO`!Gk=Dgk-C%W*S#z8?0De<kx2*y+xO9cXemi!<{?mH1CA^K9N
zWQu;tK6GAvyOj70N*#uRPP(}sERHMTb{2`%2h;kSgBpgf{POV5hb$48(1gRYC|F{s
zg@P^Nc2AN-&@p1+SRtzj?M3zVg|DjECUb5paH6fHy_=k(w#J<V>3idWy}7J`w&4ju
zH3^(%>=(P)$|*|%s*FUCS{102nHskiq=s-VL)sCgoY~vdY@w@0)bNjxx~UTF%|~g7
z(dbN+KIjCU2*ZRs<^i5j$LCW{fjl;dht56G0!D1<{3kLL*qh~sot_V|7AorD<VG5d
z9-B;uTvl^TI#XBInq3k&HzsB#4Z!k&KpTXPI2kdB5+efWK5Ft*lFmN|(!Tnwwg`i^
zuwso0Y1adrH0v8@k9xTmG8VOHwgoKdFLY|h#@-M{a-|7MHZLi36n;N&yNU989E;B~
z*lZcF+TjqaW)(h%aQ$UyS#-sZf;hG(Y##c$iZ9sSf9nuH%y!#Q_9NiBqHxL9^49(^
z4D%Cae~c4A0k^({8I|yh0nrJs3bo5sRIsf+?<vzRH%`LFP)gA#DcmmXFFwqNHq-bh
zP0S3&|3mN?;TCe<4lIqQh$s}6ZhvWzrf^SX$+b?Wf$M6JH%R6~hMC`qO1cD28?An|
z)z^A;E8cHpu@@J<P@zc#1f=F$LK)HWw$9M=AG#U~PV2EK_Kj@Bf2#X`b?bj^Sg*Gc
zJeTy<(PEQeuV)UI9c%=E0Wn}2eBjVs&ZY2hdv6)wCI_fQN(KNoCTMS(br$pf1VRVa
zZ=VNZA$UjDC6io&+CwnNkv$rzqOLQ&c?d?4WaTIzJIF<on4S3@chh>4Kso3?=U;8$
zlG@eC3QHj@A_ellc`sUbFG>HU^>XKB6r&vU<b2VW4dm|D$JReQdcwJI@gw>wfY189
z;(bf=;)@VOyQyDR8LmP;YEac{T<Qm~$tlk>u1!&+->*-NB?N#0XiiQ;?rp{Gkfi^0
zCp&A{tMr0)GNQlM``1f|D1j=BsTF6R{4S+?6#vR|b+-#*-OeM8{siy=D>bS>=dmHz
z<Q|N6$$GQM`H5g&B0R|F?>5uilrjcN2w9iv$36%jvmf2Dd(Wh&Q(SJOl~LNW;B5ii
z)RpSuS*JVW??^8iZ*2oF*3LTw<DjlC6du=x+$>DmtbdHwSvlo4;dDd*o{>Ub$Mq1l
z^{FP0Khi{c{7lSIgRX<=TTa;2z+nWDUSr3&D||!>aaE^Gr=9d``JB*FsuTqJB7k&z
z{1<bG4DzzdteAvK-q&1<s`ajs*FK4ulCOhbH_QumV-vH#F(eJbhnK_M+a7!Fk&}}b
z4J(6MDY;+689eeo#uL^G$)^1+CIBJU^1dAz4i4vpnY2xYbPDhvaFg0>9@ZrTkmbW}
zx(dl(LkMIUqiU0qzl7X};!x%8vhMtuiv>f+!knNQe@RliVQSSL@+jI4<D)e}km(v@
zI)VhZUZ0VZ8c;lA!9`2|DvM40tuu1fz`);P=DOP<%s~5XmHI5cbl#~+%ZWna%^`m4
z)C7J~L6oO7g6!?`32iD0K{b(ud{e3!aXalnnSQOZ>%ni@qW7RFbJ%IV#x^ZDB&5%b
zXNg4ICRw;Lx<NOtD;R~)dYOb>AUX$inEJE}Nb+){>}T+GK({dkK_kMW*iyt{ru4ao
zImIJUL+RN9A}1Z3h`;3qptseN3f?W71&XL0Ft>@|&ocRKQ}1xYh(}3)8=&AbxiOm7
z)+dPj=8)H8p~x_LY+|C`(_Mk5Od{GD?$Gd`{I`%ExyI#Gq^eH5alMyGtdj~9Q0~<k
zLvm;^a{BoF&Go%}8Be<PZX@pPqr#Uk8w&h=EGaV8AFvHo{@*tJ{myc_+HaGM4XAO7
z9Yir^3LYOI=3=J&5v9(>?pSh)v0RNz;W_nn*Pjbn?_h~B*}1D(Ih?+Fe`)7XeUsHk
zynYWCKn@PV9p(c^UQfDzfrLldvZzP<Q-1Fb-RFLft_T<<dtd&@diz@@ZRwmUfY8!%
zJXb$!p|axwWk-Nqf<pCMa!lSI4hd@*dLR|e%1X&|6m#GYA7R)+YB~&2Fn_5*#pPXa
z^$5Y36Ds#pz*o@Q5#CeZT`TR(gG9H~)5#%Ux&drh4Rj{$Xsf%pWFu2K<;6&6Bkh$w
zv+r-cFGi$Dd8~4;M2UK$lllr`ZPlK6v$suk3J%b*@x4Pv+cP#pA?fPrX@sgr3hfoH
z{>^)OGX{KP3g4!wS2>`>^uN|VN(DLFAVFdy{Ub;7Zev6DLk<_Y@Y*%7dSs*RBgvO)
zg@f0%PQ#YdW_(`d^0sTVJxZ#zo6q)n^f@{uh4hVibRs0{GvZ^6i}nkoo_5C*%SeK~
zLIMKbClnNW!t&n4N@+<(-LmhlQXog$|3FoQum)hFwA^(4mF<EIvxE3#ncgz~O(wq3
zk7&RJFQA$ohL@z!mCJdHD6Ra9^_U(tA8j-Ql09yo+t(3@+Q63Cze&1j-YML(tKH?c
z<Vim-2?R-DlH_M7D|G2-Hy849%46#=Pb{}TlT3eL%Cvh@3c&?huU{`cN?JCc!6L=$
zD$(Y9u2ZVpD5qZy+#5-&S4Ki~9<iT@Rq8A70{JPZ1@9H;IlX_s9>PUCEWKz;3s+u>
zl+1M|PNE&8>lg>W2C|&Uh7ka%_d4JCx>ARVA`kCZ_<(TuWV9D@@$n7;Pi&Y}wGuw@
zW85>HdQ7AZvqQ*WF@?u`rv-Kqic6WT?D_U>u=uULot>)rqk-2{*&1wyq@yDWL5SuM
z7w8KN1Ve8l3wT5q94cu2ax?%DgU%cLfJ=LkHQZHdqUs&m7#sx+&B~c~7}3ZtnR(aF
zr@19B)CVFKncfF^Q-Le#B?WOIPEu7DEC59u@?0RaicbHV_%tvmQc+~Y`~jS4sT3`o
z^A0uyz@S#-^@|8C#E^<e1&gX8)ZjIcIZ<a95?q9pACgg`g@Sp-s52SFY`;F5c2C+{
zPK2fs8J}Y$jNtO7D<Q_Q7{k5XW85stK<-}lpca7fEVXHBDMogkE-UrSbF15SJrT+{
zLc_wgg$)0OT&)^n?x6KZ7>zw8{2ohAVJXG>t@OPjAgLDN!6_6K6(`Z{EwBa8G-AB4
zr!evPq@@F0Dyeloo&Sh0Pk-&K{z<#4#hpzcHESTGv7}+%|5w&xQ6X?LKWKgr){V|j
zl2{mnmk3$J%*>qOnwf{OkY8SBd*syk9eUCoPYAusX1n+=FhLMqeeqAG5I($4Vf3s+
zXBSfnF)lu_(B8cRzZ1F%%pVhB8xZfX6x)*8xskKgo~T5iqV6spb}yzp5m!ARZC%9c
zMtzKg94R6G>Q*=*&BmK%P1RK;1QC`FQi9)FqkXKcz5ziB<JBtSJ?b^R8^;^l-<!=B
zI{p?Pme8%eqfTrUSTG2PY>|UtF%{U}PX6gX{;snvO&NLniwD9DBHIzV^@4^@<!F-L
ziFZqX{VM;qN>=y@_C*O8LQUv*lPA?NDwG6P;3J6@*GG*AaQ0E%Slr;=Q?Aks5dSzM
zxi+|o=0fcj$wZ?0m<cgPkBo&yZ+)kii+qhpW}t&Ino-D!ae49&1B)WW^af_I(hSH8
zJ5bZypRboO*EQqMr%@llReI}P`UJHA*pZ!}A4z42D+Sf8!{_f(3ynDseUcA;=`6T8
zMy`GzsfY5O27oq!or&K+w7~!kbC`yTPWUl0s^Ih9PE>-&g`70vNeP0Cgouz4vq6RN
z-a*)En~@k)P1IIinNyGro**eCk4FvQQ&3Y$lg`I36v(D+?bVDeZQ_6ES&?y`E>!^p
z#x@UU1(`oAB|hV8;bYF<i0-D?(aDrxE1hnny{Qk9Ldv`_Uh-$Ugsq*50>UKIjeOK<
zm@^g$28}QZzFu(^wJVKyrzNz}%w%w);fpe0!@te#;zQCvGn^)Sy3}A;9%zA5wG6bg
zQ(qP#m?Wy=2OhJfI2$x_h~nW4X|OYV2%-jDNndSo7SuJmpHe694U<Dk2r_VBx)4+3
zQ8z&S76!H8uiT8hs_}yu;U$pwh{LF=3uiZr?y!(4Sz0^#vNY5d2}iT_tyAdCBf(<#
z@&HVl*i6&w8rzLI3W5O(6>qs&Ix#FNNE>r$QPHns4u0iUN@x^4G38n3nLETRpo(&Q
zeC)&?zE_7oGDYK0zmG0?FDubb)A0f~=xR8HNB$noos!@*xHqy!>Xz2iSo-b6v5yC}
z;q-8S1QDsi1IpZ!_hBakE{QSM)4NM1!lk`*0pBwK3y-vKl46pRNrhJ!%k}+i_8p_>
zbx+3gv*`U80L*L(QLf$EPJao&I)QoDcI9I2Oxa}u@BTZqbZ?1L$zw!%{0gB;j4p|m
zwKGc!f;whELq_%(2f!bC6B|DFCdBZP^=9B8QmBp>*oVxLn<0qPy&?C#-&gOZe(^4g
z*uHxCH@u+x4kS%~wIN;zWRXMO#F`DK79md|wv#UU9#=;mQx|po{n#Gl5@?B0UdNA7
zP%eMHGNg)9PIG~f&9mSNr9nobA2I)kg*>_hSLlW=yQ>ixae6B^Sw_?f&{E0lg=9q>
z5_g;Z9dLLBnd1XE1>91}zbM&J%P);>f(~&Oe5<erNQ&CbyD1oxvrwJ(4bnpq$gOeU
zVT=V#(cx`hQnt5K<B)sM1Y3pjI93*(277D$w+s_Q%ZT0<^FGJHm(`a~!scSR{L}4(
zAe}q+2WqimCpZ2><j~63jJ_7MRg#kQEvQo{WsS>;UR6Be^bsT~m4{^HbnudO$mr6D
zK^$MMs=r{Qs7^8oQoJk8Bg6TI>gS?HUN~}ptthgSW4{wIlPqa0d&&fV&zD1lz0XsA
zHKx-Fvny73FW3r;*i$CW_S+};f-p=lMolCAn=&1l4vmIF`X<C3i)nbrt$-ugIi327
zLcEhx6RYbL%TKl>&HVs$X4q0@<LUgWscGsxu}9~dH+fcF{9Ouy)^Ht3{hCk6@>F=l
z*|61orBU@Mg#NH4n_mP$l>lwt2$;<A@Jik9W>F?&Oh5hhGzfD(U||o@7zP)4Lz!r<
zNYB^zrahj=t&+8I{s!6ia|$X1n$sXk95UD)BnPp}07|XBu5ISieeeG2@l=nNd4R7!
zI#S)4!W5zd>F4MzwK{&+*HgvCtm^du=KRed3K1*agthY=i7vd>c9GFb$)m0t0gr1K
z{q~6u1wsFBsvdvIn2BeQ<dP?(97-89cB`J#Khdx0Y6b5?4Wg$YhXOYDEp&au{S&ur
zBeh%_&<QarqNR51qvh!UglK1GcUXYq-`A-4YJYVt(LJ8T=PSGTdI|st{hE@Ws`D>k
zPu?>5j-&NY;`6~L+>Gp(4?<rT$O<o)eQhoz;f%I6b@}*7T<x6R;?TGb;vnh>1JsLI
z$kvjK0kyRRiX%c(edy2Lp$|*=xvyoqcoyJJHoM6<khZBd<a0EhvyMfC!pGn&i)<u-
z<l*l^(Zm-vVFR}*DXh1=X&10ho(}Mf{`>@L+({hPzS(uhnSh$L<AkyqWkBf_ZH%J*
zS$E{j-HE_9#2OD~3&FLC3P8AdzbkCChqL%7knajF(0u7n2XQwyO1S|A>LTS5Epie)
z2^u1H0e<%aiSfNvDUakdhPXrS>-xgNInJcc+lXtTcH;M0?G>=*QF(-&2&Z<3*qQPl
zkq)eXLz%i=1$}QbJfq5MZuD}$$k0T)EP!DHnAw71!#gnU#n-X7ej@^XO;_?G7*lG@
zCLKet5*GULI}x1$fEDF+_{$(MArB9ct}2<BnSC=x*+ec=l7%Y8eSMi^0p&aka0=dX
z$#w7j`BQBfzwi-4x?V1C8w$kzlzOxQVih}197_ygifutMsvz7(kl*y7OIm(QDXNhz
zO^c$j<|{WJo0K!9A|Z5iK-THm#2@Mum=h%0B6tT1KZh#K2+xZx9xF8jV)DP{5DlnJ
z(&tsC8m2_zKv5A?fh85YN-vn^j!TLd`Uh;i6+P_P{ph}qGfcAcftT(XaoOiDVk7*M
zV&P}DX;?YGbn?yEsPU}r>`JNd@u*R*f`d_-?SS9WWj$3cfk!V#1`B;{MdqaL$F&@*
zgy)GyP6(4S&ge56j4~3XrPLKf<m?s#MMQZ*)dmII0At!X)Ux|8ErLWlp;Z)u_-h4n
zjZ(Zlr;>VBf(sBo`RJ2z-|%o8kbau*=%yjq4?B6BtV-DfO-UBy{e7Yj?*+}NWL(kw
zQW7$H_M)6pCtN!bt1GlGUK{w!y;^EVr?U9$4J9>Pkzad*hl%NcxwOSZFNZU=8<W0F
zFg(Ewr<0!jvZ%s;Yn)g=X<?t6NGjx*n@L<s3AMqw8%}M9eimY9^y%s($$j3AOp*{}
z3bK*BiRe_$I-J9I*GPyS%9`;?%nd9fac=s6UIMz&g#X=dj(XNki_{+(-w-wRO-}47
zILI}iEBFN*qEYcWyDc>;W8qI3qz{jwI8%}GP(e+^fua@!6g6Og*k)ex?40h2H-r1T
zXY}{Govy576Ds`7Y#%?_eLlQg*gz?IS(B-=YA^WbH?=CUdv^5AAOanWUVY%_P?ug(
z^rfxUWXOBkI?bhUL8vurPrMsEh)56*Dlh6$8{`x)ZYIH)*_%Tph<1l2sGpk!6K!wZ
zf_E3Vteu3s{;-<O_K^v1GX%q!0w0tc?(D+dk^C-?2uqkGQ{ZTlKBHy_pX~(E6T(_m
z-Jtn2`{*+R4S&jUqhq!nPy7^z1b#<Xo&5HJ5@&Mcj0o~fRV4v;lzfy9!RUFvY}yjV
zK0$|tI<!(FcA4nC*XnPg^C237b^7Pz1RNIVK!d~Y99%~*Dyylm<fuwX6d|2LbAirg
zd$Y<f!Y1~c&II;8xc=b!c#Ugo^vAE@@tM@+q{nB<*Z8bqUw$G|$jmlXzNzi0K%D9P
zCQws*h1cJ09ikEK)k%gU;|xygC>X=&1hNS0pY5W39i|Ci1=m2=Dt~QUP;W*C2=}*%
zh4=>fln+Kca;#d_oO0R4NC_ifyMNJ2M?X2$C-Jj|Jx8GCPu+uK{$nP9$^Y^G)^P;5
zy26^&Zy<mTB(0{kgxI*Q7IzS^zNw|!HII2QgVEKdod{YWxPg+7+tMaBOZwT~NSu1@
zOs)~cy2Snq8ZhQ#QKn*CZ+h@o++D(ZUfI4h+^L<ZBklOe*{DTqdiPaH<?V`$ko#@;
zhF0|NU;NGR42Jv%M1X=y7$A3uzcVBaz%ezI{|XuaZ>cSDlC}JuQQ(ajOOp5PvoXCs
zHuxLc6oTD!Yia=W@o)9V$5OQT^H&RA>b^dQFUAe)W&>AWar?)g6G$t>JkUVI!~W@x
zQ*e85O#EZX`B<7)brpVd4ZHyO9#d=jn>v02cdg^>;ftQ~SNOn6CH5FdeE(~o**_42
zZL7>?ceZ!0T3@VZm^*d{W$?YfAK_wVd|(GWxF`NscEEqSvi`65j&A!v*w9gBp`IT9
z;#ZfzX3vEk8%t>gw+HF_Kb=ZI;LK%lpLSHyn`>s^IQTUt+^%<fH8?#M{P6&oCI0v7
z0pL+m|9j*cB!gmGpyoC0K5KerI=SfTwAgKTwlA7eyT6cdd?swaQKF=>Asqe5<zQfz
zM_tnnAR0hm@c;aEAX3?#TqF|JsMq4n3~Y;zzE^_Iwfuh>z<rqD{M|Suq0GKf;jLez
zROD&Zjn5!Z?0c%jXYXsu+!oQ#`p>4vJ>5FbCi%}=4bNJ|5<`A!*y&GZf}}vM*S}<l
z%i2R`5n}MB4FTO)6t9$8-20izVB2iG7(ep#q&fA*#fk_)Q1cniX@|jl8UWbL6@7_3
z!|AzzXlZM&1A{go{az&T@$y<+8`A9h>LnRwoX#%UA<T;UT)oXqaXm8;^gHJkF|t5b
zu{~=!>$pJX(9fn6n=MkOo@^0xgELwfyLCFkr5D<SvNK>AqNKy^&9C;(xMVSO90o9G
z?H|1DrH_(|ii*}pz61fYSStl9GncF6Jv$3qVp0-O-(WH`h}`nn&Q)g%_-@wNEwJX?
z%Jq&hd|2-Tj8(o2mG@?$xp_}_?I-g?8CYeW`RKUGJjW*<$c(Z!U7U=1<8@ax$L)Hs
zCFP;vG{lf6t>NREucf@lk<h6A^X2>xo=U%2#_4*y#67LnnY~6SEjzu~si9MQ%#z>d
zs{1ZNHGVO6UZ-zUswStl9O1uOQybC+dRXSFl-a2y=vo(=*B`mMkQ-MMvwS_Ak)5B^
za@#!8WS*{&Jxep5(ihs)I_NtQbhBQ!u?*ki>#27<vPfH<<KN6NO>t^)x=h#HC?KEw
zf}5GPs#hjjxOq5pc{y^hU+J^|V!GKdY9N|$KaL4sE1m5X#<uc5NBGi?qnt4O^^<K!
z05k}Gn=Z}<Y&H(19s&@<$ue!0Gy&V2&%zK;lYtOWQdp=6>aJ%=(86K{KTpStaUyS<
zt7Hkkys%xm9$`OeAm3S6gjA*Jnw*&=VeItLQ2Am&*z6Zu*nlI;p469q#21i!b8tB^
zLfdxwV0Q<$lLRv4?pEK=t2Z~!30EAw0Ct!gngt*nwh!+yhVVb{@t#rBJPa?h^n)ot
ziY)q^NT2EXuxhi5CfE{F)*Rj-3%$98X5L&m(C=bwmp%;m)G-IpBR((~_M3#KKVbxt
z#>Y{5c?B>R&IP1K;OKg(^fp)NWs23#*+{+oCJZneig}D#MMqA%zQiGO8*M=V={YuC
z#A_p`<{hYZL_v)dXw`HXX2`+=K{tW<qyeUw7rhr1j|9!COujO{G;+>0QF<8{4?aB!
zy^4-kBfha=8+W$6KynmuEZzJ36e?f9i9_r02KF(RK`FKgOvSS@zDSqNwQfFgdN;y%
z-4U1HmCW5~I(cHr?fn;Fy4ExYt7c4x<K^at;#_WcTx{GkV>z5p&1qAGFznc?<r3>R
zRUXYaTeI3&0%b1yPRE1HiV;z9mTE@Tc*gR$pI-LF^zNeL+D6;|LL}(NHZy&p15M6c
z-CCCUYI1GH_DAjqreY+QkGS~zH?KTsSG&Kpv9Y<iEH-}n*;nat$!#JjQSVs!c1<-t
zVvL1&FjmPaYw5<2J`6WjNOSwByuR<hSF)MS=d1v-q6pw;TjQIgmg7&^8DI4G_orJg
zq9NbSXxE<D3vvOIP$DR2J>j7xf`~8S$V@m1u=W`IV9%~65B`FW*b$!ZXh`x@DnW{}
zDJ5Tu2xnK^%mm|dUlRH~*raipY~@QTlb1#5A<wvkIEpvZY>2X(%>CJfz`j{{`hE%n
zofmidc^HDjBP4FLvja2-(tUZu%Ua~o{L)h8+28Z!6a>rvJVbM-rUU=|5ZMdeO9Equ
z;@PrXieHl^mNM@^NBj`CqfE)5pat4W*#%811Z-jLe_p9$3|NRzTqlu&bi2U&F>@sW
zzbS>zX0I8d(O3d*9-juwtm`XXn|tve_UWh7SCm!dzG-vqZk5-6`0p}P#AWije!O_)
za;m*Jts&v&+5)(m8UQ(ypH*UPsGYERC$g@W1+q5v{nb<CrqjDd0k#yaeq|<=h3Xm>
z@XMiweVyy=zgLFwyl*o;`E%u%xU_p0HoJFww>)!W&v@tMd7Xz6P067Bp4|oBKXm%M
za(F0{`I2<}>t#3Lbfs0w+Rt=$brs6^q%`%f+cOO6PbwSBu?fy*wvFF-eUVNr(;w?y
zBUM}dx-n-dW@ltmm2fak`-<<K8DPOiL?w_XGQE<wjSJM&j3Wbf8}zgI?4e!W2ofVs
zx`Z<I%#p3_Ms*H_{xyy17PETMX0;N!y4#DgRJ%0e#3D!(d?jzEsM2Zw1>slKu&aU1
zx2*Ch=SrI6kMnyQ7*LOL5AsAyo7v;(JD##RRNkD-*ODFL7?Q5@FV+>$3Zytmi-n&2
zVPO#APrEzr_>TuJtFZW^qTv_e&mr_7Q-vUuR+r9jV=qJ^s0<kGDXAo7$ojvt1Cc=G
zT=+P_a?Fn&v?&z4+(tDkw@3SR9M<-Y`0d{wU&UWrFK}Y0L6XHV>5_c5B+*>{zGcVB
zCWNw`KYQ=yL`=`t*>Hv?(qg5OV2mqGfsC@4uw6*O8g@yBqd*X_t;a9Entsyw!z21)
zcFIN4V@p1>lwl_{fjAQf;FI$@5Crqja5f_wJa~3zYRxnIs{wK!`+#6qpnV?n8}ENu
zb+2^Oed(><{8Gd9Chvy--(`>wC-cy2GSg7<j&^BI0;<t1q_t?8iL<%1-Jr3t>ot_|
zHDBwgqk8k4?_X)Es+PE<e2%Y&eJ_Q)HVY$XG?)&({=C@zfPb(2Z}3y(qInz3a9X*J
zl$v%w1eoqYnzGV$$SP_kq}LO4r0BW<S9*AO#K(ES@tw$pGB32MwAusN>ggBS$0loV
z!%7fIxy?j-_fDO`M=lkInjZ?_Y-@ulSi0g&5-Kg1yZUR5_AO%t+eb%g4Rc0AJO5;T
zkE*Bh{1)}s09>zuqDMsm4hFjD3O3FO=^)DeX_duK>*(!tl|#^-uRrjgy*MbgX&wei
z0#I)1PzlOTOMdn)gIwRJ-c*f3Kq3%4rO!Zht*P{qJ6O!^e7}o}8ER7Ty)=7~jrBvp
z4H1#JgDX2~J%H=@zS6@ZE-mx9TUk2K02wc?oW_Vd^FoWFo`lWES1d`raYFTDj;j&V
zt<!|_*zLdif7lSG=&nmxB^0fja*J6;=#&Y5LHaW$<ndg2AfAY@x-$@ocRf_pBEbu6
z>z&mf9@$?}(0yY2Lc+{drKBd{@%!1a6Sv9kxAoK+<c>-gZ<64xU)Y;{&yDfzb*HYx
z8(d!f+;moqZL$i0+2NRqS&j8>yu;q?4@!ML-+Ctfbxv5Hwi6)as%QcEs@GDC$r#?I
z_c6Zkln~gyonJm&2*lM5FZWVj0Ay3rlvz0@R+Jh6DM9J*)AT%xV`Dxs+ti0}7kwfV
zS&s$C%|2(RmT*-9hBH>sDbcs{j^!yo<BJ;dus%nq!Y0z8;qk^0_po1aBpKg}$>d#A
z2LM@L<s5eOb@W%iI66Lht5IHOkv<~&eNbH*dFL&tiB1=Gc|obF(!q^}4W#HC<<?)U
z%U{KI!Kc(^p~)e~@|<EbZgKd|=Q{WNXY-(eadITJgx&*Dc$AyE<J5Y}1hCD`B#-5I
zZS5>4z3xu7$A=kOR)IT`+sUkf0%#ReU_{QBBX`wD!}IqaAeG?fR;7$olNv7Na(p4P
zmaL65MB38YYrd}Yw0sNGWWtKQLVcI6xgUCsQWs9d$g^74*<VbP5cd0EI4Ull`Z8%!
zYgO3&Nuc=mfb0CY5@&brhtj}n@!@;jj!K538uQF(YtqTaT6Ot7^_$@ibc-H}mCDT;
zFKVwWxT(suX6Uh(`n87@@c_(6G|_rGtg^UCHtuXbesef0H8KeI$S+?vsdb<*?q21H
z;nI&m=VNQ%x48PA)D*82?;3FM!1J{S?8LiY-al8OhU=Zo8fOp|V?Y{mE$mNA;yV`g
z-m?;Ilk!7Dnue9e^QJ?4nijmhMRi#dj1EwR!0UTOGOb-F4@OjAx4-NgrWC1aqMWTA
zD9sR=Anwt?=_x90DZGP>y#lbKzINmvS3dUn6%|r%A{Tj`|4Kf9DD>=`Y$Gbo2NmK$
z&lLDXqmUZxs5&(0oClCJl^X>3-Um&99FhV`mMe(Of^N<DE;;#rFvoc6`y&0JWf2rY
z=g!jcVGLWJmu6J@&I@mkH-5reKHU%i4Zw!+ID5z6^S=8R*o3zxNx?&s$+#Evqh*$S
z=2-JzL_8I@ijzC*k2jlcG72A5i1-wjp}jU3i=6r%nV{wORI}&+<nm^$_-9Hc-7XPv
z0X#h|)2v_X+qLvF-%)q%4kncTFS^=`7(Fp$41Fh*YjSczkR-NIlEA;WY3e3{_ZG~v
zjcR)Ht-JkEINyWUtAhI~o#w5gzJ=1<%oStfQZRiD$;(=3&7U>!I6fVCB*vw2%%puS
zUFYlAs3nI(H6f?rI`PAyh5pr|P^Ece6TfNm#+uLn{Fsq?)YCDBC<6K%U@yGQ`J`T=
zQ#wqM>8$?lT_2!`{*nq<s`S&3jTo3J)m3wV9RSw<V@kt*p`u}evsTCTi0{s0nv!c-
zT*eI!FKQJ}htfPVXeeZ02*Bz5O(RVGl=Xpc4=VGXA81IvjuaU1re#D(2;w%+%P-3D
z29z++Uwoq-x?bSq<@#%a`nuNqSq_Nv>xwvS3~KjOk#`M&LzU}L#eKai?l~HxdqvO`
z<M^9=ML;Zlqh_4`eG#Md=R${c3V>7z*v*Zs()2%N6rQoJ7rX<bUT6PhO!zBVuk-%N
zl5ScT$Fk+j4Mh&VAc(%&n>X1VcA(;xRj;bIeuB$^l<IAX?svI|VuTNQ95j{FWP2A_
zIF%1IBVs&)KZ<gb=DBS#Vs8Vt(f3KOegn(VEZ^MAf?6h-`;KP#A9+z72Z7wc0C)HG
ze$(-vW$xug8+U>n0AqBjcVv>77h{aDJ0zO%X@2exX5%u&==ltfcTX1I;^pSB2mc&(
zK@OA5?WnH>^4eop0ap3zWpNo1_e#Ls*y;R!hQpjGn(^JVpfUdsF3C>VsbJ{!d9>-i
zPgyme6QwB047%x(a1P}>?tp`h&8DSaa!%Cf<i)kE%<bHD@jQ$|Ww9~o%k5$FYF{}X
zzIhX(q0pDDOi>@iFIpy70bX$$&g#Qcwf%{q`s<D|MHjXOiT7?DvQc(<bxPv$4-}C`
ztO2gk*hdsk3hq#Dh@gz<(bSt4x&n)3fI^V)0~`A-MW{-20)c|HL#MafWXfV)o4*4$
zJ=;5KnvNxwB@q`u+$W6S`h(jhj(HgWb@T!^Gg-nuI+9Xs%$rGn{3raioB<>n5q5ji
z6UlGfka#8O@a6*Q!}9B>8j_NpKvLEtXTnF9bDqLQ<vsGf8=Z>V;xmP~^J~BOhe}W>
z3_-sO80e@Q(%{sf4)t{uwTWwyxG#wR)i+M`Nx>=wtLFSqU+$9Rbdyz~+{tii>~j{P
z!O8R<h*vC@@m?>%BT6DV=6GWhRlVrE>Wk9_wnAYaC8pIz*bUq+=B68xnDuL_H{$X;
z1Fcou24ART+9PU~*-3WwcH&u@8Im5ca^vs5p|B74kBzedyCVAjPqMMz$W1TyaV5a|
ztiWzfSA&v`^`D76ol>Trve@m5U9L1A*Ya3c>Ya}i4neyZSk|3=+tytfTC~Y0)-CPC
z&h|^)CB-Ejoo`AMYrvxD!-in5O39|l%myKdDm5@X1oyIv%DqQ%#+H-YJlczN0kel&
zx%06P;SDHrs`S3(PI<zwnw7d5e(AxJ{NpJRENMyS$zT=-xcL7Po|syUWp?0t<GEH2
zKDeZx_dkHH%wkO;GEGbL720eWu8I`^nU9RG`&lpd_O*hdvK>9E4D=Nk(YG$UOD_dU
zS_&O&plwnaQ84l$lMPwa1o2p520{jDgbgG_o&DRemXVQ48ZEFp9o;Ir?I31*(y5KK
zbXTDBd!H=(-N3*=GZ~%LEKh<ySe$i5Ok0?iY-R(Vg;;z9@VFv+`+#c{+mLqTV8bHH
z3Z1gV`mzz%3-WV<QWfCvW!0}yszv@yB)!*EAMJ&k#YTYV7X*y`J3+`g<~YwsRbcy&
z+p)cL*44HE<cHSvJ6tj{^0!s&Jho=&J(5qb&wlvWQfsW(LkmHVW15r4=UH*iAo_Ij
ztB_L|a%{h~Qie*(S$b+h?!ewsas?MxgG8I}<eF)cV6>A=;}>=pm+I1IuRvif-sgKm
z(n-zhRdLBQ`d|1!A>U%{G{?E))GTCLRvVJZs!qfDn1}Ddoz4-grlSHqZ%A8Bef!d@
zgEm+Vhn4n>nvLz$qNl(AL~x;a?!?eORQ#ZC<lf<rv}9NFo}C8X@(~Cjn9V+>+6UHF
zPaiSTVQkw-Yj<#nsl~Ak68GLo5DIftQ^ybW8i`M~o7QxSdRQKql+#Dh@iTE2sWt4w
z2Oqv>&KyK7dv!U@ex4r*gGFbyT$fXHG}WHDXw3d$ZT#YU;4^6l!4<7eGu>*v@I5xs
zm|8G-Lv+yLXlI#I4A8u^ObTK!l@``IT4eS4xODo30s1vH(3|YmP*hF<&;zoXMRous
ztGMLucYE7$ehxR3(OLZ*W=5VnAbG;^#)QVF3mEk)VeQ`Y)b^ohfMiiVVnAw~guiwE
z;nK&sNs8atGgS_2vE=-Qe+uNZ$i76Phak9UR9+0pctb!pdwudUJuMug5W9p+^6CV{
z>61UVJX(k&7x7FGcSpUTqyi==3T|JD$tV)>w?2<QFz4yv8D6R>g^bb#UER@%OqIQl
zorq|t4t_(Jq<zpIYWl%sGV)2i$3||Ka_TdAY&Q!id)I8#05Kq3f9Q$sZT^Ohr+Rt7
zX4&N1m(cj;J<(un^#|hK{g>v|#q!lt3|#zgu#PI%&wjih{HUL{4k;E$smz?1AK8D6
z4*w<p!L^<)e32;WPXT9S0vUk9v=|Rz4V6T$7hH$0NDswEo)BxRvyJQYk}@kkh*BP|
z`Eohws_J`QmF{H`?dr;jiZ<>AHaw<ZO3(P)7c+xRClE(RE8?ZU!dA61V33~tawUcH
zhu-Rar)Z7t$995Hh!xG#nwq<BmyM22l`f=u^MNvfOuK|;ZDa)Es<IS<rM(qRM)fiX
z*4#lufGvI%oaRggtNFyLSxgrr0%sf?9)2H-hX=~cScDO?#4rcIekknT<}wIm!Zd!{
zxcNpmOVVD{PpPTT0irJnARgW>$v`Q_c!SCEx%&ja0&9BTTAzbiYZMtSqB-dbcGv3J
zAOV4Up>7atojvq7?z)Vq-A`7-0<q4!OjO!1p<q&s$V}W7BD!nV5ntd~Fk+YylAzv}
zr5Npjq|(#V@#6M%gkUoW3%@9%9X3vInES+`{hXY?_)~H+iDq>_t%3{!D0iy3vqfyT
z0I3Z;ZV+#Hj=HgsCg7KeC(g;KVTFc64+PB_(2YG`x)T%v3W#=!SH|DGasC@X3W&V=
zn-SdYy9wa69gGlX7FFW6U&zJBgaqKx9Iebja9e$5`I%Wn@<xxpJ35}!{T`knk`~wr
z2C#RHg4=Gq7WHg8`co0~MK;jU8oyV}nt}6VGu)Wg-XNG1zU<Az!^6O8lYRCx5EWa=
zFTEJ)#`st_7@f^R-bSDkCuxM^5F8Ykp-eJLH8=!!aI26yk8U00n2o)hebUKVf^1tL
z;rJjdX4DNIptX}`e`BC)oc-}(>zdH>6%CD7<>NfvIaFIW8T}KpB!wM20A_x_5NwL^
zc_COIBTFH1tq-OL;Xg#c4pMiMnf+WQt>fnR*?1ZRy6k0XXL0RE+=a~tU@<xN9^Br3
z2F-fL<HVvVr<7wY%gc$IHByaVY)%MN7JW3L!|*_;&(L0i^*he#@q|5Fkoz8$rM<vJ
zyI90DcX4O)Hm;kY$7HOWrd86kCag)bMFXaG$KLqjs+4!C>5Fw2i*y6lKMInm8(|Wc
z2lWjRf}zkegY=ggXXN68z^!$UhlllXZcdX717Q&xf1`rKm*t}#(rU@fj5gT59^HD+
zc((>^cMHgWi#Qv5)kKiQv1<-}O3z>@6GVSX5-9oc4&1jBcRpxcX2<qpX2p6Udn7tU
z(NfVjkhW$Z7-M1#U_jbBH72m}s}av+Ted!824tB%kCY#(G&y4p=bqA2(-yUWK@a)o
zRoe-Xn4xO$AF7XoTsp*a%O2hlfz297(x>4ewf1+J3vSSzR3C^(ar~ujtI1wvRq7E<
zhg|B}T!UwdsMPa_u&B~!%eUGBFMK^y=UUw5P-h#k6S?{LU(iRZG6rjbB8ZN&5~p=;
z25ucSvnFm+%jR?=&Li*ybRVh`=QjUtHmn}}IXt3x_E9Tm!=^r0DLnDpc#lg*M*=ff
zYX6Gq_xgpJ%D0ksDjNI)S@SK-&3-p}%0$F1n#y1VV)rltdC(#0v+>JZq~<F8;{);!
z$K&GpI_v<5=!%yTkBY7xIAda8vJDM^br?yrVS?6w*`)*^qp$`taOh;694p1}4wi4U
zV$14WUlOssK}2s`1|~vUSZ;oPkxV+MVx*K$_+X9efN9BHz8FP5#TUkdVv8ZO=y#uy
zgpKF~xbfW%x+PPK-yWm!K?Gj6Fa^~uE55BLzQ!I{f9|V!P8D1O{I)LT{xz)6G(N9D
z{2^qIAD2ke2YXb}clkl(qq(9*XK<Kba#~_B21r%09ldSD9)L@S7(|?szzjbIZuJ9<
zbN%~wUr&`Y_+O#3Z=n}pL*L<O(9}u)mh+)i8cxY5Go?Ek0Z6~=Rh<zz5)HZrw}ASe
z_!Q43=e)-A^HW;>M|)=)4rTlPal47hj6}v*23cZ6lr6hS3z4-UCbAc%Y>_3qsVsRE
zk;j%qvTv0rl(848v1H$3tb?)hzowp}=lAyi{+SnZ%zYpCHgjC}J=b}j-}CdG<mJ_V
z{izf#7DLiVkd+H+f~t24uc*^4BT>UbOjl2XB!v5|i)H2ItB(!&?{;NJN?kv)IE?Q<
zYB&H{)83DK67%_i!EjuBM)rKE=i~)-SZrBQe%Btv4mo_|aFRN*zb7#ZZ;Ay>+Vf^n
zprWHbEC`YYn%9HGsuwhqe`$>C0z7vtKuaWK^DB)Vyo2+tEP>K<bIkx*_ykYW4+S7K
z$xzZ~Xo@u-h7E(bl*4$RC~{g_H+X0CbYGe4v%S3|JPQ_AS?iiILwC(zH{nI5DrVNk
z*SC<&a#xAA<$^P<YC+STEuSA72RC-yE)#{xXFuRXsN3IpnH0L*3yefp*AJoAJu`+h
zTNVaSuW9cX<r?~3S*u&tOt44j$j{QF(9hg9Y~gvFf2(<a(ON55avG|>x^HeO6nwvd
zQotH3MTlbBXv-VbJ$Y9?qBnKrh2y~Nr04cuuA&%mq;BfH_dA;~siQUB=2}=>6_(<Z
z+cL@JWZ<*=mmy_+)wfa~618!|J)m~%_0f-*=6uG0$@;<@QVZ7ta+*Fk1mv-bJm8#9
zQ<1U!j!rE;cCw_{Tu^*b*Gx`B_YqE2>2gwM=i|5R+}#edaTK_Ud+|6@Vej2BS(iB%
zP;Gjy(&?Czu6#zZ2%GIHk1CUG?s#-%YNv}svH+BkxIdj@=sSjnA(geHIOg%9XfPR<
z6dotGK2CIsSuRNc5P?D7f21oKc$SjpQpZ|D7)nhiralp`tQZ|Dnjj};C}3{j!7OpZ
zs@06!*aA&6a4hcLMVSaoJh90UsblS=HiR*7!`_9G39R&OF^mULyqL42!VOQYtKbNy
z&b0il7Qfx&N0qTXJU^5e*)Sc{`GK<lk@d>Bh>#muZVl)&EHJ?dv^J0kk01{7=7hnu
z?&|EKGX3QFNj8^CuK<Qpp(kpAL3#51_WIqPa~_0+t9REfr)c7fiUxr3*;D>TxE^OD
zJ12W$IaaHrrM2~IJsX8f*0Sv5o2Gi;RN+9K3lx~MyVg{4kL%PaJ)B1onR_j5&W)ri
zf;kY+t6{L+3XCPp(JacEkT02~2O21P+|n|@o%u&D?&n!BbbIVUHOt206?PP~S~J2S
zV+WQ^9pVru?TV($f7xK8E&<Co{#}mJkP?0Y?&oV~A_6~b+)CX?Bz%Ss3!|>V!^asW
z6s!R#NgDhQCCMCeoxN9A6|nAcd6*I4MN&0taL*z^xLH-D^Ao8%4CXp^eTjL{MpZzT
z=Sg0yyfBre$JRDc4#Xk1mje18H^}c?V;VxOFRxq`I94|T`(zZSP-l@_;PK=#qlk3i
z;SHW~;$}gH+w#vY-L<TQ>kO{)PScaAUIipdHJ>I6g9pwdZW+&ZvVr%#F`f3&rM~E=
zK})ss9J7%wF6|w3Ba7C6pilGw?Y&)eSp`j3%K~-O{EX65C24k6AZt8>%-w1l*yT~d
zdVbj0=UQFo`e3Bfhvk^Pj?W)f^=?KH8Sg5H1K4^OU6N63@;cINBhv4V?Y7h3=;GvM
zvII+9qWzhG2~tg^YKtJ#kL*IS<HW;y&#e&+ZbN|vkJ>rw>I+-D-THOgQ_?fL<FM}P
z+p^p?2~vy$TDFnGl=Zo;a8NMQ+N2i9P9|pre}xPS)$QsryAvwDIk!1px2}K+d@*8n
zBYcLtm%bN6zYsS_+8t0-iNnW*O3rEk8<C8=8=a3f!}l~j9%YziNRtTm<c*}!z~akk
zUk^Z{56%@cY$XmTRla&v;V|P!jka`*WR6W%#Tbho0!GF0Lcmg9U%#R=kJW9ZRm?<A
z+VojX*KuVYT8t|3PmH?rLpjDTcE}U~zztG7jmJvyD;vwAv4$T_-IOhouuReHhLR$X
z^V6ZeO$GZmDI-hcTkqsJr1qLr+wL*JN3X@MutswM(4H>gMlTD=ofs#eTF>`k?<TMp
z8j!L?Af#{?A#5hX&|Nx~v%C%CnW2o{LLp@joey#aj8v*(O0)4=A)z5-Eh9$*4w<9L
z3!uJQUmLLg@(UY1=a|f%F9c6AlRU$uybuqNq1W$oR`ht;pT52DP)(skOC2=ScTlG9
z1YL+>6yo8@9T4Vb##o}yKGmJmM!+X7X-<3!&%6>$$;r+7P<iI5wwi}~P;LW1#wksL
z#Tog%nAGe|2MTzK{q*anx^MEU1Y+Zv!zGi_)XXC_1Dih3!{Sjx*W|+PWEx_l--<Aw
z1L-KXuz+=**+#KI(-H0q7*$5M_^<pw@jR^h7Yu~bbB3j#D6<5yy5C#n=cUV<qd9fj
zA&mRZCE6X#h9863ZKiD2Y4h={>KD{K?ND948u;EAOLfCzzEnlk8QG;Ylt~yPsC5mV
z-E{$!ADf;AIM?k4O3LZa4pZ9Twp#i3whH9h5P{^C#wRRQiTAVYDTWwDE@IY}V?b@G
zFNoh^Q#|g?v4xt}Mk+RLd_-7fuew^PU&!mMAK&FH+&OK6{9GoKpLjp7DxCT;kh^e-
zH@;(7QfQh!L%?360G-C(+T_XZ_CV{9TX@+m{xs4H03bNBe%;(G5^fccWny~mYnn8P
z|D&%R@0$mUHno`vwcjbpu|9nCG2Vxoy<&n2TH{-uT_Fw3k)_6|7vK2QHIx?iJnZ3h
zv<-mtg7Qc54Q}G8FoaH7fJ!Xsxa)%bPOJ|BU1#iX5+C%9AGt4j1ZcVPIpp|X?3FF=
zw%@uWK~^Tb_LXJ7R=t~+Aee)DR)()S_I`4T+y9cyWOMPH^&hbbZKjo&e&FL3LJH6;
zo7!={@dh3KX117@3~gDM`^*?$9m&vV5M!?Fn@&zqdO8NsgT}WwuN}!gUIjX5#*Sti
zj)qK4PhEJ_$I)ODr()=(U(Tl67{$>=IpG(Y$u@dx=-nGD!89}FX1Fcw!B0TKU-T;&
z3_0KXkPaQYx1DpvH(YDNa_JT?^>)TmtA~rMQCN~AoGxLEfnk|u7izKOY&5K_fAdQ+
z8uyCf7BFZ9bt?nUGOv?wmDSv`t7JY_zYpGgt`|e|%L7fc0PSb<R+GsJ6K_vx2b5Qb
zxhGwBa4uKAssm5G+_2{M=1Yw}L|b7M$Cuv^Y>QShd2)*$kuN%xohE~#h>MBO`dC%D
z-OD*@^o_6@i&V<HSp&Mf5vP4$Syo*jIXY;ScyJp`vC{Jz&o{rf3CzT@v9CANcnytF
z2mgBVFmw0N@cDC3L({r>2q8pW4t9(!5p$NTVmHEcOBL7>P{meHL8UlL)ovGwQjlTd
z;<?&e+$H`iPBO6K0ufealbdLpGR)Y?JE}NVO{3ZgY}ALJ=Xotwx^LS_9Z%g=M^HF}
z^GaegqAE_lCaEEqthODz)7uk!-IVkryp>jieq_KC)DJuW@ec3L_i#;hgn0VOQ9>gK
zq84ipw7F;!Ucg<{Q#5|4tW$HmlC)n_y*rae1*<g)Wyl4ESJg}oMovM|6?hK%zQnA-
zONtnWU%^w$_PfgB#(oWGIdXP7f7ps;bTAQxN6dyS9yW^dSp*i{BE*F^(jA}M@%1aD
zzx?xP5F?LY1r*sD6RdcK1Wl`SSR_BU)~`2nU(|^5fQ6{K6YpX}@|@Pd#+`G(tjq?>
zVW?GoQ?WBA1eN3M2Byt>p3VzzS#{MfY>)e47p<JB+Dv5yXwrVCi!02hWUg?$;&PIT
zGvp_=jK8fvDgGo<>Jr(R=t--#8U2>uC8o1{beym#7h%T_zU*=Yd>I$6Gqz{S7@%+z
zhpi9+17D@XC_@qndLg6V)I&m<Bh)5lK6w&)jM_t(8Q>w3gr87?cCXMiJ}q_B2fst7
zY~e*H!AfU1R&CxH(drw2vf`;2w9>hExEwVh7cIwltE*f%8=gohw5hSUps(*k=P>=P
z?K0?e6~JI1ZSY53-(8dnI)vY`Ff(7TVC&~0f2pIJkGpZ-HxhE+NA_Y09fNEUtBA>L
zd$5ZaI$&+~xggAcuS7HZ{3VuF;)&8uhWXO~y&L;3^jw4nV-_r59i{k8?QDi8|BE+$
z!beAIScu`+2lC6A^aJBh^4P^GjkoAoB7P!y2qm~T*CIXG<(AGMB)Ov8Ip<^Tt&C6f
zHc2rC9r3ATdBeLjmR2G-qle1N+Ec<?<9lErabi9t81ni6efP7Jy?c3sR491>qdWi|
zliym3hP3^(huaN43zBJUgx=O37*u1MQY^=q+}0f?h6`BB1{%FaCh1zQitp%bV9Y8d
z8vV6<y;lqQ;-eNN31n(D(;Um_H`AO#M|iS2Nb|iWE?b04G_JFLC!bObs!y~W7M@26
z+WLDSE0C>vW>wqkg3z`uCE6$)3bu7Z{2GP1V<#|kzEGbJyNfL)3pNdust2%1e0c#7
zcGjTxyLyM6u0FmvEu>7UnzY_kXvr)w(9i{QG1m9Vhm%@}O~=tafq0-xoJpt2rhpzU
zLkccdF0b&sUL5VK2xpez>;P($2BxZIC*F2H1wzJ9dyht)B8J;a<&`>p=v};BR-aRf
zR}1pt7DGPjEd!+Y$p);eU5H&RLhGcY_@PxXcxOV=$2+}ttkd^?20;yF8l54X=|$7q
zd?H!PsV?O+M0|>6oDV!{Kp|&a%dAGCQ58C+zUErv|1w$jpgSpDW#KcGJd$7M+o%Wx
z2T+*wl0azmVf>XuoGzYNPp*001X3&k{h#Hx-)s!=PuAQW?(3+tappDo=%>1{&9~r)
zR}0#^P^7dkHBG+qylf%G;P|U#u@_bolLaKarT?I53a(p{D2Yz|4E?R|d>e6DcCvDL
z(DiS7osO{Ip?InoIyplPMCO4e@8mQmcu`s<n@_L_dGmcQ=rBCccm0g+arbtUWUnq*
zQ&<c<qFcys*}e+wj@gINOPLgJ9D-_aa(kT783-+bB^=VpcHD^Z+K1y($@dA~6F|pE
zY<j5Mm6+*<U~<UGUv^kutacI5biO&Pbty!745W>hkN9ojLTiCM^IK6uy#AdQ^_l82
zy(z&PNtVwq9&eMqk+dYRCT~Y}&wtk_DNgaHHP8JI2@PER<wqGgK)bz+fGeD6_F`@0
z3_Y&_B@kWojbMf)9GoxV*JT=~VFHr&Wd;NyJb7?Fp>$hDMi9u0P-tB(s)LM7hZXTN
z0<yo5FqLGdQdG^>EQqn^EjqoW8xZB*OdP+iTQFB}2mM?rqnY#Rs8>rR(ev#>zS`bn
zQbZt*_7MC<W1AQsF}2&Q<Y>kPH&I)m${7VH+k<NAc#;itEl9YqFoptjv(%EaW&QKv
za@(haMTZoL_?hTFR#I_v_)2wu{a~+#I+yi{oVqVAo-b;@?hB9)Z2q{JGg!X^*%(@%
znBKSWih%_>N)}6NZI5iwsO>Y>fl@$9{M+2|7e#J!^|y-mm%|6`El2ma7WdCK-NJti
z%6_k#f&bC&{vyFgctd_+?EdVbqY5;z|9cW)fv{f;yFcq5a%j_<wf^1XTr{{D|6Tm=
zGXDED{(&3<UFv^h<NtZ5>@|YCO@tmfpSrbnBfib`53w><4>(%??flij1+?JQ;an=x
zU1-ETkoE|$KKpD9qni=sZ$<lHpOG7Mp=r<Hw*fY_Y2=7@V%FVN|AD(MuCAPXg%Vc4
z7|XiGw_{utEbwi4+t~a~^f_r|R53N>bjpYfj_d@G&gLr>akNvO<eT?W*x3ByAQ!h*
zkxupJjhG~Xjmx*!7lAnmuDIakOSPgGU3XF~gWdvF=RURKVC?svcIBtn)4zAQsJATD
z2CgsIoC-eM0}chggi2tLi##u}TXW00aB^*5$m>(prBTsVG97rGKVyg~(y<NuKb5JE
AH2?qr

literal 0
HcmV?d00001


From 6be9e37f8d2835d2bbac07b9fbb35603ad7fb629 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 21 Aug 2020 10:28:21 -0700
Subject: [PATCH 63/66] Update edr-in-block-mode.md

---
 .../microsoft-defender-atp/edr-in-block-mode.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 6b15d36a5c..9dc814a9d4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -29,7 +29,7 @@ ms.date: 08/21/2020
 When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. 
 
 > [!NOTE]
-> EDR in block mode is currently in preview, available to organizations who have opted in to receive [preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview). To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
+> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
 
 ## What happens when something is detected?
 

From 9a9b4482f78eb2241a06ac7ce0560c23f5e82782 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 21 Aug 2020 10:33:56 -0700
Subject: [PATCH 64/66] TVM recommendation

---
 .../edr-in-block-mode.md                       |   4 ++++
 .../images/edrblockmode-TVMrecommendation.png  | Bin 0 -> 148059 bytes
 2 files changed, 4 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/edrblockmode-TVMrecommendation.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 9dc814a9d4..c88a77bc73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -28,6 +28,10 @@ ms.date: 08/21/2020
 
 When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. 
 
+EDR in block mode is also integrated with [threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Your organization's security team will get a [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) to turn EDR in block mode on if it isn't already enabled. 
+
+:::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
+
 > [!NOTE]
 > EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/edrblockmode-TVMrecommendation.png b/windows/security/threat-protection/microsoft-defender-atp/images/edrblockmode-TVMrecommendation.png
new file mode 100644
index 0000000000000000000000000000000000000000..42273cd0d4ce2cbf28acaf3440ff3490435ca5a2
GIT binary patch
literal 148059
zcmZ5{WmFtZ)F#2*JutYFpuyb-_dsxm;KAJ;26qcia0d6_&IEUz0KwgDdB3x}XV3oV
z)7^Ed>z4JE=ROsssw|6vN{R{t1A_sSlTwF)f!l|Hfh9ynd@uPT``q|`LvfPRb%BAQ
zn*Z<m0H4#C3j;$51C$ci^vpT#^2pKGTEBnm_Oo=iw6gMnICxW0g(YAkcgdmbQi)mP
zNbllEA;3%fVXGz->Zs-o*CGr=6C`4a3lxOX(k`3p@#r=9dAGT&p2Z7xEQb=_(?znM
zE!qxFthL>(xj=;XecPX-pz&@a$qXuaLSC1DNB{T3^D6e+I>!HBEOPoc?CSrm_FjK~
zGxqt+LF~V;eb=1Gki@Z_a(p$_{(Fb%n2ZXhe9qSUpGMyRmwjIUQ%y{9&2x{p;6HKD
z9X?QHBmBr@{6ibZdl%lK6mxnuz5_n4zICk&r4vnE{U-uWDx>ZKAO6E?^A+Lse}bxT
zq@8_5%!94e48<VH43Gd=AJo4fsIjiLL%bD~?{vSAl2RTwi8hX+XJ7ySwqm*yKHF@c
z^b5b#W;g5#3kPIYRKeV9oY31VE(HvJhK?p%^-xE{0+jlp7suejeT4sHJtMI@V_B{8
zG}{+3qLx@#z=w!)#}lbxvww<lWtR4IO|j+<Hd~bgKbN+BX3N=spFjxGfK;z9H(4*Y
z66M*-t4Uw8JuOg14c}EbhIK!ERLJX=7X<xzq{}*9`tx^7c3|Frb5Eg7Kc!J>Q|Kkc
z&7)k}Tm#65L=;xkqzZXd*<_hF=oU^Rlb@Vi-`v2~-2GW<yX*kH_wDaPAdogWqcn<f
z56#kdX=!p&5g!ME%8?I}Y$eKN$uD1`VVxDtI_~vB_&*WfZ}BHsSStC9H-hj92)6k!
zo9)dq>1B9gpnTA6!HNoXLql;dFNAdi1H0vC#9x}Iz@#<kh63E{+p~|+`R$_9(o5w!
z-Y38F&qWSC@M;r-_?><qH-6clZJc)XOc^$<IKzAZCf!~>I&PM>@ICmiYzaV}$xbac
z&a^fP)*o`c^86HeY@a{wmkIey`e(PiuYUtWFr~3Bk2g;?(a8H!Ulmx{<$+mafEaPC
zy57jW#@PMrb*#2R3;I|0=T9#q;6?@O7FO2r!h-rlx(L=HcH)6%d*074T|5#Q)(4|>
z+*y24rw?a-gEjXwi|Lyt>80}oQyJ&Efo6KN$xN){uVM;>Z6`R`@Nx{M=$M#^V;Rtu
zq^Rt!C=M+%4pg(z0(fyT{LSulv*1QbzTzD<M8pWWqanf9z4euo_SI5i07)-*_1(1N
zX#=+O-GfSJ{u-P&<ixv$2PzPqpiIYs&c%BhdPjf%H*a~h`AOITGTh*_zmeK`o@%9X
zo5S@#n^`oKx7ztk^4FIOvWG8M)t<JJy*=ai*Qfa>``VpYAz$-^o&X<axtUm4_J2R1
zC765h*2)33FUoPd1e@#qU%aU=&<$(T>+SPl{<SMR1DVhWKTD|1b+zQgqd2tJBrDPm
zvDuk7&?W<24P>$5(fcVg6_ZBIZ`;I#+(m%es#*kgEDXoHoPcb?B-$by(qJ<huaF$q
z%Zn8J2aZp+wLHHa=QlW7Dq8M$K8Zk3=3(DAABg`-W6cKw;di!yyO1Ikt~5h|?E{P|
zOQ}g{5t!?`S1*9F8JTTYpd83P&A<_qIB)GOynWxiC;un3G`1{dp-l0lfpw5y+0(k#
z6mWpuHMoG_`7GYS;)fpz$+~Cq>d9)pW4f^eset!_SkkWZr|As0Cne!MK1ZfTK_39u
zg+SXI?*bAgtSngot_HnU`)HG0h$eHK{h6V{<B1R(*_!*&0se9oN1pVwvmNVx^`TnN
zWQK8JQa^R7;_+?H=HXJyJ-g$tC!M;xk1<{OvL2h1ySz+KQ7xXbchW{Z*-kshuTBh%
zUYig4Pg!?IU+x@iheP2uXUSSyT&_A^Z(m+d%|IPPQOI@UPSnw-BKyKQ`~9WGzGcoY
z;-1l`&L7C&X>GpB_^i4Qb<yWyIc>5xL-61izahgGQeKK%POe$}P6{+2sh3vs9T#?a
zUtzT2`f2VsuPdUTjAQqFu4G8MX;J9MTZs_>)0aKVb^(v`J}#B>zYT1rI(?oaYZ*cY
z+S<Jnx(#bC$CHE7YP8vtVC!k|9FJE7#qZXXsq)Uh*V?KC?u7OrMu9a)6B+!;4G{ha
zi*d|B?nys^Wz=9X?M2;}8;WyC1YmniOV)%~Aeb>ISDH1e@9y*w4om3V_K+n+Q#lXv
zwcDK>X|iI7y~=s~<}~eP{Z07d$wNRp<4@`O+nR0h4J#74hsfsh<-V#ko*H4|i}XaE
zP#h)ZZRjSkcldHd{shI_BjugwIXjl<BVWL4za!t-1OYx#c}*Q-bcexaZXmq6O)eC|
z7hh}e3ZxyDO4ABmlWMbiT6b5mV}agCk+jULdirtc)LmOghlnVS`)l;X+4|h_y)A|2
zPOjVs-{|}GlM9`16$xFBK-b)kcrX5u<mjUWt*=l9UZuUf><xND&ZN}(c-&CON?i_i
z7oB>4MI^|TULcI|8K0teW@Xr>-#71*#C(|M63|NC|1s&-a&=x5|36n{{+bL2W?KJh
zY<>%X>s?KIKTn8kiD^m$jO5&(R*Qu3o_JL9qK<P5T_((idrb;?)%=seDx>yEcfMM8
zA!dIBx%R?#`8p;)LdT|@*{c24%Q+lN493>GZq&Vf=;)w#TYR7nz~8BtAkapODxl}3
zfFg%?BO=`ZvdInp7amq>W2|THx_(pT8$XtWh2`kb@HDY(FYF<@3HjtqhAjn8hFj10
z%N0>tON}5(lUi9Q(J7Vcc=N&k*pEm$QBgqp8!r<h<8RIxT6L08EGfpRIDWN(`cH+4
zYUpUb2qN5CRDhTSMXRAZ-?vONws*s6W;V{PRH~ROqo#(F_GQo6j%JkkqJX^f{_x`*
z#Bc(IA!j6tA$Q_pm^_Bz<KAHUq6tbz(f~?upbhDq%J-kejjm_7eNlySoS9q4T9thN
zeh$KP-X5}4@!fEP`1f@30#0@Fd|uyG$fM4y?XLXF>Z;f2vX!dVe6?;{tpFU7k@yD~
zq<mKqx&W`}R+tO9Z~_)AD{V6l>_G~~t$8K3i^1{k-(prQS*7hUvJ1cK?XjhV02srZ
z^<?ZyaKNMsPvL(D+@%)rwp`pwlK4`JTrnoZOKEY8<JN|3g=WdXvU<CZPDcw5zJ{Fb
z$`^@cxHfv@Wo)lPG#t5C-M7NsLLK2OY`RL0K!k#|=22%msV`zd3=^9H9&AeFx};W<
zyGd+*sYU64-}AiBfsH6jh$IHX&SFUxLRsM!C=(fe$Ok7_&X4?Gci3ur&k`dCp{KOW
zZNovr0BF`EDRN;XH49^OaAZj0Jcm+@D?Lyk83vcQG>jHCLpRq|W>{P-&4N2V+)VGE
zE}k9Q?2kV}0DRy;Gb`<Ue^bkI23>0Z+C!0EJuO>F$>6<tW+RL@b6n!b-{6XZG2B8J
z8SP<q#p9f2;4D5T2^>&6fevRJ{5~yOH-Tn_*)@Ah&8)FO+TG4KL?bfZFflZr9}(ZW
z=FD#fjV$@-w$#M58})U9fCBb~-@hww5l+uKmwpxitvd94uqjW?Uw?p0LgZHdUaX@{
z!hvzEIMg%-SFtCqX3pCGyV2f*Y?%^>3#d((@=Tx+ai-;6cfw#G^AOUV?cG-cmZ@j7
zdE!dn{2ZY!H8Ec10oj|-?A&+{eZr*RQIN=c8UBn#NM#l0RL_d0t3A}Owc)QA8)noh
zk(qGCh!Yxrwr37`^-iYb7YE)>`3d@~o_4{ng5ATkIZ8WMh2I9BY$~Cxwxg}*y!7QD
zgYo+Mllr3|Xe(rWs@m4{)C1bfH<dx?Zp7{$fZ2SaxCGO&8Q0|XwRQP(Je|jSlDnWK
z<jLJBwIvqi-`TItA^5?1f3Lg!HY=Uw41%c*GfC0Yg4Cy_W_u~%%KRe5tk+5^i9w8t
zv^@=1>0C0f<l^2p^ht1eW+sS{rRH2f4erXss_)5C4>8<^3Yj{(qW$W-L+s)5@qMeB
zmPHG{@8*|5@>x*opxACJm*}Y4IH3tW_0PxiNJ16SN91_nJE8Yk#fLwB;iezP$IW!j
z%0wdX9U~a#6cCc|(nYBi@}j^JT@4*RayGMEr#Qaii6zlP7mmYaw75BZv$QlId4YSe
z4l<4Aj`)K07PoJ-9=vzcWz+rc%o=g<G;?befx+MJZZL7A|13AQg=N`XWeQe@E7FHp
z1RbL|EhWlc-a~DdrnyG0fxE=vdQHR4_Cf$GEv<PujWWe<e@9XiT|xo^0(?S5uiMPB
zgVV#pPH?cQT4a;0k*Tc)-XI-asKj7r_vsfNJDnaCg+Iu_fr*pg=UA=#h#5~>65-k2
zm75d%l=-?tjr62-cDYe}HZ0L|6<1Up|9g{x@GKHC<sFuqo%>{!{n%L*v)5SfW)C~7
zJsd0c0C~DAEa9|+<cg*H$D;{-Phu8`KsFTgP1#wj$VZkzmrJ3%^Ics)px3i17T?tZ
zK}vdZ$kZ`df@!HN5Yva55Y;Mly%sxYN~+bB5eukjV85WTDm?lU_-;3s@rk^cY^-S;
zEV$O&L9D=xaOK_W5Pp9kRZr^`A;1$Hg;6W4GG0EwZ<Vif_Gq>IXGI#Q1;+yEN+8JR
zOQW7IXsQl_PIYG_#|tC{tA5akt|YNr5#!Vx*R?YEZNoqz8>LcQ(nRj4Mo^aTk13rt
zX;N1G_ue8#P8#Weg0%Mse8or0`om{5e$xZr33C)#a?z+S@xo)bQ&bfUkeyC6ZI@@Y
zh;3T4<A2A6lsXd#l~X@|w&u+$^AifMDBT&u>N=ehAhup#5!FMNdoI^0USo+2*X3*#
zSkkDI<t;Nj&I|NCx4);cW+?fVM{HZ;_BS$BI{a;HnA*P9P%ds&HM8xQVt^P#B>)P#
zd>FVaA-mUHkV5+_7UEPi9j{BZxdm;P>kEb?CFu+v7s4OSF{3W=JF`UjN@7VDNaN+%
znv+R%3d{9wXcw{KYPxXwFUJUtEltUar3unV2CRFPi|cZ92KvvVZ+pv&3k_~p^oBlu
z!b~XFRf8X5(p`EH_8VM#$@=_Gt}((hdpt?<`My(`*5#pT=PF5RCDb(AM=Gf7AI3}-
zR?$k?yCKw%V1FVP<UelJ;CoxsV$Bhba|%G}k_2Lk-b!KeTYvt7;lh8BA#JCBhuBQJ
zOOzbX9!!~_e1_UV{A4#_;JlF2Hn*Uup{1n+WRzni9cs+E$U$}t>#+GSuB`(;X77XR
zGIx348H(SY{IMeI2IW*c2eYm=u`1QMgS={EJ1n9*(9*!H8mg*dw7BbZp~{{z-^3FR
z55LPR$WKdUYclVCYuS(?Nq7ovNluYg8{kx;SIP}DwUR4!`wA10lQgK5vWu0bW^l+r
zsIs+%TA21pRYN1f&T2&7zf|RynWqz<2jr{^vXNK+<iS{*HBgnAEJs^dJc|gXjYC6d
zw%EqNSJ%^1sH;m*Ehm=#Ay>u;-6s}>W{d|FbGS_DM?aG$POD)Td)O@M$YtA#Yxq%>
zDpgS7Vwef`0U#z={3eR`5Mc$aE48m$%G5aGnw^^3^Qzy}70b&rR2f49L+GsM78lg<
znW?w#l9Wq_&hCmHF}v{078Eofs)mAbaHT4R7ULhUZ?V|<_#`Z#it>J#f)RbEPstjl
zC)It@T3Xy%>uj)R9fqR3Jc|94I$v^UA^Os(5K~zX(L&aaA^35Vh3AqSw>_rfJ~;Ha
zA@^N^6^~D&acpR^EKo2@t;xo<0R3XB^Cp{rU#WjKR7EJKV&yw#7FTk*kvEA(Lc%RH
zgBvVB5O>w~d_{C#`*a31f`~wxgV3#N1>%plw3~0F&KbeBo~9Is2p@iE`)H_WXo^Nu
z*0zySEevkHzGCq>IuzPm$spokmesZ=gqsE}@;XSSq;zR7?2cX;V#D*Mbd)xyg@+HV
zr?eNcCP&52EEAPFuV{91E}4xP%!(~Mn-{{-Vw5woxx@{{dcnu=-5L(%=%s~ip6ze=
zoNljaSzYbKu&L^+_iesj5`7kW(|^5>*u+DI_dK4Ky}y>OY&$9w6`yVN`~C%K&Gcjg
zW}0{5&&GQH3{+W?({v7^GeM<6;D1-EE!IEBg}<l-b;*ClZ}^U2XGE~sej}^zf3a+Q
zFgLfTN_@@rG%|ZXw%9$Y7Gs$_YMvP|A^&<e+~V?Q0@amnB-N-Vu~O892W57AvHQyJ
z_2^&NHCDXpH%*W%<i}cB?caruJ<4H5eMX`YAG`1HrgZCb<fsoEkex;>8!}3P^p(&h
z%ruj&6&d&K&w8k@Vv#d5>cJv$APh+22YMB@f^snE$nlLycB;l=-#VJ5`^H`y;Kz3{
z%^0byoSpfb(R!<0&;R$YajQSPIe!Z)9e4Wh(hJJPr@nP%u^GA0X;EQaDf8!N*SsO7
z`X`F*vN}9ny#1IEpZ$ZX&~_Xx2{Upikg9?8H$wCkrGfbiwPnJQLt8EsGc#y6GACd<
zz-4}yNF8t)D{8B&78!1~b`!yn>Atq#di3T$q+3Q77Ann5uwSR~)ny#xEhL4Edaf?=
zY||Mn6)bJjuYY>qWAtNB4NdG8yP{lN`$*TXSDK8k31rPG4xJ;>cRFQ8HOK4t&a>}#
zi`(7mO-Gj%Nm^lgV<plbHC_oU<|J-ELbNP~>U<~Juj<aAA<|A(wBXwbu62IwomIO=
z1{EjF&(104jWq%ZI-mD_4x&j?Qd8ddMDS)=Qe+wbbMaN{ZmA=6sVq}oW5U_nIcBtk
z2&v_S<&9PCPL2ka>}A?z8=HTe%M@RtIcu;<)>fd!vbj1?neXjKx7)l$am162&_6kc
zr&Ek_lx#1B_`Rg@?g=JYirA|1k)-Rrp!|Ka5K3gl?>T+{M%eplib5+$`5z<u&*f^Q
zA>0^u5HL)OVQI+Gid_~VAEHt=ZvxLJsUZ;WI(&SfMb<lxWRd~ZHXeSUEJ6?^9tx#b
zOJZU{p%UO}=AttB1vOsAEKo(Rr9UZU^jdY<sSyVsnjAL%;**KCramx~HEubs#B)(O
zew=8+RuLM?JpVY}tfqy5Lr<0*BLr)=+WS>!Ajb=7OAQ~!Zv3~NrbK_rFZ_ouv6`_p
zH4fN=>opdux1qLe%VzfDS?7Mr*h^4={_ao>RG+0w!a|zkqftP}v|QQ>Fd4-fGfmji
zp8En(GKFA_w$LPrBxGgCMzN;0uil^*`_8wfEXBf-iS^eI5My>`1@uWyCyjsOlp|;p
zOy3xnvoq)pf$}-nkOoEh+3lUitUpohJDlvOs;VoQ`O!)DQkI%v$4l3dAtS;{_0tq{
zk)Wa~AU}TT+eYr)k*A-ZH`d#`*LiBCLWT`CGl@pvp3?#sdBF)jhRc<x4^T^X-i}q`
zFG7A-j&;Bv2e@S45q|hx&mqlbRr5-_`#p5GEO)XGF~*4-NDYvj?yM5ncYS<H*1ykG
z@VHW4`I<N9kn}ClT&TYyMnvJqDk;G8J2^!3)+5jJ!Y$ADTt(<*hS2}%$md|r&)5Bi
zWXb!xep_9wa65wd?>e$Hik9H1eZb$>;d~m>xVnpjfXlLoJhO`=GwfMlP7bbDzUbN7
znyHuk!vtOWpU%A&->1^m<+-^Du{Y&MpAN4}ik{s=+nOSi3kIEf-_PFkaDDJ}#_wna
z_HgqwH`WgaVZfU&D_9Z6r!Tv1^;_a9@3FVW+S^LAQc#ca+4{=t0e3#%0WD^ZX#Oz3
zFXg7TXG%?$Vsd8?>FV*Q_NumQq0W3%9aFbC_V(5t;B`-hueH9<777h4jeLHL$9i{S
z0um8sKk9g{9oYHbGPMif1@3M9v?zqDw~m!m5s44e7=L)A+Xq`3puHo5vYPz*xOE*Z
zPW??^XXm*3C@2giSBJj7yF}?+DTKsw{`o4o%}MQ|UBM6|`JgW&l08oZe%rJ^bcIC)
z&+q|nvu_vGdS`vt@DBlZuXzOf{vbS&`rs{_{QaHaljqBH(SiU<#lao3O#QOUtE0Dw
zy%k`}E-MD!Df((NyAqO?Gm*##xg+KnO#ZO88}V+h)%DJeX-H@C)K2jHu+xfe`qf&m
zmCMTYV(TkXi_0T{s4>t0r$zsPAa4Uu>OMsM`FY|%$bY_;!}Xu{<(<CIa4rA+KYxF>
z{e5JuMXsAb$?|L2himDt4c*n*P_}2B7Q-fVVHT%*94qzDSQjT9XBJP9gTS)auw9lZ
z=*5u(;#Te5YjnqHcl=BRsV{(J++7tRo59}=ji&mj^%~4}UVR1_lDvD#_~_shhz8Le
zHHKLFzg`)s{cvJaaA;2}iZ_({eu!F;lAGhPylY1xueOE9#3~HZqz<$B7Fif*vAWbM
z5o%$s78tPhM&$4~EzJE{B)lq5CPi52b_<To^^_n-V|j=zz?sP4*Ef*Js}!c-p1J?)
zmiA`>8`OY~ec8slP^Mos)T!>OeyD}8^;5(ZvV)wT?2u@CWv+=De(a9Ma*Iwv&brfq
z4J}UhcirPS7+llIC}R6HdXAPax9oB8qDluTVX<qzI9R-C9FDiU`T;LD#ACF8&MUI!
z?q@9jn@S_F6MpwgNerJ`TZH)vtXU+*hATlflC(T(7kdGzcwRh~+2>eqdPx-(-cp;{
znYF(9vfRN5Cb!N`3#7Q&efGBI;MZneYZC4ZuG*kmd%aO}CDPK#zUUijBJG4pTHqn<
zP28+aITM}G()h>KW)1E2-^Vr>wBdrw;A%KM^|iR&jN(@u(+SQR@0Ym;ZULVsXD0>a
ztTZJHC364y0zts~k;kMn8NRd(0-}#kWadw1=J#BM4{CX3wKyl2tH)gekA1K-ou;<7
zNwLg(v?Y#-ud%a;ttA?@#F!`*-JT`jn<eM?6{*yw03Uw_yF$!)<~>4i`SiCnUT&aJ
zv`|AsS3=>dC?@J|0p&YPv|g8J9;XUSaP<%cRjKJ}i8F3l{OlppIN!NrEEfq2$^+0=
zXN--ZvTMAj77`bf%qM02>_3r`w72_=nA?w49wHMU$jOBNBPTBCY)|Vmrn;HmEvAcW
ze;oZ6#_6qqWHUR4GLit4At5Ijs*4~&k>z)~)kKX5k1S^Wen`rQ>UnT<K>dqlZcZB)
zn@clon3xQx&g+GW0G9fChnbYgs&#|0^o#FRmC4&Kqq`Re9$tQog$d;mSaO^*-V;{r
zSzcKwn`-CX-XUkndU#|zdPo_qi-;IL)P+fg&n&@QEvyzD9ZiBEOH588lR(><H1TJP
za)h&+I#O2l;CKn-fU5YbR%R@$)UR<Pt817CqqE>UycQ)1iPRNh0z8`9oRb_E*(7d~
z`6H{@8Bf;PZzOU-)@W)OYM>qEXeZoWQfe3R3hn3azf#PooK+8tXna3DTww_X!iLw!
zp%*g1fO2imM65$-6O{(bMejX9g03HGg{CLl7${;kHYW%ceaUHZP23IWuC()}7J|?t
z00F3XqSx@kG)(x*7}HCO>wD9hd4B&|mM+wy6(mQJg1;uSgZr)J`DXz9Ot*A}jESQI
z{P!s?(=v-LkQdvB!?!iDr|>e*=P-Irl}I*2H~v+l?tDRicZx;dN5zHCc7pXW6nTfD
zjoB}vHF+Ff8xwh>xx<nx@Y_nzfo4TtX=%?A^bkQ0bt4`)n#=)2Dcume*o|Id3>QmE
zlo~rOOKRsk;=>JwP=&HtGOxMm9N$Y+%c&e`Y8<O&u%xc@p$)5%Ki`3CR#*(7^CQXI
zAdn$9)`ZyMdCC7DrLLBZ&#ui1?qH775Cgx3e<V@9Pf&Scc7l@_3=X?uHq)-SOuxy3
z!}rq0DqOpW#=OBI8*VrE#5x4j7m;X!<b`f=L=DwbBAdfQdWQ!l4WG7~(j(8d@$EY-
zp`m!kXU<(Z|7XjL<~(=1Pm#lsGhBb-b8s^B@r%Wh6Y*1bcGQD=O`i=3WK)=!nfe)`
zJFI9RFSWT1DYSUb5*nCNa9OL53G(tmtiw58RGarJUj}%4`m)jusdThLRPb={DGH2H
zG{&^hW&duOL3Y|5eF;9T4~s5#hB7j3i9Mx#j+UU)No)!PQA&8JQ7uf}pwp@2BL;KZ
z1K{n<mqTQ$5G1!I=F=~mYW0Vj7Y+Bqh>V86ZXtoML9tsHp$UTqE_pPO#WOaB-j^S=
zbNyjOpJr!seD})uOfRX`Ib!-QnMDF7-Fy!RB)x9laTa9>GcBefayGCZpEytrdwL26
zHJEm51T);k_+Ms@%xY7(1x83vuL$g5No3#WN|m2=*gf>y$hd<gTKC8PfNxKT7EKsr
zKDS}CGBUay?ilhW93Ts77Tltccc(7H>r(yN8o%G&i7eYwD4bzykS60kSWEvkwbo_o
z7sL6^N;)xsYyf&8VTnZ3uEhQmSB0(~1Fo$uL+m$}n65LjkpVe1iTq)y^ZeV|2nt%+
z<&H~yJ(n4D+PqLw5*<q?R008-R`_gs?mS2WK`HR=^!$=|+D#>7NRezgVfM|QgRRy;
z;b5YK8y_X*JrXteJDA2@s**1ulx2E3cd(S!8|xL5sjD&3TuN^m#XZ=hq047Qnr*0u
z7KBJRY4dv|%fY)Le#vu{K;!h!;;O=sT85@Z(3TEyskEB``G@%5peaLipR?rss3bY&
z)IuM=zW4AoV?!sNS_ioz{?}|N_QzvWK05Zc0?cWgb7s!<+-f-l3(fR&$`RBX3=F;l
zHPd?h2FwgBnWXMqILfieBt=G@5vKr(pdHe~${3DV{U#hFDImSTQp`WLL58gN|Is>H
ziknPa9Uoq|sIw4$l{<qI3ge4<eSK@P1dAX|H>aJ-wXzwnsXCUk9EW~(Oq)iKA?$)G
z$INA^%zy_lcA^bFkkeGjl5vX~0)a4n2frv*a}J;f{~s;@3xkl5B6F&-6L;UaYKD$b
z?})LeO+P6_BxcK@lny9!<;ii4-(EmdY51Mt%TBuMH;?NXb~n-rV=f^wdH@O+nKGx_
z0_%Wl#?&iL=~Pabsa}faqK4tIRb4>f*a{Gzi1A*bGE?11#!&?eTnm#g+bdzR()jD&
z^oK{8<o9$E#;SYyuj--^1};uq0G4RoBx}&+_ha+WDG+(NAsb*aBx5}AQ)Ho@xHNt}
zIdYmNyX}-d>Bo=20hziXJU9WUAtFV(=$%2rC~YBMY1r|nfsw-+!3KL1VqEDkQj}HF
zP4m+eue-n1Nj0a7qG|(wxVXt$V^zr12aR5zRd~Lf{cS(n5dTBE6-Q2Q)VilVP+$r0
zyF{U$GN0me$B8O_B}8%Ee9LD<rd1ahC*lTgQv~c`#fwM^%=GtTi42*=3r}S+0Jamq
z^5CFjT;1oN?S)mpux5Xax5%t%nG`uCa<T|2=q8UXoskO;Eg3GT%ae>3&Bt);l-ItZ
zR&<(PZ-ET<auX0v<&N3bcA}epDS7|R6vpc((Ub5Cf9uKkozRA78Cg=+OzV7$O^gW&
z5M7)=+w&UA-~+gS#0&nN$NcTX$A0Y$eixoxrH{)i8)17l+cyshRkXH7zBnAJ;szER
zG7FyLUQV_6Ss*BV2kF1FcOceunh{*Z&dn{wlWpN-4FgPiH*-{(iZiRL9h+k$e4sem
zQQBmhwY$ZL`=PQa)1Q9ikj`^zgyb~1HgkE*rND|YJNpCZtW~<x#@KA@6GR34{09MD
z*3<z#hq~h<%7^CLGX9Hm1R?I0=r{v<D>7%~4LPJ2Z6^8F5J$rY{<Nxl9?|<pc}(9+
z-DZ$=j_+Tf(Cfc%*GYq{x~-A9*?B)#2@`%afek#Q@l^jvQ2&sVkncFf#5+YL`!Ek3
z<S}CvJ+SNcT2F24xu%5lwC4?K#lWO81l*bBZLFyL{EdWc4ko3pdCF%Lusc96V#KW#
zx%&G0_^d4-6Z0n-hnbX!2AR@^x!Hn>ne&|`fVtjpQe2^t$zPJT*nEAlX`};#oM9O~
zeQk-H_uKLG8S|4Q32G-ZD3wZ8A4z8<=|~`oi!i`MU7K(xa(DPVKHwFNBblC5B}hL~
z9tp@1@?~xktLMgIW`pxNYvfO)@?fk6-^CgipZ5ZV4zKY}r6?@TS}5<|5-=E)RLF^`
z;~jgn!gMSzK^qMVYU(Im0o&P$%Ork*7a#b#WpyIzKU@~ymY2<DG}=6==eZrnUa&)1
zYC%&eBGb-$aX+i#JRLo+|MXyT`g+uFuF7{>oNDKDN{7e=>(4RaQQJW}2O|<cVNKoZ
z6^#lCWJPsIqVK&Cbz{X-OM)R$yVyc+!Wow@_ReZM$mR{=jf7N!8y2?`Ts{mNMB1-D
zEHRLbL3h%qVf!1;zoQ=D&uMGnF)!$}yP_0anil^euv>3V&b*nAWi$p|b7qZD^3kVN
zbF@_jrsoBuwVEUyDAapC)Q3t)v+{W|Z5Sh@)fhWkBZ)tZv^^{7%h62}{He74{;Qg`
zKS8sz;`c4cp+$Yru-gT?k4J{s{!MOh+`7Eds=|7jsDTNSpkOI(DLUV@C#<muP3?-k
z$Qv=KB|%PKoRcaWy}`v8hKi456nS=eJ*I;BpLZIwoy?=py9al0imHLjJXDV)mOv6C
z{^c6|0$y`r4yUP8CrUi&`<Lz<q)>~@$Zt3wCXHYA$mNn^6X)MUd@7;N<N~=QCKpT2
znb{#H?kMb&;?BP?uoZHwX~m@`oF}V1W<S-5FK4H(Ne^O2Zb8bJIohCQ9C};gVlIJp
zXt=gHCzIl;IQe)?!qvc%g$*{2T>^es5?GyE*6Ldj@b|uKz4&6oKW$uvOI%dKLIqVF
zDxCANP*n44*XX~hq9HUS@<}A95_EidridLacu|8KPmhe{m^jE`$b^K2^2v+@QbN(;
zviQ?C=r4Zj=3pN1U-~mH*2GI{Q3ART=0+TYC4&Ru9=O2bA*c|2xNqy2OU$_#k)&iu
z<Yfj+(Ye~JeHRM|N-2j*`|gFybGb~LNaY8FyDlJ#o1S()WJn4RG&q0_Jmd3>G0zz5
z&OG38SUzt1Y`y{5x*9>FFDQf)nCBfnZ|QEiq-aEJTgymqeNZ+#3l|Nd`4Y^Ezu|eu
zl{|tVJ*FY6?9P>@T({a<8Udk^k4o9rCreSuQHjigfq45<=Fsr3naf;?_HJL699yC8
zqBpsP-va~f&E;(8^?&TPU>kPF%jS6|2KV*p2mkepg8_vpQGL**ou`mB7BuR3jDd&!
z;ENEpB*QD(4y`mtj}QYQ`%zArtC{867Xi;y0L!!LS^LoOytFHhweyqpE2Iw@GHEmI
zzsMRXd(j|55?5)YLeX+|uGqiI^UOdQ@yz_@N<$dSX8Sx!E@z=G<D5*atbZ9iUNb0O
zwlMLvN*Wtej5b|(d!7g1B-03jdnp5+R*l-ux<%V{D~0o%S+=_S#kINdb;a?(o%N?o
zxJ0=Vdv1_FIALK)@YW8a>}pbo&%Kmb!oCy%M%=0MM%_U%wXH#(i!wF$k2fO#whAUQ
zJsv=Qe7^q^;djT5wEX8iD%M%*na$DM&5qRWl)kr(2bw+J6x^7D&fC9dOPv=4?rZ)?
zyoNp`0Y29xWH{e=tM{#V-y)6cuw_$RNQCS)=ldU<RDP^Xe{~vuv28u7(t7rCh0iYy
zqNGOARki%FesXt(F;0~n4SpDXYP&)bmH6}AS?`V!;Qa%K_hrYi2HSe@e*3PcpW-wC
zLHdd^2DV!)q3Le3pXQ3R_3_EWrOASZ4^g!1Kt0cXVVXN(<fNAz1|y&Oa;yii_kai5
zzs-LIEjbabE`VUE5eyTp7M{Z_BG~rQ1ANd|ai(cLt+_)>I%iH>Us#U;i?mU&HtRc)
zv!bJe>H2Y$(Z&N_J7;&`nw}U?{#(+=+Ro4jqcvpY>!#{mg|DwzSkE_$in;2&9{#UZ
zQox-91`259qJQ$!+YM@&(LDl4$C)rBk&oxS)5s3)nv3$#cC}v>hwVT3F;#@`VXX9B
zM0z^+dDosN$Gz@LPJ}M|u!-`TBdt!Km{)XU)P{QzVYB)u&Yl4uq<8R${1Y`qZ|Lkk
zAg(q$o#4Iw{VLiM;i!K@w;=R}iV0g}U+Z*`x@am0>-hs{`_8;kOQa>yO0!<w08U^(
z9Ek$9(vE7j+K(J}o)!aAzp%X$!Bl6z4VHa=B`hpHPCFpDjQKrG+Is^7q{kyJRWi~2
z)Id*gu|{K?scxw9l%~`<4Te+FVE=?Rs1Z5a8W~b*X=A^BXo)*DxW1AkFD_<Q$FRrT
zjQwwYdSd*Dr=XlU4I`_xE!$Yc`?L)Y!BzLizoU}^a64j;-R$)A7YFfmJ&UEK`a;TW
zH3S)VcU;I4YsPFKTSu~vXG&VNUcEF4O?F9VY1)`X>P>Bz474*uP0FL26CDqjQb*qM
zJ@l{6zh#5{7Muh+j{U^zJq8*S9?5N!u~J_3lI1GD>bS!Lx1~(|B<|n!<mS541mx<=
z$F0(<&1+sO9O&GG5t-y-x9|zlC?B#<s`U=0eaTvlMGV%3Gurh4EO=2+whQBqpk2Hw
z9|r@IS@yLDY|3=FUY-VXP8&t>f>LM1LSvjLI;QbMSGOj1;&EyP2laYf;Fv{eOZ|*<
za|>_sh)!g1$O$t3zJ!bgPy$<umn8esPq`ZPq5-J1hK1rRJ$d}h#)8C(>nGwg%3w1y
zLEOTBQw_~FJ1nSbKjrL}8xwUF3Y^MQ+N0$Kyb)bm67^UOWQB02aok;9e==5NA1^!v
zDs=fpV#9wJ|D%Q~pQ))WMQ`75za>cw0F;zhp|UItx8LYtOC1QKNO#=g<C(RJZW+3h
z(dwF%+vEAkX=-Y-|5+Vf*+btq^hJ=R@5Ij#Jorai(pVL%>B*uLvUTHq=aonIL5?3&
zmckVoR2JDjWRv5xW5Ws>a*9R&;*zFraJGA_MO0@lL#`D6OdguU0`(`&uVJZGQYX@N
z>m9^*7aBY1c|+O&bFxpq+$!^dBDV&jNPmXoj~!Za{nGh6&zqHKPQsF1La8}A^UJMj
zb17JRuWWH9(JLT2?^%QuvdZBMG0xg^AaEZV%A{s-we!zZvKO9H%v6HT+1ztyo}Vi>
zJ8r&fQIWyIk_enjrVge?cyY>H<rBXNFZ$%|Ejoov5kCQ2Bk!oaJ$o|OKc<$GnMzj+
z_MOeAT9_GJ>1|hg)2p-nF>Kv+Dh*A7ppd<b%ijjPSBk#K4OPMBdU%U|yDaFgEjXx%
z!~pM<Rfi3!0KT|X>pel<^?}<oR{z>bEXTIIFYj4_zlYc-O4-XB{1aC_Pai&lY50Oe
zS%Ffr&F3X-{)vMMn7wS-cHize4J6f239#NgR^zypD|+QX=Y3af#_}J$jr=ko0R@>M
zm^mRuvR(%zO|%V|{z@k6>zihB%88=_o}B<55kJvI8N_lnCSw<YC~DwRb6lbI@zOc$
z=ED>W?CD-nnLW)>b~6+Wzu-HnyJ<@P+Ov|OK|{)AA#9(du-#H?P+=b|;2wJCHA*xn
zA(Kqz&~YJ<=XuOtA@PB_U)avmOfZ;m=ZQBUyWkdp>TB3n6tZ@idvpMZG>OM_8gDW(
z9_>{aL2tVB)=1ku`uGnZX9@y2U43OUo9vBYx@Jbdc0Yfl$LkU8_2_YdQ(AT3x~Xtr
zs>|_^76R;NvGnxK!0l5;!AcrbSFJW;#P>wz9s!_ZEX`ooX(8I-Vz(oDQzkU^+_n3g
zN>9^es!;C4h0+^%ScEmVakr`fe|~M>Kv0c{<&=ROHw~4$5abi@^`H4QN%5d~yW)I`
z4R4mw0%eIXKyz(dL~X1?(Hh&i%#rfU0j=LQa`DRjS09Qb+P05@^>J;CG<*V^Jr~~q
z?EyGkq!sm(tdrS>Wnb0mjeKG&yVoYful9c$&wwqsUW!O~s{FFDy?Kl?wl2P}`Rv=9
zn-$@wr(QfNKwKu%y9efg7Tis@b$-K@zT1}o!l}$~V+)&=Yfdm~{OgUOp^qZ%(fTfC
z+CDUjvNfs}_1PaJx-A6`kAhVGX|@p#x!}`wVL{thwDPhbml2ShJvt&*l8Q8^vy33i
zqaYJcGKYsZUoQOB7DlI##&HD`^3Rw-FRR(<UlIbDw<kwhW=Z9NmUkf~3MHRUY2&MP
zU3TDS0rcBD&IA^?+t)Qhaw(w2<Mk*XA7e$tlC>yYNWbSZ-9&~k(rj>V%?T}@P0pA=
zDI_Oq@r)+Zsg^DpHWJs;H*i}H=W35_pwZsDW5po;r}GDk32H$T4JPD~XnD>x>4i)g
zRsp#ob{u%;wb5_bbYxsIMrX)K6S?sYg6KEyap|JT@DT;w4ydInR?~ghg*#N7++vz7
zHaP-tJ+fhnWWoXx0oujRhraR^&~iXr4Y_@6CCoboek4iJGK13=@VIARthk7<+58DM
zHJM-aQ!g$pEsns79<XEvJwE)GU4{%}wb`=G%4&1RM}OduyzBv*RR*`0K$-<!{5v*!
zn48eHf$@|;mfZbnXbH)j><!|yn~q`3EH*Qt_C~?burk&q{58i&Za@>+SJUeEf!!`*
z#+V~5u^@mixbRnOEV`POfw;}@5S!(idWVU5Y~CDsErZ@Q=i~UShEYQrWZ1M!X;oBy
z*8}y(Ro?oxYB)!e$ciyk0l{y?aV68-H-7UQQwa2@?p;`<!_Eo9BAViqw&v6L*;!!R
zu`$Yo8*F4$>m)rCi9|n73#<H(MRvmlf66ZBj@ENrue=mb&uC0MGk80)K2?)?(@!=&
z;(9OK;b!?GYaEW>uMbg40ms79ke`&czmw4Sj-g^^>;86h2*8e(Pq0I?6*Zi7hBxOQ
zfBdw{xA$|mbLIjz-O%e@-5eMKd>m-rL7sQS7kA>;YKi1ZonYh-H)n9xQG91zu9eXa
zpMzHVc7gcL1)qOUfIdG13##y^kIR2%CVR)@OF8j>gVD*5P|>V7y~fbL@pMhB?C0<O
z>5uQLZAZ0wA0|QAxwYq+{4ZdV6gTN^G)t}N;IFco+1Y+HHX+D9TUScMln9cRme=3y
z2)?_uE8UmTnDUxm+pj%u_G`=ywE_|;wC>H0X2a*mNy9PLdafSs38UZ2D-?MIf0s^9
z@&(6c0{^Tvz8g95G&*kSg4%|-$?R-oh8a&Zp=-xY8IL#iio(AFgCS-IjokL8dI}#&
z^jxb~snJi5OKrvpn>}s|y<Z}OZE+T%McnoqQhKsP;2m)-T6lPB!EehOU9;<~Xq2O<
zf`WQB-yNuE#z**D0@Uz<(y~kKZY=iI)s5VaX0&;9TUeCF`=PQZ@yCCr7Zhg~s^5tt
z?{TnHuceja#}k8oMsP4=G$UB?>ncxHGtcxoZ)BDAl1$b@8hzh80d~Z^K|n7nivt~P
z@@Q}-*=`jaR1?G)O=h8>ffjDj@nz$L)qYaxJ)n&X+C~<sjkY1Svssa$w=Ep`;Sh4f
zY)b$fke9Lf{=Klo>myu|GwL&fu^wXu5)DC#%{cwHZ{MQI8b-jelw;O~yM|>Ysh&d;
zTIN!ASuJ*jl^)mzi#84`u|GX=l4-bkd6Vbt@wJAgEUj&AEGX@EZbtYpuk9Qy#}~Ap
z3j{zf1EanVV3&tsw$q)qui1Y(H=KDl3_iLh!q!G?zkY7Evngz<j!W78DTfO#Oi~K9
z`MxsIoTiQIO;`)*AK8Lg{nnw1PXNR{_-<=y?MbXPuZo`-)cu*qaru2T+id5Fs91Ft
zSC-$tt;$)w+lJKKb@Iluf8w{+5085kc>0spkM>-lcek#1m=Po-fWo4#xSDP%&3Q>?
zp0V>0<O|Q(#BGzLc1$tXx`>6TT;lLBM)~98qoGFDKAQe(3=nQyEGI4~Au{ZM0zicm
z&&A29$el<6F@9CUpBP@^(pJRZ<j-@mn_h27S*bbuggZ(*DwQ<7Eshu=>ueVxB_zR_
zN|hLyxZtLKfS;%nT9s#FY(=rHgR7y!MG7+6%k$&LrB5AAh#Zu&0!z^p(Q-K)SJVtg
z%6QOK;z<W-Qp<3siKR)ICgLE<n#zHtm;v;86I(jEGP2Z5m;;44I|tmOo)h+8Sru6m
zrLYlL6&MHsbVXK?AWSYHPS`*b^U>nj_ahuh({9&_!8+XX^vRaiKl61sLl`AIUGZld
zah&9&WTWVl+S(zf-WJ6g=vcCHw7BmLyYJynF-6N!184v$iOLL7!+05`ae2`=aSY<v
zk+S{o5Peb<->4MqYI9^9<~#NoNljaH+C}P}B<Go;NI!YL1@jWpzojEZqjq;U3Lhnf
zy4pxgLN3j_etc-=QkAF7MM@%#J-Ei@zDd&m<IfHHwDnwd6*aQ?EJ|VhK<LW^5*gA<
z!M&OO1@(7vOugpN+>`93g=I<cpV)TE)6+PLdSY4xYdX(&fW_FWJ@xNzgk-}?W7!;h
zH#<k=oZ0s)ybh+5$?*kRfDwKc%<U+Kd>L(htWm!JFC^U?_N8SR6R$6~=k$3?OYx-Z
zz2u^=Opu!OfjQk6&%J{l8icVZ2fs9iMSBTtp{Fm3qvUXy6|zOm<w=vZH4LB8B6*G>
z?Gzw5Fl&8-8B#>Gjx;4WHGkuYeK^;h@SWbvI-bUAdgOw2zRJLJ6;}Bfni}!?`(w4B
z8vesed{O*)d&YiO!@j=>D}^4Trea+=@_Qh0!^S^0Uh8Pm3oa^WzD%0FxlqMh<sALS
zqtz5g8_}`Ekx^XVjXM5=U=?IPyRrgq;n>HFF8nhCjss#~prc<yr@7zVS7k>>tP}fc
z#%Ku-529Q__d1L5(j2!Rn_cB**-VZ<|G3FcrAjfKKRMe8S`nOMqk7e|eoSCuMcvjR
zbf5BD{)+um%*i%;B`t2)C^9f4w-U*2l`xo6ofy5%!K*pdg%|tW6YZSf?;584#}-yl
zSaCVL<f*y!{>q1+k8surf(zomm)&0UvxiQB>R*BZj-TDL*IqK(!s492$_D&&dgg6D
zN!z>dhC}Yt$zJPbUV`#TMTwc<fKCj*;?qS(qpsiEjZ0u#pvFWSEQ)@NjutxgXpW<d
zghvf&yIR(Hr>jT5pU5)RyS?{og^bMKqDITB-YB*b@fwuc>qUYk)YOoF_;C@|nxOUF
zyV?1CwaM=@j;s$AtRU=bRwUCcs{3=aq2j<r%*YBqJT&$)MS(8CJy_+X@NiuQ**|#l
zA3CG(M+9EAE&s_CHkBennr)sILh$rE?Xe#Q#8crBr2gC+P38VE9KUz5b%UzYoIO%Y
zsoJ`Fe}2El!KDqB(-y|}@;!aoJ6%7z>Ugo#ZNnAy5&<d3+A0i~Nzs`6ZlY(dKy8j=
zRd{FP6q?+1rC6Y-;g4E2@CDLF2TBU0N?=QCYPlnn)x|N&k5okG#Wrveietmm0s*yW
zU82>j6o|L@Lz^mw5m6jgqf)+|o3v_DNm6#>D>rLWC_wx_$<8xVpB01y9YAypu)XzB
z(tZ5n^`ToCPzR`4)@}XsCo{tFdR&E4li+{f>L;s2x)bNzSkmVvsBmIp^ChuI=r~-U
z$Dbq_gtFYv#FMa{<>+>3$r%{x<RiuCGbvL?bgQIs>P8PATg5C^>8IrelnUu%Eh?Mj
zhG?L+Nwh$@q>L+cCpmgk=pAh|F37@ocZH4*^FqG^q4#99{wOLqFmrMT*@5EUFZhFE
zE<=U)c+!b=XIf4fnFvQZNRb}eoNmz9W?}go2b+Gbl^48x;WP4Wq1AM#S&?;#4e0RZ
zLY&RQjcEu@=)P65Tb+&>-gg-vL+NW3A95%2DDK)kU7^`~-kd+;!K^67J@pR~wSOc6
zi-sCCdmci1sC?#nt+QfN75JJ(;Z4VzQSPN)udh1Z$#mno1T*Ee%=>Y1dZXH`JAaFa
z>a3NS`pHk8H{X0v#V^m_>hJc{erW9%oSi9t`Rd{J6>EO|P)+#Pyt*wc6&1%SqL7#!
zo{;f-CLM2|j>V&^)9va<a=OX7j|-Q8v#H>RRru8jV{F(Uu|QgGhy<Q>-Y}rjw#H>@
z<1Aid-r!S{*Z|_+`{#v<(+Z8UspYHX&DZW1zi51le}&<UjALM$e&0J$|3C<ZSj!+C
zRdB!qpNnuJ#ong>`PuXK+1uwPjh6EX6~N#70~b$;UB!I<bkUb9(cSw6BAw>jPeRfN
z+fU6K#&(@f2(Ibs(NJ~g&p#`eBQOD!+Fv6o1Ryhb!<gH(SrSTZ`F5Y<e<Wh@NTY(i
zk{3WW*N*Fhs$;ZOXquB-&krs+f<Aj=-22ko&$%s|d%Njr&X)ryorY`?SQMrY<7^F%
zn<B0T`}Y^n&c|px%af3wj8dst$NI-r1&uKDPY!(?Ov4k|n<qjg#^3lZ?mKdgI&Xc}
z0+P<6pF|aMCluY4e~m(0QU3njH>hF#+;!WLo}H5Z_7W<<{Gvp~c4pX}&Xzx8X7<pn
zPpTk-M)k)v)ujyU>T-sz%CIN3v)aUZEEFLuDb#4k>rQ_5E9;ZO$^=2vhX-3KvbNaw
zL#dgH?!hGH^|=H{KC&6pWO&xZAFqabG#GMf(_-UFf{ibp3j@D;pQs1jEEb%k-adHX
zO|X^mvwdP~`f1;_B;?=6k#X*|W9uuFdz@4FMdhH0jlYyRtj+?o<$G|((Btk*;MsS_
zPJd0bnyk)k%*H>o<dwd$zr*1K=FGYl{5*Mde+RYq71~T^Gx{vAVnf07Y6%wcptJwG
zSP<Vy1VSj1@GZ}u-A82a1elMyR~dz?GL{TLInMF9_bJ@kSeTDDn_?1UL5r#hQ%MAl
zXX`PR_h>JFLlgr+b$C@qJwZ8tewAnT6%O)pwm1q{#Z&B-Sf!m`qp>9<3ba=|s~>Ky
z&lXX#qN(We8$Hjhqn~XK*A*5rQFsC=OQ2YkUtB?Pdd;}DM|&VakxBcO^|49bO(}zt
zh{be~DKr+IB9e`Iucd%Te|>IV52K!2w!Z_n#pTNIM8&j(m6BQr!?zSaJ4+L-X@!1K
zpfZt%)g#4l?Xyw7q|V7an}hk?9X4eIlG}ewwiPn|z4H3ecHx9G2pNnhu+aUB#sVp+
zeEIyD;xjH&jE|?%3_Y=7kD2p!GcdgphKV7cUBAZOaQfm78_duVzDl$~aaQKP(Ph4A
zP|25>;K|>6@v?BVd*x(9x_Q(&{%NW^|LIcXl5^W{JHR<l?Xkzx7rdE%E6jw3MnH5Y
z+hU{`%qpbuDLg`!JYPb>m(t=(X;d0T7aKYgrM`AJtIiBlG`wctcAXi)z4%c~*a;tq
zfW9)F&E&+EZRf&MwfOhMK8Jk}WPe!o9wvufC5_T5XhM<x{sFv?!)UGUZ#{(*W)Hpa
z=D-UPdYO&z<k<3PE=A3LKS)AH``Wi4{eZ@!!XIV4dwDcT_o5)rtpxqk3r8FtQFH3>
z&BwBU)R1*N>t}IxpuL%`p|`is#p8>)3;k+~gNd~@w$fs)A|IQ9A3z0Cl20(Gc98Dx
z?)-30vWdBsA+64?;jvmgJ|8s9E~l5a3NX<37ndhulSjCUd0JS4|E0Obg1iU5UIRAL
ze3s7nG41AN>h%h)F<c5Z@f0#6EgS!2?w_G}J%moF0P;IOa0!(n=-E88UPrxKKxb<&
z`x(_Sa(Mx#lAMxJ%I`4vSg<xPjvQ3+5#AM!3Vzv+5Pw*=w1AOF*Tpvy#pQtw(!r#C
zd$Jy9uji_A^x-%6BnqT3CSNV9RL#&3D3Wdg4Ohw$4FL2z5enBX<v#jUC-meKxDusf
z!L=y0>sN<Lh+mdQ?V|qsN>K7e?Hk+Ikif0W4gEp_wr&s1lsrCqMMcYsf0w7e*n?VC
zY(1ipr4>Ebb>?p<FX|TmhYLWEIOBhoEOIZUPfmq^hDuD79uF(6CKlx9<Ics+C#SHg
zSy5TZfeyFYJp2;R1YO0OJ-{CZ0e1fsgcPd-(G4i>?q6~ChX)4-cNfFeS&GM^kuw$3
z^hM5455D5aZ&PJWS~8qkxwn01Iz{T7Yw+LZLskEDp{p@xiQo7S7q#>RRh@|=^UbN@
z;wUD?Qy9=G!uCF11Q#NrbR(wdn3(@X)LREc^?VPYil9hHH`3j)bV-*>FR;>`OLs~t
zUDCbu(j5}g-QCjNO2=D2-`{(0{@k5=@0n9GCnv4Kd3VHWEK^7k2#GYL_+$pcGuz<O
z0Ctb;5s{Hmk;UM|^b--2ewuf!lkhm9s&F{n+}ymRRBd6`1c4-SDPC{5^VDilsv*Od
zA?ox^gDu&j#*f>aci$)HR++1Uvg1~$FUDz7HW}kR$WeHYfO@S7J{}J#Cjqi`qR#iY
zavaegox5b1mFhUA0o9*zfb*Pa7}#NTCywuy!kIIE!e{#w|3KOAy{Ryt>)m;Bu67We
zYh;)VrWTK5P;<Oa5{eg$WE|T;<UUdSDEzZ)^IcRR4m6_lm%{Qtq!HxaKEltNJ@{R8
z$+dkf^|;cG65DF$7P$^#*uU_`^mKJ~MQIcy4---L+1S|5vIm2m3FjjTBq^h826qry
zy(XKrE;_EX7{he*ID*{g$3ziVB-|Vw@7Q~GpkL*}e&CO#6h+=KfMVqikk9UWz3bpF
z{BKm4uc>pew}+EC^>-Bpu=Hrhs|j}9ru@>!#fl(X)eD$}L)W{LJnHe|P5o_#Dy~NF
zosu#g4!Pb^#*D7W8eDSz_Zn-qdR`(vAUirp9k;3A2Qp=!@NSazL;=HOECJ7f$ytBJ
zY4`ygbT+mQ%#e?uA8e1&XVw}hXLx@+uPUBm6L_)05;%afE7H~k|Bd9Zfe5jrG*}Gk
zrZjpp1M=@K{4sAz4q-C1?oV=@4QIMZY3<5RVp@>ja6)fhiswdJjVeYnqTFXc9=zO4
z=3AoCV|sJ^cF&}0{zu8Crq71Pk4`xh-wBZHDQP57@-a;~%~*%K0IasleKnsCNr;i(
zN|J-g{%<*mBI%<(`R`+=u*N`0TKw*g|BcjNQX4)iwr!R$w%|_)T@BT!?87yE`h`~U
z3I*`T7aC41nJX+?Hmv_6n64-Toj>LQdHts{1{4^qX(RZ5FW0R|*=!XDfr2qj`geNi
z&YXOT)*qY$kH+Nx`(IR7)M>-#I2Y_OfG>##bW`FavpN{^EKxCde7Y_4`akp-NGt5U
z>D_xar9?Kn0BshmIzI1O&O(;mgzJ*eRmXk*_bIxq!x(3MsuWbpN%S|8^Zn#yYJ#uV
zu6BbLI#0tJBmRwHfAqfW6C5Jc1kJ;Owk8a{AIN)MJgWb#xcR=hCFIH&O%2JG^5WqM
zElX^)5dDbX)$VJnl{$WTVUazVb0M&|;S!mW-tsp+%5j3TK-ANN;$aWysp}ms7_Ezo
z^W#`sUw6mnnR|j5g7pqD#a9CO<E|_7Wl)A_i^t*Ma`hh<v2F=qHr)*N?Si}JrE+|_
z;cs2D^|9Pwp%$OjsK&%nX;c?SB7>z}e`!Jz@4g4iI0KhfLUs(cgO?69vp;OD4<5I}
zR;bAkn{Y0xn5<*)xgF%M(|n5$2|4)#+sle7%3skto{GA&R+}|;vYT~_pDngahGnO8
ztlbeqhYCXvB5F?ZEebDr3<H6T542yduuqyH%L@_|D^FYh<5&dU*{)`8tk{JH8q9M?
z>lgDZe-rLiXZvkF{Jsf5qLfc8pH}-&?i+~DsXDo&>WDo3n}UZa4Un_~CvUEoSVD3b
zg3HBI6Sxi2$rhun3ZgRmKCtYn!=wD-{g4N-LdeApdkVpHz>k6W!KoAnEo3M59c=`Z
z1GeB~#{5PX1mD4)3q86dE!5sYsu1}vjt||p-m%6$7kk#Zbt3#Hbt!&yEOh*yST7~l
z7vfHiI!#MUy@_gQ7yAHe*T9Lt*`w17XDAT$&D-T$=?YIC6+vD(MpcbjB6qq!e6q3k
zX4j23%X11LmOu~+!b*>@?qGf2St;~4av(vr&|(VzngzX|0jdAGvLBrg0U=IK#92h7
z*bT~-`-Mm{%3wl~$)hKzRrA7AaHE;mtt2e)yr=qDf#lb%#M`fhR>(#%tiKFutYrqD
zojg@-opqYpSO4QpKUxp5ELBmLjQ5#6M_1GS_sEJ`klj;u--PALba_utBGHcQzN8QB
z7v=Uia%4Nr^*_(OT1`4w@kW9nadI?OkaSZjabA14W621*l`^P5CeT~-le=Wv6(dbh
zG!9GR_XQ#HGF|#G{CI)YAYxQwnwLXGr{ovRfJH<9<5h1gCjlJrE3>JQTj3IZcmzC<
z%C<(Jlp{{93KF5q_6=%9NQM#4vQMBeROxaF*+)s!9N{ibdpl4ac6+<MzX`a=@=OKz
zYpKvD_>z@sNcSFH@Y8}vzEx##sn8|aU+|sni6;NN@z&ci29EdcF`}3{H^<9A+;+v{
z;y3${F@7{^`;(U3aU;EB5I;ZY=UiYWnv1TqPfhE4tG8qmH@t3gDGanFNmhROIXg^y
zlUhcmfo`-jxaSP7DdZGCRv6xmKMVPE<u!>CVYq1P7H^}prp2aZa5iVLcC|7bMSd37
zC_k*Adg0Y(ViKk9$E1c_vv^$abi#Gh)TG?5<IVWw)BIAf17kpGK^gp9L9s1xaP29g
z<q~z#%Cw*v-O5U5wUwYJ89Tbuzr@{ZgWGQ)-Mr0ba>hPA#!jzM$^^#_H2*`ZXyx=Z
z;A8iexPoJtp%}P1nw(uU28pZ^gV9z7M?OE+1kU&`!G6p%X%%s!=G73+jf@++^a50|
zKvUx%8MGIk=)nvE9kIWr)=_ABkvte_uNRD4|EHH`M?tI^ii~mL;gna$EA6R_&Zqgb
zhbDkbGt+%x9k;e9CdejZg7TU(`J12XrZma2tULt?IV6IT7T4#EFAtS>C-%M(9k*9v
z7PE6AWx97<_L+R|J$a;zYSd<`-sCV?rtv1>ORG)-(2-O?AsYeCJ>0x4yOx*$Abl$7
z#$dKjw*P&nB<W8M2@c$@yi#}>TX9*&x0gG60jFz(P`*!}1}|r7m8-AzUr}ar^2*QS
z4z^^!e5B|8t%}F6(wOo=rEf|#10axwM*oynNQH+UgSVGUpJfCv+2jG_L#c84wcGDF
z4xAr6oVx9z$pl8OGli;w@-L~=a@`SMa7Pr&5QIg^Euv30I-V-eIH}$gchO-Y*F1-O
zyX_|ziDK7ytHytzM)**!Hc|DJ#S#Ss0JZ_x39K6WFNHMemr|}hrfL{C@jx20Sbn&8
zvtv$&#{#C}!y&t!WTIWAB<nIz{3-6|2PmyLCpyYjf);SP5Admg%%9$Jif!t9Nl2Zp
z4;mv~9lgROJI!qyQ)SyTT~K$PB`k3BJrw<TgMOHg+v${n#NCcQ3Ih~p;%bnQ!xX}m
zrCo^4nCYZ}8fbJN60uX9wB3<1XM9&mu#=~4-^*K!J2bd=<9t7WmF4@JGH`>-B2ZM*
z0;f_)6pOsW--;|eaB1O&HtyrLw%|^%4gS&LW(#4*sfTYVjMpzazM+tbVsheyfBi}9
zWuS00-P3hcGd}fk0jhD~m;A*{SHq9?3G~;4P{cQU(uFu%%cOUBSbpb{fq~Wvi*_eJ
z%4%Nm=xEaqkSoe&UD_+kJ(rYtQG*{}-NFj2J#=Xp{sZb`u?hDb#nQaW5OqZWajWEi
zk_*Y9^xPfn_t-zsQgubIcVWrf_Un}%>q;rK#<?m_s*5uA14(!8Vbomjy>xYUV)^Kw
zEg-0tn1g2PB*<|+gvsU}AJ=cksF?{rFA}DOo0$uE9g@DT>}+>cu6i~UqwKH<jMZM^
zjl*6&cd}czZXo;kYvON2pJ|wsv4>B-tkT63IjgMsHxIMFbio=ZJ8T#CKDzvFKmH!g
z<=wwoNTSfi|2>LV3cf$)?J^VZZz)>HVkoyz!CQFVTzBBN+EPWGQw}8;aLN#SPI&2@
zbe0bkeZ!r;^CvEWFyPhTB;{DPScIKNoSM=;eeZKF423M_TgSt42W6r{?m<g}JLLo#
z2KAGL=SAwbyQ7XfZ(ec%_;k9uZm1cyoKG%CKX1p-jsLC5m@Z+Ti3b}PmjO~bL_03X
z;gZ<jaYg^QXz+~pa{okLv$wzzdKxK|Rw#gPG=<fN9uqUk{qycwQRl)7tv^Fg4h8$s
zY>)WA?UqdoRjc0NLo{Z_XAAyy^1YUWsC;ZI7ohaC%cFi}-Uc2%Y`4Hh;rmC6+FKW-
z*JGxdAdV}#M0N9vO#de>Ygp->nEwlgkDV%eY7cU%PnHx_0E}qt88A$fr~oY{o*J1H
z<M^%tZ~@Y01Gxc!$Z|pt)985vpTK!{vi=ENTOCZa5bXwAk+>ECpC>*$^BreJB4OuP
z-~Mms-mYAp=`niqLlKqaU3)zIet-BcxFze9AvCE&ISeRCR#XAHbOE%PP31|cW;CMV
zg*FVZXe!|S!$Wm`Xd#ofMC@q(pgFM2Cn>j+G9Q*lHLzW?&1EGcqfW@AGB>2xI3knm
z87jNk^QFjnYm{#i9?VxH^Nx4U6Ua|R0?C4CJg2)FkdR5JF^xuXO8Hyd`PLj#eAs%K
z*~@9RM~&n;oUPt|3#~2)FO&<e8nED|iDz`_POU16&x`Cy7_$ILtJ6|<cc&zUSS?$o
z1whRA&&XfReo7q6>eQf$X2rv`;uIDRuds<$2^jt4FIK2B!GotRcbN*H&XafPmMwgF
zg&}%RNDzu`nHF8=v_GjN+T27ClN$%5Cn6;lA8^D`V6?RzhFfDoJH<?dp)x+E-!<qW
z`b}biW-1`rPt~>ofq`a8*5XJ>!JnB1Et!Ih;Cr;h68@kD%IrDi2%4m%k{)AM4^xWG
zVd&U|T$b{hBME2{<<}&!8JE@6Aivirz%EOSyyLSGsvJFzsS_QnF!xAMlTA`M>sQ?|
z=jcxpSxUK{Z}R!vmVHg<xiI21rZ5bQgh8E!h7e4I;gJM|0<11NEONTkF(}E~2G%N;
z^hpoWX?&&TbUHOv%r1BwD;ScXM5p@ov*6&w`FH9%Mr?ICt`eF;D?CJDbUiGzKNzt*
z5aCd9Hj$y<Dx@IS%lwk~ja*7DFpg3Bf&^49%xo8HYEdE{PUdv{mO`$Hb!9etBf=$Z
zQS|Ph#8D1_a3Je1ll}Yz$IvbLNQnnriFl>x_z`UnUs0uxOHtoloJSvfS6r77x?YpF
zKw}As=n_VamJy7Es(;`~_i_P)V;7P_IIi-!h=S{g$cSkYYR@0u*n0h;FI#Pisw=rF
z`6((na3nnsf@6#N0ylI+THNrxJROe$lMU2nDJ4lo6<2Lg75;4vkn2)XqJ^O$rn+1!
zSx|20Yi!1%_WaDE4*yq*f&C^qaz*2&tO4sslvw2EfH)`o&|n}_Dvb?_ORqUi)~jAH
zKn2B@)n490e5!%N8N8YIzV(^njYZ7WH2Dij5Li~dj7VQb>7+<3d#6xHR9+?MGu_~X
z11V^J5;u&NHuZC;?VJnZCk?m|iUNLF3dU5B$Su=|3QGxEKo5x13WGS{97Sa>U#3eu
zJ;KR_E&EX?#{vJ1NT?E%sDyB8*U{g2h3FcmJ=J#Kv(cF(5@hMUuCO;gXZ<np@Lq1*
zifq{y0J45f7XX~)@!r0>m*0b+>AmSaI6~(Z>kEwjQq#<$_N7NwCKeVBwe|ocPR1E=
zHItT@qKIe@TiEG*$HXsWopcGB^vGCB(zI*2qZ=?&#mb+8m+lHUEeac&EGY@`vGz~(
zb2+1-qZ=)uz-cueZH!kpCm|u%xZrCYtbS%|Vz`Zvg!Q{?<Bjm8GDbYN@UiZTpt9Is
z<ibPQ6maO<cZ2D?Efqp0vb>{k%)E|_?wfS^D3nZ_z=x$qi8<l1IatJS)RgLfx96W<
zo*NFAq$+smxRWch-Ci-ohfS6j$6_@;YQ<p~Qdc*_%_TfwNp-@)b|9Dr!z6d>1L^T`
zI5WbV&8Y%>Z8_(7uNb_D{GWaW`D}4td0rNYNnOZd-qlT4;FVV)!#D(q>63?J$5Q2%
zyJ~Fnf25d`ExRJ`{byP;f4!FV|0C;vr%Dgy?_{YcPEI>22@kXaAFuw50Q)+t#uA2h
z-f{P9*KWO<AI}u$&F;_ZJpXMp#>_hM{cZs4WNTlqhDnTT*c*<g>%Qvh(MGnm)*jjz
z{h``@^@vnBxv-!)y5rHlqhCc>T3Y%mUS+$|%iZ*`fJ4R{Bd|>G9{WM5wY#sr^xz=9
zb19LTkgI!S-@0o8q~dD4hLz>HA)sk1(AntsvP`=Ah)^^mQ^+SXuyYw~T;6&;qO9%H
zf6`jJ<Epk{XWYDM%U{l!C;BVg!tZO*10A-vL4ntGk@nU3i}}$8>anj4w~&%tMYjH6
zjQ=A;-T}?g`pU1e=GDjTBIWa`h)Q)ZPe|t3@y>R@M;35P5()n3?q5Dl$NN8?A5NBg
z8m6mqX1B>TGtJCHdgJN{UiKZYPyFAp+Sgu`uYR^Fw%BR_nm$6L)E_*oy6u))%rUtT
zWtBc)e<n2<&{1-i<tuWpG&ksw*6~e=z9zEOZvUb8?n9O5)tACiy@7D@XZJPYiNz)-
zfjw?Y!Sp~D?;W1C#rD)h@6cvXJMQ&|qB93`L%1E<);BllWM>)wcqFMfXz>7U^doTg
zI=mh05E}`Zw(vL{BoJ`Fr}4hAHM(NV3=shdU+-_BMMs|Z!A3{2<~w7^z2p9-yE)p9
zE4-~!7}{oFp0h0|DM<~z7yQ&uyw=<8T|+3_a5*%@lMf7F*Ospv`37YmHF)9nYjFLZ
zu&h;WHg1H^meOw`cKg9w8NJ5ngm^6f(POM_$Z;KQB*^~!SG?<rQ@1Xe$8W~_-H}hT
z!j>g@K4%wu0uFyjy)`?2sZ?Q|ZLG4~-F3Gne88^3e%!y<lS9kiOH3q5U7P*YA@+<i
zKbAT?$RoA`sZHWxPEs`>H@O;0_Au$z$q;Fc2!e*C8$0rn3P-F@cw8L36IigX@j1YT
z>3CO<cZ|LfyMHgRy!#GAxN9VJI!se)0+5*}`=Q43fp@O$65C>IFIC81aIq}RnD%Zl
zXnk)%F3H0Gnn9wPF+$@U9$$H(gd8FI@Cr59n)e>r$7@P@fNo1)E-(=5jFQ@#g9;mz
z^!+bXji(75?@u6Q`aeS};MD=AzUhne<GTg@$qv64L^aF&zop|hUJ<<9GT3OgiMwkF
z&4Ol4Wyi11Fhr%8GCwhw8vp6h*Vk*#a<+(Z@Zncfbp4+FcrJcTD)8Ps`nj#rF}Ehd
ztJ`#tS`508mJYtQe~FmqJ<W&0LiLXHcW&?am)(wOFpqM0^P&6t(Z~9|-O3#jk6lE8
z>fQ^@$Bde`D}$-sLW@2${g39E@3Oq2C5!ICH;>B2c4xFa4#9XwAGmB}(3RV2qEhwL
zJ$5hp7pkr>`!UM5>PPWMJ8N589{8{B&ChQo#d4s{3BK&?TeB8^BMw!snf>Bdf4ae=
zOavt<T!{(G^Nuv76LSkgsA3O9BDEIheOJm=)<;4a!gWET-_%*s)JF{-hq*HZy;7o>
z4SM+s5*QOHS){*pzA4jhOogP+T`1|&n&*4&me3OoplH|=*$e+QiT)7n!~(&*N@MYM
zgtw{MTdaLS-uM*TPwp3Mq?2b*zPV4LTw^s($>n)&BREX<Y!UsT*VB15-By5iB*2y3
zxk(JTUZ<Jm{m40n7E@(&^8rR8#D6}OeRa=>A*9(pFi0s5u&g#e@q(7u7FVK~>=Snv
zU0)0>oy>f;GTHv6nWfvFbbH`iw(gzgIh_u^KdcpQHGNZ`SP$Tpy70i&WYg)Y$g}XY
z*iv{*bVbwU?@j~ifNyrwEzN*Z{NwH~JL?BAMe<QhmSL;5LV%G@Um<Yq6&h;ALFZ8F
zZIEcz%OJ)=%?;tZ8(ZUbaC#pTdu8h%gvkc|Lt{=KnCW`Ep6yCQ#M+wZNT<7Y{T_nF
zb%n`vA1h1i#an%kV<V+M{hl^gZxO29V3KbM{l*}^fxZfS2PZKXn`sbIF~3Ny^_5}t
z2=j~EHyAZfCnlu)O)=cmqN2QfL)@i}lm3R}{o~PGd5zJs**e_=)wLOmKO<VA1<4*y
zZ}yd=s~)3H{<yj%)LvgMH8Y?>-;)`%2i9m4^z)V(_dolV`EQvm?XCTqc;-7-Y6~N-
z4A;;Yu?;;bUHhHxf34Mezfh|CvnhsJsG-(ukF0PcqqoFYhu>wBboC0~@y~Cz>(=_H
z<m3+d{OX9~1HH%F$vr}aNMlbMes2#xJs?Q<a;5b1*-5X3<$jB}@h!s7>r-0H=!xm2
zo_0Lug@&zHwR__m2k)|eX_0MaCcL|Q@b^RHnO1(u&5Qg2Qo)&7s55&f#M|DNOBs<`
z?)rExi&5+RB7Q0Hj=TF(OVeTFn5f}caAZZGO}j9xknvdeXW$P$1<`~)Z1KYS5RY36
zMfrkv;0`ZpZgb$?LAFTGvaIs?*jgLfZCdl3|BvKri-Qcc(J{Vk$%xVX@^<UM(Di@5
z^WGinE!cd9;(L8P+WjjhVY|&)((#k%PnAOEkrGs(AnN|N`*z5&wNjmBcAIaS_IqTe
z0UC%6*oGItM&~oV?5}ZK8RQDT;XQBMpMPU4)H=Ug{*Xa?T)pV~o1#cYt>+6fvJG)d
z{BA~ZZewi}*m+Nl=noZMl&#O#f?<QbwaO>9?3RkuMEmx>c5bG5x4HOHA?917%H$)0
z&t{85z8S(kKSKCME%sNymlERYpqdh+&p!geB{Z2p=TTPo%U*BM{yX1vfj_&`q(o#g
z$RW=3?#`AJK&XF8rO%N&n7<=|OXwR`S(l)5ysc=&Y2|jsxPR6|$2CyNPFIO8*^DNE
zJ%ztCr5UZnHoB#cx3H1dd9>^9hsCD$lg^^2a9Blf2})^-n)ogb;xd7{1^LeJ!EW0H
zo?lQ;J?(}lV-I8*YN;otmJPGBFn-Ib{pfMWc}N6*tvAn<dME*2UTYdEy}P6F_!nUa
z>fO?O`&d7|OMD%Ty~q`EURU2pT879qe!tA6_Lr~gk4t>}(F$KGe}+Arb;Q)3W&B<k
zOFS0v!q?#>6u!qVdiz$smwV-J$@t~0_nF~ClKPBB|Ndd>SY(#IMw~1YvD$W+g;NgU
z_LTggj-X{pDTU3_K2s#!G(g#4V7|kH&+mc7{$zDnKz01g=gDT}W$=iTt&E0eN5-wp
zFJbE&yUNjUjq~&uSRt=a8V_!MVkgzep6Elm&sO89(a~<>cZ};i9`@bko0ZOp7_m-*
zb`SQO)fZ3&1hw}11X1tMam+#nTw@(;Qy472%c?}a(5WKhuzu!~KECexrkd*`cQUO-
zT1qpZfv?M=<6K}@Il^({x8QX)k>T#gj_y4%cZ~9K&d{y*E_&VgfjRw>6G#13=!E={
zA))gs0-mPi)LCwRM-d%^qm8UIMC6o-aw@B{{qr5yW{;r(Vz}b-tnmaNxJi|#C+2!q
z4W98`cbLwO7bVw*f?)7&etCIt*U(!vsP)@U7)5{zQdoiz;b_`Ip8WH%@^cE~-@n_J
zo&dPP%@?;uY_42xc(Pkg+D>s1XFeZI-Fm+yh=9(0*Zp#|tn1%BO7oyh33#KYE>AC0
z1revh+e7WR@>ka?xxCuZLH_0vO)k=x1x&wq8%S~0+T?;`(E3uk;{C#xnkMv1etO)Z
z<I&saDZK-@`OAFl!-rUPiIu;L>`vprQCqRp{Oanc(^FBwq8Scr`Dlm_jxxsp-^;oC
z-AX@xE*=X+ZIP5XRw3G0aZt`*Ox^wgCHti(>J|^3M_W8KlZq{;Bsb)4e$3q3hNt@i
zFqrVbpK<AYmfX?xWbi~+^05+InI2POPto8Wg*<z`x1upxXt%vf#$!m;*T~q_C_0PG
zkS4Cb!3mMsCUtf(*lc&ujP+DsIH7I15v~wlQyF0_yM6q<pK9a-3u9Lq%k)*3TZ|n|
zb-5XZjwH}mYB`Mic1Ww&1)?B4uJN6AQgjxccx%_1iN#g*Wwlu>Hu#Y@RB&2M7Trx1
z*_-{@c6&q@acQXM@Hc<gVr(KGGL$A$`1h}>7I^Gg^4;BWa(k!m`lIB14B6g!`)dAl
zAp4p#d&FLS9KqXW?uUg|8zHL=@xt+{g9VD${;`KnVhZ{@D{F17ZSEgyMIRvTcRS<G
z-N0J8Jw$H&mA<DNU!tpRUTko{?uCiIM?|**_s!akYrE6SQ{=JV$NHMol5*BRt_@qg
zT|byULdxshuBWDFB?Q^`k97w4+Rwp<lHIm~KA~E3C!M7V_us~<UC)dx#%mFU(kU#M
zP1UGp+{brpI{vyo9;mmrxiJD}oYx!u(%IKsnG=o3yLbh}Qu5ucdG@$GdCRnwAsoux
zKdj>=B}o?=BWkjioA&rlx1x{sj8Z)>n`syo-=N2r(9kjM@Q4S7zB5qSIYFfpm1NaE
zQ^W<*^Et(vRaWl86GEyi_E2~~4o?V_C(PZKjM&&in+u{U#@qz0y9mFI>nQ2tk*+tU
zwt3&2r#|>+KZrgMRUAZfIy|F^`E3h`{$2DgX1k)!r%4@gIQrPpSyXwpkw{NwKHE-h
z>dbo}h4S@}C5ocl+p(;TF&(indpNeNON~d;7ZuB3XsZ(?rN|DH_U9wh!weYTZu7)$
zeMSAANUzKEh7MH2GJzZ($E<I!utz-|Om?SjJx-9wJobr1{}!;<xDRgqDdJ996wagW
z2Y0wqYcx2X5ws7T@Qrs{6l*UcrnW}G4&i#jv$RV2Nix0dUvRYPL@fFK|IGzxYW1)1
z+R#M~U?(hWtB;Gaujs)E&q2nC5tH(EeghBdt9T;qVc2baZb*wpVfXy`d-a|QSDG?;
z7!T1a;E-pco6?2yf{95$=Qp!(3kXDee1lVFy?H8R|81KSeqhM9niix?7Ka+{IMXCp
z(c~NnzLBIR6?RHn<o0g9;?Cau6PnEb0|gu1v&!~;*IWOTmU|*n?Q1=ykliW$4RLFx
zi(BMWjrgml=0H#H50tbpY?^&OObOX(xZg`+fIOcC+i3FSW=cQTL<Yvl&Tes=sip1e
z5!+Cr&Iv-IL`q7e&m4*;6pWd8Q;fvkD@QWj(4T?E7*3Hq?8L^{bT!>r<2Q`;;beXI
zQOAxZT`uyZTB&EtXBX9A^QZsg3$_geTG)bOl%B!w^xcfzwy3n|&8(6kDpGd8EW;}a
zl-2;@<!t{*)T#cNLa+Q-WX1v0`0W~SsH_Yp0I%c_G0+b>>$>7IpIpN886n^mib^32
zzP(9!d=h*JZhI}Z;gCWi_SbXCdU!BdwsS&NME}_11ClsXDpm5hfVVEHYq~<=ev2L4
zTkc9ZoGdzcDALb}>H*J7?U>JLU<!=QA@TdHXbfhI7f3hdiZVL_%<*CiKeIf!)~4{d
zlZknqgLhpUaY+#oii=w$=#ou-KYB)f#b7kFjv{~6ZNnkV6`m*`H?)g<E5g$BWasy1
z&tLouGOwx+3IaReCJw?A=@Gjn9c9$-sv97Sym1b%Fmj3o)tFKiX%1|Or80DRgDMV?
zHGJ~H9lNw+5y<MqFnFW1>AQk0LpDgkYq@B_-92n%58<z-JIs|>1bBdcSXCKI{3|t0
z!6zINd9v=L9$B1x8QCh--9I@Fwl`jLZQK&FI;hAN0SY~WuTh>RWd8nee$i@|yI;W1
z`qKWI2a`q{pW@5>;A$g#zHo8uNdBOix+yoK@arJdH}9vy_=BkF)Lu)n7YQG`_MzGn
zwSOX-XV?D~h{O%=cUhbkUbsLblaQ~@SR>IpLMLAspO2H5<2f0tp_P=!go&IKHyBjM
zYO#^CZ>UggDx+>%6P?-?i_kGIOBY82k#GV;|DXuY7bp(=d_Lej{C#c)2kjw~6_ZPr
zDzyurR}C3=_0x6@oXO$I-vT^eQ5Zn=a?;}SBHDw(4ONV&-?Uq{!Ah9|$~QBbBQAlK
z>U{3LyKK?6;NEe+_E7ehu|}&Bj=SVD5uh+LLj>Xll1<Z914+vAe5b|f9d;Pb^4-s~
zj*(S^TWn_`6XELxYEl6bdh9>YHw|ToM4x6IuIZ^SLLNPQ@O+MwdUg4JVlmn>QNv6=
z*_m=)@$0ZV%`K!b7f@u62f^?&zSI5+rv|XMz@YOpxrvF?wx}q}3aw=98#ysaHe#cj
zB|BwazKmQ;3J{u4V?QVm?=%8k=p+SGCB*ZfBSDzNF#P@o#^dohPG|Xec#^#o!o~%Z
zdCK!Gu5Uc<X{rKE^%Wf%FqeuHVOHiwk`C3V1H+%cE5pWayRV(MztwLfCR9oxGu(+?
z?QmZPdpJ~=OP)8~!o%UKi(mxI$}}Nw=4SP~m$eWH#z(pZHxZ-Mo_Lh0hC$kdPobU9
zek>Y@Zx1?OUxukpm7ra8stZ3HfB7OLbiRNup%9!XiJN61TA4gs+1~XS<DZsws#Ni^
zO%HC{cKq|{yDgIvK4y~qT<GL<|H7X>F4#{Cl@0gDOgSUCe^GEJjZ+mjq~>c(cmKFC
zGgEZ3Hz6s1|Buwh%by0#QS*E!G^pBRvqWT3)WK0K5xK$8SEkcoA9425<ko@IXO>Z5
zy`h<EE7{Z{%c4(~hG4{ui_dE@*U|Eo+rgj6#*}z?MqoI39-p(HmD}%9Z9E+hm>IHO
z`E?|R!-(<yHuZ@g<0oCxY<Y(V&N)(b$yN!B4f&OL(~Uj&Pla#(m*G+2RAIf*y01-_
z$a9eH{V{P4Oy<AAV@oaNe5GNh1IYfwF;Lw`;(0#{T)7+6QH?m-yi`+ekU&mLPye|0
zi9w1=^)WnT^Dj;bjOsT}vAyN1-)W1raD#*!koIfHjIpw;sJd_Xxx0VDCha{T(_f&v
zKojK6n?cg42CMJ04$FUQ@797auE=AAfy?!c6P6h}A$ayw01OyPiD^=MYI!izaLVL-
z7>o&iNd9#mz{=vg!!u)v?uXYkJL-X{G1D`FhcwDj9Ii3pHl1AZH$;v$-c-#BO_E*{
z96-hD13H-r0Y#IFeu9`0wb0ACs+g<}&4X*UJ@ME73J8a0Gh&IQ@yWS@zZ&v?o*>A9
z6@0MoG5mYQJPGr*9QjB=3A2jw8qgj?oFhk8!71&+`F>fgv!^mSArEQJu8~9EF*EyY
z#kBRSQ+=R@ZparU*YXVvN#FmwWnEUwbqQfJqU;B9>Mvwavp#gh&<__Y@wCSxqMw)&
zjZX>M!_yk&&1+5LsS$lep^12MM(X&b-4p1zzyjXG0;}C9mw8aUQdB%CsWftCXgH?+
z$NbF#HvBHFNx7)kLT<LQ*7~vd5`U*vb;jCPy%)TX5!4TlN|;cM7nO?Xm79n=j463A
z;x3V^ckRr3ZL>TcRrS{$BOM<4ttu{XY}2Hr2bA5NBVo~+fp|O&4e$9Mnx?~QTdR$U
z#yc7kgzUhd_`igS;Zo7l7~Eg3mg%*n(fdD>64dzNj~zgT)uN2jW|BZA`|)z%l)?&8
zVkjPq@1vOZ!?o2A)6m6j;18rAk2cYvA?CPGO|2Q9Ksb6IMKacIS%#B41`nLy?6)9D
zP-w8DM?n?_uX^5%aTipOp<1vX{V3tK;tch;Tr4<V^L>Tezi8kJ!d0=fgHWaO_upN0
zYe?C=ztuQA9C|G-O``xQ%d+~Y?zweG?`d=9XKig_8L9-(lx*UXaaE~#`DHX@b2y2c
z*;nj8V)O%cu)Vpr*yPLJE=LrXX1+VVUob{OA18;?2-?*b%651Lyj%>ZA20pIU*%ir
zUc(!&^_eAp<l*tal?P~kOB`3nfow*T6mkKCCHjJc(V&b7%X7DX^!TbS6O*;CA8Rwv
zUAS5CjYlv0J$Dxg4zwLmL3oM5fv+_fRUZ>IzO@yHW@|$bOZKIn-a=3b;A-CUIxf4$
zaosUgMh)P8jU|V1er1tGWn+ctBT7}zQ|u@9JNIWf+*ppL!2MVW<vvMTJYH^&X}rlY
zS1>`(y=S{84r;x=ylOq)M0Htr<MUJgdVl$f3BkT9^6-!Ydq9Wx<Ro)n;(TnfR?6Bq
zGDDy%8e*@muipP76xoK?j@ruedk;*z&fx?1GD#B$uB<AajI8WJoe8-Yg@U(tWIc(S
zgB?Io(l^opoN{T&gHT+ChE<McxJ8SJ%vs--PGZ3~DTdiU)p`95If*Z4F~>7VL&`cV
z>DzaZw5RWuQvTubhU^VCD|->FFbQ01UhCJ3O?Edpo+98*2buOlE+&4BPQyf%O*g?G
z1Qv1Tl$Dh$l6jBR2H>gZ^4TQ}Dq)$8;%wRV3B)N)KEEQ+H#*Cb)R^Zp$q7WLzSo2&
z0S`ezf4NGhjC*S=v>P6I1o2nILuA#aC$=+!wx;vSYC==8%%3Wr5SfUPy>Np!X*J05
za(Vksu7n7cXt3@8YLgkr@4NbtXH|9s4D;W1^nb$*48LTEa<-$jTw?LO#F{%3{tN;k
zh41F(@+z#UfdMusp#meDseer;87oT)P3~DnYK1)94!FjmO^eG)a~m2Gj<b?I{dUX&
z20twGGYSitqDck9@hS>NN`F_{c2x$dpbzN&js%UKH2TN)@~!mDpXy4<7W@vxF7*8J
z70><@+FVW|lwdJ_r<$gt!|!b=cHk0y-)C+<t}_stoNagz4kG0j`K)D6zW&(fOS;e+
z-WYQOcP^4)9Q)hgyj=Xc@%U5lcSW!~@s4k_i)wIdTokAlP*Z~$_cd8=;8hN+`L*Pv
z)v>KO4r6qtA|>bTpOc99h-iL~6Wz9J&asOTqS6IPl&M3pB&Yp(BqsVhdG(w!Z)H;4
zx9B-Gznzb@L=~?qa%IvAxTHm|*)WcypI=5OE;zF&0T&_~jqn3HCCl{N(o{F-_noJ<
zh-?4lvo`6D>P}`|L5tQnW9GC5dN0)2`**H0V!T)DvC^_D#*~zf*GEZ8H66DH96ucU
zr$>>@U5=F)*|j}Qy8tv3#&=XvzC=ZwF$Wv&j-=lD=m$g9wAMe*6d4B(rA$pJ(2(XA
z6%iQe1VcFme+nYsb^{vg)IeB9eSdhN)x7v4sX^}|mKe)j8u@--+)jY1@S?_uoUOt@
z6KmWNck}v+_R0jalL`p>%A9y|)N(h+M^>dMf@w=N*1Kc-`7I?uM-||&28lCuBNWA@
zpHr8B1AF4r=!L-S0O);_xju$ycFfqR9bi^c)&@tsG8Dh8ps_wHEtD63tqB=7GqrYa
zV)2Wz%{b2=U{qYa@1Hs8^AIM>@`@a$FOrgaA~3A{HXFfeZN%)?Kiy7EFII0<PF?5h
z;kg5B%tfW8?-^;@=GUY^3%`&xCT3=2Ji$b5ZF*AH#La$VpND*yTv^*Z@Wd%}<rQs&
zW}`9za~cx@&L6J!t|{>{54a1}^>8GWGsKhlIPJgC*Lr<9zmsrrSAMf9Yhi;!9C&}t
zMrB5+0m^GE!jit3oS#?xbynmogF&{cXkik0nG<asynk9IIq5r+A&?m!uHd8JU7d0+
zwO?GG(_R=DE{Eh>TUk)TBu8fv0L6sa6$s`8o)%OW1m(yUc+b_ts~No>b~$RPWthyS
zmR4mIU5P~fzaLemD*nn7_^<(B=W+~eRKxS}c^1ZJX^JkiBs2iB@>GAxH^YupGFppt
zV}c!lTP-PJiITG}6&+VNQc%3_KG9>*ZU_M!tJ4+}GnjeKef1+}WwPiR*b$moC?Qss
zmNNB7v#!7ysXQqglR9^|Nfnaak!H9g{Vb_OPZ(MRG`dV^sEgk`rd!(B_u?bOT874q
zSxsA&Rrb}e$ZU#=USEU&=H@8_8lsgBZJ;A?3#mK`{f8{V=Oa5rN=sYoLcuSCKT1~X
zluB~XmU>-W>ozVPtPXAIHL&uE@&Xtkdb<9rJ^(cH&*l9SsQMitzmS7VN|2{H>SGRA
zIbnyyRuDT%+>%0H1s*d0?`x^PGqZCl>oYR>Tzwg*_=ihg+8q95WHhXq)8{r!;TyRo
zUgVV7$t4g7K*NI*BAWs$OCK6J)r1|Alwf#T9UbHq<YpB{6OEi$(ZwVug?b6YLg=TY
z)LjYfb27$CTys1R>@ou@yi?|Q5<~mUhfc20j<Eg})R(P&Fn0a>FXS66O#JucqZACP
z-2jhdaTkBr<aD0|&V-8GmKJf9w}lvjzguy)r~;y*4}1Z98q+hA{X8PTZ6_3wQBE`<
zHY{>-Nh1Wxka9=L`Vk(Tw9P3g|8`W=sD{s&2ZhB)pXz%F6{_H)VVBr#7v727O6<7Q
zxnrUrTG~MJYJ@*a=V$CT*zMl%V7*6Ti0Mlav;UA7hgm-gVUSQ+$INRMK=Jw>+Ts=X
zS}b$gTm}DpdTB<&Y(UZT39T!w2j~05%v9LA&BUruLW>+`_Iv~tgd?zyw;po>5uNqq
zbNZ50S@SoW`xZ`CarLqQ%TJOyIj~qhBt4PU9;lJ^p-yq++|=BX49l0nN9lQPT6{{<
z67#VYu!c;jCB&ZY%eoQ`p%h4C>8HhSZa}|4su{c*JSKFBY02Asa(+>cH@V2>3%g%s
z0FHusj`!n8*0k)z8U5UXeA&vka-?FL45eme6YDb;s@GzF%Rg$!J}w}{@;+Ol&WcA3
z-Ir)cGhsFK&YTi?xR5*VjZtZ;ORlfjqzcvImE7%HLS(uNTO9@UGMy(m-^-L1+t~Dx
zvsl1klVY-NI)OhogIE&Ymm-vxu#{w_D`p`WX9(ve5e=y$u)`>iR4WQRiwUksgmd;F
z`v;ja1EmRr`Kpg*buORjw<izM1Y*L!in~fuPYVit*N{3mOqDnDOzGuYmjHRD!0ye>
zKOf~c6lNve!>{$ryd8oyo6i9Npk9;xg$4zn9`$IHdWz?0lnY=!0L#>C+{Kv3b;V`b
zSVCMZs-6chlSFA7(U)b{1-DRGPXN3#lT(Ysk6Cp2_=a;M`iCZ*X~ZPoXXhqX*Aysp
z#bw9QFg-sZN#|DAeyfs|<!p6vamD)ct;x-ek1QspA=*j~;Pqgxf)&Q$+sEQns9~%a
zwRWl*xTES-2rO#jl%c^+<q-QXr~a-|Tve169q4uOz}%*EaHddsWhBB^A;-^dT}6+I
z_s6c1d30bW_{tbSDy<sVg)rJ*XEkjZISX&vl~V%?FPwA3XVd-UYxdoi?JO9P3H+I1
zH0TF*OcCL=v^Y0u%yu{wdL$SQH6)CdudHIh9nFDK1&05s%kYiN{Ys$2R2+_T$%KiP
z%g8SQ@7qO$CX4Ll%9V;{Nha~S!(>;7g@E$hQmMES>h3Umj&tc97k(JrKPAE-2j~u)
zJjovo!sSgWS5YOB)<TpBEK+gn;+<?2mzB)H?@D1r31yd?C`}koFNTHYmMCR`@T6TY
z*;sHuH!4JPi`QKk0{P?HCRat2EJskUsgF2vr8$&y0JQF34WBhu6&d#XYsA&@G*&0G
z7(?#sM}-3%1VWi6(J|btzkbX12|%?_u6mNosPwybtGYt&rT7BgND*gd3at<_@<$uj
zE@tnZh?6i}R8dt8$fHQ|K<gi_gyQ;OBa;AvR3>5=dKN*r=#rpMvkWm(6IFvc#w;!g
zFrs1w%1DFGh(@a~!NXJ@E+M*W5+HHrTaMW9FUYANc+WDG5k&e;eD0qu3|Deag**8j
zm~IN%be8&5JCv8r8PjyCsx+3kfLoc)pUsTOA(EC$J?Ab;3zVyqY$e2IW=8PJwmush
zUMItGH>M+<rn}Ii0kbKkVt9Mz;4VTzhL#T!{Aous9EyI=gtE#R8`~x7D{z<Q7Ilo~
zgzkIQ+e{P%%DQADOXLlH3k^J3OqAdu4h<BevmX+f>4eV|ev-0`+p8Ra3{0!7Eh!3J
zrHLYw=a=J5_Y_>vT+=%2P<S=L0`aZ6VQ4-D7)qr38gJw$+t6WJZAI8@;*;Abm;)0R
z=X<!}TPdtJgrBg)0|SF8F%q2JweFu(^>|hj2u0ofL(kgByCs!p%XRibVW-aH&3l&c
zgqzI^Bst)FW5UqC<H0|E;OfSQ6<RetiO09Hl~&RYhCh?5U%ReS@UVVtTn;HD8OxXi
z;Pr0N)20O5X=7zP$y3Jr*iot4jJN7kUk@pUlW4I-<>Fm@#O;-wP#@Q^ZyUYt%4B)5
zMlFgYk#q}xH>!e6d#7rAqqb6^?ZxnB^@scir1C#nHIca`w{Kpz+93%f6*3WnF5V@`
zU$%Ug0>$D9vk5fV8+7hi%WV)u!4MI|TkVo*OIdKx3VvVx^8vI5(5NK@N#&*OuvIk4
zDJn|Fm3e&ZR6%*2{jJ3TH+f#!T7j#@Tzbpx=W4ajf@Ua+dVJa5_{1bo4yf3D5<h{)
zeDC{s1tAn1U<>pc4!4y~YRobKBk=H649d5sl>VGuM+c9W-B?S_$|)$(?%x>iGri^N
zR6&0Krguk19TcmVUzl%bO<c2Vg7gyEM!mI{L|nfnAR2@1{Q|D}vi`boOO=+HEdEiH
z`3cI>+km4z-d=b_Q&h0wtW!;r;o=rfa>TRgw)WAk@tr(ZSn=CIMoJo-J#f8R1=cVg
zn+YL2>?1-yz$Vd2gC^O30>7{lJ(=%Q{J4p4cIw;0V>;YAd}Lg(gr+fs4`{k*Hfm6Y
zYgPE(PK!kZTBd!rTO7W8)PEGu@i`2Bv5o0|(+Y~UM(@r=0x4RKl^|Iq!Sn>D8Q<${
zz6MZlynp~LQVaqNW|S6+r$fc~HFzUGrcPasiLBIL14JE*+jHVX*}If?NH@sH*koGD
z)_X$B%7f%G>qXwDM%tn~cLgb8ac!p2(4%8zoel3c+%HZOr@;I)U;ewYr4W0T)<>TY
zRv4FP1$ha70a9QhBL=RE0;hHxa=ta}w5{t}uQcq}LcpY!N6>&$bcj;%FOEoF@c7AN
zy_kIgrJw3AwTYv=*j38p?oHT?M&f;nadd)Ru@#B!U05a`x?-69Kmn;mdCVYLl#B@^
zj-_{@WV}TwhOu%i5Fy7#^|-aM(26luPLs@12roX4gCWdShlDb!=>=!`72Tv|4;Wx&
znXpovwcy$kiX{|dWjt@$H_tqrQmE9%G--3ZgZ76(iW;U)M@dj&TACYn=LnqsHMaxA
zp-<*@G;;ygFBRAf1fa3~bU;uA_LC#$$WRd$)*Aq@kK6|VBvT1Qtbe6vJilhNf9<I=
zCq{Sb?|Usry54kYxP!;LiSGsAvEI>5+Hw|K=0?tV73_t`Jrg2Ewu%I-q=)rqAz5V5
z6m>vVyW>RkD|#G}fHuM~C1w8kxw*Nihk<rd$6GAI8j|dOX@D+?x?#E7k&;ODp7{JZ
zqT1awQnJq0?;8_KEDezhBq(2tza)NeC@&AINmO(05wN2Ee#m9>mG)JaM3NbrWaIS*
zMRYDeWMX1psS)pj$=o@qpjjq?VK+A^PZ?(d?R&k(Yy%tBaiz}hRy`u*)i+@!>Lh<1
z4~hJ#;4+(;06%z2<q>1&SUH|V`nLnQjUH*h681CnH8cX_p)_EHuzJY4pWm@x)s*6r
z)AG%f@foSW+<J@ojozmBNSb2xjk+zlhsJz{#UKZ<X5>j@9@fz-MnAOUJE9k#{)%bi
zH+$QU(MSH0^OGbu?kmFFab?oMDUm&EV5OJT(5p7%VTnA8H9xnLy~zqixRmqyjrECL
zU34d_BqM$SELAn7ooBt;JBaZnGkrf(oOZryA&3*!<L9=PjeY_!7FSMx(3kV*$9~D+
z9RXLZQ=-cPfQ?zQk}*Psy)E?{esfnwjlC^JJo)Hk5cDhgXyEHNK%2)=i7xM-gRN0*
zZ)TeImb~Z>$8>o{7qoj!s~<+vypl+--C>BuZZExkAErO4^Xz%zA|oPno<(?M&OG}?
zOHna|+ZLGckoc}Qhz~Y&j1Lbf3=Ry~CIqgnh%8+;3oPYl=->scGuQ5RYk8g*#K5&D
zcKa>FR36F;<=P1Ba9A3oE`e1vK+#^%umyYTSoDFXBoB@z$@Ue|eS5^ByzAo8Q!~ZU
zP1vj}MIkoEViakmr8_O@9kN#^mcy{v86TUIL00*JLUDduoz!%LRjb>TP`r}hqwQew
z#<ch0P|S)-_a!qOWD**?=I6P-;^w1#x=X+l>3TyjvknpWL&DP=T_?Ze;Uw&(ks!;L
zS5ZP=XZ9a+Ddaf|l+|KCXF6!tmdyef+%I}!g6skn<HCY*`g2*?^BM+byNE1=(?*_U
ze4QD_jfc(31q;k8!xQM~)Dfbg=FlTLw&V!Qy!M(S`>7%GJqY&>vHTo`+m=OJ^8>(6
zEb7_LbFA^Y{c~}1!Hp90R{X8|*0a4)yQ11=DzESj(3JKWY`4=4+4as{Y+3RGmO9S}
zOzvJn?#8UjZFTlc9-GbAa)866e;!KjoJU8Ollt<i6)9<afC6WAx6)_k>l>^icmba%
zFdrMNls3vsN{qTg{{{z&dy)A`1?D!DqqOK5fUOu04u~LZ_Q|Ei#S}kCCF1b*;MX<d
zgh_puqN1UvfAJY^eln>Pg-+XSBenAGLNy7Xv@F9QAmn6Rb7afx`%6bXSD<7+mwDgI
zgw<`ppX^gDMmMpCmp(Rz4%cJ1CntdLIX0j)MTi!d)>`$fv-P}8KRI2<8s7Ygf*;WH
zAp1{?zN79mw$s)*hQVM9jqdCMADxiD9W7Ry2sJl*HW@FQq)&5y5&V$Tq|2HFITacb
zZ8v#v8yXts-w4LZTo0eL{86ANmZQ^n3J17xsX@}oM$0s8$X5s4R)m%eHRR0;l#|;J
z6<6w4svB-V_*_5OV*bM39_x>VU9LGw`ZB&&28uYaPu(SmdwvMl(JA+2{V0a3xbPys
zxeME84*1=n*h<?|c!5#0D;%)-{5{c1`_=Oa`vVFhLclM&PGh!V4G^fteVh!X#VxP3
zHRH#Oh6c!Nd9EDS<%D?I+UGlJ$0)-wE8~82F6#b#huC`Am)@F~Brc~Jd8s^A(MQAg
zcXvoGXKQ(&QUOw^&d+|@TK_Aitn3%0&aaInIzLUD>*qs2V}g4z+pZ&&#8C~MUUtuH
zEQRnU9dP75a|4Ppmi0whpKNYLupY!toBsXkN8ZES1OkDMS8J2m^e)R^)we_wN5yBw
z1yoqsuD3@823C|a&6YEsM6K?nGiU!6#6Tk!PO;ajG{3XRhRT3YP+F$0&bx88?GD<%
zZO`eGOdfDwE9_=FuZmZel$R8iwL*b*C-F2}*V=JSz4Jx?zKIyPyMh4;S>^!Z>dEqb
zMw5&&3#zKk(XM{GV)tg1!{Na0`0LkyK;QaODq`OuAt}LI?`l(n7Z)|FwzTQe`g-1d
zWoBAZ_WJTxKby};Tsz4O#>5;ZMQv(k7PRQ2(s<iKBM-Ij@Eh?mrz<(I%HX%wknk;M
zMXp;cUqx)SOYPzz=kgxqZ6!;_aTF$d{~k1bFz-+C&7GZsG>iuE#=1nkRo|d=2Trzs
zLb0A(y|Xgdfb~#xB-m2X@8@F05FT3gMfH*v+%N@A)10|~(Rd{JZ|Y@_PEAm5>{WAh
zmkpsz>E6j!4a?Tw`vuje%*RIr=FvJUUv~{Hty+sSGAHM&vddA(QS>Z)Cd&!r2S!rs
z_<nVf3Rrb4{)XV{TY_vOV*)sRb%}DfM&I)*x!+^l*L4y_={aqFWLcie%UpQZr~fw>
z;3t&flG1_$>-6M*w9c7~Dbc*nX>|Gg58WMN#6Q0^N<H3b-h`*q9UL6U#rIr8mIp>h
zdyoFAfmJ)R+PwEyno$Ej<@7#nUOR%5N-8TY7G)I=*7E3^o10_PBVaI}+fHmHen%R+
z#s@Ln@{h$ahkuAYDV4LGHpDB#X698jbi;>fHA|8H2f#nnonHyepeeH=DcO}Z6%`b`
zu5z}ZoSmJ8uRkH%;OqLCy|Y5Y*?f7PP2(w?saG8x$vGS_OFQn;$ax{#1ERh<iS;LT
zCv=FdDC_K=q2RMJn!z*3T)AEn%^@{0{ER*RUKXREaCc(5By7L`|45ZrU&s4S^3m-d
zlf4M_Fs}gHxtDHzC$txN(Sqvg05lY&(GvxVemK3t&udX;oWO)m$x#06tr!ea7mb9i
z(Mj`0H+cj-K6$I;@$XnD`tH*rdu}z9AU;cfZQit{27vYdzdkr?kWO)P#eSfS2DeT@
z&fY5n6{&g5rR~S?+BsR97x|(u*P2GgoowEHKYaVm_2aK#(Qb^xbptIOMPGiFz}ENw
z<1hFg3D+DFt=PwIKQqT6JlOQxKzo@^QEj`+AjUIR@KSo-sNIQSb6M%%`X4j1q<@Iz
z<Ck&cl>Sln|9}a6L1zUQU=(VQqr7zdS(L2Fcq3Ocl6y=+@K1aGfAgM6>P(wOHAMa&
z*4{F#s;vtf1{F|2P(Vad1O$|lZbSv7OS+}IyCeib>5^7aP*Om81JV)_5}R(=ba%dE
zKj%5m`+onwAIA$gu=ZMWjXC1J?=i>EufH5FME5kOoml_({~%Day;tn|e_r3c!#B6u
z|KC5qQpf(3|IYtD6z=+t1S9JIvmOms=XL(?=UoZVC;gO)`|n-CZ*Jn!#yS1R8~yi(
zzJ@`L|G(cvg|7wXzt@+6(ROrF@Q+3EpM+?-HYTHs@xiLK?JNr@169<$eQ+K*{Wzh_
zyWy%EZ20rL&7T3Ij+<;MGHbCWl~SW4e<fk+O7eqZ=JFxY{kj&D5rGH$!hZ687v<(c
z5u)X3un39b|67ERCy1x6?DX4;w`r>pKKY*+Sq6~_9HQAb%044W8`*nYD8-fVwIZ`D
zuFaE8jwT4}wF!MV-SQ!3)0a8x8!LMDl|RW(-sgfzYxzQ7ixrlu?%Dr)?faUVN@8?m
zaz8#-5x;@pK`efxnXpq;B>;z{MIcwc0?<{VQ}7^RdSpZkeQw&ln;&HoSwpP(2|^lS
zs?>d{do*I5WNE3X?<Y61^L`Sm_C*=(RgT&I{ri_f#?4z;RW&|BC+nJp#rKNw^q`Yw
zKQ-0(21>yf@=`Q{g4KVnn|M>N4VQ!z7b^?6uD;OH@{B!Kg5PL($|Xn3%bWP*-ew6i
z%EZJ3I!+S%`(HXbI{I=aILY-fGBZC{&2(OllTlWV`2hw|CpMCo%Iom#uM1w^^Mv@J
zoUdmbaW^+G{;`ZYH@wEFdK_wlfgDvBplwL{{Qj*f=cR^c1fnq??Rik!<1sP_LsG`D
zhAg=hKBH5<D%X{km7P0L(b2t44G7mYtuBEbXY3mSVZ4)`<cS@}7RbM6WRHI9`ySCB
zjC&D;eTJi=V4|z4YBS}<Ax?H0Pefbn##{)s@2~mdE(Ut6rO|S>%h-6vV~1N2w>{?D
z<An}?oh?>HWLZFWv6vWUD}@)cS-J;_l$2D2U`4@7g$`>1i*}1XYsKr?2+;_$^fYlt
z$6}SN$KfX(>zQ!fw<yy;GfNhIAK0h8TR+>C7k>E?B*S|C2qq{acK=#q<5LV}J+@f#
z#l2J8nqNNFscDw>$4Dh>%C(Z{xVlsTe=sXhcl58?C8-!jHa669Zh<kXD^2L4;T_&x
zjxWQm=YQW_yX61T1)V?>lm^iykp@SEKDCq}!OTcW&XLZsw2U^!8un0nt19sC3d>5%
z$PAZS-5DMpz7i+~<I@vvquiqMnV)`cu-?Gs!J`$U31>6Xo_h8v3Xb%;Y@6s-sq^K_
z7eYL28c4Robe+74F_%|XhHJcd;RLYVU1wr(F(qQ-Hpe?`tgMCy>*K~|W<*!%lyr6f
zz}eBiJJ{+v@92AXiC*ln1xSf4FE0<3m=P4`MI|Nqf3DCddWH3lgynNpPFQY1?E^ys
zf!D2TSx$*v&Wk;m<*mw&vj<MC2Qo6-IH#D(Dk@t|%)47&b0(S+2_{cJ-Rw2zs;3;E
z$fYXG8##EpVRe!!96=SC7#H{Q)E|RzuoQZ?ki1DW4%fLf>Z0qPhwT;m*m#rM9FcY7
zo_L>5xHYm<umu}1K6iAy9yTLg;f8=IV6;+>0WoZl9SKvs<mY9PBX8q+EPIuX-bmu1
zJE~MOZ_@Mir`GhQt;XX|k}KbFB~vQ+|Le_9MWXF1$05MpR@Z9_x`tw4l)<nquO5Ch
z8|cQJ-S0mi`wg8%%pROX(X|!5Z$)OVRDJ#3yDj2SZEb|5u9R0?<GJ^0(5YLnV5h7D
zfkZXWD_1NnXp@Ti3c0wrAP#465u2ww%o;yl)1K^_%ru3{3y)X17`1dJeaXt&?rw`s
z;@#jD(JFiY?%eaSZ=Gn?JuN+KhE(_a`uRHX_l&$x$jUSMk8bq6P_!4OQiydO^_rVq
z303bWpS)~dT#hjGZ_ep>&(y-2_(*J_W#Sr3xVY0=X`zLU9t6|<r`HWUC>I5SKlM%h
zkuF)Y?h1SgQBc5Km%p54;e&bBbI+KD0Az+yulndBvPQU=dFL!lywlf~#1AoNDM1~t
zATB2?o%uH9zd@r;<`s#odS}hB+BZ6>ncTwKxlcIMb922$zdJkUO4ar0Nw0HwAKJ6l
z9ui{I9xYg9$tMM5Szs8OQMa&^Pe{wl;{(p|8YseUk+b*e`aW26p>uP_w$(Pud9o_V
zl{7)OZI}<Pq@nSaSqhJWFKVTrjw-QZ{CPe1A8f1Ad`5vVas#pl!G^CMdHdF7JSs$l
zWt3S@*BngDj=N2m!rJ~WrpUzs{T~KDKR;=(nDV`-k8~qyi)^)r0g}`nA2P8C7Rp8+
z6d5+c0sbheDz}ZUU;csaOU-v)NJ)J<h?aER8$eFER;QfTa>*G>-KV&=Gj*9@bFDo0
z8g}4&D$azGZV|!y7^=d4k&7`W@8cx~`8onhp7$NB)niKQnZ1mhrm|)O?W*R<()Vso
zrF(5S9V;STU`Bg}-#I_0S?4|C>yA5r%6lqh?x2gY9T0Esj93*qY`0}TmW?G4J;czA
z=06y7TAK93C?EI4wT%o}&0{X8S@#47{+3Sa^oIqJN|x-Wswz;q?m8D#?hC*(tiPY`
zXHwBPTeIx{CY@31qxcH<(bifj&zePo-@c}`t%=iYxF2ny6Y2^97R0EPPpb1{SKx%$
zKH0y0-Uy*JL!Na`zA8Hg*Numt^YUWE7&4mc<Xs$4X9u5j9dL}WT|Q^&&ELa)^RE$j
zSU*~AkJqP>A{<av-CZ1x&5RUDuJPL69yZG;vO=;}xvWIwNF13jDc5S31b=!K{5RLl
zPUK{l^WnpXi+$N_(7b`z8%*g(A~}r~WZCOi_KKZQ@>%j}Pu0{&w0Z1IR|fNgRvJ6K
z7m}{<kJ<8ypS-I$E$$d9+hdSFZft|dxIGuEa9@g$_k1nO^gTnuDO|BL{fsc{+9$=R
z$3`t$qqn7)3oXcO%TrY3g~P?)ktnOG&i7kvsOwibGf|bNAoVjsa&l5nT1BU~+$rAl
zu<F13nbG`?g#X>8uU}1=FIG8gLE5u1m{-4Xu+zqn@x%MbF=Ew+j#e_<^3@VI-etdg
zzdG-7F7|&Xf<5kCV|hDQE&ua9(Tsxes!uDSOH)*St4i=d(pp+%XE=BU9SeV$^=nh1
ziOXTb=OEL9j915x688@47oU^;-Q|IIXD0_LT3XAbABFVTN=r+Hj+$O3u<Ew2xs6RT
zE^OJ1mD!MYB(j;E?5`0M6Dz)a*_6PNGJM>phR`FR6qx&AyQa0jJ}#r>DG>YMEX`$Q
z(BaR3dXd|P9t5f&3o>S%il~jci*$x`@34s)uN~N8JHIX;#HOXm)%l*e`)$2~;36e2
z@4D{OJ?^&C$;o+Fz?l(t5VIcQ1Ki=(?oSJ2V`HA-`!wKTJ+xH2=%pHZxC1Pbylaf9
zRt}yo#S$5)gtn_9Cnb>b!`?Nkx(hx(LbdIxV$4j1o1^?yHgC0X>E35g{im3m<SuhO
zKc8tv?Cg)m#l_ig(I?vP_DTW@e(g<w^I}vZk%EYnrR77vB);hQM|H2D!F6|eJVjLD
z!>=2>6R-`uPu9wbN!F)Q>}m~RO#qz7Yb@rNw4V(>ohD!?u^#5It==Q4z3`<>;jy`Y
z^D3WLB<4cRIT_fM$=@$hI$q;@7^$wyOy2ORsebiXP=@jrKhQ21@Y-LU_B%gPfJoWa
z-EB6sdF#v9tiKwG<+m%rPu<&p*8TIiz5un|!HRWHR5U}gBz-oBNI|w@uw`~XDj{87
znf<DUHbzWrY+Gli@pAw7xdoSn;FUtN-p_B~o-HLJ$OgV#n23WcCSkf!(*EKy0fzk&
zec})EUa!0pUrH?9>ibd&-f&jLWpQy}pF{fNh+))Ty;2}fiOY(Djz{xt^t;4mJAR~H
zW^K6i_v`M)WCjkE_ggAqPhh0Pl$8m|dGg$JCNg}NrPK;^+L}WBrh~~Z7Jfd~<3Bj^
z4th%C=;Y+FUy1t8$c75oVff*5!gKC`GJYU`ipz%ByhJeON1ft#8g0(izOu8h)u$lp
z(DpTPd&6%M>(^YH8^=nL*`YxjA$X(T2zC9hy49{iFrVW+1$UTT?NKm!K^?waADoS|
z3R!2Oe)_ZSbYYLJufy&&dc`Fr9t%lk8s)BOoDU!gM~bf`IQ2FC5?9Qb$)$ex+ZGwB
zP)==dY*em<@F6Pf)@;Jb$TRK#&QN4x7l-JgOgflw8*|^ECXRpOP#JXePtj7paYrzG
zpsDWkO_5QnvWo6AHCG-3&6vhLLr6bmJv{|5gb74b6-1AQhA*EDB<gSXt0)kLOGqgw
zWM^ez%c+D0(K50oy`YmWx25D;ub9PLbefBvo1ZT-{X-V^jsTLK`6ir8jAKeK*h%N&
zD+@O}IlJLF3XnH``I4oqrY5hZ#`Adcg`}^lD*x$bV<m+BD3iO9qjH{F$+yP}ls*aw
z{yj$Ksu_}D`+uRM8-55oe{H06wrZuotanD-dZfaiQqUEH?h0>7=p-Ap;1fDR8dAK!
zOuPiI&o5(d?vL7W7x}iT1~7L}c#S!9eL{43{4SoqaT7lz4a2;cxx}Xx|Fcp&oZjbT
zoFM|?&es?7>}1buw9IC8O!Ie{jrR9%jAo~YeM`NWIG}(B6E@a#jhlpW{T1Y+VA_sb
z^mk~*o_;xWzdy|mdG8hQjW8}Cp#EmCA;+txUX0zv-pl2q;aMvbeD<$xM$4m<lG?sS
zGw{3MQF6o~^?c$#Ulw1Ttcz^Vk%poq)%9T6<q8%SmiNWk0i^rEdn;fJu*KP(e;Y8k
zig|eO(|`TSB4>s!ES-8@+lP%lQ|;yX``79_(_}+WU*XeSR+F{>$x6Qk1|828-P5gI
z2OYOIlZwBBH%CsH!u%MsG;#l}SkW&($32otcoA9X*SAv~l+}zw%gJ6eHt_Bpf&Iyv
zU$$g-x@`KX0@_%))%E`ztPIjTDvmvqP*uGj&8}CNxV`O&c6?G&G{nULuQmODvApS-
zcfA!ZaaZIO-(?*9&jq#k@bKLz=&UrqNu5t_znx4#Eg}TRx^pd)wyt^4!$qK)n(#bf
z`JB`KJDS#Lt$2ST<Y}9ZcN;w(6-N;61xK_bwNFrEBwxU%XCa?gj>Rs28IJCSOhFI$
zEr%N0txI@~_b3Y7@COD4fl&X>^u0^O#mf+C@_SN>>gpj`7Kh#<pL-ci=1rh#iHTKV
zzd=+!+IW6;g3)nI$(E6mGdJ&&1x}h-vp5I~m&Cs5R!!=Y*Vnv`jW|Y@=DFnFVc9fB
z4~v+QVS`(FJ*hxP_~~b!SSTwS8v|MR%)!x?J7TaR>A|!;Y5Ay}u5Qh|YoW$T*O@;?
zRY7cebUk(V87);Ij;2}<cewA_F~7|%fTvjTb5hBJ{af$c%R34Eph>~VOy{iQHiFtW
z?Rm@^K`HXqe4J`5ofuJzk(?T4{Eg4<zYs#eBon}ETkaY)p4=iC)N(4<LK;(jkC)tq
z5}q1Ma^NT$KWZrJSTo(2sDZ-GR011JiCOoU1`L{>=>xIK_B~R(VgRKgMbG&XbsU*W
z(o>qtY(_~Rzq$eu6t$w7YhNuaf1FqAbG+R?R{8SfOLosrQZP(L78Y?8Rrn(Ld2Axx
zwZhhCV2XB#qI+431CI@UJ=xygj-tC(-qE}~FgfL@S&2+UT!@HTk2Hbjb?T}_3G59;
zcgRRf^KJj8<)3}e>9JmEmh{+%42;B@utzS2UWXM+T#am5kywW{F|(<o_<hIMpWpgr
zVuB_&P;XEf*<R)At0Oh<x<xN25<mBpS|Nu>HHs~gCBQ*iOx6m6H=k}}NS~UKVVxd#
zn>0Myo_AgyiiTiqNGfpm?oww8Z)99QR~O$bp2&qa*0T`&#+6dySw+U*Sa)=qM@p?c
zOxAU<cd36dWv7oAV?IqV)+ze7>{`X$JYW2Gpm~I)gV45|e4PDvSC{E#6b<5F!VAJn
zN&yzux8xRtN8u+6beeLHfgz-`li77+qB)K!(rK&t&Q5=<0=QOu4i1hy$Fq~@xVYyg
z;#iWq%gw!#)N(#P!m9DA#?%REJ$`7H{w%j6k<cLLme8=SV!H`fzOc(A+gx9`I0fgz
zC8|m{4xcL25Bqfrq2b|*@cYM+{GrKV*XKx-U;Y=NI;CQli*0Y0hAhz?9*4DVRk@&U
zU4XS}lkN0y)|5_j=84iRz$3f3xl6ghsc48z9q)gYjHF`L`We;ewQo=#fCZane{IyP
zlEz8^5`)Ist<8Zu`i}j-FgufkQz9q@9hbf)V&05+4hHcRl4xDzQJ)8D3w4c11L6L-
z27f~eh0v*Tdt`8adi3O(uU*OuK3Q=S`bobFVWhqr3sTpM1)Y>Mzq<o@BO}|R>^#JK
zREAds8XF*h;b)M%PNzC`%|}a8&Hq?!#86a?|NB?@;iE?s^Si|zY}rmIR&)T*PWNnI
z;ygKzei1Ztx%s7<>ZO~is$nwH02a8l_lK-7v9dynP&WMdTR~110)a=ww}BAdLcU{t
z1rMd;)_8-$ui+X{6H2P8;+mRCMkckWi4#DFjh5qD`7L{%tXG`5j+EPV*PZ*^sW*6w
zPBr$pk(cZtyL0IO=syNENPmC-&2X)=n!0aqZO5yf1_qFd0I!H%@F%%gA$c6E3JVJ}
zE4~CJCnpE<t0;*{Nre(IO{`bv<UCw%H0%=G5Mr%bykDzV8m7_`VR%~6r%~rCjMR0b
zG-`Pd`8=E|L<fm`U%GD?O(4$BY^3PT>u(rge0ptdx&eEWuG?fdU44>Ss=RNa&`7!9
z`xM)%TdJx=3qOED*y}k?canOlL?<n?!oL!kd5F|KaM(^F`n?esejgb?M|0UHQZUV?
zTfwB{Z<@Aewu+k8n-2PaQOY`fV)5w+!Snh7b^X9R#)NKz&b7*qA79I-32gNiM^d^u
zzLtU6Enw6!iO9RxLbJ2wj8I*=zl)zkBw>O(1f&N7>ScDn`b*$1AdfSEHUE$mPnZkP
z9LDb2XrkMMPog5@+!fmDlXWk?mAn$8u*6V{nYeP5<YAJ&Tawg&00p4!AS4{zQ{t9J
z39XzTjQfd}mU1V!Xj@*rhpelcZ?M}ap%QQ=-O<ZXxOWq(Ld=BJ?k>-Wvy=T>(vXK+
zb=a>KwHEDWntU-c=CkoQs5yZ1h~%#vILx*<8E??GwY5n_jp|`koClL1f(7^1c)3YS
zOMlDDYnpWs)W(A`H6Gh-*<gND!d?Lu9QIRB^wLi_1l`sf)?71llpqOQ>Y-`fVy-yd
ze#CcPG5b9)?|Ilf#m3lh80F@K7j9c;`<1EpoLwK)3-!Rz1X^eEd(ASO@B>5erhhb!
zV5&_DZ!a2w5k+NW5Ilh@BI)4RJD{F!jP;IhMr8FyWg=&{5bm!~{K;}Vebh#Dro`6q
zDOOx!;;d^W<Kjp>1T27><iP!5l5#K8ZKLL$rhZ}Su<|D7#Kfl!cuNEDwVC^I&wMTG
z8t88ZXaB6X-%wBQHsYK#9zA!AxGV4;;o9b1zU`FYw|y%mSNZTH-!ChxxJ8qjxParI
zLe<x9$SaIqs+hQz<b|~K%%V{QCK+=aU<{v}%w&{+UcjexT!dAqd_YhCW_`R`&<}!p
z!;v+XQ)8uC*t`%mkF|S)gSZkYm$@R52iXM=r(7%~M;x!(9h~O905Y557gVmXNCvqz
zr}6KopdABo>+*QTlXKS#6I0U%y9)3|o@&eXp^Lnqc9XT@N7b%t(#Qf`qqEq7=MsfT
znaLq4tCJ5PbvULZyj+!(HM~01vN6spM+ApnGyVxT;gX9@O^ukFb9O#YFoC&m$8>QD
za&mHuf?oaxJxY@FW25YO`S@E7_%l-QV{0?!Azfczu~=8&QuG<}H~1rKgrL}{%?WFa
z;EUF_TWMPL!1XYz$Bm00aMCaps9)7PU0HUZlQL|0_`8@W@%cYYz?7S~cTeHrPvfnj
z1YIvU&Z0bRzf*){!<35p1#_+UtP|nAHb<hns{$#p9TOX=KTy?Qc|K$rv6N-D^CD|o
zFnea^--?<hS|E_)>$s!I6FQWGd)P5_ypQ}&j}D!}P2P%TF-j91oVy=c&sRB&uI+@6
z5{XLuDJ}ZC&C)jXmvm%)t!j4OO2}>XgxfZ-hVSp;2XG56_K+{CVJH$ce^pf1l~VR(
zz4+kFDTwQ)s6_c7*GCdxhCo?MOPchqW&)wI=c$_cY4cD_wZiOad|kpFt<yxKS+<nJ
z+rIT1i3tmvey_UDc~?l#Dj%|~>oJZ|q=IE$Wpaqmwin}MIJtHFceP@3`J3}fy?)N0
z=ePAH-yf=AOU`W+$k50t-TBjo)FB@s<gTq;8TsoMK01`J9l{Z8!#_C)mN$iL7K?YH
zvkHv15##N@dJ@(^_tiKihBZ@ymY9;U=(D`^jj$uTB?eE#E5mB8(k$asvfJbCScpoY
z&s({_%E*%yNBs1gs(ZQ9acn42Ez%V=mUe!X7pYbMV|v6oD0KL<dn0`{C8A~F_&(&T
z_zInCwjy=n)<{}$CD`=&+U47TSq;}%foe2__2>v)CgM{H@BuJ*!fkL+V@TSW`Z&;S
z(krnK@R1JIx-o~yzb?XtSQq6&dI4EO-5;4d@-$0={l*-;m_64rDyIT)DUj`f;U0)r
zRE2S)E_M@$r0R_-+(emaJKk|wNZ2ULpFhs{mpKZ!ptMo$vYF9M)Dk$*Zc?)}(KLk(
zGj@JZSK_(Hd(G<;m)uvQR(Uie?!5GuzCIjLc}$jJCo}x)>y`+cxY7{9gVSw%&ko>X
z1>rrqMoGMEg^XI#VE>N!R~-o~r@MV55|LCp)TOEA{apzolzs&)XZ^}Y3tgib1P`>W
zICzk}EaQT{TRGew1mf$1#<uy9YZq2lRznpIm$R-l<KWY!T6LtB>Q1ZWYk{T^4>o?K
zZF^j+X3;BtsFe081?;<p4|tU3v~xw%%eqpYQT~qwn<{UiVM5iZTfZ~V)un_q^zmq!
zEj=mT%+Ar~(V0O&js$QlFX&?I!`B{ADIhxdxEOE#!BQ={{Bfv~)kITX(Q)<I#-z=)
zCen>JLcPn$$%)@)j88<rC;&po+VjQt5}9Le8#RDUC=-ht&iz)pR<Aa*L0R}^_#jf$
zY?c{sQ9vTofMK7zjC(+D@sR(FSXA#%d?>-^OKLYMt5ban95#ss8D$aH#dI{yZG-N3
zWH`}9CRWTUv-`sw+`RhM9wQH(PA9j{47)FDs$IPj!!8FEMOu&BA1pRY#2-U5Lz;_Y
zWZmKMiYgvC&wEH7fPH~NM@61LK3?DFO*hJDQz?*=UyD4YWv{iI(-&XnwbYJ(Fuq#h
zztrWXHt>vG8qY<~4~<;c#-t#`0b0_UElbbP+U}vLuip*G4H~S7TEw2zN-O(I)8QEV
zk)5YZncOem2eHMy@4MA<P<nxX<&tcMNM@VxsjsNM&mKKQ;#uICH{FHg3T&9&W>3nE
zrPOp-wXX9L7JlQs<K4WTa@ftXr{b;45?>@tsa0h*yRu4pIlQB}+Jd(>>+54X`K$#5
zxt682_wK~tayWHJ!f|JMMplw}o2>-}nQ@O2@g1td#7GgXu#S00<yF8fWc!R)hl<`)
z3Jz9w*&^#(x<w|H1yjfa-LYy)J!tY4{)>qQObR^Z&ld9-{%JuAsG~ifEYfy-ai}O$
z<pC+4V?7p;zlIi()YAmI1eTMxZ*cGIu!lDOs|C0(Lzt5jjpUC6Jo|b^H>&?p2gm&U
zJnYc4nHWNyFkDrYwyyStGO1V%z$u(eyCwQw2Hzm>;zy<9J`oqk>dRIzx~M&KZrf;x
zSJ!*fIy()ykI6uL;ih|yj%V9f^q5TEN$=QDqKk$onrH5t^*E4Mepaz%Ro8Xlp7bdX
zu5?17VG()xtS=QGq+)GpiLduU+!oO*!y9KO6|v?+oo_`(G*o#ZS<`*??@G&bpi3@4
zfepli1Segj$Ml;!hrZ)lPd^#6*3DceVbl6OQo8cN{`?3G2u~_TV`r@#u|HyEo*ZUK
z`X$>84fyrc`kY+p@PWyC!)ED*D}xzOxh+=7D=WXYDyT{5?93Y?xg2hm;R8G!&uqln
zMWXQ=0H~tUg}nr%$6Lb5J<cmN&8xbYvQryAib-z$ZX{5lE|7%M-K+h3s`qvq3?oTT
zM0HB^xqOahoNbLnHAT~6e#^}_fu1R}Oh!J<v2uAi*JGpR;BaQ=_U~d@d3ni#x@l}k
zA3-=cRB3g`l1m!Js+;Oz&_OFjxKUU4;Xn9%LN8Z%fo?Tq<7_P(2ij*pO>eN(?A{MH
zv~Oq1{#)ngmk!XIrKRQD=bvG=?6p*fmZWRAx4(Y<Dx1L*zP-)i+-UIR0&~t~okE+~
z{71~Fk$~5}3{*2MEj{gxUd{39e`|ekh?|>7?dtwiZy=rlBn~nts2Dkx%Cwh;iinUp
zUM!E)m{IxV6PJj<2{wL<mH3qN5Uj4am?PcKmIPh+%)4fOCj(ws$9-CS&Utk)P8%Fs
zVa+}n=+=PS17h+6zmY&#hq#X}<(;#=LOfFTo}_nxWp{oMNdr`mrcEuX{fRPR`IzG)
zNH(8}{VO9lUAWcGe}lDB*o#UY&?@5VMZ1jzNeL;fSVRm!HexEO4irta#WcOY%jy1V
znHWl+Er1;x4S@rh^gUrw5I!OXg)T;(<_?Qr23M%fXql3VN?=w_e@LVA+DN>%ZB0C&
z<Xgupg||YVJ5-KEIO>7B`1}U<XseZ)-*VG{wPu$CE(UnJ@%mUI|LPA{#^Qz$YF5Lw
z5f?lvp%0jsvA6fN?TYLG{l=qcf*sM^a)TW1<>m4I+PjYV&skZ)77C(rkfB8iZ8K8)
zoj!)s5%aXG6Nu!6qVw{YW!5)pjlfDUcGt(r&3|x>e#mOup3f-S9CvG58G8flJqerM
za|?@W&w}wyhJF|#iVQG;vf-s~ZmtkcXkd{d%<!uX$WBj}@bwkJKqJa_yc56NCVeC!
zT<q=bEhbBNN?;RpiDp2p9TpZ=v1G?vY&r1I(#i_p5Ez=qNc;+<Je7NcqkJc+P8dVg
zZfu3M+t*pkQ=pcl^4onZqJ4fBL_q+sCF=XO0TlG%v5x>buk}58?%U!@hs(Ka9?MG>
zcw}5}kL|%|PhS_-ohR$ncx^Qjq@e5Esw^lnB#<s(rQdRMO-6oZU&DSzM^6vPmy&8Y
z=;8;G^r4!)hej)0N=p-Fax8!!9dWVpSo{<MaM`CHKcdtZx|-)5KS`)kdF|e+J>ABI
z%@41I+7E$OC;Dr#H#3?p6i#rl2O^@xc3j|o^i|+B5JxTK@Qz69CKX&<xc42y=%j>p
zdjdO?_n6m4-7o+LlZ-L0Jy{o|@>+G+#=U;H8A$L!_=NuWU?XyLEz7<YAI*wvPB&IA
zj948lWoMvq0t^6eNL~IiLcK}OYdh6KZfnpQK?&FoALb&E&qq^%1Qi$lICpuhNioo<
zdDrUjm#<%^m5J5zH0r^R0(IHMjyIUE-P+-#|H-H|g80rIr#?A9qvq{-^W<RUig+K_
zOV#<D+=2)E{70fk0{@fX_}<b|*go{Tq76s%2N5k!)ZnPb$HPkXe^;rPI=zP8O0Xrz
zY|At4nLRFi(m!nTRTVhx^P@JmI|?_4W>wIvX)ar>ecT8DN%pOjZi*TjFCZ)uJ&-j3
zMw!!Tfiu-}`TL-VUPk2m_p%(E9BFSbelWLLSXdaFn#Lq2FaN%ahuzjC@*axn82XLa
z<m8s2A|v<#ULV)*-@os1K6(clD!BV^^?{We=QzM}(h!D5#l$oK%G4;wJK0GsFOn3i
zKm~|38EgZ<?OQ7^s!FY{J)nOKMPo~bZxyYI5w3|NV^ZF#bxh19@6CF`>({S?Kr<Q?
z13PGf0I*&qZI#9?hSXm>Y>3~xcRA7A31n%qX&hKT_M0Zp52U=yO>Y40D+>Hf=Lh~+
zGc#ed!?@ou81O6Yq9QQ<kviekD}1O_rw^Pclk>d|zrOD(44^u2pYlIpVjjbMJ-T+E
zmNRyB)p{`hECNmA&R06|FMrFtiX8~Yq>j6dHy5>1wWh)kj~9*L(LYvHe4yW`o9wBb
zGZt`Od}1O_A0Hntn<5hUsIWF!k?}eB)e^J1Cg3W;!b}P(7s#O8hd-REahv>vKu}1<
zxC6_S#BD`V%<R;nY4+H!o_x#&IgZBVzEb=C9!o?u8N0?NB*^ROQDyiZUjrEc+*Bcl
z>nao27tys457b&Y#c-BFN*8<x+$Xri;NcRKePcLpu|;3j1KSxGa1z@W9YW<9H0-2j
zdLF=AflBv+#Y0tZ)Xt{4O=3;0I(1EFrPw_n3nvVHzBrMILm;|+HBr}>9|KmivlC2$
z6Z|U%+GJbT%1Zzn1$Bp2VNJxa(}H~mOL<H}LW}=poQjhIKc{;nsa<fsZ&H#N)S>9D
zg?29<)6I!|GjD0Z6u*4?_O{YVAKReqWMk(j>^9W3PUCyXot6~4EntTnfvvi^c`|zZ
z;eP_LI?JGWp<qK&@Eu#5w2_<LZEnRtofvDP8C;>`MOrk?d%7}tVY)d*gMnrf!65~l
zURtkOu??ud2Vla&sGa)G@}t7dJ!CG%;Zz{~>QF6ZVn_4u=uG#;X~|SCiA*J-$1=qQ
zE9O-RH}g8USY%4GEYuV^$S$QNWl4#P^Pim%OifEtJ-GP-h(1Lfo%e<sm<xD)PgGSs
z_m<@f^=gj1n;p^YsG}nXQqL{TDdQHc#OC?QyHJTt@8dRx-4$dcpjsm5?ssFD`%26d
z08I_~wDQ6M6KS3IL>I6D`cxiUit<TcoM6MK<m7fx8$5%o>yzSJzcKzK+wm$)MP;2%
zAjgUwX0ac(cMMlp(B`TawybUS0PPKp(bKE%L}xoWqfL_bR**X|(F_LBFAe6CM~dvb
zH~8))ahd|q-zvja+msf|kh!8J3hG{m(=CS0?u#R83>d6bc~VdvMHdS2y909E4QSG~
z_V$Hh8Mc-+R}~eN%Trg3Ra9?hbhqldjmvd65}=xh6pX=nfl<W5PM6~y@B9`k|LSxp
zyTo-(036*rke(G6$AD*8s1qSz2P7z@mCB3aHGBYC83D1cF`3&6<CRxAi<LKEI~Ax2
zFW_+~9Ga$2j}SXB8QFg5x^x9dwMEW$iM&OqDFt0-{LWF6&cBP8X9x*FBSEAYQ<SI-
zyhVAF<~AmpbA-(_T<t~xp!#z<!s)}=NCqeg+$MZe%(<k+#MBFF$_#5i6dBlViH+1A
z&N%s=Zb?3Q1@zPDY?mM=DW@s(-n8ceBrv1pc4loc2T+lQ4xVz!LV{7b`T1SNQdSBE
z)CFS>CzFry0{_MkS{1}4OdXu`x}@#?bdC_({vCuO@zoo={I8gC3i(>G%V@|y2R3KR
zJGMUyX>JpSTc5?f_XZMyCcTb}Te)QCHyf|6Ps_~>ISG2*H{FF1$L)_8Ss#7V(A2ye
z_E`}yEKN;*D`Y`4mmCx+5Y?$)zn}~F%qUO1=5B(d)7z3eeMHsArKEFxRzWn)b!~*<
zN_SZG7!3t}tN3GH%0x@Rm-sD-(K$SLOmxwQPD0CU#--u9|Ish-59H9XM!Gckd<hmw
zWj73%HMLI8G72RKeu@q%wTGup#^MVhaw!z_?vv+daN5AgHCMOg@7XXY4wU}a{2ObJ
zj;+iLUjbl5)4>4=$l;l<L^wq=7~BgJ6MAwU+ZT%rQZb7o`MFNaY;2LxX9o!U?`}5x
z78(|o8<DLtK0c&!NV4QRqo|2mAFtx#63j<0v~BgM08XT1E9BJO#?2cbmb%aMA;@qs
z;*z$iW*a2;uaw$unAYtQMw<t{7X1Yo^XADJnie+ag4*h73>{<yXUBVP0Y4x$hPWkd
zVZo%tef>$V|7D;WF&fzyN3+=|9R>K#9CjbKvipqm4Q6c*VR+Q&!5TI<yusD1JNJSw
z+x$OY2DzcPi0J&hNkp->w)V=ErV`F;-z<sCt7)R{y(T74$rrUj&+A!361+}MCIiRw
zEEsQoKwS@JMeT1)Qm1gl2tR>j@1ykr+@MqsqLDy!Y$=6Fg$i{>zX7`L^IsKPvu#~n
z@<V+fG5ZJOI8{UE!D_sk328p_W@#=Ypf7v?#RMyX$R-9*vmk@1JzkcH5Iw*05RQKF
z^g(MZPu8oE-ybnCy<jA6V3!3Fl6!y~FpbeQhtGPWB!;@kl;<B4==sG868dj6vco4C
zx9*3GuJ5zx-rAU9mb$UN6l@4KeV5afIfdHmec1MO$R9PzR%yXWK+1)485>`AF}p=N
zDk!Lc{7Y8wW>Xw*AJ_NX+{}Uk{KO7%T^kmaETMHqKaq^?YjY-~*bovS#py<6s$|Q*
zo}aOK6tW)xl;fbtLR^1P?e5W8*Gy1uw4)hQ(v7u5`pRK(>_+n!?~oPLYi|M%@A+*R
znIucd-YUzlyy28nRz@P%XJ4rkmyodC?I-U_5~!@K3<-x=AD1jG>k!oq8P2Vxb#^&P
z9^tZIuSl_NBTIixeKC2L+se+ovJaHr?>(e`Yw!jVtl??-`uJU5U!e@BHb={CWH!Uh
zh4k|-Qq}{CHdM5=aW!VA9V^qi4OompZ<>>H!^Zkse>4GeE`rz%-vA(!G5f|Fh|}#3
z$O1S2AoX|PzY_atFQKFUzPY(M4af3r#Q$W`b*@2<@_{a;;1T0AZt`jm3$OijSRE;S
z*GlCRXTbh@LfC7|T?m3<35b-yk-V_2u^|NY8F0Y;OOBO%%qQ%y^P#RfJ{BlD-z5V5
zz5Fth_G5s8ADL+Drs`-MHEKr-iVPv^Ef|d+>6dZvSoTXHc4ywLj@Ct@Js{-C%9@&O
zZ48l+Ve-?IYIK~v%~VXv3I*nwDJm$-0^+N~<k>-AZH>uzxcY9j+eSp|Z2jyO2mv$!
z5@@AxVg|!-tfc60HC0n%R@90Ee|7nW1p=S=Hh)<4U+eb#=hQ(9eXm-}|5!V=SWeWR
z3@g1iGD;@K({jvx$j?uiw6m?#8cU;hcmEg>A^FS*lbm=EdzenMrN@O>^8sOz&bZAy
z;%8pJ0Cn~%2>ZxEx)4q4Nm&mPUqEPlFrf~*4CI%*x%TXQ;+4BIUQ7?nv^>eOEC}&K
zLZ3HWLs?qpP_9%XQF469IooR-8X3B*chq%#ZkVO{@a&+vQ9J0PhHc2vOk4M#<YtJ3
zykF*s2LDCf>g|Yc-HgB%pAP3G*&H&8B*aG=HSG_msi~n8j+mI3t09dbQHn}Um4)O6
zBNmo)#<d#6W(0xQH(vF86hjj?Ad<QFhy#Se_WKJWAajDM8`K<C1toqLA}>|xX=%rm
zym4`Hm5jnVvopM9rz0p~d_-qO&Ef@lp3X!9xtEP@TISe@%?4~Ww4@k-LIu&YAV6DV
z($fA!eR@XNUV2+F$E!7h|8+bGE1BxjK<*v%=TH6ehXVWc*q9C!DUHEeN(f;p0w~G^
zpdP7*Dr!XlMA#r}b3EN@o!vQ7)L~UCI1Qs5Ef)+sIX&75eSRORio0g1*M1hfkdYHP
zb?b2vCQ<BK1`V4uUZcUU*O+Lrq*x$!FVu=4eYy1d(~5(7IbEuY(4$B1KzQyA_?h=P
zKh%g%l!zOq*}Fw{n5iNeXd+M7b*t^G$I+=C2nR4U&i?QYQtWsVEqu5eI}YiEj`wTG
z!Yj^YJ6#BRs@3g?VI<E^k$LZZ2oal}H9!Du4yM>mqm^4vci&YasN1#v0s#vMXd}K=
zE8tL#aZCyySE@>~_5W=%I269ejN)P>1+W2hZbXQkF2RJ8A9Mg=0ImBi2Q8Tkj1ai~
z+F@3~Y`EA2KEi(fwz_>oC<81H!)EiHj2*OgjLQpO*lQmx`9^HDTpBFY?*<q0>(C*)
zmtHg@CWcVRmbdVaS6WwEbyS?O<_ABtR+HL|4DfKEW1_)MY~<uRn``O=EUGPedmZSa
zOuicu*vjH66Td;Xom_)?H<gPGxS$o91qp}Kb|sKQ0phrKiamBrp_`2q6mk&1a0tg!
zQ^u5wjbrBda?Mt2vojnXY}B5x-oAZXwswaaandE2>N#RzJyzk5wS#gxS#x8zJ#`O`
zB(48p*a*XL?m}^K9wgdV>2#-I+H-k%#p8I%!g*yd98`?k4Y=KqbR6wubkp*(Mdq|i
zgSUr*J=5>v91Tdu3@>F%koZYGjrkfR67HfK>+5t}oh1B6e%z6Bo}P&Y`&R~o?9@tO
z{;u7fR6mi~mPn(+AJg84(>UG-<8EUYzXAawU^Goj6yr!?{IUO`Bg}+pW2E#Etz^Wj
z34}W2s~~HQ1EYl?sUQ`4`+0tCEfwv9XVv>_P~6L<@Hjv+``Enao@v*IC2Qfg)a9^n
z=vvFc;c*JD-NO66*1lYIyDZr>vK7H7^S3zc&O_`#&AJ0X*aXs`yQ1q{kQok_+lkWC
zH$#_^)1aoA)0ji6;7)IHwleNo90lqP?}Wy$zXYOlg?=?38u2?!ClDUcS_g@xWOKS?
z(d56)E1TMq8eJBLh8gkk;((t_PSmW9mPdktC@L!lkg2wHbQm4Kzl&Bg$*J7swj_3&
z;7@`gP*wGIVRuTaNuplEYNDQ_PF1~hBe%)&OKbuvSx`5C&?`@?GKSjk(Es?DJ=g;L
zOoK_HF7y?EcC`o$0i7kzwCDbAZ~t7J^LM0>T%{Ns31QJ#NVo)vOCJ~PT)@6M{)lwV
z_<)XXdgthSVQ%IRdmKP2WPiMk6ge^m{jNNG6r_4I&q5$)Bh$&(zL%2&f7USlA|R#A
zkaTx-I2H=Rko~n0h<zP@zfwES-%jLQTgv`cP~aNS$`pp~v}joDH3BEt|5Clg^iMe&
z{se;=vz75k-94yt0t6Z|;jl2r+Oq|6kjzN)Q7nKPorfNWw3;pn9sMEO0fWj0?d@PC
z)zWGAPL}GeEpsl*Ju|wP9{v3-pfe0y$|6G=r-N%Lg_B1g$c155;c}jQO{`cgmPr!z
ztBqyCVD6~&$<N~XZJqp}_uBvo_XztPP%di)<55Zg$_R+IHz-Qbp=@4Ny%}-)vw2Y&
zXeIbTZ+8pg*x`iNsn1_Jd2%;0Q2oTk$A4;R8Rn7$-5})mbx{3&D=b8{Qu{$C#ZwIE
zU!jP&84=Vw`|7G}y3o-@k=x{!QvcCxt3GE5%kVD#(vzpSe`TI{#y@Zmxu@|Xu}@IA
zFax=9P;)YYT+!<*Ni6Xv7VEn7@cPw&do{=?44RsC`J=O<B$E=Udt*%ZYBM4wsfN?i
zwv&!JSG&AK!kJXEUnM_aP)Iih?LLK|D{&te478xCJDg_=MCBTia`oeM-KG6f_IiMs
zpo@!W7#+%vy2_Jy?Wi89A^a_p$6Qa=I@38BhJ>D8a;6Eo`Sj|R_yc-W>b0)IT2Ji8
zVBNL|%F*FUBZg9!Qs@idF!+Tb;I<xsT(PmlS!*h0hEs|fKNJ~3xMzU?*RbZ;muaQ|
z6|OkIMUazna+bJnf6oSgiA(MMLqKDh-}r^0ed@xBU4_4h&&hVzsNJ+<brO#a+1<NI
zvdLVx>hxRJTyZX+Z+N4s$4*MUlwQUM1znkv)t-g?U(a`5)miw5ta<lRWAF{5`hYi3
z$ZG?8&k5pw&=x$FBhp2N?s`he${GWoO-Dz^?y~%Is%n%hOS+HieDdOin#yxg(mY36
zSp~<%^@lMWWZwGz6Et{&Ba8+_--r}@99nAO2k@+y{0&%mcoIYb*?@||c<*FGMNLlv
z@Yy$So<XJC!X*b$Q}m*ltzv#q8@&KH1XOhV{7DToZ=6>qgoliu^l=5_-EA1%$h*>U
zziNpO15I~+mC<iymqSEH*DnF(zYu==0^hX^$3Nte-^q#S=8?CYQB><?f8R^z8`B|h
zP}Z+$`zt%-Q!sPw@{Jq*=?g00H(G7aPg9b(mL7^|l}CUtnR4b|8m}h6!V(URB$%5W
za+r1BI6J_68xetDzzI(P;0>mqN^RA+Es*}tLL!9D4~Y;L=g_pWg}uGAeOJ`*(&NXE
zWzz(1D+ZvRAPdIbkK)xeewsfvG0DEmYb)e)ygR+S)Ym^a2z~&fa=lF#=)N9#?#-md
zZ+!et2C(2&J%&t)a7zIZvtx6}t><B&4w2Wv>NJ!rUn;(Q$m^61CdU5?N|pK*OgJ9S
ziWGcZ*ypIIDAF-gTU*u(-yJ#GzUvG1lx|~EhK4j5-rLt84jY@9aN75LG*H1f@s9n}
zkG4*lraMVjP^pzgZvV*+V$;*R4!4N3I?Zr=c>1`2Dl#4Uxg?vyQ`3CvYB%mWs#`7R
zX|;oimZvK!_E>vrX@!vNJfNey66olaTtk2#0%{8_R-=pVwm<Xxg6rnd*nslX)_4uq
z`H5oqob1tp1^+2q_*AcGZa|hym10QR)ZF~obycGU_Qmo!PRjxQ&&YL1yo5b>&0VTp
zam*l9hFt#V;aC@~*P%dlyYHd{007Ri3U-gj=N+S|cy#-IPF)V#Jd?5Yym_lOeQqvJ
z?ci}#hJ}u>kwor^siyyHE{-{W{~CF@z8AP1>eY?>k*$qE*N6h@OISELbDKR02?;Cb
z6SR~6B!2inN+EU6o4RmuJmrz+fh~`)fI!u7VBqFy$HqwfX@Rcxs{W$ApOTW&b8+#~
z7a4s^biy?r>Ee=-oX(5v!T6Me_rv!cqJHUIMQ?rYUMYL|ovD56dUJCEl<U2ldig@m
zzFujrKZZuCo}qB{)k|o8HZ0t@A^S8ic5^LA?cm0Ea9ROi$rBp26vXaEM~?CtBH=kX
zoplzz_7_^@&jg&k_D?o<gQ&{)DHsIp1xFo<Q5H5n`xR^Xl<ziYdnT4_D7#B2QG?s7
z-d%}KU-L_6Z=EOA$R1W{3$|)$m*ua}czdB@{q|9)6yCK;*Z){R(BWsn!l|+1OGeDv
z(~Yuku#EJ%K4D5#2e%7E9*qjxX=jvk=a+W1b(N+K1~df+W2d{%IN(!@jB&+j3Io#n
z43C2A+n--T-d_1%Id@^$Vd@BHcjcgqNME-bWsfV$<Kj<kDX)HG_65Vv8G{9X#?Gmz
zrkmFw(|_%6m|q~M<kDH_n*<#u1MVA~rpee<(A#My9n&bI-2Anz3%c^?z&vEEt(gOH
z2o`!<sZfKXwgeGNEcCHp!RX6u9SK^sRhl@MzL?G8CAoQ*^4;k7&ny0A{Vt^ghu&2`
zPfjlt1=@ls68Ik8oCKcW7wL@LK*KXsw9xH;F7dV-sTsKQMA6hx^SZqHm509G;Ua3a
z`&_v^){XNKzwB~kGq@Ae(*y`_-3nblNOM|baoBoOcBV>9&li_yNLrt>N(f`3|9PZ0
z4iPa<xQY(nd|kZ}sR{>iPR1A6d^1jMZJjgEHR&rg?=pLxKc0~3qGMqS_B}i4E45N5
zBO@EJ_Ikv6V>+!0^Z#B-+`bEcnt8xqMYKNTQO4{~H!fWPH<QLHZlPj>Yo)${hwlqI
z&zEH#OO!SC7FH<OSOJ2qC%%1K%HH=H?#7Qb>x}>2RM4S!8YiDRF;-1cdK^N`n2TyA
zMgKz31S9O76teTH`5EE)d5C^&{Ai%pMor3cUu*Pw<3Hwc^Xc1tL9^a63)1JFv)^``
zRg|eEjRS~YuRfC4DVIE_&TN(Yb*(>#@>?(EVd}VI{_%dE)<16rmLrumKn<gBb6URh
zd7<SKhpeekxhqq_g0`8@bc8fDnGXGHX^(FfQhn^$d}Q%0N1~UG@6LZ;Db2|2DrE!H
z_2gGddf6QNVZ<ap&H<xY;WJ)-p3$my2r=n#65rFEI*iAiq&;bSDaf78{A+Ql>Ypr7
zd5_u9x9(8?#x>|6e5LcSOV80(^INjSGZQA^RzIu=TgkP(+Y&d{+j`fix8G5p#RyC-
zg!sxf_j2Qry0PG^NGg?P-RgaVc98$M5~~^8gxarSVy+Mglgf-ys#9#y!#^2EBhN%p
zq55a9dGQ<e4lYv9*Dd!y=vG>Ji!QHND#brBXFc;lFaM14{mkgA1&Jwk|7rnff+}97
zWv*9Vy3$h3b9w_922h$!Hf&IPL@1R&d&CVAhKO}DHxoSlx(kxsU;){<tdBarr~kQ^
ztpVhKvZ|)PAt_-hT)o1$)QXWi_q(T;t}1;}+VNIT`74hjVCoNzxz+J%W3;mrnvDi~
zzXj%CFC<Qipr1$QdMYdL#5YD~-NY$yRZaA{<27ZP32zqc6}45woux_KCN5YW=B|Xk
zi)>Zbf0p?@=*q%&BLn>9TbaPVrRRMVe>L;b-)L3)eqH_R)KT2Sb;Hl-a@FUXx2CfS
z%CN<w|8aqd531c<J2;|E-C!YERo8rjD6Upr#;nT8(SRA6*Z~fL?uq~X&4MgFhdEzy
z^xZ59t++AOm(5L!T5mr?f9ii;!l_x8Kv(6zZ-hp~?=NQ<`n%_X!++pp<)^&$4OH%B
z{9ehI_+EawHf1uU<H6=}-fVdA%n%iADAq^!l77?7k3`E!<861!71Vz&x<*W9&tJOF
z#vnFwXYy#FX71=K1D666zdxCYi75<SLjPn%{1`CE9{L-kuJg}w-+cNr*2k%koP^CL
z-`MUuL1LDH#?5KPAFn0GpDO)gXNf`J+pbef2C38-2bT6IKkwth3`n~e=@Y+apmO_7
zm}lUfvX_p<5|S#n@%pYuU>ab4SHiblydx7QQ_bi>m7eiwR8)m*Oi2Hk71mJUX!1dc
zyw##>S3*no)5Xgqf}%ytYO4i?P7ap=l>TtL{;dw%&5B^|(j$k;sD>T--Kw7lD94e4
zDD-O$y7_s0)v_c026o{_o~bbdn_i-HoXq@yjq3C2+Y)YJpC{}H=ar9kM*7~b%+QOr
z`Iu4~s#?nRS(6Z3CA-$!1~p#hS5*z{TU*o1A-LT|FSIGBe$&0+^^fntoZ2#E8a_V~
z;H+cwewJ5bmL)lBb-smh)BLxHzlf)PKc=dp?0e4pe#%R(Po(cP7uV$KDW2$qPlerh
z-0lw;2{H~!T+4P=o?4fS@ow?G6cNyB)kntl<_4zxG{;H)ygA{ol|G`;RW3=_E8Oh#
z;B9Ncu`O2Noy>6WQ@g)@W!{xHTNj?%sdF*Z|HmMjJUCbuGpOoy1Bn9q@cQoe=02`c
zd1*hAHM{qL2J;ikZm@bE7uTAs@Y3e5`5j}sR{TzdGy!oFaV*{K?b=Ox)U=qm`DX8+
z*_xpydroYkFQqW)18@5ZlEf@!6em+>n1Qt!TktRkOa0onhg~IC{#@kucndnrT!9l9
z;RFMK?|691nlFd;TmW7O%638`A~ua{JXgBv;2VS<8*Ac<ljuRhTHeBwq{y0VA0aND
zBt%q*83uX8;MTkN?8BuB;_cWmnk7uWoqH?R1fu6E`SUVHMzo-UheFE7mS9~Ax8clJ
z6yOFpAxFOlCpbUN%goD<Us&kBuX;v^>3Tm`a@^qZa{<-+x(~B0Z@kai|2`lRNLntT
z8W<WtSZ2MG(gs3;r2Gt9u>meLHL&>Dh+U4;eaAvwu1sdZS=WwaXjD~!rLXA{1-|4v
za&KKECTwi5ftA;sU-uv#pNmh_HwBc-xvis-{k;L%nq_{L#f&{)0R7qi&rO%nlkYhX
zgAK39IIQgk50YKY=ddmuWsSzul|b&9E)^kd>_naGo<){UZV(i-;^#1TJXgBpuL@Q1
zty{O&2(I4#X32i($VTgBe@X?{JApbWi!?EpOgKe`H<!wL?zbV;S*xhx%lL2K7#F(h
zk^nF=^>~GHnL7NSF_<LugZYtr-m}Pf;XlR9Kve<$gUaxWNa8H~1c0xP*TMFHW=X)2
zAvLF9#%=LWd3o>E^*oXUHxRhleZ9<VYd9}Hd5~1edDZp^6-9b2^00JVUnud(gEfD5
zhwWAWw_eCWuasM5KlZNvbYziTC(M0wH5o6Y-ACv^3JbTOJ4+@8H^XpiJ3C%>g-Y(d
zq>+Is-NEgKiyHNIBYmmXpO?~_G!p_W$jp;lfFp6=Zesul{kg<*$JR8rm=7O@R!4pu
z2=9`WG3RQgr?sItk^VKQ!ri@@lIR|MXyee=kR!*EbK=q#5z^Pn{bb~4i;_8XU9&2O
zCqbqAB-n`@8k9I^@KZC(mdv|09#qy~Ixm)zCnNVA;e{a0>dNbIYZnQKY&hbQ(O$F3
zqnP=vGZUQ$<@2gb<tlATWZ;L0v0jb&KY1{cS;ojuP=k3ks(&F3)NA>q0}k&vSH?iD
zdWrW@vB4&^k;rFrlDd!77YX0!y7B}+n<%?)*s?99WQkMoV+nHFSs+jh34HY8*jHSr
z2&X~9F|#@Ste$I#cg0oFWb)?dQVG%qM-M-Qwj#AAfAiN^tpmY0wb%G3i;_SrFRGBn
zTX+~x%c-j-ddPQMS|k!`YU2PD%bMRcFsPjgpQm6Ga7|AlNY3eb+#+Tf7dSyFMEs?4
zX}tcKYbqxxMwyV=rK4K2Zao0(Cr>60q@?5x>jTs=ljlPzqpn1BCm9)b8*TV47F|zU
z*mB2ER0Mzp`Y%N~5evx%=Rs7Qa((W*y?z*I8W;o=ea`Z!{C2B5Y(m{nFF!ds3|R<G
z^V{dxcii_pKk9D%!3;H=j^Ei0XfMUQl30$qF=@LPn9#FZnsAZ7baRc4r=gx;QmDQ_
z<p$r&!zo1;5#b)c*S1>3rjjukbFaputFl~C{+;DJ4z2rZO)X9KlRo;WkzphuIXO9k
z>KV0kkbdK|$KZ&If#}QP9Vq&Qpr_sHL)Kka?`|DVoB4P7rB<b-YnI6^w2?xDLe%Si
zQ~m}~W82>5mE%2J!KjYPpmfQ7kvFW=wIV0gzkF|QiW78-Nq7AxyXi`iQ5mw&ORv@w
zj6i;!ab@)O&P%_V-LO5*eRu;mG3&?j6Bai-S@R;qXGY@NltvflXF{i=li1ml-W@Eb
zdxd_64MCxKn$-#IVb@*PhvZ%5@i|R9o7P-+j#p%cYi$HWLqpM+2!)9Ehs!woz^$-4
zk9Q+HkT^1%t2xUcc;XPr$Vfu!papOs#bq|h?f_-;lDfVeARh1T)C7a@J}c{o_b>;K
zFCu!lq)=Rm8x7kjDcwS=d`5m+Pzbr-)ID%o?q}k$9(wZp`4x3t?j+DmB(Ukj!QuRA
z)y|(lm5(?q^i$H&>FhCV1X1I2c3sdZSr7g2haM|s&zv}D=;p8)afU<d8$OE{0!UqR
z-Se?yKO+=if8a2HXF&{?5=WbV7^=r)WOM_S3>t=kigDY5YFpb9OPJQ@{qiL-;23Bv
z2&tg05CjGcX8nEW=}K~5cT873yv;86PB)vZh*_hynymcU*Q{P+Su?f>gL_DhZcHv!
zdIp9&&?u0I5CYKd`mcpQDVmkrl(LP+(4f@R(!8}^y;1BpDRSyd-53&S(3d3#%^HtA
z+KIP!c81}=jzSilx1+PB?Q!4HU9CXaCopS1wbXhD-3!ypcRBf7mgxY~`fS#nj@aJr
zfb!thQuthi;JPuiTqDZtX%Z|rOqRK%!`|KHa%Ts!5V6^?Ls}(fY)r>H=1vQ0r`4fK
zG}i+3RsCF>$|7hdN@mL~=cUVRCM7`bHruN3Q6EsBk)P2<tzmq6FQ41kus|m-H5z!p
zy~F%*_azhWgfkJuFJn`aTX%2Ozq^20SIcBz3()Evgj_LM8{wu9_Kb^VkmmsS7>)Bl
zSDeSrA3qQ{I-&m1K6tQ@=V5VBD^hMp;dIi1m3@MTTljz2ddsjZyDeH6MM0%QK{}))
zMCn#Q5b2Z#=?>`@kP-n2=>|bTx*G&Rx&)-VyBp4Y+<Twz{P?cx{o_kL_qx|wbIvix
z7*mm^gVfn%UJkj_QQ}=uRi!tjT6pYp6S_;lAy`~a!59TNP(Hoe^P3gZMlFFjh`%r}
zpa|Tw56ZbJ#o$N-inmw+H%w5M8Me>;0;=5*oAKwQFWqN{>padoNI>>8FfiKvVxEt<
zK-3P#%)x0@K~)trpyGu526qCm$d}6e&~{E8?%i{J=CX&6xiQ^4OD+Dl#u$r(W2h_1
zNdQP(-J!pV4LkofSd(WNqV#?VA?89DA%G@zS4`~Px@AR?+0g4~7PU`<s|I@u?fB$E
zJ)eIHcXW2TfMJEH$u~M49zPzt{CTBS3Fx`BfrRDzk8cKhQ4EL%0^&J#=R+PnqJ3sP
z#Xn(n?D8d%@#9Yf%2;Pk@J2e>2Z+KgL3p*tTaQ~mk&45q$}-(sV|+50r{R>pGI?Hn
zx9{u1zjSeq|6%mY028{wYH_waH};W(PieB^SjcQtvHjHkxo$12PlY~;7f8@C_KaGn
zouibN9<Yz{@E|pr)k6G!L_-UcoK0cUiY@RBV;wdv;5ukWY~+S3>Z9%PUI!ShsioKr
zGT9c03;>7WfQF2clF}Pga<~+#eh#~HFG1FqpZwGpad?@uyMplOD$Vu`;1xMvRV@d8
z`jly2VFht`puo%PSxNEAU<KA>&9QEK#IKcV06rUjMf?f|Y2jDN=ouSsfUeS<wx^V$
zVxS{@6G_{3l_o+l0>Q@tKZcfB8`kCOb=5L6n)Bmrtn$IUyu3v}f@C_b3cPtbDP2HA
z5gdjOEusi#h0eu$`TM8KDbzd+aqWs(h33mF@N5W`Gq6+j;QoWpv<LPcW!ycEmc9#7
z`2Jxe?Kxkz<<!+X60Wshh>3~qWRa;m5{}R^$|Y6GqGAasOicXc3axt6!rI_P(ric7
zj}ct*3l(ssAF8`36_bvPk}*uP<>OY%3+;Hdhf4{c2%koPE@)?<^NGB+c8?Ee@&Qye
zFkIgGtwWY}{r(0B)eAQczrsT7_X_nYzmcXDYGBM&$zNFb9$8zy!f|%A-udMXCe|=E
zHy~9BoL09|Vb24M2NSZ51TS`w;Z75Cbj0*SsF!)I>n<Pozumd8>&1Qeu)TD3@H^;_
zySc8VfxXeof5{HWJpy~pPUzt{SGArzV*uL;via6f{h7uWOzH<j7#J8pAVhU9HpRoE
zm3hR>93oDBiJHXgKn2oMN<R^3DFT5d9%2T(XDMX|4#g~)U&QyjeQp;hfHM(LRz%xE
zS2cOuxu4XXJVCkwJxO?Ya!=HEMc=a9Jpop?UjNjJ|LGxur{-1}T5&wQb2LRXB_QW3
zTR|9(w^F5r(WzK4(pl2W-+eiK!rO4#Z7ru95=kdpXupc9lJ6c+S?LUvCPkG3?QXcv
z2>G2^p)t#(y7L$q<a8B^EZeo0oE#h+h-(nk*oZBe1VeXMBc%^E)SiR84XBVo5}F8P
zUxH><=c72|mC=&-K=3N`ymWQk_}f&JuFs@d`2Ou1Z3zX1XHOa~6iVFH_Gbeu#?Kfc
z^Q%AhB=MFQ>{5aKgfq~POurQvw|;sEjp1UwU-$O*Ya+gU`2`GqR&?L{*V;E4(Rzhs
z0sDH>8!KTe@pQZHnk8H2%O0@5Y+e>H0-uKw4FvkoBG%S8A-X&}HlFxv+kG}@f^|;x
zBky}!PR_k-ww=rG>%70(!bE=4s4Llj64RM?Sw8<N<zt6{0|NIAV*4n^nxd@wKdmho
zJ{P<7#(syDmCYw@G#v3iq?YN=?00Sj=oL%aZ(M_Q0IVbudyRMA_q?Y0AcU2frd>D3
z!qU<+qYc&9vPpWNQiw|AZUTKJtGzEkcIl=>&Hk7f8WmPj^=8kqWs=RxlW>~Fv2k#~
zbHzef9-q^Cv@3Dc?l-jWz%L09VK@mdKx_og7ii%);n21oEYP`rp31LFL2mu`xtSRe
z9-XuvoYFr-BjE`No&D6}g;K$Rubx1`gaqHs_V%Y}dPWB1AH>jX1|0wpbc<*Bu`BOB
zp<e;gAvNIpTq0-z#ZKE~AHxVhU+c#;5Ind#x6mGmXn$;<t%D*o6Zp@SC(c09>IiQR
z;PI>t#G{juQ?mb|#^>Tj>{vDuwSW&+AKf3hq5(H=x?gwB&S+`wH8kFMZAnKosyOyL
zI7MZ5t=vreuV#BS^<gEuUy0wz5C?};_1a@H&yxynEg7cHIdCQ-5z-cw?|=GQCaTbS
zS`fV%tWd2GB=@^`w4Wm*C1EA1_Bv*{Nn{`>@Hp!Vi3f)&XlhD1SYnI|PQKREB!Le`
z1)MGxt!iCh+*Aawte8MQpWAVRP$oOF@~`UakCMOJ+bMx10JjK~ry}l}{9nIjbGvR3
zA~Jj6+b&JoPy?Sjqdv`>QpBGX+Pz|*2!r0n5>jq9S9rp<rISr_3nN32TLF$m5G~DK
zKZag&Hc*PXlDNXC1HvHI3LB|BfQ$+zVkbkH2K$@G{RA5!E&xBX3D@;Jpkm0WsYx7@
zO~L~)K4dq+hD_<t&=B}By|J4UO+8Q<>LDHe>*D@xqODWov5m>StE`^$hzybqfldAO
zAe8bX3j;e_>b4wvP0K%Q`FVMU!(}6T0YX<nsN@&4n9}-N6D|nVJ4j5RVFfN|1l0av
zsgT-(=m3E9$A~}#1`Qy<&MqyDf{#7`Oi)^>*yo@PCgk$G*%o>~JS9ce(UB7(n=?Pz
z-26O`=LI*ges<wi#H94jG>OnNFo2~Rfc>vQ)*9z|IHaVk!r|5jV->`Vx@!F|F5H0(
zDq}B&4%rtq+`{^8A=Gf~!5AppotYcJ<OOr(Ovp%ET3c}m2*iP#_cdFx%4$m!n&eeW
z@dY+}3lgw${}zbb1RIgfwzi^xW)}KFGc!%dpd*Kpd+fL`nC((YHTqZM3*Rc!tL~;H
zRuBug&wE=(L?z<a=98Z+RS<I9$OV_L>KN#p&G47n-8+pG`tN@=&R(+(ooNldmUUL!
zXM#_<$09Z4meD3w*R%ZICa*GmFH;zmN#fHdLP1>ZeSa8+(?<|Yb52fwMLOAHpuHgp
zP8R#Y@zB%L->KBH--wl&?GuJ7N(OKX!3Og8IcsaW60Emg_wLs?E}kLS`bV2U;dlop
z@x<iP6$$JIq#dLkD4stlNCi&W`}j4p*OJIDuHbQ;*S^z9yndZ-K4Jwne8HcHIO01%
zo91=t;Cj5;{H3`7y}ZQA#3Z$-2-M^fuU<87zKetgAO_b&-;aBxIXO}I<jcU1hhSK~
zIS%GcY++aP^04q#kWDBl|JroaUja4F#tq%=`Z|~k8xav1^l=ZW@K*)ew<ql9rMvyp
z&^Cug>t|(Oz0%#PU0+p`!|sZ4jEUuX+Vwoh{H@9(k&?O#clUcjB#~VOv|pc53VrMl
z+yBv-kR@R$%?w)_7#Fc^<kxgTckg<GAWUMxp?!YJZChlJorsti+K{Q$)kK~5epG-r
zK}v4`w2`Q&A~HXSx*n|b{3!7J()EK0?$Pv|$JmLay!NclR#loT!|o@Ph>B<7oBRTY
z!x_N}L!D3j7!j1X!1aW76dn#v)3B`2ZQW*Z^6=Qtfz7jx%lmKRX%SMC>XbgSo8L`M
z-D_>BqYdG@10692c#!-V9x4U_4U!;mxN&ijr3HZT0>uJ8z*taqPy7Rkhku-6zn3QF
zg1s8hHlLQ3M(ON%cIgQi3$@rM1Gui4w2D8#*UR{@^aY3*kA{oam8e;y??$IONjl1Z
zUQ44Gl75ksK*nH2mE>*1z`wyJh1~GOW^(je=yU<Eddcb6_Ho8KZ&6Xv#zYk!Qp$8d
z=i<-xkVj7$f`D|*=5|B^ZYcB&EK7}7$Ve6wCr`hB|IW_I3AQ{B{zku*o9=rqC58S)
z`3qbvNQK77R(k0fMN+}7t*tXpF}z+473qs}THMjx55Oc%&(9A9b*v3kijYU6HpZ8k
zOGvK2H&lbj3u#9Pm~W<~-6$9d7O^V?b1mKamX?+odz2njx0>pFXk{ychd@hU_{Czl
z5VVaawo*s0w#p0IuNN)}CS&TmPZx(T>j7J_<uO@z;yEyql2?)%G&zc!G%w0umrjb~
z5saC3e(A0M#Z!g+NAtQu;Gu~HgO#qXSgKiG&Mn^gdz1Diyi$WLtM>0kCXaVcgs$7m
z^Sn8$L6gb1T^$UKw?q~KgpSF4*geot4VZ2OgX}!-PVOMguYS%O{r)TrF%LEuQX}+5
zBjRx<LUVFzfs0DQZ}Yyi6mwz85s21LFIL06W`gL*vU7?*g6I<o8|UFerluz(yipwF
z`IKzbk$_LZ4I%}Fv_Q2JY9|!~L(tz?LSCoUuH1rJVL07)?*<`(^x^ig(|~fM^LjVe
zXo(w_e7}76>k51txu3NLyLw2_Q(c*=;{y`j%%syB@7wTtVKr@r78npo6|m$!&&{{3
zLe>P;%pm0RoYqrP5XWq7ck>n^2j)-&YmJxp>#(Hu%r<xz=d-O-TB!Q2NN$!{YQ+mn
zl*#<a-rRcv1@pVt6k*`M*0Jq*%r`-X1r;~~bJ*S8eMCzGC=?JE&>bsbYutL@hW7&g
z0Y_6Ri8BO9O*jPPvLEPtfHW~srr~t87bCtBHU2QBQyRFW6gv(zh)N;F>N3hW*)txZ
zYhQyGZB7oN`1g6EZ3v|#6kNdXkK<TZf54*J2x-jR!Rj-s`cosYH4h34!*V2vj(4Rk
zxB*eL9Z|_{6p4S&%loP`?Fp&6uG$0Ox6gl#(KY}IlO~rF3lgN1#$ars=``u^h?W+2
zHN*fK@BHB5Mk3^yh(|-??l8=huCEt}_|-nKz-to~eFT+EYI?d4U>D&@Ne(@=iukuD
zO9R9DDhpV>b@KSzeW@d=(tT08mFNq&O#dKv<Ko}6?7wV{yHFNB;(($OOQm4xdv>zu
z@w!wjcet$JXp6&$R$Hqyv0Bj_2CYnD3$O-H2g$Er1%#5ua@*oUnXlU!-7P9E4t@on
zfZi>yJmq!mA*g;0%pTu*k8=bUJv4N7no*^%%Fb9%Uq2`$#1MG8i05c&X@!KZ>Ag3y
zT8$Bg?XEZH0fg1eg$1M2XSM^6KwtLs>h!NZ@WT)sg_&}$A3Cy-6UoFRFGXuuLBs{D
zLk+4%KR-WMpjjL4SYC(61y8g(K-={V%9Eu8>of>Qg;=NoS>e&c-f&((Mdo7|kMKqR
z_HD&(Nz&x%1M1&pJ4<btMH(Z>UD5E_+$;wyF`g^-7HIwJGYPt-ahXIL-p;wJ@gVwk
zw4q)sZPr^oXh>V767%}!18H-29Xi7y(qBVE>|aS<b`2O#pS`S7s(w_h>X3?3A@bto
z3uUIg$jR;{^I)wZUN*MKl&cM65}tP-AbRQ|E$yGe0vUny0+?mt$;mjHM_X=NZvj<n
z`PB+(GEhVAV%kOl|ID%iyp>QI`_d5H7%FhC`1Y-laAW#(>zLbS1_?j~Q86);<&4$J
zFk-G`?K;<4Tes)(C*T%9vO+pGJF_fweVfHeS7;lcLVQv_F*9|dkdP3_7Jv~F1Q#s3
zG{hPSDENN;YLk%dZ3L1K--rG4%gjgFtmeZ^=!57ehb7Cmc)N@FJf2BMg8LO@C$>CE
zBs}hSVi@}{53ARg-fjGSihrBeQA#LMmXd3Amg{2H+r@3vGPH)K=CuE>!P+JBc(lfY
ziNCUxY@DC#`@%Na4}qTR<8zauFL4$iEfn3cgH=GI-V&n3#l?aCvaG~--iA96HqBJ+
z`VFAl=^Z8VcpGL(XJlsHO6e7Mb=AFI2HDE)d|MDKV{6w#&{68?QB_rW%dCL0n~a&c
zS)lBzJ4X&S<C{)$?ibv5gMzx^9hm*!_JMUu{o$syqLPwmwoDRIAkdnCv`*QVaYpJi
z_0WArPfcaUdr-^C?qEeeJv}|h`W~T!mhs*K!@=r!Om0Ckjs>~rW?2aj<kUq)Po)yM
zaRQpbreJP-`V<pjASy;i;s9#a%y9q?c3qJ-8<wZt(O`o^3jc1d<u35se221oAEZK?
zRYaLpD!6_Xho6-{NPHw_R_^{5A-=4ymBM^UJX!vWjJIh4${z{~aseg*71zU+a4lsx
zM~jR)aW5?_&@;rtz!#J#d$8R@=bBeMl!TU-*B^*0w6bx+z{rHq4dPaSEv4Pv`2mWB
zSb$o9{C?YW+YN5E&#|AMn++bohhhcU9{@F=2fLLjJLt>z9<uuUhO09ptjyXedccrx
z0L4R8SeUB6zrSgWU=Y-Fz!-~&jF5{z+RU%n&dSV;{qR8)cCxQ&{K3{>0I*{i7#JwI
zxCoHK+C;>}jCLjvYMsE4VEu~|go{x`!Z?HT#5gf`0N3^1l&Ps>9VJLhCzkq1M4hRS
zWfgnJ6kZ{^mMJw^?=|n%@+(RwvCSV6`Fk72d(UVd&yTR<zr>j0*SM9Fl)F4i*+2T1
ztA;GQ1Gzae{<c%v(6>#6*>b0CDGd_}?hi^Ug^HkOh72A8QGCc<47iV$XIwX)w-w)P
zHUJw@j+&?7oZK|ip&e$Z#+>yMqTPtTno6P4pW+|7NY-i(<l(VLkRD3k@R_uY)QT{2
zYFz?3*8okyXweOuYE9t6VUyzdw#}PHbMmbe)&XzMz1ooN5Ch{8?ITvBuD>(89lw8@
zL~jkhZXS1Q_ToHpC5;!h@>x&Z56GfC=tBK1^*=7a1kjnB`IBdMOUPph{c+F>nHgET
zlp$C>-zg(S;!En8x$;M`J1PZRtMXT2myM5rlU*qt(|P|@KziR(fx6KP=)pPGtb!cX
zrVi|Z3(>vJ2Yc3ca(+2ptyYr<G)pMx;U?da-I+iaNZGtVo6OHLwO{+gb22q+gH1|`
zHxVshp|(>0fs33+W0P1KBP#WHm9WV=yK>Ys-CH$GOd%7wpc6eh@f>4^TRoXA+7M{q
zppvmF^5m<7NZT|Y{^iRglNT_8u@k3fZGeRK9Kdi$61qb}+UD;r6_hX(Fm+NvNqBN{
zqEeuB{#GW~y@`sCZ@KGfpAr<KL4ko3Aivwu!XH>@@%(G()c~$=@IpXg(PUpaxuq)$
zb475+qZ*)>09XIj8xE!VAN2=KE<56!R5xV@gP8v@6N2wQYb`WXgC(?hlDp39sU>c0
z7GPEpX<=c}vS@Y(B_u_fR~Y$ybn{W--7aQ)Nz<}B0_=fBxvJwYsxNgZsi=JTwkoN)
zlkHZpU(D_YOd|#4bJeO>)Om8_MWK=#eYnjroAh-w#ZMN?%LdyO&ni2k>}V1a{H~g-
zGnF<5OpHIu%7zywyZ8?tr01BGpx#cy;_j)?uh<{r@AKwNsi!y25vq8=>Q8Qb?r~CI
zs**E3wl{ljEo;6>_+eRmg}1wK{(+$NN|n*Jr*pl3c6-`w;gE-H#_6f0u04L)hnnLU
z0;r}m7-?-;dGiG7K3k684kWP>6<3S$yxstvg6L|eyI4Jwk^M4lP@S(~vsYhF4^+0*
zDh0m7dym~u%X<p?N*O=iRN1%xmecw}ZKS+1OJjViYLDi^Ei3OJ$nJaqb$M1N9zl$#
zJW;O!4g^}f&mBJ2itB`<>q4O#yu4n9FQqQ$x-W=}c>0P#C*G7dSwEai$9~5&Pl?-I
zEA3i?5k%_@d!ywzL^CPo0+xA<?&QtLpZgm5Yd=(#kqwW(UN`=(28Z5~;AiyRl;N@S
zqs&W-(?7$db{<p1&z5=1^E`&fPA!fN`_x1HuMKKumvuGv%V^m@mx?Rg86GgTy!vd|
zQ=T$A&OKiLK}gkPlh?$Y7>I1+uN6-mg*x3$H*1zPO>vpa7`d@f3bVZ5#+M#h8hCjp
zuhNvb(9y@_l*>>dATLeTG_0=XYmq^Wce<@A$bE7IRL{+O-IsIAgnj$;ZF#s;JS_5}
zp7FC1#AKD5p(W<pp9{nIs<DFcsxISMJ*{=)@%&45P5#Y$J;)D@(yR1eeLPHOVAe2X
z{3r}0=r793-N{CG5q~N0==50>f0+|`uQHJ{4{2m)|LAMgU%zUG8_=hp>KJS?@o>qL
zl0C*MSn{jjQpn|#`@*JN1q_t!V@0{XU}!T8{Qdhr{hLl;#6PSKaY4@Mnd{hC5phq-
zlU%J7xED6y`SKah4tg}@kV6^<{SE%T?0`7?A%nGb^L};)fotp1;iiA-&6V3g?<WLt
zNB%swECD5+&fDC|<MVpJ!obQtYMYxqZxW((*1(zwv09<uT%{CYw<~w#d4}$dXc;4x
zZK~&CBB~p!5<a@fveK^n$57ty<`xz>iCkwFiL0-h?zu4c(7HS0)^vNGtPk@(zq|RT
zsqau%2MIF(nF(!@_2#;YGBmsT<Wu}iW1D&|!QWoF*<a!*y4;@`dpBZlc2j!kZX$Iz
zIh!nz=V;BW@=EuW$(RDsV3_SgPqOiw)5a({IUOQTDC<8gxB^kkmVwvYh77$JbcDNN
zCYf2r;mL8{z1vu!$ICX{HoT;wl_VyrvF~ZQYL{u)Sqor*5<pzw^8zGQ-o6?qYmkDE
zk+3}CMi)8Z&j0AcR%$2M*>bB8UrAcTl1T7IBRlh-tZe3JQxqYz?WbI<3qC=HWs@)}
z$KyekgHa#~n}Pc)N<kg(aH_7)`+w`pZ@%DLsrGJu>*csKK_IM|3}Pq-Mn(+&!bl%v
zSiYEVB`C{|pT81+#>Q(u>t1A1-w`Qy?9A+6#zHZUZ+>z59nanMg#Etr4mbV<?x(T@
z(hER!!9k&*{_HV8?p-NDDe37{2ycYgr}{7$#;yd{{?4s|k2wl&R62-*2^2J!o0kXU
z+}67*AIp@il>JgNmw8r=Z_}MA&;F&kM1Q`f_Vmh#zduOoe9dBDp5NO6kKS;4fA?|J
zryC1jU(Sv=Bx0f(Sw0*;BBRJ1L7HR7YrdmY^+t(9?xqAqEEfiHvw{uJ{bA42@QGTh
zOd8RQb(Hw5G<xPXMf|xEeU94`k83zRUs+@`u3(dgyd?x5m}%=dd$S*&=hS;>dob(p
z^S*pwXW|I)OJQN$tW%dz7Z%u57fwBD@2uh<JbkLI?X`tduHNjT>*=(%W+orSMpF#Z
zvem<ZiryP!XQRy*2TkLFa_)rhn#WnvhAg?Pr@CgEd=a*{2p7}j9?(FyfM#^HFAX_7
zJiL3Uf(h+5cbOC4cHVUB2Oc|{KT(l{c%AVh$;RVbc$#+WB%xN??a0&Gtqx8?Ei*Fm
zwfn6NraKS%a(#n!ytc(Bu1m=Kc{osD)|=9o!_MSiJPcvAr6!4?ji!1^_e<827NxcX
z-*Zcg4{A2q|HZ;!dilbR`%aVuQEj=wL$)Q_h-mCdC52H(2WLt_#-q{u^A5l@y!e3X
zwQJ5xS7l<dGrL=<y4!)qq~YZ=9ZHJMjN*?ktZ5}2fEh7Oj@U3cc20M)dF4F5kT8$=
zZG~lLo)8{}xRxl`b`}@PB#ChlaaX$$(0!DRh)Mc1wGz{zznMvY4*(y)LRf*qZ?Dxh
zYXd@3+bT`fXmF5x2#b=(Vtqpk6<vSrcUqHaRywQh0(bt#H0s%L+PKE`+^I2{@s4bR
zgoVZ9=C<Bc*$NX!OV#esI@FcKF*?F5(O-1>afh|n+rQYw44-+b3MnZ!6W^ayI@{9g
zr87S<Ij2NHCl^27z-M}1M&z;$M2);-o69$VbK?2YJ-hd9_VT#mnSm-Li}dTBU&|6N
z<dH2q_#BB_Dz+>ZVx~_YOkWON4{&h!EItwJ_9+uT87KGpfW|7Fsa}JvLp7jSgSfhe
zcyh~fvt$J1rIHRg2DmJR#i_GGPB8?c$*-O7sXb(1XXi|(X#SprB|YflUD-VQeB^M(
zI41{%*TvjiEjw7BkE=w_fwSlAajQ)1dy&C!c|UGFM?HIhx!~uNY;YdLOO@pC!*$uA
z1Cy8G*nVkDd-6RSP3Tqi<MP^blzIOLg`U4U6Y~$A8jJFJrlh>$axdL5of=d5)i}jd
zd$5v1D75V8f4J62e!YDxnq`Q$uKay(RrMoswtQ!amuFP<N&P26N-nXv{RiKYfJRfD
zKlr`Zrv944*XwF)1QbAV%r&o_9}&iCbn^<}3%m3DK7=DOr(oY>w)rt9{oK8!h3=`#
znH0CA?pOMI_5QqT#KZ|Xb&_G5%X+A{ArE|41x*wLu%OqI$kU|j4)-0nTY*A%OfxL~
z+X>Mcy?_I5UOkbJG#9yafX-bD^q~y+9MOgfZ?szDIZ)flIbs%6vHa6etyQJii`}%q
z2KsVkh%&S-+EY}m0aH}Wm7XzYvH1&e)hw46m4<Imcp1}JHJVd@+sgN(s>@b2>F>{M
z=mp6xn+pg9E*-66S+P6s9bi8}JTu-3V>3|8Lj1*qTrS1sD~%rNTz3mOdn}q!A*JZF
zE!zKX{uiC^*h+A_weuL?v==#6l-Ks$;&}Xea7Ra_(Ac2Ax-YqJlX5VWOyD&T56~Vk
zHNvPY4UOP*`cGs6M9Rtu7zGbrA9H*j&;ATU*U1u>MjWUz(r@&=4<WZ`OrsrSZtt!Z
z!<x_T)|U%IslV)=mgi38iYvnWlr`Ymy-3B&@U)N&jXmJuM&9JkI$<=jwW9I1RTyem
z=L=IcQhE6_ENpys<))kHB}JwmOLy+4u(`c@4&+lNek(dg?F+i~4mP#3uI<yo<Lza)
zhD!mhITGol7E|2Re>CjC;H{0r9uZy{dHnm*gFTlcf6ObQLX)*lunm#G7N8lRKQQxP
zb>7j1dJ)m10>1z{K|w(S?r$nL@1kK^O#ZG(C@)&7bNYUZRl3|twQaZ#RrTaR$ayy@
ztZK1G;|4hgoc?Hh--y<e8>1KV{dB!Q?tJ6Z>N*d;{*~<E=3?7~tFV8DM{fFVZh-;U
zPH%NmD52r{RPAVUw6!7HGTk_)M=G8pXkJ5bp{znkcfO5$P?!B(^+4O^^a;zM+th49
zFALJ5RKb?8J4<|h1^VF6Svi;euXHY#^LYFR^96%7(-igBhwCT(b<;D?zY6UXwzDqQ
zy#7!2U_a)IC3rFz9EXHp42J+BVpR8Cd+R6i{$ghg9(0-^tRV#k1yO?P=fj5&Ml?%~
za>RneRn41e2P-!mH%Gg#>fD0bSEaRGAEO>y8MaLcJaVY^L7<~iCUm;#IhfDv-UWpP
zXWAXRo4x+{s&_l6E$w~!OkiNT@${8@tr?FRGTk%t35rjxVk9{Inf6_2Z?-Av7td99
zx5To#YQ8j0vOV8_W}*9JxInWt?O7zHhg+In#OQb8W^s(!#^G-Jm5In#F~fS~A5OYd
zA7q&VVlytN+A&uaaI#p?5Jq5Pau6Po-2DE+;A%NW_L<%RE0sWeDGvddWq2}|J6fto
z4{h|ach97NVBoqsA7F1Npa4!waY#aN@_spPO^y9prYc=H0m4e_{4OhiG@O!A<LF%p
zS>iO=w)>aU_cR`Rqk8TQ_T}lR>CPH77UDb~#5U>S&gzZ7e?oGfDL7e#?gr~O*@CQ7
z^wL-*6oRaqwEo{&-3Q(flEq>SmdfGVyri-16u?5M;CAd<X<TmHSYJjx*0TE4vMgb0
zb`~Br8JTjer(U?v6*lfST>wtxpHnU=kd>{G(pk*Z|3isKy4&+4wy%-*pe%nKSZ~lW
zBTwY2RT8jwHD51V=CT*~o2)TJ@=bNcA4gS1xnGH+j}A#iQCXXV@L=8FJBvr|jy=9E
z5lVErZk$-5gs&EFS`JaX8F*l4J^Xg6Tj5*rqtPDic0kr`A1~#Xep!|#mRl*<DR*Dq
zWlv(29(cxgL&c_&y|WlHyp`$~ZHbuA_XA#9YGwZ?Np+uk#NF_GBf*0Yn-v|onN<$o
z4|;O$g44#;0wTxyA8ISmkq23SE}I?ou#dkMp~!1;db@s?bdT8}_(Xb8o5Fy2X%vs8
z#rU_`+Lz+8o$4ZaYaHiskp~^k)QBATj%^x<E4)8UZJb|vCd$yoXWbS8D1m^{R5%bD
z+$(9HK9&D3xvu3lP1EUZ1E)1dXz4-2_bmV}V_P0tpiBTi1JihbCjc>C(zRjn{tvOe
zQV#Lag{}9%@1^SUXdGG{;ZLLeDn+5bgWgMOD$*Uzl7Fm!h=gb_efH5FmCkbpG`|2-
zV;0AV57?G>>a=N||3^YW;B#x4;MGb<{p8a`?70E`m{>_&M7{+~{73NqD9*)nayswX
zu11<G{pWbTTKgsQ{=b?2on6EKlB@qca=3)ee|{AHrD^crPk{I-gnH~h%MSbZCGCIs
z*#AF2vdq;}W%w3{@Oq?J%6{^W%o`5W_$)oO2Ne3Z{wGku-gMAzaxu}(=b3nv-Rf(a
z{_XK0hqBVha2mY=Awtj**coG}CVecT65J~cVxrsk(>gi5Fm%gQvy-Arm>D5X2G3r+
z?zz#)Zd*N>C|I4aJ#pH=E-E&koA-9%6LFQ*8sVo_UOD{Jr-+AaF>J^5Y~FT2Zw9SA
zq_~lVWiDgTR(xoWs$GHpQ$)zxQVkwZhh&pw2~&^;B{ApcdI7(9TNB&qYQ;8XPoA7k
z0q*^@x8-~IYKWDXd-rx454?&*JOuu=+{mQ|<&^IavM1c`aAdV?5F9V<ORY~!^X};Q
zIMe*TZ&8>W`)>gwBO~Ztt)F_imBSOx&6&Re6_Z*jy=t`g(#N@$`XLMcr6qFN3E}po
z3Y(V2XUDnv^g>#pYc@BoM+fx~+cEG75M%Fo?yu{B>KK@l6Eam``5x1f`ABN;)}83|
zfclEjK@MrO`U+o9@LMhP6aderMF1_WY^v*OFRQbviIfL{TeV>Ab%`btpxquAPW{xL
zG+^-Vt=9+2%9ge|Mg{Xi%!{z6c1O*e+N*s0@<sGYe-8FO(VzHaD%#&Tz;)G~=~59H
zi7W0dd{dV*SDohH2H?s0o}X1(8bu7Y4_gHuArQ;<OHwXxHB5sM6Bq!vxVRMNfYUhm
z)O2)o_^d-j0Mk9tLBWANJ3G^DoG3|sU(gfpXQ&1Y0ia}J93HAh-@nskZgz6o>(z0-
z-GJH%?zIf`^hk}f_J|~)cUc6)fYmqbwXm}KJ+Uc{E#bKCmeq7unZ}C#YArGBZeTD|
zs`6O4<Cv$_LM_XzCuVs|W2*R7&q_y`PTYt7zx12`c(Jx>CGSs8obS0F{hYPm=?n7&
zBelt<HsWDLZhJy7H@pS3F=|G(U}CHI-r42=7mrn3GxMB>g6|#yJiGXn;QCk1c0OoB
z?YHW-*ZI%86jdK2vM?K7v;<k4A1GSYA97xu1We<R6SP5vZ&RJ<evOK?JBvzQcpBNw
z&d&ZhCZ-L@Y=r!opVONCcMAxTmops9`$;en1OsT=?fkUseYf{Vg1!3%v`7Hf-UgtU
z;YKwaPO35Gclq@9qH|``ys-qQ8o$L=^fR=-%&0+bI30TOJJ@o@I*i|cE3oA|%GlR`
zM^AIhUMoAlo<-Gx|Jk#My}f(MUR!ElAJuu0U~M><6~g4^!B9|tfeY%@D)65NP62B{
zL;Z(}Dc4AA_xS|(!`u?!vTsb41$T7Z+p1h=`A7R$!A64Ivw3-c_wbxNHLE(lfq&1K
zRwiE5NQD-`B>^HZAmzjj({1q_<Y4X*;C^{!{mi99DcOC_7V#Uj9OKjVUut?ahXBu3
zrM8HKLUmCa5hRE5L98e>VTI*Z@dLzw*DpQ#F_T@kbQX?CT1xwoN8NVVy}WF3jwiYO
z&Z^H;#yS4sFq&5E(#@+j5U~#r9h6j*5d8pXI)2JBt1WVW2ws&fbdOlK{fTXOv@WKv
zubxzI8DCb15pr(4u6Ed#2}>3T`uGvr(sS_zT~usrXfd6BotrnIZSvG~&j4TqLP5Pp
zFJHDH!Ad}9@V0i%<hPuT^1Kw_gevhmthM|tnuo^E(u_B<^90%1!KNfE4$KH-{X49+
zH3}zxpl^$F8O&V{U7dH_gbXJcy=I0SYKk6Xz3U{M&g}eM@XXZtMq99KstM7n-W0@*
zTe)%D_0<y=o*vkLr>nA_!rGpKRY|<z;Hm?ip=0+=?XCJ{^MkF)fIolOJ@-mdpn2uI
zAnT=P^Oll$xF8$wdvJh|(^m0^zBe!_kif0cLn}3@@+~2_WIh0&F;sHT=i1tWNQVxG
zBm(a$R~<<Gt>pUF?>%5~hj9mr;O$8XM{;3t8KRX45Pp$>GI!!$->CgtAOUtF?%2?h
zCiK9)ka6Nfs`9W%1mAs_rS{)zCcna>&aVke$hxoKy2cJl0_<37*|&(y!qz1?^dl`L
zWjGz#HC>h|*qm7B*Ew<`IZZiWdATg~UaSNNQ9S022f2Ir&~`)H7>D^vUlDRiev$~N
zo?o_w?$!j5(+W`gCRoMGYI~AF?*a*s`aYT`Scq&P2|5`24GmZ13K0<q%FKn=(G;Ix
z=-Sk|SFg&Z8BLz+b~H`ZE0)Uk+w%`7S`TnvQTR>VidfE?SiVY5NS=6fJoRBhlj8ZE
zAwrAB+fEZTi&Sb>#Rj>fYjp*sV?)s{SAUasO_(3*Q|v5orHn`(ZFKQWJNCr!Oe@x-
z&g9=`<bJon8cDkx9+MLG^!M*XpDNghJ6+`0@0)aIQtJ2dUF(uF7alQ1%OTCp&D)~$
zAeHrI3H#l<uY*6aBX6dSBiwycW29bOL!WuOVZ60#oP0jF(<8J>rGVV_DC^$+$4cMi
z(u98rQDxe-P*YK#HnVwEFICZhgj{;ZTIh5&@Em#~6L#Ak)LWN>PW60q$H(>8z3;8b
zPnavZW}-EWSQl(qSy_L-A=BzOSgrUpV+US<2tUA^pOcc9r?1br>Un(fN7fg2>FOzU
zo@gA=@Z^=&YQYD5tmIx_Icu`%qY_}88X&^QSyI#W%j<H9Zo*}p+1|+^V`v>m&bUh%
z@%iA}uTMVr+=}U8cyr{D`E9wrq`B@r#dJ(eSTL2(b?v*wh<6Mj_6PCym{nrf(C`*t
zNBE;G&iB`97r2+k@BP?oq_D=V>(3u*zmIt46TKP#Bs&Z$$FNYBW6wx8&)AnTuFoz7
z1WfFCZ#gj3{C8pIuIWCX@%d1E;#uFY8z>u@APycjX`pEvHDTY&)wxF5;o0X+vJ#E&
z-wSP(jC1_q{%<+w_M0)bcnB^sif^J>X?$qo_|z;Im^$>GZRtO&4NsGDBZ}<+H>zQ%
zJ_hlpF7#*pj}s-yeVe>*+<HMBwv-cE^?%>ZG=bT)Bx1p?c5Ry3mItmo7B$uaUi@1^
zSe&^M@8WBYF^_+*ayQJ6Sa4bMe_s>+Mdw@kXp(?+E2H2#x%kts<BWk2n(OYp^UO1M
zk~pgmONSjxVh*QF1~qC`LJSSPK1U|@t<}e-yO-RXTSljz(Th9sCz+d@^Yt-;A;*8G
zJGE2Z#7*3>;-*Oa-{<rD7(RXpPNwcUxkH`?2X=;{jx>2i`N-Q6?EGZCfr0BpAt+&O
z)Y;)%w>uc}e4-5TUSi*RB=O~<HR9BDPs>{6+SOhV<5M~Lb>u)pfAJ~3c8Z?`7vnKO
z_|f6Yr$Vlbk*b8<?}DLZ<Q4f|>MlZe1x?**;@*)-ju0=Ns|}A6hwld?4e`ABw@VPO
zmQc=d<G}SY(3pIvJu+ERJk_*p%skQRtD=DVEk_0&-Ardgd?$uU@%B|a=X@+f^;KuC
zukKu~OylDHr<rmC;OMm%ZlA&PYruMyzP9M*=It!ywNqRByHV0{o)FkH>%J^{ur2P}
zo=C6@GLPx^M{R`^uG5E}bbqtU*pzwAr&9C9<dc6xMKhPWR^{l?k?jWcSK`ei2kMKP
zi_xKO_&EJ$r75rLNTmykrkYdeO0V~xT<@*-Dk8O07?r4Twk})Z|9h8kESG)zjVzHV
z9cD6x3Pu>OCD=O1!cbxE)c7VXKYt>$&DIAlxIgnoIMyT`!{`y}04%%u15lFee(?8)
z{vOWD?K^F<3^6LXi@(F0fhGYnx}cLELD~*>lXyVsw6Q7tF=#?M1=hAj9^;&$BmzF2
ziwNcbuw9C+r?q>M1p+3m=r}m;zrbEuTbly|)UUvBU0O1N_|><5_%5Ihn$#dp0GF!}
zm0Z%MH>(r~-dUc8IGA*(=cx>Tt^JW0OwcJIDM>C*rXaYQ{HKYWkZ{Hq%yqlFN&Al@
z4-TC9k@l|B={rVVyAGrbJp3}SIaP-S{a}0h(%SUK>|SNhh>L-;;>4(G$#<Jzm6xB-
z0&Y7HHBHLYVW`OZaKW3uJ#6V+k5HexSf7_$#&#L~{Q1-1VN_2_6sKH8<GbC-{h32;
z2V9zLG1K0;IXxEbTKW-=_I8E*QlxwaE<-nkG41N?Au|Rhrp&UkFVNKnO~f~3uGdvx
z-zl$QSI%XCV=Vkte}DhK)edN<r-}y2xYJnRHmPd^Dc>!`cNa5us^u7W@MbWLW5C+t
z5<QLyD&C0N8y*@eGVUd#m5zTju25X{NI%sMW`p;em2FIx1hi(+!a9nrWJK{4ZoPUI
zdc-0(j29%9>Wc=0M%5}DnIXp@3=ylE3>#AUG7_<2KJAtA`}ZqhVd4Dnm!`6-XNM!&
z)EvwhC8O@r2?|%y2GJ|84pC?R776D(&i%bJqG8IaFxvC=EHjgwK4H&wq2_rrXu*KZ
zj}7#sC>M8iUn4Fwhu;71s*z6p`qd9;MQkvn2LQl3_wL<vXZx$3hnXZp=X6l2&di&H
z>Dz?#TwjD5;}8Rh5FMpz9tK%A_4Q%DPZVFRl{h%soD6PTe=EFo3#dG+TWfQTSC=qN
z?kNjfWQI8AezuSRGWf63(8-W2M?YkvXMAD|lx*sQJ9qCI&i)*SEp^9-^|8*5Lv3eg
zCo541ykZy5`jXs8;1)J6Yp&W0PA*1zT%1WB1Ox<B*{?=yblvU|l^jQYMATv49{$-N
zN(Jo|sT+e90DS@i0`FX2ojKQ0lV<7r`LT0xv{yeKd@U3IN4@}PRk^v6ENn<&Ba$zF
z(Tu8n?$Aolj*?tEc{B1yw`9~{G^*O1oybM`gOb;y0C6>zH=C)%Z?l;bxOC=qOUujq
z7M{RmO))M%N6ll4>(TCgk4aJju}U!>piQmw<da;?wfBGI@u=!cx!geH){WAN3Pl(e
z4}%9m9Qsh+U%^E-K``Xgr!MnkiFdDMk~6daI7T@tV@hdO+n1q>=PC}=U0r$R<mQO|
zeb%Qk@I2vBaFi2_jRb=p)0Xq;k1-|x;{s5~8GV<El5w1=LCUw1m5+{l_xyQAe<5%*
z;c!590Hf?+ZbagfLQ;m#H)@Uw0tGqw1~xW3L~4&*2l#}m>n}t3VEJF**Nv2Zf36i(
zo)2zHC%f}V?0>lW1_r3c)gz=wdyv<|lpefJcwB(IF8}5YUCfh_Pcyrwc?(r)-#W+s
z7o#6r-2~>LhEbR9tYt;}F)uH#iG@XGQBgQWMz{t@XmnW-MCE+VdMSl>xcf`pZMy6;
zHoV*_s;?9k@q!;bp?&sDVT<BsBCm4S*Wj4nL_*2HfNm$10@faI8?g9KD4-jG#LmSP
z`Gq5S(P{E_WBRY))6-s0C=4GqE$QA{>M=ap7=_%W(5@|@@wdrN`bxsvoFCs(vnyh%
ztJQ(EP0xp?5Fo(B^a)B!$U&vW#Av}3Ymet{d~WDa(NEzCvVQ=ofB^CfY;LbBenSEl
zY@q#tUpsFdS!BDY+URXKen0~XKULDK{?NI(v=PVFl^}#w;}IAUp@@&)MZ-3@{Fzk9
z^HcR0FBKKF8aTQ6Q1p$CwnNg*n$T4|h$Lsf_bBEu%TtFACEDdh7#G&JYLAYNz5~wo
z;6C>gPshvW-~b&l9plX#0yQ-?u*J4(`H?zmkyTfhBv9j|Uou*GTz}qYR!ZFgLIsb~
zvhs-dXqalZ@9vOZmjvfmzeqI}JgBl#DL#o&H#avY3VOtY=&#dod}>O@&JK^coB1z_
z#e~apOpz*6rGEeq@WbG^AY>4B!%Rp(c^8+IM1yjT5pW4$V6QvZYQwk%F&i6JBr$z#
z5gAla0(}Lf3Fr^LeSNH;OEWdMqyeL&b{7{!vvg{T%&0e6+SL^WJcRI*_=DOl(o=O=
zK=g%<iTMuZIayp@GF2X`P*GDOq%7x0ma*MUT`3JnNivM<@Lsxib`bg+gG^&=V&cvw
z5maEb=`D4s{k7o4B;$YIJgYm`A|VyadLvK8cX-=^mjn~Zf|D5aXxsQNM^_@x?bvRk
zQQNwAi}$iW2KTQXGSwcc{G_IWAy~jh4=pTYWr>c7j7t18YGDLCI{VU!66bbYxUdWZ
zCiL!R<>Y*{Gw#KG@SxQ)_yOgen=n9$gxCIa><VEtlh&GDJ;%+qF!JS&FP%(U)t^8%
z0SXHSW&t36-+{^J@Qz5|L(#C|$k*N74O=nwaAf!F%vI(-fiDtlHNg79;WFdp<2A7~
zH|$UURjkiM_3osPGF~GdVVZSyahsb26TFL8*VfW&YJyMq39#|-s7FSi^4b~Ju<q~c
zYxKnu5G|yM1%{n#bxj<<%QK#;DkMZei5^w~I(-i~6^U6en3$XEZzl_Yq7nQ*7hfdK
zrGqsiBh2}G3-<_uTooQ3)NhhmUHx$-R`q&~66Zyq&C1LRb#-+F?{Mjdnr5Yqx7~6N
zu-t$D^s8w1RRCcKBo2z&Dq`T6O&b|>6zYh08{M3ZfIWx800oF1#b^Yv?54QD9Jd%P
ze%SWemq9V>GvC{rKqaiyVi_11TwPgdG%A6E{K8Ef)lWPub!1&aTEg&WOVF*`afHQK
zwg)RXykmT-#rEI5<YxEn`iA1{{+kc^eN1>RCx;CLwxx=OOQ&SFEj3LmF7YsuC9spE
zeEcjztHu!#ZIMt=QCLwPx@=E6eb3LQWn%v{-xm6moBNfu^%GE5y=h$DAx1|5P834e
zCebbdcG$LC6ID2D$#4iR&aFMW3%m{)KguMxSa9lBj6WnHi6RYk*<Z4|a%V_;n`SXx
z9x{D-R8d=F!~uG)ur9RJnwkWsDHll1x`Ut8H~I}IprcU3WbvDv3DR4cMCd5-2?-1}
za<74aOAdnLmoIO_(PUT00Pe*X#_7z83WAKL-ymTN>^8~(_)D5t=y}1&KUe7qRUcoN
z`KNcd#zAfL_=dLo?roSIhRuGn;o{d5ZmoCsz@R8c*?RWSb+pP3H2{<BCy~{ny~N!F
zF3X603`|VDig6yhGxi6;e&7*xFYG>mKJCeMZg3JRdG+Z&){n~Op(M%l<|yZap#2C#
zcVnWd2^n=EPX7Ju>|0o&=h)xAe>Ym};OaNy02l(U6NHm7;#R~Z>PYhq_*-Jk1y4bs
z<7(Sdj$-=#(5_cd(n}{r2R|i44MeY<PZ~Zwr4P(%rB$gvML}YGlfSUH*cmHDTW&Eb
z1?^>cm$QxD$UyWyF~Gm&<KrWC>p1f2NrTOewmxjqP14%4HFKnk&BX=<6>a|}69Z^@
z**iMw-7PPK*^~bM8{DLr@I&0nnq93S<R=Tx`_iz~7i?wPD5$7li1`cOKyQCZnuL-6
z-uuqQo4T9l=4vIb9F&x4wO6g{KeTEd_%=13Z`aA{iy%Xt0&`Abi<l4pXq~l5#bJke
zwYDHJRjE6CfK<?MM3iTlXL2iLz1VzN24qvB#>RBk^}D=FGrH>P@oIHO93mnj7E`5h
zV`J(_Ds^=qA!S5hVt!~}Ma5o*#B!jnRE*L;*&hX8gJuA-5<nL*rG5ASL={TPZ)|58
zJt4A~e6wz}s!&u``{lM>kM@3W^?AXd9gLz2z5f8@3$2*f6n_KAt+K0gB9PCI?TWtz
z*4GP8xwzez$%bLP&9H^uk1&GUJSw<6l4Ue;>s6ilJFN3~oUy-6d%H1RkphX(!NJiU
z<YB&WUeoHmxu%@;MdQ$X-uIh4?>jMyuc@v!v9@kowcmqq^pu~!D_@JR3NBK>MG(_`
zA@z63s>;p|;F@+uu4ogHmBre$wEXZvmD_CzohDoImDDSPYtQM%KG;zvrlv6Pac{Vz
zV&`O<8g>a(74LE~TSi(Bc;SKru{6c*?%hNIJAb%kLR9Mu2G3AxMCC;@h9K|o5z8>_
z-I_$mueY|Wl27N!S5`I}=MVQrz>#y<S|odL_iF6e)Z9EHa{(XB0g-0F4tHa$3I<kn
z6BpF^=S}+$@^tAWdnJ!CmO-M*%R7eiG90r1a;wS5ow%yvSK4yMJ^xSU0>oR}xOwNZ
z@7YCI7-=J`tb`$5%(0z`J~v4qtuuF*q}89-3;GzUH`p3-aC``iM(|AJm5gCVo^fip
zWQLpL4pEB!UdQwmFsB~_+ZrA$`sdG#h2`aQ-Vkk^$o3X3Mio}m0Rv$Xk%xqY&ohR8
zCz&ISzYoC<z8%oq1TwieE-%6Dd^Krx*RwkUkZpr<CXfn_24cp%-uzr8yao)6LkN2~
zJDZ#6ckj-6qmn&(#EyTXQd3bx)Zh`Ea#%^Aul^iq*u`k%nt!9IB)aOSKz7=Z@rhiB
z?0r+yi^sW-zkmBS^W;e_AV`EyMM!~QzXua;9^yziIdOq(o=!j@i9p9a9P-As^|ey~
za9)7Q0<yK`Uau=_g~5SWGOw4+bzmq!Xb&btIht%495ON)b#-2t#f!MTcIQiMd6QIy
zg=2Zl9{`;gVaPbf7;}31#LExBnZQ68z+uvob4N5BXx#{A(!f{A(<ZE|xB~Y@d3#sV
zIspOAD)%_@iyd(Y;|huje;d5WpY}fmRBmTQKdjxrN9x5z+qPGmQ^PsF-MxEa8$q0e
z=rF}K;AQXwgaI+4vthS2!K2ASAS-am?nCi8J{l}k_^OVl&I|oDBwowVaxjPdDP_kb
z=WP)<o??uNDgEOFP6$kD)loE(F?-h6M_w!2+igT-J@Yzli93OJlD)2Y$Xph1eyA||
zwcX?Ks*i$+*{y~l8KnpObpi;p<G$(XURlpGMYWg=akMyia>!?mpgvrRHhPbfi(%B2
z*c3q{xw^4&&>PJnnmYt?)h0+U!sB=_;qG4@%!V(CW)GgCem@X>Dc%nUz~grhme&Dw
zT!Bmh9rs_U+5QZsN(V~G=#%J%>(w}8xUZ?6J;SZ@>T4r1dYRFWO?qEi)`<)9MG(V=
zm>@&yKfYb*o0v!f#DLLSQ#>(Woa{jfpuXS#azByB&i})SC@wCZ8ch9xO#@Q)D`7ay
z^78#F_O2jEp>I&_Ij%nzfRo2|aC|%n2`r42>HvX#;Kz>(;0^%E;{F$L4+j_<D*rAg
z78Yr5Kf6%3>88u#3&>lgr9=2nH?1KP{oUDXe7H6Q<4Qk+NEuuWVuic}5d(yfk&#uI
z9v~TYCri7iJp|)nA==2hB|NeB8C7(PR87pSGwRAh;F>Ej>DL2mQ6A3?LPWEalJdrT
z&}A}FJ^)w2yGT7T$!+Vq?@o3oeSDcSv%cD%b(zW}^CMRKd(IE|lnD}%bf9#5@y*Nn
zERN0iWZCP=yY}aD2w2Lm+eRiwi;0K`@HuV396EBi{~^CXct^0Xz;I0inPl!4AnZg?
zMhxzyS69a$9I!uYGu+Ly7LX7ZM@2^FtiNu!B0!4AAf^}aN}id~bs2gEzoGx>(?lMR
zct8^B&&mpJ^bL&$sbs@YBt&|Daf%ig90IN=9?+z4scB!n;jr|70lPU+2ssz}2jD%t
z{}OVn8N1i)>M8oqAazkyC4?zF2up16>tKTsv@X$u>xbRHd6Q&FuGC)l3u$Bxu0pJy
zT?mR46%{MA|K1xkV!|GHawKMKWPniOjasy>@1_o!c(7&rJa=>Bqmxb4g;DcRdFXN`
z(9_fFPQeI|I<xz!{9dZ}Iu>C|&61EE?c>hGt8U#qqMTNkA1+rpKoL;C{#37B(8jS5
zp?Gw72vEmIF>FE-!q3|^nk-b*RIg-Y=HMzGAyUD{uA^d!>EyaI<8(0bF;#BBb1ylW
z%;%F>DNzVh1xy-&R5_`qg03Q~+8=sgpJ8ZdS6uz#jQTZ_n6)exrv{8nt9+$n{RBw_
zIEHpRclcn&1GLYPpt>*4dnqrPJ2-p)<=F+>tgj;<ZR98cyNvBb^2qwHRhtODw?02=
zo+*@$%!lh^qGMpB_1}S{!(WRfuDp9VOeU8aZaHhueGLoMhUB4KkCGmbOOL%DWw+$<
zZQb0TK?d&fq-bQ`P}c?<#C_wNN6cJ;ZlN%u2XgUdYtKtYJ^lHr_5Ay9j&p*ia7qtd
z1qNQYH}}lS%c6hYx_h&DaKWDU1vSi)*_H?Ueo%{mZYFes6FVQ}YT#rZ|JK0aN2=CT
zicywydMcA!T}!&7{z%Ba$Z*gQmB?1Z^$TtH+1sFZ6-c*uS@32FqOW(m1r<GgAf)&*
ziQG4+zzmzTQosuR>hfrEa`F}`s^WiUC&B^8g^4tLD86Jb`aVY`b}dOK6yDN+PEwN~
zci;$P`pEjjy$VXCn#oWeZo&`>O|6ct7|DVW>W^>M-5>%`J_xoR_xEB%L<844OhZDq
zgl;h}uZD@O171>@Y(?$c>HTLaA2e&7!_()e-n}c1gW57t2m98<N7n@#Zftg<TOt0P
zF;5gB^k`a;fL>a^BZ?s^IyoCav>-eWWEU&b>w1;WzRy}&8AGNBVe7ZbJ2$-H-aT6g
zAJeyfg8b3R@6XYuBcE%XbssG^cPwP0{s95NNG#5SjPF*Q&yH(t<%MNFq|N6u6h30q
zBX<EV6c-P$U@<*(ZRkF#;$6i3^Z!;2?_~;>I~F?;szz_`8%y~3C&rHp#DpAc5DTZz
z83)sy=Rh_kmEwtpQkM*VIjjz2_K;^2rU*dM|AGD^`sgPARSTZQ-<jZ>TlZgr*vFur
z=!LF{Ng#|<02--`y*)eVhDysS5I8CcChD*3k1hvA1$xioY-=W+FJ!L46zbo`fq5K+
zTr6liqz)|Y>-X!5`B<2955Mm6+$Y_%v>31UgIk9sT4y1@Mnw*$rM&NM1(7%?;#qT5
z>Ru`-u|xca=}8$M{QQcH4$YuegF45f<npabvg;bd)j_r~_RH{xY(|<PJzMt;vwP;J
zYwihVPZ2$61tSa>r*0xd6%X#dXx19P7i#%AEvH)IIdY5C^X%>IQ%8tZoyXxrlz+Kf
zg=d3_rC+8_V|W9K!3CJPv|zA|5VI#(*Y<#Fgn`$^2bIkIRe7+|)cMgCB?Ch^7^W4u
zpK1{vxPm7$WG>(UoK*3q?pIe_3BpvsY1$5A)BI?qEj2<OE*~zB&_fl_@BP)+S=>nz
zxj5~;?gr1|C&ft^V$@(gL;>am;H|+1&C=E|a#>qj9P7HW2#H8qMSxGHUH3rk{km}U
zti7{064eRaRp9)1({R=@*g(A3g#8@|vJhg#?~1<=A0suDV#12x<oJBb?pVOy(czit
z-XovxCSXzF;Soy$b_70k&$IV2P()vf?T+OZz#;F<Y>#{j^EoFY)`D=U-ed#?Ys-^;
zzKJ7>6HN1=d|0L2dRolE;fq)5&tPl0SB<MSxWokF@P1&B;$zU97=-mkqxyiA4df};
zd|kA7-OQkYZ2KG+Ct)we4pTa^zLxnxodBsIkCwvE)X5%*s85MPI?Ud8ZW;}?Vy&#M
z&h|C=@}K?He?&(U9vA+?%<M5yUNqQ{jE#>M@K#<iW1;xo2&Rc;Gk#6a>k`pd$lAEv
zb$uc(6!pgLy|u1kd&Jj^-35u^0*wHQI|s+(pvI(vWhE?PnuPHnL`1KLPnf1)N;{~W
z6r48*u>=nK0u4v%Hv#Ho`ACH`I}6w=RQJC<j;F&Gg3QX)MZLz{w(7zV1wKFy6xd{B
zl!JgKAO?CN{1c$%V6(V)|JDm#u;4&g?1Lo_yE-!@!tjfHe0`yce#FP85&a^2@TqYR
z$rQNfgH#3Q!5SLBY02m-Y3XJY_K5ZAa~4W~kzh0RO-^nS2Sy#@8j#kJVSzbcON;1_
zVH<6?LuJTtO{~o3@)w=@CnvkZGXfCfqn3M<Xu8Y{&kk0BR}cx+IC06S6kKBJNyBeM
zE}7VU-oL>wAPu|V6A^eV{oe-JuHOq?a@|tFre%+)cv1KOdhA4ynm2ClVuQ^B+@y$B
zN<aW4F@d2$l;Fq^7<h+7M1)DllK|AoAH+oqA>D*K31MBooTP(70c;4+)xq@u&$BpD
zRRW63@aSkxp9-2sw?=jfdl}f`;5;>2U}iN;i@{FNxm+7r7<C6=5%RL|aQPK`UR=CL
z);OsTr%8A6R3z=~@gXAvsebt9&+n&nDX6Ft!HeC+|L^=R^jDitHZ0UN)K5Ax!f?sR
zLgDKyEM&Pu9UG%|E8FYh)OXxBciZ|+fX^fbTiyW1NIs1D0z~?o!-cF03W{;h3?D=6
z0DV+Pe{4p2I-+lyJ@~dv9X4>2E-R?KCBV+>;lqapp~T`2(ipI&bXB0Yhg>1GE-%DZ
zZ61-yy?v_!tpZ4C7Trx5BoJ~dnh<WI$8=mH6`zy~i~(1HoiQ*x+=CbhBP{$g&}3RA
z_seax2YtiCt?)@>!FgUgEFd;km5PcA_7g2Fr+-$f7-&5`6%;)}J3+GmRo?%h=_>=O
z`o5-BP)Y%5X#@lWK}x!%TLl5>?(P&&k-T&Wh>|KD(%p@SbT^1}_q*=z|GZxjx#yg_
z&)#dz%$lJeGo%p^NCxN*9_|GSo-PYfs9=V+rmC2NHA`?X1|Ws@lj)Kl(`7(@U|Jds
zJtL*(2~BegEj&yl^M#v6ZHMUWOBHo<!vXl#@wp2$WC6FaiY7OWO^u7j8c+rK`9FaZ
z(}AZD)X?rilm*&V;$RyCM=$uY$MtY?vuKt;bJKxToj$3UYA&)OL5%if%Eq8$VbQYF
z`2YH)!a_p>Z|i*`qDKiP?(V!yOy8lvg?AjLyF09(;ggbz!-ORu&pDv{gh@!-L$t(F
ztrmFP$WgM&N?w@O2CVlHb`bvHz$ht^l<_Nq`T2RUT(V#8CM<!dTKS4u?8esM`iy>f
z6(DR>0Ze`#l_r5J(q4{&0XPCVHgbsJ%6wGTZx2f<D=XVsUe<%0I>J;XY2Pb?ZdUEa
zFQc5S%vga<qOjoL)?mTGGXgG-{>hWnqjFcGDNp9b4l~&LVfTZv^QTTD)@7vkzJ4{>
za|pfdv<lNNa+Sl~U@CuC)ZCl|0|Ntkw7I|I@LbIBVG9Hx9}-WIPuQG`6ch<?Z}7t3
zCnEzoulFN95m;&zk6Y6{VgMnNvbJ`L^2$eaLqkIn9$WGieNJLFU3it=!z*-}N=iV`
z3MdKeAMoNO+{Rilx>p*V82cQW(PiQu9~548cH~Da;=^$o%6RR2l}IvM13OGmW~T9{
z<WHTcPyOL6{XN9V$i_@NhNoa?7(GSQw3-s6*#hQ^kO&kV8~Yr-B-7F)-fL<_SVqv2
z!Cy4(`}BTtvwhid7eo#8P=4&}*n^+g+Quei3=l{2*^<Lo(yLc=1L`7Zdh=~;;D`wa
z>lzqKL{?emTu^LF8$VxK-G~84sNl3!Jqd}xv5}ESo`RIB1d@Xrhar!>T_ddlvy-ft
zd{RBVb^lnHRcPH0Sn{C;P0uu*TQ;;hi0qimQjYNdSoV{DU%apH=pqiS%e*NO(pNF{
zfvgGgFnYD{>sKW2)2Gx&$H$@YCL4Nr)r|f5L#JEiD4Ca+M<6dR-v)@sF1QyNzI-{v
zEhzGYq9fp78l$$JQivY>*SpPlegq!Wy<P#j>9f$S{qVT0jJ4Z)wUmfPFQcr(lZJD-
z2e!}a2iKVWYNWpksMimg>-AV!SG6x(&L3?qKprf2z>4`Za>c?yXR>g=xl6LIenOu9
z>seezKm8GJ5=3lIXJiDf86OCTw1+QIZ5&I->FCdF#Pw--+kT^%ZWS=i^K_ssnUT37
zvoPx}<2kE`DsKTQ*4F$t<sS!x&ht(n0a81mV|ASwc&3IgxRuqjQXb^!+I7dpYfSx{
zSiN4H2f}uYhZurEgav;y|D0Y+3L!zAg=<OFdZ)I=tb&^Z1;@77f{2sQ8_PUWx+NQW
z7>qj1155D*C=If{mLDI|_M61_@5RAAqB!yg*B@wi0X(C0Fz|uNL&lLQ4b7K_ex|!5
z+BkBJY2bByL0pe-+}Y!GrXl9SIPbV}N&~WMzCJmftg`M}+RX(?T&~fv`;jOm7KF}m
z)l4=8u@+^eS#hVg4KlT(6=Pj=Jy<y#do@d!>IPnj@|gHw#wuF8l$A2kL>cWA(mK7f
zaxb$mR!6fw+UM3r%?r~k8>ziJH~T)mb<a3d?N|`76u9rr{vdYwN2XWZ5#2sMDr%p(
z3B!{>qCzGw6Q5VzYxj7agm#ijQc=rsFpT0Z%^evhi=wZ;ZOWu?96k(tF<UtMxgcLY
zI?vy=KFTvUGlzvItFHa;B;u$Zg9Rs5sRNALsvJ)_dg>489UUFLm*Ia!G%xNSkiA;H
z2*rGFB+SLtibiEEipw<x&^G|2khUh}?VY7h>(9orp2fx;0DvS|!X$!e)JM4jYlRof
z@uUOhsdt0R_fV+0v2S|&t6q4Zki`)25fr$jXW?YD%Ku%HDQg^U%*0U#(rI-dZB<_H
zEZQ1BYwNcIC*<saRg|(4?O^;8mh*wwwC;a84<4-L8XfVu8$b3m^@CI}z|=0oU3dF9
zC%7@fNMBlMT<rCVDu1=nIzgiJy8E3ywd~sk4?1!Fi88OFx;mmPljbk7?W(Q3{QF3U
zd0FLedaa21%%JttPgDNYdWZ_P&7WM-J)9G7CFe>-Kl4PJa!t=qaKxl*F{61&mG)?y
z-O0uvKSBSalf=4HMVIC%y5d<Krf%EqWu${pH}!We=s5mlroFj(dqK(=XGtWwf6eAZ
zs$1xn@F;Ulqa#WFKWQt8?%Gi+oZlO&xTvVt<@chBHy<x-%%Wj`45y#fFcFH^Hu@P{
zd{9T3Kj<Ekj?Ddq4V88agY+J1EwgmY`Zfl));Tf33wqc~^R!PN4du*=gPIL23E#4L
zW&ll-Y6@KR^@!!qy-<w_2Kwnzt$fJj%@{P-fP}WnizwwdY^yJ&EQ4x$k>q;o71Zc^
zPF?H?#)Iq5v{%Px$9CaI3Zx2==Cb!B<uaUm={?wVYk8X=MPq{su*0+ziTCO1&V1y;
z+Z27!amM={DbWf+AfUUyI;u#xkLnLymafOL9T(RhTJ&2Gf{q8)sYd(}b56Z_ew#n<
zqvSSnd*~nZ&ztvO<@gtyM?4dKsx?6tWl`1?x-nQwxv9)~d1!oI<{+da!d!1OezyHJ
z=an8xp$Nt_qS`M*&^Eg_u6+N_*j{Pb>MRQFzps_YvWG8z?}R+0EZkNuN!!!azr3s9
zCBzpOHBH#t5$_jv+)7+Wjxrg;b(4hm?S<suW50h%PO1cAxVX<%Sw|Z08xf{GdJeP`
z`n`K`3Hr`1t{{IA4igjG^9akG^*}@Qzo_*-v+)6F4QU(I6o>|GFF&NQf=x#vlA^m$
zsRZa5AT$a|{BZ#6gWw}<*b-znv;-#^edRxYs=jiL*7Xy8Uurh+6yBk*H>QzMNnP3D
zWb1#o9zxzJ_$w4aN7tOE?#xdC<usL9f67XCoK}hw8Z=V}M+b(0_d-#$(z?6o?B+H!
zG%4@=iU7XxLOH&m|E~qmXvxphaH#NpE)m()3WXE&o+*MJ(eO$J^qC?J8lY$T_O0^y
zYqJFJh-EM=1&IZEKqIhwsxKTdtt#Wzhq7P3dEEm_zMZ4VT%fCwyflEWr=~LlsTnmn
zWVzfa0MBWchAID7LQj#i5Mc$Ppp0$0Lf1zoa`G0Q6PPdUcna<%)dIi={WYur?4a$B
zG)(A8KISsQGccs`WuFRzE>#liDew!8jW?i?NmW96IN4UvhAfylaw+LInB@uoG9R!j
zYark)^~vz)h<;Lp?<u4;8uNzF>QeLgQaJdsz1dvJ{)>-o`xXzaG<Ach_lwU|Y7wIw
z8;lf%$v@lBg)ytI(JymFr-ci2<tEQkEPh!Q^xq9lxAXAPU$Pgw>Oe!hejey2uIMnk
zL3sb&M$f6k#Bg~1e!V$~m5N*0Do7~p%Us8q68z*>^>pt!u%TbsAA~sbh`$aW5q=id
zPVMOE<gpk&`n|A_mW?gVZ8Xnxj62NdmlE(=H!jP4SNc=s!E$P2G#^=iKzJQs`w}2A
zB@-EI3`;5npbYtC0-Wctb-}k)yWc}Dpe|!<j2aiG1_T59jNe^xMMZ8fuMxDrMuE0G
zydQg(x~Xb^^+Cy`g{AF6zrZ#aJA9%LaE*+OZLRg#=Tp;uH@cVw%3LcAlBT960!pE7
zsJeSk_g8~M5sN3gM#ihgoV@0%Q>RW-KMijKbRWg-E9mES3VA8nDh}&-6ciLBfdNR$
zZ!ldFX(NPz&rtF=KTdF`5e1#pKYqm&(xxO{zT`wHzX=Ivn)Mf~asvq*UPsorsF+v?
zLoO0?TZ{RlNxPi7j8rUQId+mT5aJix&)fW)sS8D_IR+JnJ-;CZooRRZQzJfaQG$Sf
z(7cQ{D5#5^Cjx>pxk&GUYn^f5-(jw2T;PW)2bvl1He6n43q>||Rr@Qdo>zi^up;e1
z0naVk>*L{bSl|UX697SjpC5`LR31n`Sm*BsNm>E$03sa5<X)(%`ct1gB=*zF&4|sN
zoS2v>(#oej@<YSEgB~CXs-6F|P4?j}f<&ldjWAX>FU~YL$WD9oE}~7oT7;K(jqK#8
z=h6D~#Kf(Whkb}gIgag$8H3Qpe3-WFFf8uOU4Z&p6dI^!$%XPpW#>HApTyQhK}A$u
zUA?xkK}$!sMA~uWSzFj)S2j$D*Dy1q3t$kS>GcLRdWh{qV=^nN*1o%s!`pHS3W&m`
zBve!)wIe{i5&Id;JhjQg!|%b{H1y}sbLeWJ26aq*KuQYTPyjR@*Hx1|woYQW_Fj?`
zccw^ONS#03@IpkJm3dKRZEIMxss5h%s3sjFmZaC}b`b9~Ca;zdLlQdUc6XGdS{s3o
z!d)_|<-+tKJ=c!q;`_Em+P+B`%w_fcFX@VPX<)lBv1${47{A{1x|=)i^uM_mLHL2{
zjh3WUibE?0_E}zu<_#%$v(=vs$Zex=Gt}#;%-Jgc9{)V3S)<s)HT@kvfjwNm&(Lx2
ziB*CgQToS@4apoHLu`(@BT&8sqI0b6dJ3IfxEcJ(!g(xA8B6;Tdh3gSW+KwG<`5n#
zq%%G3E>w@RIpwim>AwDu)2yHFKSAQJbr;lRA8AJomL_*W-F7pxmnu&aph1WI6NoVT
z+&FkH>UovPkoZVSM%sBa&@W$`qmU#AkMgKV>_d<bC*jNNr6Fi&z_JF2Na&KmIHB<$
zpA#$$koLcLttYMREf}-EN0PuD0dx^KJNk6+A54BkC{v60VIqxR0Y(1v=M{+f;0w+G
ze!yV$>HVnt$Q-Y?T`~Ir0w8hbqa#<?)}d1YKg~AdXF#RMj=#qOkX|2?<J6@h5}F#|
z48Ye|`+Gj%7Z!jxAO(2*0s<J=*rp4a!Qf^doe~>1ZF?<{P=@RXE{w$g=1EFQ5B>h#
zoHUdJPGKFD-c=u903ImhO84TFg_ms~Z-Fi8;KYO+w49{jZzrinGrv~_AJ2Lvpi#Qt
z$XA!v^Ao`lx<E$=pD}_+2SSJu(Bo2zgG)N#>(n9dg5E&hyxG_~U8i66ZchFiaGit=
z3?;1owdT00PTd&=_!7RgGBZQDjs<hxKchUIJ?wGoxBQp|y1>l0_Ik#v#QJwBB&<1{
zI)*FgB`Gu2WDY=NF0cE}96Ckvr{v;EH0dRr6jd_Cg24mq%&(alDOn;OdvpS>|85lA
zIjes3E!Obu(&JPs8@jA2@6$c*3wmErx=u_~-w$N<uMW!!dSy$crXEe{;_{Q1Tq1-2
z(`YVj#xzwpTO*`2NVvEheslzNDLDUu$rw^jIX$g&aB%Qza1fh%5;!9jJv}&dsy}RN
zxTxTwjt_2>dz~E4xPChGIi+7!-x0_Pm}QUand5h*Y?4+D>UfMFzM!@6RduPM-S?qU
zH}&H^s|&8=Go6d``iT3rbZA!@?y>`uceG<G1b(3h*i}{Q75ZHk#feaD8o#Ux-+zLA
z=R=*hofDQ_+(Aiw8G?a_Yq#mW@QoRv(T-!DpGEmo?Kl-&PDQ4TY@rBsm(i!!9y>o$
zD6a<(wo^7ul!tHN#qNcqyAM-dX<lv;qT~t9ilkG5g!A)b?-Q9-ZCia^Hr>GrGmkI1
zN#RzrE2|=x7=?wp@-}bS0HNVJIpSy3d;HiIJ9-)_L&)IFF4|#~kZ^^ii(~+!R8^s+
zeVe#uPV__zq!h`FpoRTW65Si7pp?ef0{*8+GGG7KBCu1FXi!#g*qr~u1ydw=X<q2P
zMt~h9Ev*DLE83jn>BA4Et4rWP+Y^?=+11r=u#%Vb>a`jenTkPQz{r@`Gig_tzP2O_
zO}a*{I|dNvV3<sf&0t&6p*-+jJr^_sV8(qRkMA=8%sUi6Q*PIn@II=*>%H^Q9u)m7
zK|^Wnn@9F1I|iVV^Ec{jnwz5*6BB#)Uh~0$8wsd?dEMub1|mT%T>$ZnLG&RUbq@O1
zH&+JIw)HI67q?w&hKWOwuab9nCn-+^<n%$ps*H@xTz4EZfThUG1W{`-dohSt9cF!w
zIrU2&sx#lEq-dvLGw2o)*XaTgoekO9qQVlIIirgtj$ei?KYk3OqhXICWZrtj!;_HJ
z6OR;Yp;37^=3^0ei<JvMk(tHJR}bwnHng{o<Zrw3fK47mBv2bW0?p96QxpmZEXacu
zGBPp(!Q2!|DzHv&YRXkA9GZU)qE7I7=4+P+i3(JnP;$Xh3AH}ZBm5JS>)YE26l~#A
zfnCPwIXTkt61b=bo~gZ)kkkvKHeO!mAH8*SQek-HhW=BMUuS8DM@L`@i_DpomF)t8
z4D<{Z*47|o@_LR|S5O`gPehwF;lfAl$OcAG&F!q<51yth0Imj;R?=g|85t7s1CW93
z$!O-6o144-Z%uRuNBqy|Fw>ej$(~&<%qS)-=N0BIvJHqxLqP<>^&q2<5V8*2+D&-S
z`lox#90<_30xD^u1B?kEyif|<v3`as2Ij8u@GqLKX+F9CDJ2GBL6A^VW>-}um6tyQ
zWdz(dGM5H4adXc6g%0jyq<^6b>sWLE(bV_c{H&@f+44!y5C#SYY8QNOT0a;j9^A<K
zne`r+sh)n1NOts_P!(j<)bzNqF@6LoDXhCTeXa#pFQlO~2o1ICy^|WQ4(UPLht82y
zx!=#$GpXX~=~=mu^Q2Aq2Yf_UmZa-jN!8fbgP6Ba*HJI7QtgP;ao5VdDu4aeAEWK&
z?D#3vqHXQAaCDCEnvhU_lSlEAmE4w1sUo3Ui6J%6mJjF3WEwjm!QX&QEmi4^yxt$N
z_YAF0f^z)6Yjs`hPd@X%Ze9IFEz4OwTiNAiB>C+OuQiiVDpn_+;6BR<`mK&;^Q<E8
z%|}&<ifKiUnwLj`-e*-zHix^T=(kuAAN$sK1?nF9VC!A)*E#tJ>W#ghUZ!AoqA>ik
zb0i^K>+U9qv+{m^ukl2NHkVRq;gk^L!rhl{fXH=lYFoUJ@I>$SeZh){pSOEM=K7*3
z8+LuJEl|<9En#Sa(ax!}^uja$?a1~$&szK9X<40tBEKCm(cJrM<jzjzZ3!LU@Ryd4
zbzFIl47Sn9zMm|ebee2N8x^qMG5C#LYSp9Vx+Ns{JJaK04Q;k<$=qnMeN)?F!%*9m
zm5AbQP2C=PkF=N$)Yzy^#OOBe?uq^V*ejr{1ppq<?|(;P0D2>lYydyMGcj>haK%I=
z$zH`W)z^8`(DWv~6a`rCepHmk<#|*7{5-(VAa(Sg76#$`!)M9iYu^|_#j=!OqY@bm
zNF$t>NY_C9Mk#qG&Mu~|){ZtH^rW0#ax#7Y4i4pp#TuYIn(OIlP%t-V1hf!Jj9ybt
zumy#48lRk8!QCAd)Qpaw0KWx!2pr?ECq^d=_%kQ4aYBD{vO5kC=|kF#r^$WqKD@sV
z1Tsi{%ps!zdWI<sd>MIpiA5YdFs2a%H7pEDWHb~4IE=cmumG-x$b0_#i4;8ZB-BUT
z0h<QQ7KrR-T5reOQqpSwfgw~>(J}YQ$$Q5+&A_A=jHA&8nW2*D1Qs3xlVfmn6fON@
zm+?cORX%+16tqS79gYxy{<I1-#A835&|tvp;OGd307KMsv+BQohIaPX$VABGVpM`<
z!e<c#qxdUmG@m>HSxQV~<j!|CtL?Ql{n`3DXiAGM_N7303*!V!5KoG9j;&98G_3=V
z&2jCQ!6#BOMpjl30t-!5+ta|K2lc3`hK3CI6D2)ZJQ?EjGgcD289=?007(h_k3JCV
zo?t<e0oiK*XA`LZQv}>17SdzF2Kqr%8-9I(m>rs#5d+~XkYJ6gq7=OLZ~Oa|%IzlQ
zU=xKhjo0gl1^fh|NZ$V)%I3H=r5Qmk9H3js0AT{)FuvRL;U2i$M8+gbNcf;M5n*ZN
z$2VLodqD6>v)|>aA2`_dLU{r)E%%(u+=^^3`8hZ{!0EPY_UecOx-g{KzDbWMP~O0o
z?nNoWkB|*XAXx9Dq}*-f^t+(7v9UplLnDq{_xASS))!JMX1~HQDo@M?pl}aZ#V?Pc
zK+j$aC=5gehXGIkfVjtX-7yqJ)RGL!z>~DYZ+TcP%Yompw9O`=Fa*v(OaK@{I)HL5
zq|X#uO~gz391vdOfC!sLNGK3=h7JF!1keAK!X?@tbQ*w*eg}x4^YkhrKoR@m<;#{M
zn@NC*KmdpcM8k$rVW0$SkNz@)3@CocOo`K^`xR0$!|dmEJ2^is&aQxthau=F0$Uvz
z*R29pxJK~KyyMNey)jZ?a=fMU>XrIaTWumZh5nt`3v^&2zK(7H_B~H5a{U10TaeuI
z4n~UDFXP{QJH}Cf2$#W;tx_>iFhMhj45I)s764iRmGAARU51(HX|?YfbpR2>&k#YC
z^P@T>I~(+&Grf`1N|1%HF<Qs~Zvn8SGajopFp?y1Wra09&Ii)>@J-M{!ddxmcX3&a
zz@mI?YtM0KkJ{-)uZE%)SAeKTP2lX-_Lrg&C6DA74+~S)asiLs=RA|l)@3-AiAmNg
zv#w>kM@f{;eOgCqID6`{I3_kqx=;QZIHp8Z;tJUo4vhOPzQP$GbX6T*H}<g*A)W{t
z)8uRXTk6B|fH+`!dHJ>1B%k|u{}Cox06P9+z{xCCc~L<bP9d?g*2z$mQiN{t%iq>!
zzMnKHQ}9sT^S=e<6WdtV7#nE?U}WgFbiWjGzU%J3s=!7pkTMl-@wLb`@|yQoQ<5p#
z2HOEAchmFSzP>bsYcYfsrVaJrRQ%)+neM$NaDDmvA9dRgvlrI5y4Q1U?Ipg|LAAWv
zx?%h`1C{1lLT+Z$qZ&Ljm%-*#ndS~tTAWPwEi#QH$o+iD9k|q%ocKvUy61~mXUiui
zA7^Y&_j3g{xNjmvsfvafLvtoA&qU{dTSak=<y)ONlmh`l1x2pn2Gh4@ST(#VoHE~3
zTfWG*emSg@@GB_|ho{;cAcc5axUjMlb#wlCA#r$DSY3MTYaVL`UIs*=@43a}2%A-g
z>s1uT>?cb#vzJ62$2Ri=0}ZVd$0F@{1e_>Jg@PsN3yTtb%_#{94ANu?Qd!x`4U$S5
zhY%wz_i)fp@GWBqatH#o4mjXbekLXi)mqO?QPn}&ACH+&SE(*UDOv7I-p?KWd!884
z#QEq^Jk(xY4Ni`Z1)s?nLqIrqqqC<wi~j7b;MtF*uYxoG&8LjQGy+E-Nc9_uU3})7
zb1j~$f`PIHt?wHaB9MsOz@^+u_D8@3HozGPCh@`n>5S2zKeOuPvJoTo=qJXJrZ_h#
z{T47h=1TRqv?0tsgfRpzaDNU3=hxUDBvA!5so>5piAo(?@eAzvO}8okHpBTYyK8)C
zW7<NAGlnd7JtaW`88U9Y0<*p#Sf+ja7*i}V;)tO5gY>VdKktSuFBO~*&d^ZdgB<FQ
zPDW1(ug{dbd%BUrYk&#akXx^pvPc`a8i)~e^`tc;ReDI#0bmQTv(Il49>c|S>Rs&#
zA_Vsc7x3}E)j7WZ*eUb;en~r`V{!M1g&qWF&w}+o7`qyS&eQv3-qp6o=6*W*tj}L2
z;P%GqAH0mR^WIOsaj}cz2lmmoKog^$YXHLqz)bJ`>_|iE-y!09geqZ$1pJ0y!jEr$
z8MI_#W6t<d5|ESTNt&-7#OS#k^Cl0JDi=o;<3Ft!V7ogjZ{iC&T`u%}-)Figa<zEe
zE$7b|0s>e6+S)F`bCChZzpvPlS#qqSPjLiyZa_2OeeI>Zze9^C@)$C$KU|7I$`C=R
z+{HYdX?IYND$v#2xfCRFasLL47W|%?>SgmimA~P8&_Y#Yyp9LZ0CYNnr%N&ariuge
z-&E`z+Ia^8PIcPG=64&2)tJtKv}V8S<1|JlKI9`EH1}qh28}rpi(Y@LY|P21-{mY)
zDl=$~j$OWUFr-`xflxpcHxKw;IgR9LDuPS}be5|-Pp^++(suTG{7m4WeEv=vm)v?K
zn4umi^FSuRi=6Eus`h*IR+`YL=!AvEu$|qnE<9LuSyo3IPTd+Sy2T1dV|M%OijOXj
z`J8vCov>DrBEY685AQ=O#C|uk-y%SVy-bXA^U{=GkGcsVtVj}MV>cl>@<CG4l;8Cw
za^?p|c&rlv8d5H;<%e2&H`?I5*{VOMgrfGeOW9Wr8VRlZJ2gI$@FbARO-#&{y~}Ms
zM4p2t82|3f1>&%K>={>KTXKD3UsMiG?{s>v!!l58fBfz#rQT#?5aF|}UhH|a+xN-8
z|J*-H5~l2`;8@$+Yb~?iN+RiQ*tTOB|FN17YNV<8yCs>v?qa|ZpOS5jYwo~Z_UGTz
zmQ;reV`*k3o?2HwJdv4^=Jz8sN?doN@NMP<N*{h-cic;^+w``meGdh)n=<-xlsEJ2
z^jPb~fj(ujp-I~t7l5h~Qw@)(=pXH5Sz}e0y*U}hnH+N*Y=6Di^2>bgx`rDwP^smZ
zho|)Ng@{)!+UZP+jOnA~an->AtF~!xdXZi`li9yF6Qt>W=Pe49Hh%}u?>h6THl^z4
zuA`8LS^4$L|DsHvbg9n@{P|KxI@$AukmShy{#&J*<OTv)_NAk}(6+&w&yEMro2FzG
z&dlr2d{LG+u@yY;nFfBiM|}3n>h_HH(_or}gu?pS#?&gBTKC%IS=LYkaRuDD<Yf_c
z9vRh))Y&KDG;NlV$KAOn&O3uW6Lq>_L|85iN|E>Px8c-Z;=Y+Z;Z&0_@ZOl5eKe&u
zkak`D;k<s=C%XMw@2Fouu;8!4NrP9;z_%XDc$PQu#^ccf?SwD?z5Py;h${0|^j0v_
zIBK-bxc98>v*ePR@#$DL)RK2Z3K-AE+DY!V-=3^ocvvM{@<bCn2`bh(E4=-}whqk&
zOBA2d`0smB3ROGx@NM%|)UQ6t32-}3q3+uh9eQWgB26Q#D?P;Jq~yS9`^fh34O&&%
z3*q*old5+7#jd-rbD&S&sy??Z-8vzOc4wBTB@cEXwN>2ZXdN}HG^dZDA1^<t>R()z
zDMvVXFW4DTE&6dJ;h!&R%Sxi&@)xx?xEm}m?2@9ClO!V-Z{qY;eTXYBkmwDqs+yLi
z7K=zo-v>Hbm}~m-<1rMKpfdtdXbE{T#}F_JjF|tMb@}J&W!+d^6q%Q2eG#ZR7k&mT
zkCpdbtFA;mCmnV5XHW9;Q}|s%R@1IgW-qrgGIPw3xo<t2>0hW#hx>bbn+=PL;N8~s
zJf+W5$7;(636^@O?K<uaVSDWm9M;DjO7!)4#+bGGttS26Y9UXq8(CRK4*WV04g$gB
zSa<IY{B}uI%?MFU+TU~B^{j)*wdQ$r-NI3F=K*kM2P2rXYJPywAFvyuM#-?G^x9T9
z&50r>g3`s9D+aG+o*Fcx-gxoSsH++LZ4?3nAnDCmtZ7bPw%4Q{M9s58yQo1p6xl^Z
zxHWxZbmRuFcFmn`Fo1hJaBrYj=o}b8`;wQ}YaKeTwsw48W!(Ot#eZNmqqcVHLPtY`
z0P9|n22yo#<3Z8`^Xd=jjHtJ6rVla#0U&tVaNV<OB>mvc3t)|;N4Z(z6RkY^zYu?=
zN&fMplL!ma{sIpPILgZiZd6Q4Fp>b?5F`O+G|IEr!f2M3Bzz^fevJc(O&j#w+<gZp
z`{x(zIC%Z7fyYNj9KJ<%;dY5|R>Y?YxT*+NCzh3Q1vF6ul9cU`QB?F%hO0Rn!UT3F
ztc*=fk-Y*hdHcFEOieteUMZo%dOaLP-}0E;$ta!<WBeih-8*P4MCsW%;?%fb^7F%A
z>-oeroYyq88C1OFaAlE?7i`=pZ0HA_?=?E=g<1A;c#WAc#!$Xc`rkiplI{lAH!4_d
zOsO+DAGNd(Q620}%?OuF6G>%j?n)cUt)naFrI8Z_2Yay7vx^K{#+ywIKhw<Sr8WJj
z?4(s`T_)h_<CS;!9XG!>CZ}}U2w~;~V|UTu%1cI>pD$AGdkG)j;f~+hSPf-MX*H^d
zG^DzF97*@LrupJ{g%!Iz=zF)*mvw$s#T>e!h-uPEJLeDKi-9Bm<S~u-B3Yj};=ghZ
z=zdUPkI-p;_U--Q`&YFFHZpH+SQ90onVIamB_O_V3<RgI7l-}(oz%P4Q9~QnRfezX
zvVz#%`I8VL<D@k<hKq$@7dE5)p`=!TKdPT4Y4OaP=3Xd)m-^l3T-n6!XCo#tOmY=N
zfAHx?jlLSbLy_d1nlo7KqUOL`=8K@=(9`%K)O1=|<k9a!K^R<Ygz4e5{P@n&-TK3D
zfiAMB7K&q51MAN*qw4h%zPsiuXZp48NJLL%5?QbG``akCkJx%jlIGeph#L^a(_;*~
z17jUUBxWWi_mbbWQYXQF@W>W{Ad}a2E3o<SFW8Z8l0jIBb(c5ea(5%T%bc7|oEdh4
zxrHd+qED69wLy4j$w6d|Y6NXl#3Ut82r!d2Xrs_W(i2B?B=~9*Hv`7J7Qra=Hw<Aw
zjN$s<e@orWg_#iJ%jUEG>}u7|w}}=ZEC&>vzy7aR?kN5@V3XLKoI$G7mR6PkB@ciI
zp!m3jLk|lZ8;JV7tEPr=Cot1puu|Jry+G@BW3tr@osiHyP)!f4axb$-(go|(xDC$C
z^aB;l=a3!@0|{V21@3ZTPo6ASt$s#91_GK_w+Fn(val9x0^=#1x9N|O`tFkvwrF5}
z0UNd|^)ouvPd5#NpwzqWbqdMCsoYj0V7>}+Mm9jNS7P06JYjf){$8TD<{w9OO%3{o
z0BQpzAGEo{QyF>XoSK|u2+;|^X4ZY<pPkyJ2cwFhhBaE>AIPvE1vwA_5n=J+Wxn&V
z^U&0v=Wo2o-b=#vdNUvpLk}KaluT=i<G||v;BUuh72a0Rq*w?#1jx{Z6-dzG$?Fqg
z-ch|%NF$+SVqY!%ak&NKcHl}0w!*iR#*<ybivu%}MYHQ&Ds9IudPdc@-p~w2)rV0}
zag&F?<m7ZzR^K2Is!oJydEh#N-SpoAu&0#D-{&%_H}L&s&icki$L6m68lboT#>99D
z4A0At!Fyq$bDmb)p^Y#z(;W)omU;VMqq76Kh4q+?8@cML?De;tQ|)=Jk3t;~lC;HF
z;ZhF)%YWFz;V-KH^y?O#ZRPwO->d!W1*)svbJ5-xSAkR)Z$+tLwh#?wK(i|<M$5AQ
z@}p+3FTWafAy-eb>UmjdA&yx%qt+V}Djl6*YP8yQL+_gcZI4Y>J#&~^Jo;n)``jZ8
z29h0A!A!+X=DpMB3WzoWmFv0cx9RM-5tFY6tE|hCXKlCdP{dRGgSa`B_{}eDnfJrm
zKhwumxz?*BHSY;X?+!^;DRjDg!G4_0og=|(jmPskd+-;26V;%-7JWI_oo{>;=_}5W
zLisfHg7kp|HLYy3h-J2u!*bh4s{$lE&0;pvi6d9&g?|p5@&t|qi)0f^+BcNHelsoa
zh@`<C#$e`8^?mQ9Ytdv9lc+oXPE70nYXR2M8NT3=PaRt&81J+mQ3ech8ni3rwtnJg
zLz@u)<MM%Tgu-+}h5^MO{M!#s_R+4M;Y-vEQnHBiwR?=cEUtsgqwcQCR3X_;KSbp8
zR2In+OxYi|w4*R<^-bNVE=UvMuA2+swd<`auox3$N&(A`oDL-)I)uJi;((5t>>Dq(
zf&=Tnme}I0q0y?M%61=b$4D>SlVa-x7qt{Wj#lQmmM2)q!+s|x+FGC6f$z$#_UE()
z)wPH(UlMWr*UsD@mRGL{ZmX%m=r_lcv|tn8*rUVa<BT7qhb}Hi*#$ig3k^Me98x#|
zVW_&k>n0(gp|FmYAjc~<E)Kj-WM95y;hW(eWm!0G@Qaq=Re)KZ<;C`>)Hp?$f5`}y
z=JdUA7ypXOpv1*))PC2rKSlNs!ivwQN?EkZKEB5ik$!CkV1EMB%N%TvpmT3wF12O%
z76;eOi8d4*VHqjUJ0Pg0V=zMncd{na(!CA6OJw3j{n@aWJuf*@HOe!ZXV6Dx_tdOk
z+tbUlXwusIYM-an=lofU5^<EwJD9P%b9OE}(D@}Z^Bt%(E`+I|0i$ITN$c?4CzF$F
z|FQuh6MR7RB-PX~r6O844nbqj0ps>veO*W=7N8b^R4E#_{xdQHVZ>Y@Iq29ZEKDyi
zh=&~skRL@Xck9RXa%X4f?iUq^sL%2Jps9obfxF6rSG<Z0pWJu+(Ey5p#>yWYFTodZ
zZF7^J<n9YKHA!{XXUc-Ryn2<VSg3(w>V>|k#YP=3R8+v=i}mu-CpJDF$Rlx03nrNL
z{xeEt@;g)Z;P4m*s@lJ)W~{AmNktnD9saDSppoa;U(xw6ySkdtaB=(c5(W8S09>Ne
z7dN5zZ9vS-2tQK(+`BfI;c<oI_i?$SYd~5}t)x_11&|_qWkDsF&3)~+WeIn43f;*7
ze7#*V${EK0G=T4f#bLaTC4brs9=JYd&hS7zR>sZjc`1N1<#3sJ#V=6PInZNtn%nb0
zpgi`Ct)>Ds2~4j^A&1V4j8Gt+=%Wdkn77BrM?-Qq#DBJAcD>v=N8TMfJkMu&dIL^=
z?h&=M-tDhn6*(@;efBtGveoovhOc}DPMjBlmIR+;3GUDiXujEAT>k6(d3q9|_5sbz
ztTcP1qoH8C)g~s9XQJiXU9#&dU1D|3hit>$c@K&6Q81Usv8A%dc}FN7u?<U|qN7px
z-qw3=Hba7QHb*|s;F;lW%@Ko@LcS5Al4xsW9iO^5t@=BaBa|UKW1Zjc+*BZmHHk_)
zDRk(OQzmWeNs0zVsZ^DwpI~Ey%^F<`J*Q3P(4U0dy%g_XcniaUD6!%8Dk%mTT$4&Q
zddp=z-MMIW7duW>1ZERSBJC~ZF=D>u-(%iqQEq+y9NhCLCc$tyXxsHg^fL9dg@J)4
z=6j20>QuYG$v(Dukg>0NX$1-%ic$4o-?c9iYE?6Oso~b!@sjGGWZyVaASZi&?w@sD
z$#Ww+0)&p~Um0S_byv#?@po#eAz~Y@dMfmJYbm53_c~B6FM3uTyOe*bjuO%gS<L_V
zO~8>#bmd?p;Qy^%gsr#DsA8vz1IKRI>$I<2cO~2*!@RgDK4`^w|45Z8btbXb)4JW}
ztBCeptv7EDoi0<YEq{B78(gMdUnJG<j;|g{P+9-Fp0Al5CKIUhd~KE^{A)P#dgIvd
zi`|T`il6PY>7`eL&zslY(`UiiF{>=2EZ0l2b#-+*uhrB>U35md6p7LQ+n~l<PVW5T
zQiLD8RvW%3WDF@_4518{I<)7_Lkkp}Ufo{@p_8YwGGb<M@M}eR`Csrl@bvMi^97#^
zpX06RGti(MjEs!XEbA(0;;RxYEAz9CAI-;$^g2*w+b+KO*Fs6=r%jFfOF4!2E3@1y
zy(+`^S3_wRV^gc*XIJ8r9$#14b<1&v(ug0wxu|wJoVD+ui$67(7#(rdx*kMasUf5W
zw4JD=Ypz}y9#2ZMO2O5?UOeZMy>9Et{kA&8quOqK{%C98;7md-W;;3W0^xXdZ(%am
zVnWk~@<=o5bB*1H4aC@$Sr1DkZwe0$c`M%MO3oMKZYR_gzPs|;ULN=&XCl|VYOj0g
zrY3_}f*K1P7dj1IaOSFTD^~veZx^RNd6kZ{SYY=~>A}W)n3?FsfkwNdq2}(SKaK6x
zZqJ=v6OzgB!!BcabvJL#U>7>AriB*th3k&dO?zG>S<6<xbIV9hPGhezP~waxNqhIw
zzThf&JLaSW&m>&WY^hZ?Z&rh9R<EUtE5&-ZqrE3yA)>W9<_UvmTx(B)dwrOuOM4tb
zV)zxy+4yDjSV3!fyPiPTL|mR9-X!7dNb3gu(HrSeG@~?p!`42JZhT)d5xTCT8Y87-
zQ<e=+mS)X}n7%~H-iJ8TqZ(}fRn`~rADDQ2(@unC4yGdF9>g5>R>|rr)v`#DEgo|(
z$yzIWKiIuA&*Plv(Fa4}@$3_)ct$gCk*G{NymMODXNwd0sm1X)$Gy1T?)|wb@<doo
zGrEs$>ywNM>pBa4_wY^o>H?^)hT_V&c#89jv8^U#bT2orRd}6lx_R3Q>Y#kp(DL&a
zrN%`^4N!j2Qnk@xr+gt3jzCimyQeHD>~L;Rb942v5$|~PaH__LJ=NGM7T;5XIx^eZ
zD9KS>tM*SF3?|_TG@6~w_8gBUkG(J1wLRL8a9%1yNj%Im<!Cs)Dp1&x&-u$G_29tS
zwqX%_|F~+xN%%p`Ppe9+W$`mX+nz7C60CdpeC5pwWAKeXzD~ifz^O=4=$`KulAkds
z*NpyYljsv<%$*PoOG?PBoIYXG+a{8Z>3hoRMsle!nH162SUti1!W4NtJpQjATNi35
zS6*HEjsX5tBRtlo7+TOeI;o`9=6-b~U9srw`SFgA`R|<}hKsBy-gHK|aVY;|p4TF-
zNo6lSmuTgiX$FaTx9Z)E_Nl?#$P(RIpS##k!8udzEK#yk=1FRco7xY@{A+atT|0la
z&bgYYB01J4xnJAiiiHN1W*>tB|MxU;n$q~yeUGSXRQ9f?=$v?nLr&9(2Rm*x>G2R7
z^C5(cjWWJOMW%hEQ+?rrG5eVVi=LDQFT9-tON&J&u$bQO2~JQeFX{ijnl!=S?UkkY
zCa0<i>_vIz6Aj)pfePqZdewx+?Vz$5?YK?<j_i}R_#NkmflmB#j=k@7ZvApOXc~)d
zAPP(HV<e%TJ8qM57qR$?+-Rsz!Z=&;gw5%G1)IeGE*mSe_>`S)N%|xG3*+CpsX^6r
zxmbH%1zvI*0!%!L6g}86V0APYv&!%VwGLK}m9!aFjqQ0Gu2n;b<HMu>`{x_|FZv(w
zH+U%UjsAK?sHUdMJ^X6SXk&mSt&1lm@~_7K{s=Xz2H!P{eZk!<<aOYp3qNpvOY@S?
z|En?C_LlqW<1qs9;;eZmw*OUZ32o#1kG!+*t2_PgmznNbc`W>Ixe8;UFaP(+|NA?z
zdP%;f{BMW&?<*DE!Jv)(-+%k>mf@oe-Z`@V@86Kua;u3UOr`(!|6K;^F2)Al^+JUo
z`Ju(9_%h!cYT=3$#0{I`5oo`-?y0E_Xt5z5f(Vu2<DWSGlsw^BDP5ba_r@8X`Go%8
z+rtn|mwKs)oAayP4so64UR#_J*18xrYnB}&P~#ig7VZ3|mb@!s)P+JbK8BL{e}Apn
z(bvDVA@7x<v?}*6ZaN)_VJ-qSPC_U436}pZF(<*jjgK@O@9rHjG|l)R#y`92)^jXv
zV@1Yf8+UVEOBU&5ACiVcc@%&b{!kY0Q+85^O!RY?Ltm&^244IP-y@Lx3SK!fblxlO
zYLd}(5tR96qXnreXT~Eg$Vcj3i@tnui#H>&BX*A~CvGb5m7qmZ<qOUSQAtYbAt*LG
zx8r%muVg!u|7Gz{RU_VvICVMFoa?OZQkB<>#LZ7(v~?hF-@ANmYik8<_FDStyx}TF
zn(FjfkM1cg?#pg^S@HN~8lsJ(qi0T<YHG%sQt>8SirmL&A1Kklstg61(9_G9hK&5p
zvMRlQCy9HPE1$TnXAUUsS13$ktr(A$MGonpeC#I|F}Inmc47AOJ~eUj;jpUtZ}sTD
zbM&QDXwx25<?ig0Th?go6S3RdJtdx~T&a2~c;-r#JZZgToYkQlO)Ms+OoaAKn`ON1
zkwe+^x5;muy7BH0qPtEtMZHU4Ifyw5Zw4j_ry->xlvg7arxQNMyUo8>EqHy&L)!uX
z(aNcrd{vnX;R!+4djp^u1ym5ad#I-G+&POf!TRxo<LNI1oh)>Vi5;7h4T!X>6KNQY
zn%i}EU;Ano6_bnx*ZgJkz+xy>h@Sp7qQj`0K^D(n^sW9=8RuUUS920LoIff_ZWOw`
z1@XxZ5aoQg_<rNy@NjT;*3P%bTdO|-{=h{RtzrK_AiGwcd1P{GKNU_;)%LLZMV)F<
z4|UTBt*-CSpUKyyPZRv=9tVD&sV_C`yZYnl@?YADGk=sxusyH%QxZY5q}>iJmUtRg
zyWNbnzh9W&lq`mya8^v()F1c=Q$^E(N=LDxLX`S#I%8)^*w8v8zuv%W(vOs(GmNO*
zsE!!6<c>SvAI36c!D;!qti4H9kP<4E&P_AJPlH_9U$@5EMYrvDfBE&ndX$sHgbYQ-
zK}PjlLbaEg=Of8^Z;r7`=w7O;_m6JXAdo|tu4i0!dA_MN+f@lV0&XgGej@YsiB^R*
zpLgT%PY{0B5BO*uk@3H@QektG2*GZoz7HgP+qHG^Rt1`^+i4dRID!XH#J^G(KGBO{
z=^3NIhPk{qZ*3pB4BdIMzcEtR(oZp|N)X2ey#IEAR}h=;x~tY3r4pOTXWB{(qq=@V
zaCOPU?I05ux!i4V*dA?A^7K5*`Rk1Vdxai9ys9^!tA$TFGfciw+j3v0yZZ7$sPBVu
zO!1hpy(V?$?jp~myJKP6{UjzvaEGZ&!I7AcF-eM#Cz{c$h#1bDodY+X?3y>;c}Wgo
z#r-F^TE&L9!Nf0nGI`oI2MpKXSHQD5S$(V3(OB~l0cNqyx$BHpO+3#?9wcrJO-}ZJ
z*s$e|)o6*u&?AUAR?5NG83jQys?}(HA52KK0pg)xqCM&YUMWc39Ryd`Obb8ncgML2
zRy6=mjMbW8fjUZ36};aeqVex=E`)M7S^j(^BwT+9qmn@3BOQRqu{$E~mhE09lPvOR
zd+csNDz#}T_=Esnn%s+%V0?~g1xMTo3!aEOlPn&L&8?iT#9&`mCj#;e*^X_>eiwEZ
z8x2=jqq=TFpMD_w$oi@!v8&xQUs1(AU)QavrZ_C3Xg!t2R5w3D@N(YwJ3-+z8!+un
z#PdBLyUxfh4b3<_R7l}UlCD1&!ln>@4*bz;Z3p_c4C(zgw&@RGh6lcZs3<p~4>#&a
z2s2sya0p(B`lXYDXhXxKLQ~Vjl0G^VAUb_YNVxdDFqf79bFU*oPdr$v>UiUr-9Vf^
zBpvCa64T%nus+20wWLIjaRp9-9WyD$)m7?jZGXvIlCC>F$2ByWG@5h|Lq15};ZBcA
zGo0@!<rE9lYnbg5{S(q+DmEm1))6#pY0}mmm#2GqN7~ZL!or5zs23bzKp>J`0@KW3
z^9orCEJX4wd<uOxxsXC#3P|T<>4EGUi28chXNp4N81_}AIz<TtZ_s$AfkQwG%r)cG
zO!vRB%U{k)(95p+o+RXTv?tPVa{C_mn`yIxKbPc4{pGX6LurqH6%F8UG5zWnw<0Yw
zGdP+C7Hq(GAxMd^c#n9!pqyr#0ol<x0&P>aKehPW*Hl>6u|dryD;sRX(;r7CYx)Lg
z4aGji6kDqn%by_D`{0fPFMXeB%d#Vw21c5U3y!Fig}dzf+y!|Y0D=s-caekdrGiGY
zhy`}!3!ippK`6vo$85aB1dOzDR|MvV0tzfLvvN3X&gcaXepOUnlg%!@vSMCr4~GHZ
zfPeq2Lqenm$HqQRE;k#vfnSTHvNDftMKW*-#<{(#1@(7yMuAl}n5uLLBj<}A%;>m_
ztt0>j=n(E~P^t;S(9V+H5JKj$DkHQXcx^EY>~&*z3)xXZ+nRwseZZNG3J5Bs0LPp7
zUc{uq-rIA1F*;zu?*NX6&ZMLf4kw)k!hZXG#Ye%3$SUEa^x@RRfIpqAd3D5)=~vnt
zRvVZ4F|sb5?k%KpDs3wzMIN#kXp`c#WjTlz1`x%P&XqedZ=x71A#kIt8G|jpfA>Bf
zlqTV+$17vp+@ydE0VgL;fOKFi^1q?Zjf|f^3Dt%{tMiDH6D46t*2@cxf+7`(LH_u0
ztI@L5@IhJj_G|-{P7u416sQZ094tx{=t!6U<`%BZ6#7iZGLd6At-h{rcHx;qtwwqo
zX;vB1&z{e?by2bh1X1}WHmhcwo;RFR_Aw~Gc=gIytAY9PW5AD97+c?t%7asmdgy!b
zv;DfYp^il~-dud91yCt6c`IJbgw)W%0UXi{^!0Cm&l><Aef2-U(C!Cg7%OZ0x;;qK
zB2AL;6%`2xBe+DkfM4=|n+69Tfuu=q;vmEYqu`k=o4}g8<$nW2rsma3^PN!;z5?k@
zir`HsK{GKqVSlgsGN{D>l3T+HHjpM!p=}&_=k>_yLA^+Wg^MQ*X-}s%EbMYB(;S7q
z#vfWxH}Wc^<F)!;gR*c_&Bh3Pi!c#_k8Bm;6WrX0!HEGNEC{oJl+rL}s-QmGmSyMP
z<Ktq~BsTyaCX-YJAgt`OCDQi67(pWD=O^-2<s)HXT{q!t?XEu-Lmp?}X92?YZMY8W
z^0sf<M$~OkKg02a?WRc-S8b?r>x}HA3*pxaP=B#Tei)<~1K3r6zD9eo>UYTlTc3nD
z!GE3muHoqnm>9JvzqmmgKUNgkoOXSiS{6@^OO6XqD*8hN?*{*v4N-G+;OxIOdciOD
zvr`Jbt~Qi@-?mm8X-%9@)C&B{F>=+Uu*|hZm{KinbJTwcki0Ut0oTlb6F)-_H+WQZ
z>ZlZlNuoFduCKPQ=VAW?U02HHWH~43`CyOi^-AV(0@Kr@&DntzzEY3#)C!AjbELnj
z^-OINMDyi=Z6yx5@qF|9+P!XO?;=ojMUa23%Ls&H12<f%cyiO(*|o&;a08@Mdrez9
z3O{}Tv~|Zhb+6<F3|K8KE!oe_i2<WOUg0OQU0?G#Mo|&$YgY80&6e>Bq$&aS@FCj*
zHZ|YfP`xi!{8qEN@=r+&C(6E~O3=W5c&~%Z{rd9w!Hy^B5(Hou>rE91x<~fx>EdsB
z3v2VGb+gX^o+oThR^Z=71;+pmur<U>o|#mDS<MFzk|2rW#n6lKVjna#Z1TC^@@$f-
z1W+NtYJ>0Mid?gNXJq0h%-;hM&}PM~9vPP;tEtJ<;B(<%iTLCA?}Qx$+-)F3`<9=-
z%!3e;;w3lrbKzDB3IvRD2RNJ}yIEh$jlXN#RQleM?@#YP7B+`t-|Rjut%s{C(dp?a
zRB|sg`Q~f4&sq<=j)o3PTVl94gTFtc6Z@XdxU{qa(ob0hgF4=L{TAj%!{VpenW(wk
z@x(Ch9$rkJW$oq140AQwZkPAK`~?GcI_R(<mw?l(&v2>|v)p!E0Vab$2nu*$`UcXx
zO^_1j#}BaLld`p?y!7!&v9?Y3*1iqqao{q==`z6umKmZTN91Hp?RwWONA8OD{=Fm+
zF*l3zHhyGBr|C6ThJ-ZL4}Jf{8+^E3-%_AcLn7iUSiw?Hs59Ex-)*>?uLpbS?V4$@
zX}N!<&lupIfGl)625xKh8*NRmhT@YcSYEArzLo!CNgACuUm|<A@`+$gMcU*evoF`@
z&u6|Lm#ih3{t}H7mHVj@YbzNlRi!ZviyqP-V-w<H;y*`Zw@o!~*KgQ%x2x?;OH+LX
zRW-(9M@)3II0!Szo>`N>!lt*a-j&K$N^7dFm^HjSyXQTR#RD!FykI0aS-w3tC|xf>
zjk~n``by@d6MjaBR1%dyF(M4lSo7KROcrkiA9p_{P&3QRCf4KC@5yW{{nOLMVGOF5
z#3Q-y!>}bR5+KQYX1!PMAN`x@`k_|XksbTM`;_^I_~19yi@pjf8dB`N<Ley+EdF-9
zKULa-=Vwk+KBGFlpS>R3>p+w^ufKp(TEXX16-oMtii@if=z7`QF03tqsROp<uR)Yt
z`0H(X|M<ZgRq$k|VyxJP*=nQ~w49eBMP93}V6D^#RKAR&>@wQ*fwBw{+4Xr%$N0gF
zS6O*k$x`yH@zGSzSgi$$*YQ>s$kDU2O+h)s>a4SxBXaIW#8TNEwhr)MzyRsWar0d0
zQ*vy*gQb)-I;r!LJ8_y%!|t&o%GMLKn-An!*^hae)9M{pbyljoUS>b_=#HgXp79u+
zUb*7&xiWRS9If|FtMWdl0Q(STW?<NZB_h(?#xHm^4Fhk(v?%-N_@?XD$=>T5l^a`L
zAIJr4CY%$AdaeN}!?{^(V)TRizmD-jJJOM|Fp&($TQ-8vx+9j?<!QZ^RJ5>AQf|2G
zyY$DWns}kPzumnd>I=ixvmlsCH?^lBZv$1WV?7e%lz{b#yn#V*%uM~9bonPT4vl>E
zg4#W~?198!Qj9_GJvy+&c>d5p{3aDt<4^#}v(>c%U|+S~PR8fFR%CJ0t!nCR#19LN
zy!a-ZY>n~D%S-E-5@>M6)lBHY;F6t(zb4h3P7a(;E1<ytMG%>9ZrO{uWnbmMOAe-H
zVBibZB2_ZctpT|O3rCZ-i_+IeMy9&_G5`LtJdEm$JnAgDjhK|+BBvv{yWq$dRLO6t
zWqm-&b<0<zgykLv_R}*|MX^yXm?MaiLCqP$;J@pR)*r(Dn!u!UF1o-fGduG}u`rO5
zBn=g5_Pk-(@5E`~O`f+W(TtdLtx_R`OGQp-nq!8fKkVZ8^kZ;nvIp#Yf*)gI5o^D1
znLqhcWrqpxVUUzaOp1ak!D8S-Ox*fI+-qO<Y{}383qy@9f11F__UhJIsXTXY&33`H
z#>mAmA3QS=_SoH%y>Jfvjj~P-%c*}1yL@IWL_LuwF7qQu+`~_pwbzl7=hl|&?%c)(
zJ#NSsi{c=6IW2x$X_lIbhzkq%?OVHS4}(>nHsTbJH<A6+RVshK+k-djbx2Us6EMw+
zkNHhM;iM~F+nD>^4@-?FR6?_#>13Zjy#LI4N(Qzfkd&xqNF`y~_2N-T4nvjj)L%66
z$(wRGk^P~?X=q3zWPZ)DXv_)iR|51h_>k(tMT!)jCnf00d1{fuRI|Gv6A0}(;%vSa
z6hv_6zP^w7UZY6=rh0Om&-oGiLod`CkugQL*F4AIQ2*fd4DjM7-H)>sKKF*iF}v$`
z;Wf_}oqoOVb!zoILzVNxRH7H*ot%i$NzDcW6tzIxgDO6t;aBj2r7(h8v_0Ag;V9&&
z6{f0j-FyUUXYd@{gHuHC@Xrtd!4jwAlFTc$dGO*G8XoRjM2LXXANY+Xxac6-FtMw7
zK8VwR3_qF<y7K|xy1*XXuYYg35aJMc9W&#%y;moZ2Gz47hXfU@y1i%jAigIxHa;RN
zuPk<IN)S_uXs&3o55b8nKJ)OdwcYqqA)OnWKkoVvfBTc&Pptv1G#2(ZB|iAa!Lzo(
zr5YWDJn=CURDKGzzdtM7vBEoz9%hJjME>`E2Ql{5-*ex-4_g`x{WYmAx1=x3*XYV+
zeqHP}08r51$QSz$l9JySFcllI?igGVQ#oOGMn8X=9+~ja>F|W5JQefz2;ogdX@uoB
zgYYO1?9X-iAIW-boDbX;+b%LZ@5@9(o6@qqkB@#b=nvm<6c~~D`d;Zja%9MmA_V6-
zStxchq=~^!Ru=35Xr+uf%QN4BgIq!NUpX*C7v&{?#LOHDKGNOYav*%j0vTtzYKDxw
zB1JTx&=1Cw%bOQhH*ViP1&zehxkEg3R7R!;Evq7a_<$S00)vAdMDQ9<IKaJ+h6G(j
zMMXcN7AB6Q!blAIF_KeL?}@_vGrZRlQmYVKhVj0oQi#&Fdi{~HZ1cKvbWBXkJB-Dy
z-tL8y;zfl|8g0w_tB`L9mT_4*IcTs7VYdKo5$t)M+HGl{ou5N{f%J16`S>r-T8d~1
zr}~j;Ok7+rOOJ784yWZGMxa7rsz+jUzMagD8V-0U@&%cg%6|T2ck8zXa~#E{&L}v@
z9Tr+K&OFcIUW`n$cqV9(jglG!-!40{dphq%jx9GF{nvcpqO(3DUK=SeaLXDhI^+>-
z_#Q*$cfHL-ks35)+P1y#uomcYG0AqFns#w8%hY>>8|)jhVC_OdfsrejoeP)$Ba}iu
z#A99bEp4g+1ZF**ZYO4*Ch&O0UwvMz)vtkd^#|w1BCnbnlvSAE3WR3JIvbMy)TEo>
zl^Q)cHVnF2gCeVh#c3lyw6C(>p0~F*iSs7N<Ub{K4Xb<r6${Kv!Qpz-nZjg;77#oF
zNgB|9wN*?Rb`u0oNI9|me=Wds@Kwq-d^(;4`vO}2cnJ%q$(}KM2x<6&{g`H@{XA|i
zM5|R<DE4=C0lFNOnyP4PTfpQ;hiCBTn<@-VB(i#dUc?$AQ$axTNHL{zNj3(!0~tEd
z%|NwD^rZUEN6p33k`hCrJ-~+wsy@lk;W_1^g7s)uPY*<TLEfXXn3%tZf|3$8AV^_h
zVH&fzP90&-A40?UPqValKX(J>z+=P0oFU(EKfCA4yc81JO*2`@i4UvD3|-AYB8#YI
zPEFla#>Je!s#D9eaqS9yg7%`dV?PEINPQD2Nvqqg6YIQ2Ir#TV^zx6!y@A$=z~P5O
z+gOIh&rc?d1=b2QPEu~y`ifB0bxW2eb{y+*ky7AQ*eH;hvUL1EuHHMI>i+*9SBi$H
zls!_UviGJGD!a0>v-ddJs}e;<HpdE~WQ35tLe{b3IA(}L_8!OhK3=`w@6YXb`~7j<
zZkOxgoY#1+$Nh019CfRO{j0+v<AIeWX=*lTa}1-sw<Im0+2LJ*2wf<-j>Y$W+WAm^
z*|hHWYh+C{yfI$NeH~^dwWf=29o`i(jJE`>UElHn^T-U}42lr<DtC{N&A<+MiBQ)j
z>;)dwGjKPRL!fnzA1&teKV*jggK;NKyoyFWi0l@+jEiW~4?mRZlO)ddUT0Ks+faYX
z7u4h?dHVrQ^voK{aWMDZwF|5|*X@fsYpp-l3vQTS*VNC*V}Hxq^b9Y^$XWEf=Mt(I
z^L-i>11m}FEO&f|4{uMNqbPO5#NX=kT0c-RUil`Gt#P@@t!)xoGRZdMru<1?&NY@y
z$qpgFcPd*T%J|5}Pnuk0*2q@C*DuNc{OTr+|H!Hf-O^#<J*QidtVgZHEvshD6zCR;
z8DeIy<K;U=q326XooU+TBdgBR3d$JL%XG3D2&^8QY21!0T$~a;!bi@ja(R897aDV1
ze?X@_IsMKr<;V6HmOgf_c}LbU1!_;_r1?XM@j_<JQd6vrH)HDaafA42hAFlT7F|ZA
zWDmAJybpOIC*TV@+e6Gcn?u&V+Z+5#J41IzoYrI93554%9Dc{Jtxb0#I~F#ISdGgb
z7N(Ih<~rH!b4vdB_n3D$qduLWpRHh0bdUQgg*#;4Y~)#;8qJl-&lk`c=DJ&Icw?17
zL7ifBL&fjmE_3WoMd&@ZRl6|eAK_iv4ht615xL`21g^r+RM(3Iw4#2)Q<oDaFh>gI
zGe?&aFfEQ)xSjI+sfi&+zL+votW(jkpz!sS%J;4*Upj-fd&>VPa^hu|Yh^Yo9xjZV
zVmVlA$q$pp45_14^cs}XE~4ho?O8cUD0{h4kh(cchhnu>JC6t)u~LVA9$t-fTMSm$
z`xj-8qO~zov};%16q7JZpQUg@&V8q(+gYD}CnFAIZ6aBs%)1@*5S8x2S)*s?7+ky~
zW1?Sl!1^G)rY2=+X^Ca}RxonHk7RZFkVR5E?iZ_s&!NT~b`J<9XDG~r(DKTdC%79t
zynDCtykfSxythYdDci8y_svziu`-8ooe9+9q8*gCWOC}F5EucU1F&S3!SZ`w)rIvP
z)Fm<!G2i{2_bU|>rb+`f>m^*c@_pVGc0#i4@NV1v=wr_wj=v-px_33=Blh9sE?@Ky
z%Fs|K-^j$S^O^GD*2@0`$IU@D`%H&4zLGg`KGEGHF)>luV`_OKFp#8b?4|L%SlpyX
zzRjWRvc=t45E#K0-vYSs8wzHoUc+W7Eki?91%(!!B64gTzT*1DZQ3Ormwe%tIIag5
zfer`S)PxrHJi~_uSRk^1U|&&u$7-Y&UzvZAz*^%M&Mc#%tE=0)&QM7nM&Xfy%zKGd
z=?ZN)Sm!4mx!7uQ<m4C^Y8UF}85R3eo>_DLNv9FQ#+tE9e4lE!Z?gZtO)N($;1Ede
zuiP!vu_3YW(y8$l1H~87UA=-(vDU_kuL(wit9P{`F@FNZOzuPmYCBJE3pi)x>Xp9&
zH7k*Y^cCRdL3ia65x7J)<JS|M*>B}k<R>~`_x(e6#)i{4_eWdI7fXA4;c#M0Yw<fi
z`lC8#Yy?Y{=Ly2TEoC@M!+la8?{Ol@)gMzEn_FlfQpdl)til+?UUkh+@5)G$)*bo~
zRtN_~;Or8=$+i`st_5}y4mIV?9h(A4oUPGRCP(+ma62_21u}(xAyc92N$!iRkL52O
zh1j*4^8O8tlQ~593Wi#wdXN-gC2V!0^!+v!=B>afuQ$8d^+B-mX@*lLFxD1IDQUHo
z!`V5vcsTXNSxF!5ADs7NWNY)zA`jF9AiTDPu<RgZa{vgroTB1859M?Ch{<ijn?GK`
zweph$G4)vO@;#k3c7tKKw!o<t`juU8uv$o5yWdO8^9qf&9#TnVx@uEIxPcQ>qPqHi
z5D(pv_1%trr5?*)9pje_Rraqu-1h(`p$VYCcQJO}h7Tf5>3ljZI*goW`@d-Qb$1)Z
zCJw5uVs~yICDcd%I1F3HyX%BAh&6nEoM*9_+(T_M{#4O!@dD;NhluZco|^o3ohNlM
zY(%577F|RhCwB+U7+bAd<la-Zpm+Pb{C->uKYVY6n&C5h$|hZKWOCtOZxy=OJTE~f
z-8vIhwK+p4aMQYRbt>zsZOPNQrKNg!zs&uLseUPtW=-*6(Arya@4(m7%L@RePdVb2
z^{-P>QdpRi($wCA1QsRj9L^5*{m&l<3Ex*$CH~!RxO)apS6On;jf`HX-7xk2+E%0l
zDA|PLVAAF5zTLmwR3+=dVkk&H127{v0k7^>&9p3s(8d*k+T+TW6CBj-eSfn1YP-3*
zlJEYsv$45Gr_q7ac`hY<7G&njI&0@(lpMsz#02zB^ApZO>Ppav`&8)bYZoBN<Jfnz
z)n{w#>$n;piQ2t>9+057;MdPZbl%@MV-zvX(w9bZ{1|Aa1KWE0Om6Mf8?A(_k(t**
zkq36?on|_*s~**0WkfL-)%{ycV6Rc_85h-AAfQ7BLBLfSIKIK^H!krPT+qh?e?H4a
z%wPgecLH(O{IPn5hRi+nIFBn-$GiJRL(^{njCf(#O-=pp;v8+{y}@UNu$|2={cScc
zKIYhTS&QFhfODPcRDkSVOh5EjAWXneUPGgJQNDIgJj<EtOhAY5>qg^ZL(m1kXKmfL
z(-xXK0-M!NvujpgvGYQNFW^+|qxSN-Xc8Po({G%C{?JVMrn_WT2Xq>@wn|yr;+>R1
zfGGgN&O~#+8#xcXyoPli7Vz<=5ko2LkJrfh^2O%u0vvF*wzj?#aQ>_h5d0kYXdzim
z4Wht+PfkuI8hPG_|D2n{Z??Fwz~G#B!oQxSScJCts$7OTWGQvn2p{hDjgPB>8#9hn
zReBe?Z0o`hsgY}hE7Cee;y>duj>B0QP_JTjbHf?IUHpo$nx!6vZ*6LRem=`Koc4hl
zmulSDd=9EG@azP5b_OL-m>M$g3fBFSyM!Yl(kP<!-88ETE1$S&?Ns{33g{XnNO}b0
z+`tnA{_2w4ojyUyn@mVJ*v^5!&kYourJ1}I_)y(-pXR5&CK;-Ah(#(1E@YSvT#P;X
zD^^oXP+rnoV=St)-s$N|ooV+Yq=s}onj;%Z;Bz^C$B)??J=yu+Za>r)$2lvup2DFK
z#+b<W=~!KG=bTa4dIw<zSbWp+wt&yj^Zf6V4|Be3Q-<EUbosLL?zC1s^Nvt||H5E7
z@q@^CZJ`J;6dp{4!}(loPb<uaLo!{b)^a)GEdY3rJnKbJOuVOes5;%PvyB;M5c7_Q
zjRd-iHO+4?TvLmVH$%b0gs*OTqP3h|lg|VlIjBFsPqiDGL*1DBv?Lf7BghZ_ke?q*
z%Iq0GGNK1NEM#2${d)k3bpoCpG^`IGb7cF}n?`q168Aqn%a0!GhjuNSEG3m!9q!FP
zcX3nK&}iD<jZ0iyCme7Z)`YyQ@qO41w)jWRV?J(-zNyS0pRhBm2t{1fK!1W{WkBh=
zw#HAzQxgNMYUH7l?2*O`IB-MR!2WxCy^Z<kt!>cFGa!<?@}Fp?AP*Eiot*qpRr$=h
z{HI^vL!A!S(HP5>NIT1H)b=j{XtkOCODk<eV=k`vWjv$SKjaoR)5(LpWny06h7;hH
z(FNT_OEHhgr6q3rz5PyjUT?o`kiq{@1(X!}YUMCMJa(t!pj7~d6kuY-4UNRsh{iWi
z$#d3hYJ!O%(O{9w*(*+){aUEKUpIwq2kRIO5BdGvm&7h<u>7U~hfyVvx3|Mft^-?D
zS#wP)WJqI1$^rZPIx)JL<qhD|j8XHNSvzz)qJKTHuRU-b8?H*oq6{5eBp(_Y-ubJw
z%mN;2U<na~2~z>yg(z+WfpZk&xSOV&C`09;Cor*|TAKhirNvHD^5o=!WFIX)qP9m3
z&A`4GEVzuzhH+ngrLH+Ui#qS{ii|iCXPTKIkxKdbD&~5gHz~hd2O`ICnZq@jQ;v<H
zB1p{8o~M`klgrS=1);r%+o(9$ftmEp%4Yz0mf|x*3*h?8+eFHJz-c3X{pt?*;a$EY
zS3m9SL|}AN15NhK_E^TJPj3@zS56KT7^+%Wkitx5Q)Ght7u4_H$M#<mDTEK8<}%})
z`!&w0U1H0!<v0WBMHd0If<ehu#@W2+dhG#X+4W?(AZx;%xG!6|aelMNxRHcGg|s3c
zg-v#gh(uf8%7xiI^>d<8+fI{})p>o*(%QPgy2KG&O^|$F$X$SS_`9A;&3=r8^1LUU
z29VtuK7Xcqdkk_44!$R;*z17EVz^ZOsV1zOm;H7cQLh_}U-`;Fpq2Snk{G9cMKp+_
zl0nQfrdJ#Y6K3+k1LH+qhqO;;0Kzn0`_npepabLq$iQxaX$)j*`Ec6CLm#iXxux_^
zmY1M;@F8zeFzUMUbsmv8w}HHCbV2VE6WcotcaC#$apn5@Tm~Kov?K~~3!)3Iz}c?d
z?L3--1gL2^F~Y=T{L<70@&Z)@1E#v)0$J#&&d%t#aAJLk7u?kTGkCij2-`p5te7Zl
zZwi}bZZ2oO&bPM^l~#!Nrx=tlA%U?IAjVq)4Bx8}r@$!%#zfTQsw4DMo!6bg>c0~A
z&FR|i$&*S6`~lR4+QD7R3Rsql<fv_}+B0<!^Mk7<5Cg^g`|=^-b6%d=_?T1(=Ue64
z1?O^UswM{RU(VdEme#MMUj^-ty45zB74v{_cD)0|Q~bM>ZA8%T;z>3QJ^s&Rso1lT
zA*?=<8K?hCpz=EnJ>M?;RG36f2Wh37Q^lg7Yb9f1f7?qm9U85&Qc~cPjEG!>?T6mN
zA~Udn<JA8C0%Dhr>&uv2@R~`;riK23iQ=<1XFo$3=*vLIXf4#iHww<wAS{E%XV$Y3
zQAksV;ZF=q5=+5{5Zzfe>MH>~kUs&`v5+9uvl*YcV!Hl7P<aYm9=^GKTaS@g{#aF&
z1W}hLFswqj10r$WQSAlaUje!#n-+hzFv}{0Q6ko=FAFug36Wt2NMrExXNXu?BLesl
zjYh|3e)D@V6V<seQtl6r7i=eZm?wn^Tf;W$mjc+}ZJEXC2lmZ@n=hvZC428sZyVSe
zs0)Pxa|0YD8o`0M0{~h`Ni$V?aQgC8%hZES@GP`3N#=Q=gqBPoEFY1OzX3YqxGdI1
zCE2>^SxJ0EOtwlg{KyS*nw;yJPO!<awDW^xjY!mU;|6U)f`!W8-(qmssM?rRL_93!
zIufeBZg}kb%7D0!R!jYkiais;R0aBiGW8s|SqK>KyBla%MBis^m|o|>gW3cj$2XwL
znRKp%xEU`{_r0DYkpw9pJfmZEu$bQ9;lX!`U_X4ig#?}e7lRRjUBP4lI2zEnBl(b7
z5(7Ob1uu!i7pX|+1kQWKBNi#XbPrzb#u;K>qOFmA3}&f8YIwmIih{h-A6#|FA%VuR
z3i5!w-;1GUi1@<8VVi<uzV|eT8^6onCu90$VSU*ug-(s0_6L)BoE|H8z#KyssP)9e
z2T%(9-rlvev_;yGoHZ_dJXJf#frQeLB=ipX&W}M+N?JQ18)RWjQY3XX)n15s1M>>>
z^o}7xB5)cid@S41prfUwpkhzHJ>tcat&*C)Ybx-?z);RhK|;&G<uX`|*^YdF3HwOZ
z*fFZ{3S<qNoqTp(72N^e4+sUA>dVR0uC8>sciL4unn1h{A7568H3Ka7i&ibBHHu3Q
z)p<3HS)v&&GDh_5F$sQVh9BBdRNQ($XZcLDORO(LZi`8)NZfBHFL#qp`k89V%5Ai|
zPz;hdFDN9^(~oN%-|rmn9`TNZ0KTH4q8m4F8tXNQ!j8miSsttG@G5`F9y;QK6=r8e
z#=QkVcP=3&CMGD9d^^_6z|ZG0P{If`zRU=JW;x$b6<YV%DkZ=Tl@(A)mX?FgCB$_=
z0)!J*-|exGrHjZ?*Z!;HIoDM}&V7Z@H&~hC^!WWf;`EV7hj?+jTM#RQ7!E*Y4Fc8L
z8*qcoAsY~koSV+vy4AeCNm#Og(rp&$sf%<;Z8M<EyAV{~Wx2|Kbm=z-go>!BgnecY
zqZbK-c~&?(WCP@uG!SEsB<a<Zo1W(4V*d<|0$@cIS!j}=Cib#y+~8do-ej!GqXR9J
z2*&>jWd*EF&ZN+ATwS?KQS7zNoh!_N@N=N+1)yC|4=yPE229W>42FAY_pcQ6hU1z8
zNdz_6epA34Za&x^R~5aOl~sX;bUeO;NLoFgP9f$m&&a9iQ2F!sBSS83O|{;9)>DGz
z=VyQC#q9Z-ekMG-%<Y9G>%A*9!o?<Z_P74K&ZWw;K9Hq<BAj2dM;Cjr8WZ1OSK|C}
z>y(zB2OGF0Am}#qj=^IUFwc%VX5DH}pt3j>&<JUusPxYf(0!fQ^q>VDF6<#lf^k)q
zWR?Hvbnvbcb;$wV>s$E@$geZU1nc-(bfqA<WscWN`{$gG|8}m37k8l}$_Q3C*4;Cv
z;^862q<RKw@sCxx3>s3D@5uS6`!C?G5#3kqGV1-<N`xHTK_)k9%ziNx8o`)!n}X?3
z5zS&7Y(5KjeKKRRo=g96AbVL^&Fy$gyDkl4V1PsQ3d&h^Hafy=S0@`>ALKHDHU+^^
z-jFk<gFJ1)A+E1A`X(Rt7i^!skoN+vlJ;&N=J~dt-*pA1W8VZ~d-&oD73Y;p<b^Kn
zh?P1ddGU4ykOT1u3@=YBG(fbQ+T-ffRtP*Ie}h}EXM%()U};gn9FLBPGl?(>&gi$!
zgoPX2y}S*00AYBxG28PqvIARt=mP%%+_9h^G#=8*eTz;G%+0}A4<tQ&c6-lN1cmu6
zwrovxvVbNu+0*nbMLeKos(x{mh!1O_6I-aA3#y*ZjR9T^t~ILj-sJ!a*JZ@k7ET1v
zC5XDNa{PnklM9h27?YEc*v`bx=I`KHzqU@Q|L$@5-yH2v4be9r!)aeoQ24zeZ)C)^
zvxPc&h?j24n1QWuqR!FBAj;N`j*s8Ibv*ZS6HkUZEUDZ=Fcf;MubQllp;tG!;A)OR
z%ds+mD2#2O<`P9|JwKO!ejhLsff1T@I~Mdx*x~kxyKfLDoRPw0I0L}x6n;=jlB7-S
z!~{`>0;wYk$^r6<(Uv6~1f~Mr@+JqzH4&b03<gtwj0<qG@MmQ@9)9yw5J&|Sg^u@x
zu_ed%hVNBjj>0juBc6|#H7KFj+{u%deB=t7P|RA9Gf~^ab{ZLDNg|K(a>xVNS{_#b
znHexu)93G67y=b&<J)tDP6zD{ljaa`^ce^jPGpR02V8^$ngF0gS5sF9D-mg^5#d#j
zEDe@KPCj6v3v~t+It^&Kz+m|*Xim%-p}w?Ru2t37=VDA|)V3@1bt~7KDQ>ebi;AHA
z;?<Qx@kz@0brz*EFyFw24OV#b`i1}~6oF{=`Q}aAp>Gjtyg#ejpS7)nSIHegI^*3n
zv%42-S`n%#tJexG_-xhhoIXmeCWM7&h*L`+4kzH!HF&slma2cA<h7?6eqkltH2C`c
zdD)AnRs!Fjj~r37KXY27wOZsfO90X7^N)xqiG>F*4Zq;{{(J15ZFy@^+ry`MrI-#v
zi*<9cO=~R6YgS1^zl~LEx0xgX3v(?(ht*x8*|BQU;PkH$tRw6&bbm9=+UtH`%M_ag
z`*010h#)>UUMpiC{^lhy$s+>;MB=Vnb`{QWz~umE0AO%*0P}2R&zp>v|FyIa;eEFY
z)R(lqz9|nCAM%kALvoO&`Sso1ldcBL^YJK4itfvorBWC~e)oEV0{!AS1;@|UZ6~Oi
zHH-t!%br?Yo;O^q^iR1Dwyz|0O^>tFt#3gr4ViKujkK+(VjO2CV6D(wJ#P)Ugdbm9
z3bwsGAO+N-m>3NUlIO;3{VqPWD>KfZ8Cp3=6<Ju=lM<gR^y{InE<Ge`GR0)bJK@aY
za3-1b#G#18EgW~KINcKt5B5yZ=WUq@Ok^aBh5ZBWI|Bpffi(raJ7Ca&K=7PynXNHw
zK<*5Nt}M7tc-c}vp7FtRm~dQ+2ORam4@&qsebKD^_bVqdM)7DZ10Bn7Cm0|QP+0h<
zQv?oYX`gS_)%XyQMM(q<$2{c3>W$7y7lad&k~_|J-`QGLEgiYVO}*?eSO>SzHdu(q
zO;emW4&x>W+?k+=Y59G}AHq7WG1xZ>DtlF`-MA;K`ho*T=LHNXxcNJugnl%K($fk$
zo_`_5gcBq~A6EvG(#Lvw9beNLzyIlN-|4WBQIurDAA~LoOs%!U49k`3837W-go2Fs
zd*1^>nl;_YfRiCKe39?6Ri@B3`DPpOJ)h9c=R`*8z%grZXw2F{e^JZ8gAJ^`c;;{!
zU@Mup7Hoh7ry*9@=jaDe`#Vk~=jiT1a|<-uh>~=3exRgF=KKR%luh-Uz0KvW7srTU
zgBFK}&<O0{(}Kc7SevhG;6;%2;lm3%sDrfJBEkMX4j9tuIk#ZenJLEg{`&O;n2#&&
z)yUJOWVZ&oo&<90fjlK>L;^W))jh;rQbo~A2i{73>>m@L2|ND2-4^c-Ul*CzWDwrs
z>)R5>_+!e+)pq>Or|Mk5jTcRR>MjILJbn7=$JA+PVcvCeQq59M#VpX<8$m1+z~|jV
zDcfLL2>`75QfO-WhY#=7K3&!q(FPiG3A@Ty-ve<ppm3Xi<)9ZFXw3V3R?U-&8sUGA
z@LF(Zw1gZ}QFf&YZ^6~rNk9(}%u<V>27>0acD3i_1Hz`N7zJiqPm$LW>vyI5ZP&cn
zYP#IUEG~-Pq2hGhWD&bTakGqwurR;-%6X*n2R_pRUsuHa_<;e<z0Jk;;LGhuIRp<H
zdHQ43UX<bNVCqZU-`@`rrD3mAfLo2)>=)>vJWa*()HJRbgs4DA;I$bL(sQ41hkz@h
zQwmoXhAX?qmW(tmgTWf4u)O9oX+a=8B&ryaOV~xi5$A^tg|PEvB&P+1U;+uOcuMX6
z)d~mwY(j!>e)X0(xt7*&wOnrEgH`vWYOknNz6nRx%#<e@)8Lns?iJ1iPb197Cnu+^
zCqv=%H&rsLOzJZM3kSNo{`ZCo5+L?esqxCtVG1q3=?%p(Z-4Yu3l6-A3ERxKH7<dd
z^uj@+?$ZS^YH$%fVllz=gA?8|!D9G^)SxTo{@e85{K{Tj8z?iExuRxg?cIZG<$Bx~
zS4CI1WUk7dVtKu@^L(0cdoNN<o^a$zh!m@^hYJt7_sV{>GAb@Eyqb4me8Qo+efnzJ
ze0<%9JFP?ohPA#YbYGD%^Sy$g1+{UtE{?O*Uwv9&3rqrn9h5Q&Fye<_Uo$45V3NHW
zQHNhwS5x~5;k@lbB{o)POZcE&4v&w9-<=mGh|$-8dVi9~YT7@m@TnOyKTgYs(<wvc
z-y;}mq7Yv6Y}ffIT6bqH+3k31-Sfe(6Ts^3tvw=wo;J(}7~IbaY0x?R<_p?adrt9m
zB$D3vLFsf$A@pijPcK}_f{KBjo)Sc;v$17DRn<#%MqM*SGHawt4~_;DGW)!cAZ9Z3
zZH|nFw=Siy#_;IScC;t}OU093QWE1d)m&&bbv>5H@6D_I<IQ1G6fZ*QMIPzuwnG$I
zeW%EH$I8UDPf|{=s11`;uSR?*a=t`NLiXWi_m43jFAp0WKUm(!yL1Y{B}Ya~WW(79
z`snXj?w&3QfMA$x-LfTcCVvC`Q6Qu#g7@(|s_M2yH*YbqxhNrl3gh>0Ti}(S0%RuO
zEH&i$(Tf7JAC8#mX=y37)hoxD3f_PNgn;SK^Kcv!1LXs-7p_525iBi86e)7q05X8i
z`~<R!Lrii+<m5B%R3|Zm)ULy&B!D=;p`;lWxHLGGk}*lfD<_Jq4iuR&<cj|s5kt+5
zWsr)Miy`$WgOqDDoPq@`yRSg!o`)x{sK}Y%4dW>A96e^eO9uKWwOw#6v|`Sz6~<~$
zwC}?f5OnVv@O_;oF+*kl;{t$*9%^Gy-5_3s0-&o8cl;p>+O%<R6Q~)nRl6iT_oG!u
zpHsqyxO0%OzZgKRU2J}?FH0rU`PYqCuxbsC<#JXrQB-?vHw!Amz^4KK8hAQxW4?(U
zxtx#~y}-ZqxBnfSpB;BEYk`hvt|x<(etf(R-EV`Wg+b0Y<Qc(4rIj>21=D%4T9O}0
z@r882b&O1^Tmkp9(TWnJie|YRm~KS}6&P$0eHjWA!VY5{!PD))Czxtjoq|@zcfB(X
zwd=x_Zi_R0B7T9e70NDR*I_tlmp;FVI28_W*#TaGW#WHtTeu14xy}`rU68-k`TE;z
zAlE?Iz@90!VlFHC^aQNPz+|~ZP2D%(>z@yG*z2cvH~x+$GD&%^&CnMVn-E+f6O|VH
za(c8wdV3$i!SQX=GpGbE%BgF^r<K|dx51-a^{j&36jlG-32Y#fGZo|10O<vG>m06_
z9X`KG^vK}}a}Fpf3dxxGU&FvyA2g}GtMSBKU*H{t;gU68fuRE;BgD-MINSJSk=Vn7
zC=puCyr&PGoKC|kYSJ3X1}}z;PVnu?vj*mbu*DE2sX$n>00?G=Kq!dwvvDksObvip
zT`n^AbI+x93=S3qZa>2C**|z{$IT8Ms7fmHtC)D;xRREhPL0Fi5L?W+I0fFphcM~q
zdWzYRwCl?4g|w=w5O79Nd-|wh$i*h;-c>RN(Qf-7iZ_jj!2<lnjZ5k2T5?`b?~stw
zy*5SzXvSyWL4$C5A^#bAZ|v8u`NL~vR*FiILcAG1f=drPQ?*Br8tVNu5PUVQF%W`~
zR0&?2+r1^HCm6){{c+NFr)$Og1bI9C-dwu?>*HaGm@aFFsh_IXxz#^5i(O*Ay?$kf
zVgs+ImsbOt_AU;>=z!QJv$zt#_PuKMG_K&PowpX~<E02BUNZVvXg5*Fc+S=?+6gMd
z!9+fcp%sET9*22sE#S7M5UlLQWaLHpP`a2$Det%|-oih#-<&bYUe~g$N>%AdO`5|>
z+WFj9j9@WU;-oU!+fW2ILMkuU<(b*SYg?vf15V`h!Xa;l+7~2a6}hW7zDfG6_%nZG
z@E02C!LK8L??+og^|GJL^frJ(;owMLvlipEfG2A-S_&26-)^RV+*@+p-q{`tk*5-$
zz8~)4;<H-W;*xGn0S0U1P-)(2&0T35c!2I-iB3)J`Zm|cryK>Ot;+eTm}MAXkb_{~
zhJv}`z4;}(7woJ496I<4m?b9K?+J>G-fIJl9Sh<k^V>(qLg<9rYQmPGqmj)x{xc#b
zWIwen8V{wQeeIH-_$?q1E&K44__l=7ld^V=22h8UZCCEjbUChfrar)xmX`;?f|UXX
z>8xl(1>!0`XLSrF8EKzj>(8IRvsC@)`UG!+2Tt12VWGb8e1&u6sQ1!<?&3H228>AU
z=3=xn+!{c&6m>#aJsTOf)h6oU;r$lBLyI<PO)c9--dQNT+RBM;aByT4@o!3*qOZf6
zTH;r`OuwDFRgq=2h-cZX-b-HI*J^WZrGL@df=~6U(O1>n1IT-`<BwMnOkbE3;%o))
zvXjJ10U9x;A&KItc-tDb?e64M=o4bN-y8R6ON7iHR_WDonZpNd>tN>`VzqqID5k%{
zJiqqPGvA@Wf+KVTb@1C?<{PtWJTD8|Vv3Yk)-U4QP^M*BtsT{@T_*C}Ug|6Xxaa9%
zmKDG4j-&5R#+w(9MI>DG@fBN(iVz?g;VMZq?ySc%fDbKker-&n=ZQ1hnwrm7WEu}x
zjFM@da<V5hP<IQ4a_I`MH_tn~hqnvSlZ*SwRz8R8Wto3A)rDqLP>zSo5BmlA_Y<_|
zqtCFsK0i4Xbunr9<<95dBi-ko-)-qWchU3Jy{mU*U8WwH{Lnbpm-(VSz}Sc<ZGHQx
zd^4?)b}^%F7w7|rq(@Y-E|q5sa&or#6*O&%E`NWj@0sV+HDEJ0|54Y_G<n`Yw@YVN
z+vAukE{X88K)0Q9t^xxr%jTB{1Xz0U>t&;X<IAc#Jh)ql8U_}-(DBRLNE#NMZ`(zu
z-`MKa*8HFe9wBmaJXgy1BeSe-Zd%5)v<;UtL|qounZ7UMTF1R?c(`v7hGoEK5oGKf
z#(TtshP;f8(BBza7RX-bnLJN%!xxIT&+B~|YMUB$10#F~zbPBTqrK0bwgrh>r;`@;
ziZFNg%FFU;=L?H#lCk&pcFVR<Oi{)(P|Cs-jqD8_7N=&^&&JqvdE9Llm+uo?Oz2LY
zf8wU;KsEn84>gDzT25xPP_Rlt({s3lKDUq_D485-5tAO;^>s8@A1E(5j<TTk#S_>L
zq~^SVaby+K=)rZpj98;TvXOVF;3cYDGsz}2yWsIsm2Z;A(-y1byLhkGhwYx2-NVwb
z#-T1xndBUHt%p)N9y)I7U7D&GXVJLA;x(6)zK!|&8XA+UqP1QdWelQfau2Ld8}2kv
zKk9v+B2byqmrweo<}gKiwZ2@VoGF|-yv1va@ikI-Qka#Np(S*iUG&TRgYR9XO#-v?
zZ`#faU((CfHO|GQr(64t7f4_XUc3GtKdhYj*?#6{axPEsoK>cb!(!^;;I7$Vg8Uu|
z<C8=XZ#OP+9P?VnKH5T+esa+)-B{E4_N~HoKx5Aa6O^RXXZpMDC9L#c54;lC*-|&E
z#M_2-nm0_`q-&;8sfw*42k%Nt^eynLQp+1A^RwE0+r_WI*OHyjY4T%V+q08Ib1m4O
z^5q353w*=FFBwHT(|a48BEx3RDcNCd-904}xe9UZF_H2X*n0|QrEP!qLD-oPwr;!G
ztuD=&IXA*nO^zwGQ<zJgI~eJ4&GxZR%FIpH=SbF<Nv=*!8qPK(ofEH^N$zsn8k@_l
z!U&2JLgr^jTwRkt8cxAcq+onIH2NTK+hA`Bv$l7`d(wY>gTf3ZjjZ>6?-93zZUtFm
zovp(hU+*F4%4?5`A2>`b%&xw9P{}cuRdz`?iAyaxrb#DzE)RqE<isrIqGoLmo;%O<
z$CxaAV!(L!h6_nmZ>;$YuJ@@Yh;y_nY&O+$OcOuywDXR}emQ?+$vjiM%sfHKoFpNW
z`wui&b@H_m*X>pq8eiV1ojU69!zRBpR0x-`9nybLRy=UDf$hu8j`PjOY-%SFL|c@y
z%f?a{wZ+?Ni}{m3Z{iXRJa?rRcIOt%?<h#!lqScBqsFf6-YC#wIqZ?1wHTLaW0w}C
zM(PMrYKy-vabuI#Qh0{5b7Ze_GkbG|Vv~p6KK3PE{z#$~bno~-G6f@vj{Z#th25t|
zFp5U(x92>rUu;eI*%g_x>Ag2-@nu?1{SvfjU|9m9Cb@2T-+aSUgI2U@K?Yv@iy|I{
z(KNBq|FdCK!qI}o&2wuxw{qgO=kpibN-HFXJ)|D*CRJ1A7M9Gpm?uw#8O%T2m6+eX
z@>*2RT!!*rx$`1d)4*c;zRlz{3lT31n~wrUI^QfWAV5kTx%Z<Ae3`@iNXxFC#jqW&
zD8OSqrL29*d-VSN+PIGRoDAl}-&*Fq3y^D?Ig%)BHwl~u<<I^bRegR*Cd$}6{r2Ln
z!^<F-gJ#Rl6gad(Xo7*eu|eB8NO>SNI^3@<^jOb|_H>^J@Bj<xbN7?~a3r_8Sg%Ro
zU#qH0ZL$I$Yb$g8AlJoY5nsifTO|6%NOHY{`E$OsX||Uq`ZM<No(n3=rjhoN+Y`(N
zJ~vTblVei1J+^SRUu&@{kDiJMR4DJEgHYT!-=;%?FMmKWS?Sz(`>pCNE3yB)CQ=Ml
z-G*k}V*&E)GbN>nm?ghlxSS#S@&>S~_YcWlkh6C_JQ@{?LhZR?KCm;Xs)Ue!7NE~o
zZTpiHii=E9@Ejsat=wF9^+-NaxEc{HDIrdh4HoC>`ud%KqtZy4@>UZzjv2v88tLHx
zrsE7f(r9{yIkPhDsN>?$2E<W{Wvb3b`zFDdQ0{X#n~-f*jlT^A5TtxaOKbEmRLthK
zA0!x{VmH^?3m`#RhHdmY<07`l#bWfy*QbO$yf}xV0;LV3w0HbyrK>Y81kf7ST%T(V
zXtUv*O2}y*_V}n8IM_24*2evMHt7T&dGqJ-b!YeitA;He#24{upJG<0*pWT274V}x
z-8ZK<=CR?BHc|wRUWa?wTD4z!^q@^GhJZtCd%gb~?V5c?SUewR>4l`<$knfm1skSE
zkP!vhG=#0i46OnKD0d1`cok@9s$B}`|Dt&zR1O-T$44t%ighD|I+br+dIrf8f+vr|
z5dj@+Pz|IYfZ2kLzQz=qwDeZGIY3pcUFph|SAT^%gkHhQ>LwgqvH;b~y8XhS+DqWs
zkGIjkZ(R%;3?KI;a6yls^b7gWOG5zQpyH5I*T_;zcqP-=bx2GA+19TV(fUt488@Nl
zSAsP#S<ecEleU_+_S^R9XLw99;>Vub!3kdR3*Pkf^hiX_#Qk{W1lrJW^{+~b=|SM8
zyOaUwkD&&=-&Vf1>x~pfXf!1epzWc5|K0^%AKWSMW<VXtXH-WdsGL#$IS5K&<N^}l
z_zQ)~V6hhkoc+>(7oz7_e-aSnQd^v?M*p$4b`BZ|SKGF8iSPn1oH_xK9f;BTO=?3W
zUK&$ycZOsI0q>ntM3>~I0R{u+XLMko{H<GUtDZg!L*-FLYy1#F<}I71shOuICrFp+
zQ0q&^ES&@cvFFmMZW_yv=~c%&7qi@!$6#0kI@j{mxN(8Vcf7_203GTVXF+rf1c=b(
z+VIl|5vS&0j}OEhRMmU8!1F!h+qaNc4YB|cfFP2EDZH=D!4MLMtnBTZ=U2f25m*fA
zg=rCY`$?he)x=9iLe6li4ge-vULzu~R=dm*3ldUD5`&To|BZ!8_U)72Jbh#cPBLg8
zLs$&R4h%rJu-(v)cAo0DR%nDWDM&)sy0YuO)+(c>uOBLMjTmGIo=O+rHHmuu;Wa1-
z2Na;lcT`-d?<1tFfk^(b>fy^FN_KZbUfCc-n-lqgaT8FnB)3P3;guMpS6XDGlZ#XY
z;vp*Fox7y`mGi$7WTfsw5plS``$UTw?q#K+$^&q`m9~ZehWvbaRORlx;h`++#ffk~
zZ**s(Ft8eTMl-@685*Ycvh76}N{6&hPi|rjEt=LY!-0pKIbU9tmG_*#%)uNjATot%
zFXIe6Bf$DFqxOIch!wZhFZ&*RQ9v4C)lA;f%(T+X2v*#auGI=@%T(c0o1TC}5*1XJ
z(lmB^9G2su5p26mbw~yPltqe1;1FdAO<+AtN|kx@Q2;ps;%nU?=p14sa&@YMA*l81
z^VW+*;J?SVwKO_UlX1?s79_FVPhtQx14!^?mQ@w+vIl5001zcTOI@X;V?|p~wRVPH
z<a%YVu82I7-#(wPt+p!A4uG#?+=&(v6ck)pPdy3&h&woaW%AuROeId;if9o7KY!@j
zFcC&gfJtTJ?qk5@x4;MFxj^HKVfTP=C3&#%_{UT$O7y6Sy0xuia<(vo(|y;BXv}9@
zU)XLWo<Hos)Q$`8>u&!WcevAqHPE$EkMiy`F8itS()@^<XoO(xgczt^IdotVfUV%!
zM8ioUPJ^oWzjxngms_)etAheaLS+tD?*gINgoXs(xBx)5ldCicIR}!jS~vfMW8Wvo
z_%ySelzsd7<Fwv?MxChcL0~vdJxG6V-ns>gkQ>ryM$gQ|>PFgFv2UD!sR;ev&$c69
zUxKIM@$8Bc`oQ|{XIoGc0o2Zu_s(seI|p+YU?!_i1)y0uAKDbp>vSBV>rLBZxgb&`
zP@A(2f)$WdZ>I3X9AZ+4YywskPD4DRn^s2$%1OO5bx~mI@DCap$Ww|JeVMz!sq!nu
z=wNSiVWh+#O8v-~nAXDs0?2VQy~>t4DrV>a(iyC<<0vU%zj5nUQMd#<J9VF+PKh(y
zw$GF=us>G_0)QQZh?(&jOl$<SRZ<!oUy%loEK6(Ipd&>pF(iacGgli1LI}MZi$Qo?
z(V8>426MywDl}{`-_LUYE}|8HZ)Af`H5lZ;C~5>itZCG@>WgL`0NO9Q#$D-&gxIaS
zU9L?tct|pVH1P~z;fhusv;|xS9p^+kCV2b~1>o7UUPM50VpfOfKht<V%N3*i@~x*2
zA4YLC#2GrV`IDRj+ztwv?Y=>^@b*lj<5_8s^?lyL%0K8qb@{T>!DjJIE{=?<^dxZS
zht?Yd2?cEf*ucLqeOHr{1B*qLN^)EDJ0A1)0WLjBvokR<8K1<}<n;9!K_h3nckrt}
znf2GuL&!&jUZ7HvXap>A#J@*{mLVgn1pp5v+uEAk-&KH800RNWZKrZ45ujnbs2NUp
zucuGYiMcM&JkC-AVo@J#MG$Qw&q-wl>?zy9uPFejfgqe#%ABk{uGSwr-zca=LdNiO
zgx<lnz=9_@-H3)nM+aw#mWKircvjf}Y6BiKjP+J19yrSq`M+^U+)LR?RS#_?*t?ht
z;vn<B*1&7>gcwfjgn!;^*|febtxEy-u8OHt2+^=Y2RGm>)mMl;v5yysi@3%CW6uKM
zE9jcMhP=x(t>rPe{z)gVpB)>I)e!5DQDs-x(os(v^mS!rWg?JS!fl=m2ymCQhql}5
zF8|I5SE|X+_bfMpfoDVo=<tYdOWaLvZg~+hS%|OgznVmMuZePXYqk5#=B5h~l0gY7
zqpTbV>_+S;0Mp#vw=0|2Ca7Ox%Oodj`~W^mrKRr=D#xS;#AwLC@_$5{xGF5Gd{Gcp
zRJ_|JwcQQq5Ly?#czQ0ZEL>UjriG+EwsGRGwH~(?|L@L?VmP+7wqde9eq_zW-r=SB
z);^a+T8G{RUq4_J02xTnWwT%Jd5>J(=i35w?|O!6{9HDT*M^B7=lR_5H>R2OB(ORd
zh4+b^BaY+H3A`^DoMp9t7}Np=Bi<mnPgm$lfl&$D81#3zu_vkZ>VPiT`g5hP%uwcv
z*nkApyVd<FJn~vm__4QLc;YK*^R6j@#zxQJUSxH36AzMvaE4A@&!9i@TDK1x9+_ZS
zp%iuRs*10{n!Fk-!*vGxVvAIVPX+8u;izd1Ej~gZz57gpOc7+}^=aOEU#IuB?|~!t
zzcTWe_DeceT}#TK6L$m2!00%M`C#Qviu=A3bbM&M#ykMN?CZS<JfM@XrYW@N)0aum
zT6*|M*L}2b;%f<K#0OB%fb8QA|GqC#h1<M}&s{070|!+9k(l)*0A4b4a)Mz$d~{uM
zoge@?q7y;vDZeKS_g{ekJdm8R4X_OlzeWPG-BXs7z-h>FB47$v;c^zTWPr*61{?6)
zEEivX#?H%WJg(*68*YCNkfr3_@c7C|an~A@t<Z71T<yu1<9rF0hd<qEcmHX5!>d_o
zZ_CS*1RASpYBmEi42fBQ3R=~xd#?RwU7po<p>vJAz`n|c4nd-b-6Wi7ex-aegP~}N
zPE0-g!@j>dmu+QlRoL~0t#28zOhI;&s>2~0rIaMHkFaCif)i@{+Y7C$;~1kt@Fmy>
zX(_Vi!QBs8c~mnADx38FdH449HH6Z}I9xVdFf2mS@u%BAJH<0HQ!$oz9&H1=FpT6u
z50C1xKb;KW^kw)B&#hf=SlHXzIJ9ehr4V1%iBe&~vRJ(aOyTwYozs*+(G+?<ulag-
z@p{C4BeZ!@Vuef;HNMNDzMW?n`=&%NIfgw8C|RcwtB}Q^ZD@Ayc()d*fS+`7r7OSX
z%I`m$e^m^qbF$J(v+?aeKOon>U~$v}=Bh9A*?|V$kth<*ra1QTKiwPyZzpN`aX%R|
z_t)pIcEaM=5x$NGz|`E%F7NYv1-Q~#(FERv;q+FOX<p)mF%1B0S^4u@M?v=*lvppC
zOEQUM^n9Wvf71y~z~aozCR<xuLDdvVD<%oo4oUZw59Myl1}Gq<&OicjXAFlH8oHi}
z54M*zFktX3EGU??H7KaO-ks(@Q&a8L3A%F`?BJj!leC_lAD&OS&(_+SU-#)#r9Qz<
zIAXvT-~^TXB%OD@dh9rs;6T<9*k~*f4!wzJeg<IEyDbixExYB|+L=Fo9OVI-fyKZD
z&)k3W<x3}{L}?-rC$><~j+_Z&l<2s9#R%?h0E<nGxc}!{izcIZZDoIos4<hMW1X#)
zRpB<)Wpt#{t)Sd%+g<<^3UJ4^mX=@VGfGPbe7zC#9rzcrH;r3|FK=hizH92RWVI$a
zp53OS;ZiqJVw0_J5onBtGZ`<ajqFRm2_`}Z<mNPdvM}+>7sz8N{`|RB1@d1pRY!*o
zgJ#OL!duJ37NDaj{(RGj+3U*ruj`P<#}9HWd%)2*z8(0jO))3J@m`pMQQVTm{|;fK
zAB!C}1Is<+JtU&h9q<z1NkyYZ;mOEn^qA^wEsNM#TX!@!n<j&rQ-Fbdc(>^p-#TIZ
zC<WK+{g>{m!Px-W88}LJ!s8GY79PT5atQFRSREJu9t(qf#X>Yn558n&HLDbqm*Z^h
z?1ZjGy!FY?T?A^2LyD+V1M<QtgI?<x8agZu7B)&RL79e5Q=9$9e}+XRg71H&p!M$h
zE)3P0J|^Ogzx~5wW1ieHGUH5?_EHul9q25C-gfXkw@Q+&D{PHdxzE6}WAESzj(=sB
z|50yQwAPa(&C=j+cnDFD@U|`ChB9N+Hy?Jr=c*iEz)_us_sTTQnKNfp7N-VlzkT~P
z)+}CAwZ+{>#8lA2ZILSNqbf00<D)7SXMkB)FioDBp2igvKuI|+wRdBDr&;91<I$dE
zlQhESvfop*CS9O05RwynbCz-q!IQeHJtJL<$IA;}jw;u4eTrG1%4Nn+`7Y}Bb75!~
z+!h8Qb>P4zKh=jACnlC1I=@9Y$WA7;7}cG2Oo`es`HL&g9__W$&*&ceyYy*!!<mYT
zDoalSs#Has!6_&4(-;IeV!^x=I7K4vZF?YEsVG4#>Nw%-)GU}J?j<Fax>4j3Ew4a$
zzA;iB`vqW`Ge4x2(8)1UKFNz4o{mdUr=IdXd}j!?b!t%oikai*;wPm6+u1ohcCFuQ
zSx%$BuXGu%Qj?w0&S4H)AS1Kia~Fi}Ln3lXX7itXF`JS}c8LPheK9r<PdNquU-gdb
zMIY)}6u518Y4wU??IhYOIm~3@HY7N(<*`$ZSvcH}XLG~i#E!M&K;Kk7U6=fF8rQpE
zNpB%O!0J3_l`=P2Q4#uBq57t{_@O|iOFn)=$?WJWw(NZR+4@~8HzR#+z4-X7szPM5
zV)-Fci+O67oVUO%x5q3;y@YvMBw-UnExSK2YU60{_w@!HTGpB5=T^S<Z?dtdc3bZ!
z%=iAG46@$mEv!opyu2+A6iUzg{c5=iE%qdrn?ikpYJxI_dv;Z|CTIELD4NVZhFb8|
zWu|=>x3u~P&HVdX+GL+(RA1fn7G=SB+a6=$+lZG9pO*v!(=sfjM?7B$KW>~F;QjA;
z3i-a-qGD1!QT*>m>Kd1+uUF(}%#*<HRvheXh}RJ6?m}~8KYnQ7gnd&03)g?fKK#|a
zxaWML4i>NM<NwUy)#FnGW>z6fd@ax6C^`r`j!_n9{<@kcvTA`hqH9)oVv69G|LTbG
zb}`OO^JfsVS7EkFINIe2qcig+Y$@)9FYohYSa=81n}@JmqC0aN^_Vgz$M>Eb)qfrd
zw9%@cmrsufvaqu!8Xo*H4r@ZqP8CcHCDvee5>h8(=dY`4VL`Udaxv%wgfN|A|L-@-
zK39)>iaFPK<r+t#ncu<XOzM$NRp#$8-9e2ZiJn5$1Pa#f?zcHst)~o-3;g$O_>YS9
z<-k{9I^Ac{VG2<&sBZ&IENSjHZ*pape7+Eue*5Y%@G#_mT=}2hmp$b~UO|(@!8)ma
zizM_)%Q6er5Ih2@pR~8NIosl|GLVCaLp>UmXruDK@7VeH_i34{l#0BH$e7QepZl(A
zLF9aBMz(Tue$FkR>Q*k-Btm)s8nWaB7a3*}{~?daw@IgAn4~J7bZDQoZhh{%x3c>!
z&?MPa7urF<$&^id-!bs-sD#|g^Bx`lb<->M&(PfbsIxyY^WKukUBNC)6Br`#e**@f
zvifo>bT`w7`JfY?)E8aK_2RQ`9;^7@z4e^bw-w8ly1guZy5rxxhL3)mA91t)|9%Kh
z`0osZ>-*87G$8)(YG<$7s4(^k$}FYBP4BR87|$3+{r*=?roS`o)rBjxSTjD9zyF`J
zU5^|l7S+i6@g#zBD63z(Bo`5jLhj<NAFDo=4MB*F316$fykY(OKQ2HH>wj?L9ior#
zkT=mjK4qTw|G9tfj{p9`zvpItG3o68UNE!3f0roa^Z$QW|LWhjBJXL^<a&Mi|DM7s
zUzE##mNn^T1AAoyL$g%)<st)kO5Q~e+W-C94~3tC%21bZ$DP&39#gw?vQLnYtdYDe
z`3_v&Th$bb%Snk@57w672IbGg`IM~DvFf^?DO|#-)mF2UGeodPL(*r<6u?CwZE>s|
zWh9v$*uH@eU*GjR$;kL_eVd}f&cegxo2msN)sBEtR)tx?B>kjp>ksoq%D(3jG0ArW
zyA*E>%Cb^5PCp{rUAc(75cb5&9lPGr0Go9H_g+o!40^Z|INT7i!ya)zX&`UZ+D?S*
z8r#n!En^p4Sy<y4+hmceNuzsx;j4OK<rx#lEQV?`?8Jx0bbRNp2Nzc*PjkIK&-_EI
zEGc_LN{}qQ@Ps{E{aID%1^@|Lf;+udc8htRGg9up_|Lb;UCxD~SJ>V=6;z_g!j2%d
z=2@xK2Jz5<FRCnWoI3^qj7|7;7n<3p;x>y1SMnN?50VrOFjKtBQSOpqR&)?i5jnb_
zT<@*5{;;6<*NgG~xl#-3V{SF}=j7hDOl4;-JD00zY<?q>k#eVo!6|OzxU~O*kBl+n
zpb^7Mrk9f_UF}u4Se^MqWNv?L;%KHkJJo`a-)L&S$9ry9?SB{g9S#zj1y4IIq}O$B
zaVYeB(c%HG5$nCJe@w8&rNt~OIKFRgZtg>p8uig?p2I5h_#qWQtk9$*YZSFRWo%Jj
zyuQ8B(z@)DO(D0y`F&xbd;_m~HvVz|IOYLQSqPf;{w-5tT(Av;$czXWYio-Re($of
zvij_`Ka$qZ?a~Iq7?^ki8WN}jRy<XwV+;%t02u+q*702}^P526Ua*5A2*~8nJq}}*
z-XWGaFGAMHt$X8FaQcm#yB|~iU|r7<Ai-xZk<)#@6thru{ETyvW5VgGL(acB!mD`&
zW1R=%2d5La7_)iV!(We`K_AZw68twqCZjOZ&OKCTA|fUrjrEPAE`5*Xr5C-Ck1F{Z
z>9{{xfqnD~2u$Ml!kpU?5ZFE3u2C>C$rugJx1y6yrMO=z4p9@}P6Vc)aqR(Jco20B
z4bum{gr4oXbSlquVZXE8!P5TtUSaQwXSM60=Dd^V(?Da^mR~k>w6wJM8jK}YHa)9v
z1ivctNd-FdYWo{zBsv)a9uRt%ynLV!1AKOBmj!8yeVGKC42MzK({i3fKL6lg1CSfQ
zFX;P*w-6g)Q*&|v`jewpHHM=tO~p&t(myi;dH*3NRdIOVqAQeZ9!upG;2^?cUq-K?
zfz)nju$#MC&G7ns`WKAo%m{gh5XHBXI>mcjXsH137mR2gZQrd`IQ*Ge>@d@Y6LEfq
zr8DnLXlJC5Ze5X<LOf#h{>uCnMJ6@N;mw4s2Z4yjfCXR`2&5>~CVK&O<IQ0<{K7GP
z>`e|HlgS?sfQ+&}Em3oild4Hj*>^qBu-K#T`b<Z1J1Cv|AW?O_OR8nE>0N?LC+7^N
zIs$Y%>%XE@)60brC1D^1b3J9ajJ&RHyf)`U){E1?B|<AO`+yse9+UfT2?ojM?-l$A
zx)_;d?^sTcs9}4;ahJ`_j?^QOrE)wIf`CK*z%F!}3SH)f?W;F6VS3g%_^l^yT_J!a
z4WccT2W%5`hEpQ7hnE2tYvv^bpdQF=?5W<7P=laAqKwFt*X9kS8o)s^s5#wxtGMi|
z@qs5?9Z;G<vVqt6Zgea|K6D1Y@SX@6T$v0l<iU*T7o*$MGj{gv46iV~Ge%zrqBPw6
znKNsj#e9>r415BB7hUum_o!y8qyWHtM?hM;kp6pcaD@{Pj*FZc3813|a?ANK4}x8a
z$4s~q+WUgn_QFh!!-#62jQ@bz+ZHAQBT%@0`pfLI0J4Pt%%1vV(G{49ExUNby2q+g
ztw2C3KiHB0DjDm=p!+YlUyHI^*olcKQR^^8u@zKzWccaVRmn)UemP5B?Aqs*B(km|
z?R7v#a*nAvNw?;wi$K92Z4EB51n%dJ0qt!19{*j^Lsg+R4q+6C1s~vZeS$E&pa~Iz
zSWY?h!WW$gj@*B0j=m0lo<QL9U0qLwcYlQD@m^H~o1axA%J8<y3rJd$_TBt>jREq4
zW%ehws}8n?NA?pE=QMiW0fse^EwjrPr|(J&?5ZgV3d!4_xPAl;Jq6#y24Ke^E{)4R
z+m%SrQLb)TEI`nVWivoF68hDTbwapw%hiUN&~uq+3|xnKb{*gx8JUBd5th-&0VMTk
z|7ftphI;edCZ}#`NGrAekHB;D9{A)kT$uyUxW{jqa@%II$skc7At8530~kn1`@(Hx
z)eN~}pbm%9&vY2qy?6=I@NB0_sVblkwJyzsAI1Ve38uR~LByn6>&2-D;K?xvC<?uB
zE<Tu};14uS2W#v&Aa0HvQ)Y`(x^n)?#h?|;u)|c>#$yA`f5izT{<exN*QQ$aWeWfU
zDTw_dqVz#i3L%(V>fr`^N4%3*Mau6`k@4GDmk~75B~mxg1ao<Cjt&35(r^~&*__nM
z2@MFJ9m1pyKji@2HsU|L7`wC}`<CL*0%gNZd%X$qE#_fNobMWE_?VxVQ04d^)5lUV
zCZvzGynsEY#=rKnwcyHEln}Rra6HLcIV*CaQ03>i|L)#ZfT$zXK83o>52S&Q1SYi$
zvXOx`FKSon3O=;$ok$Iah!4S;7n&})KFd;|_t|MTJd(Y0=a_~D>0pt^*`wV$Vo>Dt
zhothp>`W990IW5?dP#f<2vE=G2a>rGg{Rg%%N_SmnCtn9Q5(3kK%(j-v^<S^f3*H8
zE&EMPb;+@v3zA55WxC=EO?DT!${g1%r2W%BA<t<MX7AUWV2jiPj?<%87|5p@nmTj@
z5<pNy$*z2LWB{@Pt2=>i`W>NAA;K_dR!TClGmsZMPoFW+t)g+f5OfbjnDwa$H<h6P
zdlxXQiu_`WZF`9GOw{vUeX?{kQzq*D9lf_F&VP_FBDyV)NZ>&f4i3tSpHZni#L9hd
z*)NjOibsR-Qmm@a-^a6_Ya~Axa3b)Ic)p@q$f3j7Ef@o>MqoX50+Lg{`Z#s+tl`ep
zj9Utn;VlnlPXk+bvJI^F{w8Qqo(WLXh)Eh@fWHFSlAh<B84_yErWo4|+qu_qv41=R
z!-vY@5kI-7)7N<>N>cqI<i;5CtM<&(-wdqwwma}nAC^lJeo-=ry1v>jeZqHuJ|ZpD
zd~Yuai~8&HTiTW{fVRA{1hWW>1*sA=NEH)Kj|@pi+y{`i37VYhm#8TYX5UEew=3M>
z;xgOcS=I9zMPi>`1Krrbb5#x+3Lw>@O;e)>bh)a;mKHUGnTFm9e4x64`kiMUukOh@
z@Lal=eu1bV;;U53@ChI^tP&1pPbZhEy^W1ECle5}@%A-fqShA-;K;9v1ZfY_j@Y;S
z!E~3I{0-mBhV-jon<8st!%^wFgtYs@TN=at_DurGX&dnN)iGE@ztI#<o<TYwH3GEQ
z?II<1U9S)61kwoG(tOb>xGEv>28<k@H(nW}I}s@&^+d>pCewJ<RUcSiL{DGcAym!*
zUf!80z&$mfYY$}^X{}6@HmAG?g5NWLfE_z0hxmzx2ADnbo)eh9{;t1~<)XC92qKBo
z()STcJ?Q8JXnCo6+Xmb#yr3SK4K5B7)6$^Mt3OYzRE=(kbRG&}xTQe$Ax%p}SaJ;|
zP1wb*T!uO#WNxElV9=mCmUy%AC#v#3&5@^#GeRtr-LFn6m5jHFj7wDj#x_n2H(Sv&
z;l`$+uJ!~#d`w3|u{&Y0OsC5If?>@%H}v1!Y)8ID>{of$_>TLGtWHaK{E09u0tsW5
zo;M%XP$m&<<B@@%{`nT*+xJ0YK(L)zGTqAw98UILaPm^?|MS|h^+D&8OBx{6pL%pj
zP)N+<seE9nuJpE8itnD4W`TiRfkE|d19k1&mgJ;U=OXh4pgEsfJ&l6ZuyVu&ABU_%
zV&&!WS@qBcix*k;Q0jxOFRUMT<UGXWMuT_8j}8p&D;I@9$O~c(P^$aC@moD>f7Bc2
zSSf@Am3r}umkk)WhPN<fJ2-hswi+Y{KT|!PU7~7A9dvJ}e!Euj%6TKuYCZ|0YZ_jz
z3eBHKbl_&~v1><5HSeHZ7nz!>0A}JdSOcxrs;CxmyFEcBk3ScHAgKJ6?PuV&NO!h_
z%yngSQWCXJ4e?nPOb@L;YMvXGHE8{+jk$@QIemQdoarBzsl#Q-pCU^sjdtT6@jaPh
zrg~z@iS~zQNJ||odS74ocH-_@{ePB7NjY_>)<fu|(9qCYoq?1waE^n1f6wM0&Kb=s
z%<r0Jv9&T3(mQv(aQR2OsYl=`hwRxPQU*H&WViwU8x{lPg+cfKCs@BB<j<qucT|!@
zUk)#3L2q80vsucpni{ldAj*LpY|==sc0)MzfDed<MvCWOt11H?@V;d}`jZXT+AwfI
zb#o2)#aT+_@z5=T3`GFP!PaMY&u2UBMl1bkw=s`wpDLNXp1aWG1wgHlx|0VU0w|20
zL7VGFa09}<FVD+?VECg~0|QrZII;bGYKo~<cN%GL(QwdoAb$sDa&V%8R|&{E9Vocq
z;wr}p(&(%U@0x)20axu$aoA0s1*U^RP0x^(@eR|S101Q{Mh}hvf`^6w95nAmYMf-y
zSv_z<1QEzXu)v`oC@Axi04WGL2ug$swL=uS%c0$u0_R<X^h+b<8RBE|Z0P?n_LX5(
zu3Nh(3L;2%iXx(PBPl8fQX&%4NOyOKAgv<OAfO;f3DVut(gM;YOd2N5<c#TBd!O(8
zIOjS)*1p!dw%{Aj`#fXZ<Bq)*xGS(PgfV`snj>S&JrT>Udr|x>nQzM$6m23k_@vcb
z@aLr?O@=%9@sh<-9&Y9{r+culeT5P&;L;L$4?GMip}y;+b6Z4Y0{;mFubMr17)<t&
zHSB@3v~*|HIB>GTZ3Q&SFz%5Wbp~QMSoLkY!Bz<W1!@a;=CBXS4}RY*`hdk7VMO7K
z_=c=8PXx)@xTVX<nGfF0v0_^>hR{bpI%K0tN1W+&Mn&XDuYL#*4_6t%hum){`ab8C
z6d;751+tl}ny?Jla<81U0X7Nv`kC=jZD|^R>)g=BoJ^#ewo(F9M{s7$%^kPwa7B#t
z)X5S>N(0~bKG4LHl8(+u>az<rnEEx|i)>aUftmTjJF9hP5KltE2K@x6GCqE6u<7pX
z>U*rjButxiJ%~`pexG}pBd%7v5=f)iA2V2hAySZda?5ACB+b5WC(azVwPK^plTss9
z&a#M1D)#fx--aM>rl0Fw%$FC_pYt}=-i%+KqO#MhM^xEF>y>Ld=bzy<7sZ*D41D(~
zA1Df#?WM=Ov*NP%i<)3_NLh2m*si$EKRa%kD$mtPyVv8-AE7m2MON2ipWf4a{xQI}
zfO}s!?aJWneEZJbRq1k@$=9Wv{Y#?0y{E~}vw58G(ysT?CuiGFo$>Bn+W1Y3+I@Tu
zjhkOYp7yD3WEqeZa_5>ZE!d?0MN7u=HkCTSvkG5NZn~hvy7yLn$>Of$z=lQL^1BUe
z_J``L8&)e?g;c?y?7RTuW0$Vl-6a{*Bj?Xn53cl+Ez>4zDNd%y6Am-p=42TB8Tx3x
zgIi#o*Qay&-CsoI&~!1mh?71#dr!j-3)a-O@<~IZyMs`bd9+-472%z*h;L}_d=TL|
z^?=rI39G`(a04I3?d<S5s#UecTmC*zbgf08IO6vAH~zis{{!SHA?W{yGxNZUG+8d!
zAhF}K^+d?EETyL(#FHv^otF)lFPZkr_6d&{WbP$*#X4*B;+ILx+dCVaa18f_$SkJ~
zV~f@Crj(bgpY(mq{CtU>PREylnZY!XP7LK5=MyQp?7X#!@;NcR@efYaBJp;Qvq?9t
z(7Se%B`o7*A~Q6^gM6So_>!AgTx*^P?PW$Ti@9D=zH_y=IIQm`-E8#YM62+Idi9h^
z!N+smWuhcrqzgN{?$cL`V(nmqWalv+=pH<3|1QSE`+6JsPB4&#k4S@U-<FI?2%$R2
z2j5_J`{)a<ML2EIpb3ieg`jv^pAT(xd!L7O3huJP9jI1G7cuq1&vTOnMV_lljUp9o
zeKaQSh6O;R!6;Jcxz5?m{|s6Q29zzyoTeV+n^Ob2aYLfs59T$5p^u=VLUXu)#sVph
z>kU1N4!}-_1_lQ5;A#TMh<>7(jUX7C!v_jq&=@oiz)d$YH8o6RhEWyFNYTsy=zXdR
zCfs3cr3{e**qpuBC-2&FQ9e>tJ;`cJh>}w#1s`%5Fkgl9mNK}1c0WaI8BZIrx(ce5
zy|ppkTPb@UqFQq1rtWDu^1Z@BTGXb4{XUSs0rr2O69ffyHl3a@A}b<Rv1fZ8E(p{s
z`wH<TbSkFKgRwlmzs^$na&kL2bgH+EjUaOy*6*Emm#pu-A6z~3>G4BknTUai=X~cZ
zYT({rnNDR^^_+GT!s<jQ4PaKt)sdENGj~qbEd(!{W-hR)7;r!lDQ`l@wCS6CxoFDI
zr@nsh78`nrZg>2QCDYI2C>)74pxlo}j~Ugv?9ipj*qEvOZs7ZVt_a5slO%dKE%siz
z&#(}n@&bC4t|2(T05<{Hft@?9QwALaw`vYHs3G(LX29iLbGt_n@PMXK0po|u7d8Dw
zT)QXWGN(NN9UL`wqPV&~35%>BN~|Z;u<$5lZoJh8z7$$c1}uh^;ja|oy56z(Rs4L;
zj!R}1<3MHw1FR%K+F&<x2iy`$MRb!Lke`o78!z97KwbnvUt-qS1SXJ3ro48q@u>p8
zZD?w$s#3r7STo;Ut=3&M^}WY|o2b=9RV*;*(Bu`oX4qi)$|rQ^MsrnERo8hmYC$7(
zUsbjG)!6v7u(+kjvLUORJ=R%b)~t)?n&nRmo$pZ-TzGKMg=Kt7HdPq>$=4$;&B_Ux
zMsfLBS;4?2;|7_6h_5MOmbp!JDtrX~_ixVH1wrt~NP&(V2wXv?{5eXbtMA@WqsN*{
z^*TN2h<#3OVmI&GB2R4%LHy(sk-ki%XK}&r^&_eZ?d*XezDTH9p=)7PFIZ6OJADf!
zZxn+BST5!0gp8onj#7{oV&bYJMrS|`m{>21o*bW=-$tvk(Be2SWXk@Ys&%5_Y=|7P
zqmSN=U-vMVpcpY+z6Rw<ibMXbLUW2>`&^&=-QUWUDa+kYCfrfUo3aRx?*-mp<3e|r
z5<&3|s-kuV&xo)v824RW+x?)c4qp@umWymAg#m_?wVMjv>wDvP>z_>qWqw+Xy*xsp
z2|kvf*!!E|db=IpE_wPDJY6Lw$d^EL^l|FX23(ep=L@x~h(r{oDV$%xber35uh<*t
z8t+Q?>sp9?Rmf#AWY#Nj?v<rfAA~kt2ycz&bLSZj!T$y(Q)uwWuLC#(LN04Uz_6On
zN)iX$0OVQPYvZ-ytOXUs3WI+@;AdO6Eer`UDi=x8`W{~=Y~aEJ3Y46p4F>=n;FJ$7
zEvzWuAzE5m@_cztD&LIGI!CirGfkC5-hgiVAGjN^z<;_a2x$3+7=JQ&l?S$oT8{&h
znU9h#uBY&pR19x|M##k*W~+SErGds=q3t9tqp10IG+Yil6JYAZp+RSh!sOv&{xt@a
zeEj@lk{Je+E_RMPM(n_8GD|cme^w6RSq_!()k5fO2D*S~$A7P-nP_fi#suZeMq;5k
zH4uzlo+d%D35-uOFqQ__a2VB#6d^sl0k0*-D}&Ncj*l9hlno&`{y<RX0rqP3W8jDl
z4GsNeGQFS-mK3Eg--QveS)z;P8y!9M$4u|=_VYKkf!+ywh>b3NkAlJ_EzKXj9rxJv
z0r7<E85kiiMwA052y9BAe0r+dQ#UpUn;Hx04ane;Qg%CD$*x$<{aU#<AV($YRz&v+
z$O7Pl^rO4`dzayGk^v=jRG_a!6D^o~dK6$6gSYzStB9<N%Z>+#nV>8K2le)7hV079
zS0F0y!<XS#KrcWb6#$1T=E#yd(qB4&U9v_zjZR)G4HIb2&~U<N2`VLXa~oy|_jNlt
zih6V-IWJ#okPir%a1Mck4+dQBS~?XJwM$vd(0T)%@zTXe7Xk{zQX{Obj-H-YE|i4l
z0Ud)>f`r{Euht;$ogt=6#1H<YTnQVHe0qUZ;O9f-zLJA9<l3ud7Xd<=*8u}bk8Ljw
zcoGmkyTbIzHf8eY>|25{$-^t^3;1=LqpX}C#u7}^61-E5>UQ}!A<&kDn0U32CO6lC
zM<VU#&!_Ut)9#5104Cy|O^0Wh$Fq|wrV594%^HD9@Vi-mK>RNaFx&@Er5kK)-LCm;
z<g_j#0!fjlrzDU$1KrZi#-kUfUmGi(EdP$m4g-O%91s|IWZjGfq)+=NPr@oU>rN`q
z{jpCab@aQ8ci)qqe^XXgc6%N>l0Sh__o4R7AG7lllM)b@D85OG>CthWlmdU2#>Pev
z?Ir<)Zok`8&IN8_O*g#=?o#txbT?hbMeB9JIi87kmy3w#t<~weAX@+Z;K2j<@LF11
z`#(xP1k6Yl>O06y4hjk?az>E*B#Nh09J)CaJDUCe#EroVCZW3@dL9Km=2}Yij0eju
zBW)Le)~VQDRKBbEt<9!}o3B~Q3>M?Ibw|*C?GJvEB|)9e1fu-`p(_l)dRR#H1TkWL
zXnxEG^NNQD8&r6;OVqz@T#a!NcNJ6a&g25vQtLXMu8I(_8n1W@YzxQ9A_MTy3kV1}
z+?cSHwHSX7M9dPi{s&LO<o-zLW9TU)K2q*CfAHWT74H%~FfW0jdd)Sm4!1lPG^(~+
z<A_4ul`c*gu`;spMI_l)zMAROcO30aVbdrAedEj3_IAgEG}I%t5qlrh(d`ET4=IJ6
zSSsBs*|dw^ydNTkB#xek1QHLPJ|!$M>4j<-*ssENy8wNGXN4gjB?~(%+B(KG)%!#8
z8ZAs#x<Gy11W5Un#5UjryRF2kzm5(!ZR?Y8+!>O^BA}M9^+0M=8R3LA-fxde0df<a
zbY>{p(#p2}C>V~o3>K_lJgNr=5qP?12tD(W8Y(!`;}uNk4|mgWuHv_8jlHY}o4uu;
zl<*$4#z?`bM-N`!Nb^3%VPs7Il$G@^{(Vc{3tsz5?Y;GhI8bpmG5n^Els4%;Oh7wu
zkW;s%F?hX65pgMU>mYs-7A^ypbbC6kj#~{E>XJ_BQbb%0))V<b4jFcMj6~ZX02$FN
zv8~D(0jzj7D1o5GACth6;NXY?o!~A!gl&KY!3cv9><`;92~HF4s4zPM9cKKy&BMMf
zPScUR1Ta_oS)k*I_PB=^bhLyh?EeX2M|@U8KlCKP-4xE6m$Ly!w8BoWhlWUPYS&$W
z<Jrbp&-Or7RXVaR91wz!=G0K|d7Z2a0x3+`dG*n=XT-cdsgmHv0nhX0OoJq?s2iAk
znK<6qyo8B`|H-tk>!^+=S~}(}TxNfU6!rX+XPk5-O^M|)N0rkG+8$?Y;Pc-4X!LCJ
z<E`y>1|o85X(*uHzJ2@YQ&y4H3Yd95qjKyMBPA!@+KouN2VQ9GnxE{!pN!XYpDl`^
z?}n&oK%U`?-{%dOOw7#O;JO6{71HwZY)418i=K;vO%Kx3!O>x5yp(lx+79zYdlV1y
zB!>m-a(1)qv%yd2r<|Q~@ob-&|JHNZ{aQ)jl=!1t6ij7|dJ>00b*;XF$}j&x6^VA`
zis$tt_ded+b`9_8>swB;tuy)a)ACd&A33rx^M(+^S8xJQ+<vi45e&$lyS!+;D2iMl
z=}x{Ecvb6iim)s5y-F&3`|S!Hj*N_qu^M+02A{(VN4Iypb?RBQN*YI3H8jBGpmO(c
zFy7N`;q7B?t!@oAHSjL!^T#}K2S>P-U*B%(DJILnd9P8vp^gEbGe2V0bzV){+-715
zs&rhMLAtpk*2}3pr@f&p=XKqnrT5z6{OvJeEuSV3c{3paVEdHODYuxfA$U1FRIypA
zx++rXMO%EJnO|y+(*=FIGwhGPxONjR>%U4Ju`wY2f{9-NGMO06N9)82Yf)Hq<F5LU
z)DFd>Xl@u*Y|Pe?Ca;{FTxewI;?y@o@BGx*{8}(p%ut%HtJ!W#YH4fbcHPjHm%e#>
zS83<he6-=Ut1n?G)a-6l|8|*JfByXWVf8gVKu~`JO*5RFy~(5mnu~8iw)0Q^!v(;)
zyuCNr2OGirTj3ON5Ck;aWP|wvOiM%}DDB0{BWPvI3nsaedVaf{tb_hM-h9yKlXbO=
zw(BGpz4sn>qJVYSq{;0ckh&K}MoLP)vuauBxcTebsnGi4^W=-Lt=DWdg<rzPE`hNY
z+l9#jLqkKfTcY_GPs(Lna(ze_0&9gcY&`uRKhxzCL=(`fbx1`CZ59c+^r!44=n2}-
z#)pt(XDPb7RsyyFyrvtp5Eo!F<#9sy+a~sCcbSBk`bq!FAljqLvpveVpEF$M$&;5`
z!|J;WF-rD}vFgX3y7DL6*ad6Ox0EE#@ZP>vhWvsC!57JeY;MY|T7%YP0>mUFmBtG)
z%u1-Jr5+VGM1J|bckc0YA}(9IN)r7!Dz{U;_wND90kL<gt2zB<A6?VLMYkF-(Rw5(
zpFxE$AIG8NzWq5aG(3E_{3Q(@7HkGkZE%4z#llzFn2P->gxhLP_K|V_4fGV|K!q8t
zZkdAl1zJ%|AR&K?iSNC-o@Zo|O;spJPM&FNKLS^e6k(USQV@Qu4BP_CHtr4E`4?c$
z0Az{mW=XFzH(j@FDPZ7*jLt9C+WVp%6#y9gX4F9(kSAG#9GO55z`#4>B_HLsTMb-r
zn)yT-J5XW4tu~TYBDK}Bu)gs%;_-~bQSbS3n$HdRk~V8jIG}xf*|R#Fr|~TSpH5__
zo40S^i~Y@H#q4@xjnk9=FgF+;5!_Wt%m)62<m}1=5IRUccj8kF$?R;g0e}O|h=sS~
zIM`GEv&P+#RBCpn5feVz7%+JlfWzZ1ue)VpaQ_UAp#>KlH0)@-5lD%erpFIwKn!DJ
zgKtyb2`)D<n9!~D0DtQQ(BDH!*~g-fejGYg#c)b)R37N^_23@Tv&HwA6i3nBWa0~g
zIo*Yy#m2&rq6xLM!`4s6RJS?%&L?s!Befz>i$7FVg;GFLMusIcG&FWH`r6uLc^sH*
zWL8bWFM*eKPsc4$aM~?!XU8FtS@2e+JFmyVN)OnmG{Z~>oGn5muB(tvyL*VyC-Rv;
z@bVIcV*_do7$hjx{_y}v6ijHrG<LrH8qJq4EVtS7Z-I&5(v)ZWoI~XwxCRM@G?-#k
z)_2)Iefq{%)I-LM#hhL17*qZ0a3?5kUWY|x!2ln&0gwHfWV9g}(gRqLZTehq0DW{A
zG=jtrD816!!1v=tofXykc==5>(eCNmdYx()45r(+V^X|-3+h(vR8Ll$5`<Hn2c9sv
zVfd-Cs=teilY@aL4h~N1ij#rsFPOk!H<<BccsvIL@W+oI7#~5w7Ze->WNK+Mvn%Tp
zt{B(3?{xSk>!QG{cYbq<j+8bC(u3enF)=X}`JRi1$%P#`%w77O`$WdB=-eNxVc&X!
zl1tyOULKScZ{y=-9z3{+K_~2Dv>ZkE-C{V5+}s=^C^(pynmP=)D=SXWs9*JKwaUu-
zPAbLylShmW4Va)u;J$I*Th3B~YISO)GM2M)f`Yf>lGm(!j*N+}UZszI0wqzE^Cs4P
z4-eKd+v$x$czbX24BIt8Pzs;yp6fjZhz;{X4l}{00j{<Ydk31zV)WDkX7@o3($UwK
z4KOzjNnOLD0}%s7JEZObfDDDtGq`a#H=(ii5=yaS4uH9PlCpmmNn%3(?>%2<xN5+Y
z@Mk=qH9g$`Rtglg_QENbE@Q_ez6)!gPxq9@g4cMFkc8qPfO}9Nzl3yWP}sy|3}%N$
zMlLq^pE-RwO+^Tr-G^gc#C7A7rTX+ydrQl^`1qja+3TzbN{}-eFNTplfBt^nq1sM3
z*=c?J^N!|cNAT-&R8(X^x$pdX_?Kcu@RE-jLbSeHk4E9>`E)FFsDOP0jh%YgPb@_q
zHL%uddWBmF_Oa&u8LtXeM}ZfUqk{H`SsyPwnIwM6ocXr6m<I!FHYdt#J_DW+6#UA7
zj~b?|4YPJ{62}9;Ch}*Qf)=`d7EX~*6HfslpCL~IPW0>R_wG?;cj5R=Ebd23I#*9J
zG2c>lI_87@qHWd=Z9D}gi1}LO>97`SPNqD)P7jnSHmVHZ2pBB0)@lQ{v)Y21s|^x2
zy^=<(<9SV8jJsSJuhH;b=jMKkt}^@TK^QM8qNDANB&7HF!wAD5VS%KcX@~4SP7Fv&
zJ$;A??FWnB9E~778JQG(eI+J+8P*dnj~+iB{Gx0KRW2lL;i8xQ)@wV!>+dBegf`FW
zPk`g|($b*^Q^h2TyZ2aV*`((kXb26Cij65FrO7!o?uQSNoB6G7FWwYj4u*{bJr@Lq
z!x-qb($mwS#t-lh#Igr_o2S~^YkHksHsvR~o5;hq50<(B$i~5U>Uefd5RMVt24Hhg
z@gH+&W@W3W=?0Ij(YWSk&$?7{vtYe6eCgGE$qxi*nUoQ+^9gh)Z{&-LMv4WX0v8+a
zlD9=vhF~FS!1~WWgQY^p1|DW;s4RSJT>Et=hllg^yL-HSL}XMeoFOT~&M!A=Dxs(V
zvDWL*P)39XIdnjmK-cB`-C~kDyV-wosS8L`jVn&iqn0HGMVe-vh{@@r1{aNXvlKAc
zG`JYbS82wdYP`sT{DUWe8#2e>l%I5$%3CD1Kns5~6G-5`Sm^uNa@0m6Pcl#Y8?hh2
zE6)r{j=D%13hPl%LZaxXc$`>_jTePd6mLK}<NnyPov==xX6^WN_+^EMs$$?U{qm)u
z`A`Kn>}ZQIO5zaG$B-@+&If2!eSuCm7*ke!YMG{K)aNQPACy+4Ad7)o1iW@c>1`K9
zaX8N1T(alo#fG#B=<u;qI~`2Q$GDT&nfR@rY>InR32xY;E0sFoHK&(@T|pBHQtp>m
zR`N9}n-27CrcvH&lhq+0Vt%IeeP)&M;nBq5b`AW9w$BlnPzwG?!3*4maehniEs6cG
zdwxBE@Gr~soS)+r&MY2Qpzlt}>({TRBl!<{u3FC;p>RHMyy(o0WsMhfrLVU>jf7@(
z3o)+uqUMkRdMQ7!|LrgE_Jl76q!nNWj!!EpV`atG-`@{Xvf!YWOTKoSNVh{skc}7c
zran8~&(u2DfRzXCx=#!wFQDCW4GawOH0lE2baot65H#eYhJ&6TFr)(|H*z8($ulhE
zk;MR0v12iuTj>VP(x54U^sOJ+zUM(Yu_cX<A3vUVsJ!PR8V>o=#I&^Cv&|tndi59L
zkbfHAcFQwEdF%dyN_}rtN<)K1&*$D-V3R-#dvSJlw&tW)1WkH@T#laly!Z~IxrGid
zQF=~=L_RpP17RBiGu3<V5@bPokCUr?b4s6!ke<F5)_KKjFwI&1FOcre!xjU7o%q8L
z-G}g1f<rM(NC{!RHR{hm3pE43htKNQ8!)aq9t|wh%!h-j#Ay4aNl&sYoR<%S@jrt?
zuBqwbIJiJ)Yturz=e5;%67=fToJ*zIWEDT`tvvQkEuFJ?CV=Ony_=z|$%1nm^lmUL
zmywr8TaSi?IRM>F5(b6P&O+Z3421%^{W&sO6VUqe;jQHJ=cFpkzK=CE<zO4Zl1c~p
zGBDtIX2UsI*jQ%DCTwrty^Gej{)F8MQX|>{a=U_m70hKXXAiEh#?cc@d+qW!HZl%{
zM=|Fc%Ym!VCshyD^X8}=6<>W+P30qL>38oJXu{Xvk}Sqavj<ySaP;0JB*;e7i@_;w
zvY$5w!kajoN!~wTP*myeo-FR2STI?otfuxv*M<X{nI)Lj@>vYU!;>lo3o2okH5rh~
zK<&e<C1A_U%}5l|+^bsanVD<D?9Gq!we<nq5*)E}aK1px`KG0X>6waF5!kmuEsI~?
zrSQb!F5njE&H!yKd3e0tG8CS!kR*Vj8bAns>Fbj?Z+Uz3agipQ)9UX8@Hyl`+0L6M
zOuf5+iKWj+&3fC;@olVg1bGho>xhU?@VwzTh=i3%Oi!<9VR1Dlhh3w>?gDtiXZU!D
zo*f@7|9N}U>uB*2JYK;`FA{@v1898T?Cq(+x$gjdbfTcGBAl@ku2$f~W<v{30$Cj$
zP(IloZZQ%Qd-3KmK*b6gp}`VUB{XjhJQcwIkQ?rh36Qp}tt-&D-o5>&gd1!WK?Rbq
zxA-V;<a$%{O|#fk#p?a_7vKX1YD)0QkAY;olBFIXDqesYZ>D76aSI%_iHUbfno?Tp
zg&Ao979D?e3i(A9AJWnafo`h+ni&Mr0zE;i*!y#Up<AfF>rtE7KEHkbH8(daH+RXU
znm>Cm2f{h?YihJv+1ZD|!8<=i)csjkM@K&}M>6Py?CwugI%byv7;KGP9oAG-RE%{x
z*Kv2M)J|-k{h6$2n&L}~A979^(wsiFzJK?ez-!&1k`I2XDl}}qP+~7RROVU@MuSN$
z$dblw>(8<j4(D)t)?F-Z$|us4#1ulBXQ$QA+2BWDc-u2;cNpD&aAbb$WDW9i_>sg(
zn*#<Ac(dwF@GA_Snp?sQ!b+eA4y-}A2vu>VbNUoT(?t{+O4K58sV~##8esk=C1ZTi
z?JA3!U@mtqo|}6-I5bEgItm_B7J$S3gaC61TlzwER!+`Q^uHH+pj1_dYjka6Er}1k
zVHoE-miOh$mQHkM&7Ttr3JOa=b<kH2&Yz|Abvt2d8XAA<KO8&fpr|<Fx_t5dr{$mo
zR#R4nXW)W<=5WTl($hyT*$JJFLKwo);GhJAlV`MffAuZ%iSjr;zK5l&ezuD&{^E;$
zygl6IudBP~u*fP>xBFZbnP>decipAB6eb$JQ`4RYI@VzKfPNCWxvF)2tL=z-k-g*0
zII`hPU)#iUN2KEwHdFsawff*=l>ZTa9)<s?lu{qvn~*A>+sB9o1cRGS?&jBQGPeR#
zR`ufpAiSO}YO4-U(-rDToO$BbsO^AmYBM)i?MTbMPF}M?IMV;3>DBy>u_#>8f8-F!
zL~g#HT;CR;QhlPye)R}Foe|PXQ5z%aUvV1vX84$z&&+Sq<|YeEMJKWKv1P5Nw?6&e
z#;m{PT?lU;|86Y@pVMhq*vgUPQS}^+oiN?u@!P<`mA%6JJf*3u=$j*bD(4ZrCus?I
zeY0E6*7({ITDGCWyd$UGM}PL{ulO%x5R#I%1c2mJ)a$i!?7SCJ^p9aJ(g|~y;a4W3
zU9I!kl=|j{bl=CvpEUiKtp$>foYytWY$hLgonig<K;(lf@lhZ5mKUbP&8?cf?|U_B
zec3+r$3cE|vYiq2)osV)WBw;2prbf|nE)4cq-uczvN*kPnZDwZ*31EAMO{r@eZSeB
z9;?Ex+KU~IEp6o9bJf<D-<|;sqpqjWG{0>(W-L}Q7sh%j_h)5v)2baY{WdkO!J1<<
z!67GZy@3(WAIW5=bKKx~?RQpMl8?^b-k!Cl@n-z)k>cLE|Ad7{{=cthxQpN^qV($N
z)J24Ui`TiXs!s{Rz(t3{UjIUY?)_e}Uw_pLud85S@~NziNNI7w3|<^g_g4lQ%6M!W
z+?tR<zR2&L&MlUGNzWD!OBM^WPO&!h#3cArHjk!Et0rwc_SR&lea-*`QKjd(ltp(q
z=G^0pJiWXGyG6GN@2IvXJNi(C92nnPL_=R;{<p6l$NV}W<NG+j3k#M><Il&V?rDwX
ztkgQL>(NX<B%}ZjW<HzWlv2uH)C*JV<*{_T98=VhefjGZRqs2-JN2!RWmyQ%I^zOn
z{^9Jz0kMe#t%>dPsMAnK-peRroE@>>O_}}^jvE)VCFpk8%Lx%lMjtbpB(NS{bV9Sa
zUhnSq^)`~YO@A(brdH1&qLnzTwS{Thi>ZZgd9}<!4q-K6vC3^%;AA<T&2eIpD6OFp
z?`!^j)qneFslKcRF>%pTf)WpFZhl@_wY06Frfm1b^~kh$McZ8{jSumztuhM6F0e!{
z3~4a;9f;(zODsE{A)fj4-6r6#JuiIUv0KTpEL_Ji(OTaIz@~Iyz-0dRQlX2krm^9O
z4}~Q2<;{Dk%rElQVB*yU28xv6un3L@a9U%PjA_ruXrgc8%61wNr3NKlu&?ls(dho@
zuc;&F17|7pOo*6@;aglNSKqQM^NPt0iPK$9a({xjJz087-0oM0dL|fLclFiz+s-VO
zH@~iRi+;pjE@iNS=7yd9Gc>M4U)7^UHYx&7Hmak+Jn}sLF9GffBS%mo{oPX{0!oYH
zn)6|7S_(~tQRRZq6&eW*f+O0>4OYr_mV{OTRV~9F2zTi304Kk3=T0av8V}?0|I4Ik
zsZ>oM?EQLy+AV$L#cZw;-cz7{!r%m*mcyOY1CX3dxy#?%ga65h!gC(G!$o=EQH%1;
zS7XHr^at?YalLdDj<^T*_V%%#**;nRS1hGmEqr;|zeF)OD2R}p99|kF5C+g8EHHZj
z69+t4i$p|3K_MY0?a6Y8|0-~lMFuNfbA%@rijBL#%;5$*`!z6P2SZr2KPBY4-+)LM
zIuKPuIO{-`0u6Lb(A84nIeTCMW9KiI<bn3PRa$-kw4l*&gBy8KW<`bmK{7HjC_%RX
z8$uULFdJycX7FkNjm+U}2m=%gE%V!_w|6=J^IJ~)zB=03@KM9L20%U!@Yb4|o6#w#
zP$NUZEYC~=*$6X$xG%3{r$LC9Z214a2W;on5&XJ>b!hW}p${#8FQgDeL(|O076Hc-
z7dXg(f+&)j|0U!c@DL^c=Y=RgcE;}&gUsjIS*BaJwxJMoTphXtMLPQO)?F~|AXEuJ
zJ)prEY|S(RDEMy|fWB{`5Mk_P-9n1+)+W!*+K>zuQ0JcTnGXa(we;+-H~R%}DVm3A
zX7jp>VW}o`lZ|G4sQ>ehRqP7NeE{Vev&sUX9u0j!(+U{GX=6o)(G5mMf6!+<S49)b
z{(Vdt_^UPV6Y1kANJ;+^dA*Jt;24Y-^ArH)f<xu6a$5#8O)Xmdn1xQ*2>^@>GH?DX
zT^q`HVrTQTA=B?7Ay-;bT^s0hvj7nUOZ2*Pl;_KrFTr22S)XeLYEzhtw7e#Q4k-?d
zI$q5G6_}y#`U@t>VSv2?X1Nw-T<{<!KfjA-tu6osirFz}7t7bLuhi%kp4UQK1+e|=
zs3>XGVTm2lzZcJO<wd$QD5vTJalHI1`!USzr8~8$Ly53Nbt4-N!Ceeq5y&u1f!7N~
z@3CvBd#x^-ph-+j3?TpmDSwT6DA;3idUsdRU*)pVGt$fD>Nf{0^e4Z_klr8u*!|gn
zFBzu*`F9}z&iD4i2Q|Y0khNqFhK?d)|B=a2ke&I+Y}msk4K3&$(HIO6jPOM|2!1@O
z`c9L3wvF?<Z`N+cPN+BWO9snMyBr!%p-5>sVMKqCRlc|I1y-={gar^?S?i*Y*Prom
zKD+*pfX|*Ar-lKod9v8)Lq)#H8Tzk~4_E$wsNXLBtJXt5%!-EpA*JKs`XB1K|HqHW
zQwU?Cf0!`thQc6_02Bs&4yJq^=$y}X_xe8YPrM?Ws}KB-Hn)-C_eD*lb=b38GvZn^
zT4L7;@P?3vy|HZ)F`EtFEj_#o=8>mvwNulJC0R93W;k;t@PxH=a&)J@#(k|CVr4{)
z{>xpmPu-hoKx{+B|Me2C^EDUDKzr}=-D~ldD*P-v8STRU{=G+D()v?)Sk0Sd2+`Ql
zM+7ZQZ-|dE={`Og>*u>xIC@eo{E2}?rt@6|>A&Jc<;VUP0_dNELI7G(?j!}kF<uHJ
z`Hu4FsvJ0r<pY_q%xe76ph*uHcek{)5s{Ipes->^Dsc{x@Jzk-M;0KCu%>{EfTN7w
zNgFN)qU8SeJm5Seq_o}rHy_(o>OitWqJTmHUN;DzBropCY3oN5im~)T@bUNW@1gc2
zp`r@yH$&@I65J_E#vZ^}4F>Np%!Tj+mY-kV+UkKj8->WfFJ_gc$g-eOUw@)3-%HG#
z`10k;lz3N_M2|?<$6dEJag+J)4+n1ciJyr;a~t&Okx5@-2iTcDhFv|Dylu5No3$!~
z1sGi5kt+uqD)h@8?^@4iDwp-PB=oOzt0<&td3&A8af<i-soux}-Oz8}X|bWgX+r4X
zth8wbr@U}sKDodCl|_cqdFAR_y0V&PCv=ZR-Y0<ZSm9BN#!Ez2h5(;uyGKw@863qr
z%;qZ3J?TT58v&hGaC**%mHGB$!xunQ&(1)4`~I(DLZf_qy=SDVcSF%zBFE+9vp3L>
zgK=Zc$-dTaw?TG1N})GEp@9Lk*GanlsRlV?dOEy|i+}+KcNk>=P70rVQ&ZEA&d#|%
z{h6oc-D01z%4YUOq?HSG#W1YM$j}WekOF{K1OUeS5AO+Si30%F$;%`C%6~;l*-nTS
ziV47b3=GmCQhaXPLq<mCkuoVfy++g-w%gkF?LR-i-2_Yn1K<!C`oJXMGqjn2u)<4H
z%qCG7{PN|?N7y~<t10ksa2l=3X4F)n#ohAdtbwkd4NQ>dW1=M%Y&U)H8yUUdY`iou
z;GT1pjhDgu@PhH;VvV4UsB{cYOh*gwj@*~m1uG4Q%wXj5P)h0^H}^NIvG1Yp-#-^W
z{9}mW8|QZC@!U&wOFMeXc-F9hexn_+vmrj%w^A+qE3?d5urRR#FI>Jhjj59JS9D(C
zW~O_s^$VBf5+0yT`oFej{W$e6vj{nd!QTbLwj7p1eIVk1jDZVvydwu-v0<skuX<kw
z+qyFjkuuwx5PW7Xae80Fj1rvX_#uJo_FEz%nA^~_s9`OA+*&(7V^9)15^{~I3P%TR
z9kfShgOLZH#qW4^@cRPx!ZDc9&of6RNVsyqdgW6>Z|ewfsmFw=vk^>i0FU5;fv))B
zmLYn2Kd0x@XvGbK{iFJ2z3ZDTIH_K9+%UH9hNItnIvo>ofXreoXOI?tSg{8_P*1?g
z41zg8%XE7H{Hk0UNA!*pb8=ksAc%ou1)o8@1z}q!Wu={bewG6htx7rdVEkGvKOmA|
zkOuk>3=o?DGXw%NSqoPc+}sW?-@|4^$&{kX_OO?*ZYHYF4~1$2??uSI*ze72mbv*k
zKr*+_TUy&m=!q{SQapWA@%Ln+pviZL+W(zQd*kMf3vgJ#NsVFBlPdM-5#(WtM4g<U
zUI)DAV?_lN)n>mdxB*2bzDCVwG%>;s6bwxm<IHbJL^9T@vRVnyz%unZKQn?N3*gPd
zei+^Bz0n$bn$brDY)URlubApeZN=bg42m!fHXHiF-7KxG)V1fd)R!V>Cv&AaB>E$y
z{(uYrMO9U9Dg{WUTk1}1oiuFQnyT0idi;pXcS;*RC%bBGJfNVYx^K9nlO4dNX_H3#
zE{zm_Aw}F^Xl^b>d=Imgz=SU<obVjE_hEM~<Ayvl@9Zp*n`o{r+dZ`Jk-R+K%-4s<
zE`b>kX44L->Kz>rC8!fmLO4gD=Gj%5H9Jh&B!9P_EwwF!|FQXV&MU+E>Gls)n!0C(
zZ<}yY+KH?&m98j;?3tL^i0Hq;_~(En6O*xqiL=}XHmvJHLch*^?3IbcJoYbr1WZUH
zPfd}69Kgdz=)p}#N6#sHC-4mO@WdmeZ|W8nhRhj@d6|DIwdyEapZLjVSD762yo}>G
zN`1?t=8@EBCP2j)UZ|DZK|#UqQm4YUUUNM!rvW`{ht-G@MtG~dfdM1YTcYoUv^S^A
zbVPQP7SP{_`q<XXlCd21Lg@cB7pY;-Ww}aCZBp_Ih(LH)KwcXorHK0}b~CfHlsJz0
z>_kaMz6E9tmdp56rrN>%e{dy*oj1CRjph7voqsI4kWeu6K~UV>G;=Li%jcP7(4%3I
zRP2nEqaNd%@VEXcex~ge_F`Afv7H^W|F_Lk(i+{!pZd7ICtD=C-uniceAW?@D-W_R
zpo!Eitv9%S)$CUpoL0H8`?_yk7%wxIvzNtjjiQ!<4&czC=@KN${Hk^(;6}bQ8>zY1
z+ImZ9t!@Olvs2u;u?l6z&%5nI!fW_7iE)7EZMQC`!KU7p8{5TAsi2WZPCaDX&`l)~
z<2!e$-uhQVgMZ*tvAY6E*Px!sV6oDuPgTx*3>B-aV)75{>ntp<BWVPRKqbakC@m{{
zCo+kzaouHiU(0qN*V%HZC!zU_K-4eG{C!+(devmbBu6Lf-P5ij)u<OOHst^p%1e{H
zc+q}%(#}9aOWFe9CZ!M$3G2jvxBzB^3Q5c-w`*cB&IUenrjt`pw9kAkG&!Aa>n~Ye
zte6B8v3v<|^cUZ}?nR64QNXcmSTa^I+m-}5phgT5y+NGfk5yHHeez(`X7aOqX!um6
zsiit;jZN&AHuj3euzn}=i^httS{9zaOKO4Mk`Fz8qoeEDP|jo#j}5uQPerTvY2}~q
zJ-p#X7f@$5&#XmN>eHIw9Q|nA<-|tLdUi~3osaK*&a@KxYu>0n@56v@f>=+2-mm2o
z)A_Fn2%l=Y+dfz(uk?7=0~ju~j~+d;+miw34AZTN;A<M)<n-=qI53FfFg7;UhHeX9
z12hCOwz0tDjhAOeZN8#70#hh$cU4=D{k71pbs${$<mr`1Mbh|YdY|BbDwDZ9v#73X
z-03=9Y_&qXLFdT;uq`7{&!A3dFcL5*)s&U9^zV4?-lgHL7dOI_^7^$*o}?snAm1F@
zU8n`kn;iS<?`vvy-6g^5T4;<bXyCEy`k^JOWZU|Q^Y+~K7wsto`b4HYZw!$~ZD^?#
zXef4lSb^4+pu9_JFss9AtOf_<InBY5e?0vAq+UxjRciH;T`p`7ydxB`x1X|-{6%?b
zV5=f!Ax+4?!>ZLtU`|=}w+)y<>GLI|2aiquEnQJ@mlfZCRdR8jSa-F9f1ZzR7SoHJ
zO%61U-a2Ruq2I5sGhWE|<1}+W4ZVF<$dJ3%R_#3@0CUfkUpXWaD6ZHIs<;b;uuilf
zlA+p53^~M$;uCgVd9ci(gF(q>R^*$utmoBnUiA>h*|oYEnVDxt1JSl4dG`wI_JuJ3
z;uk&rVTd}|+x6MW$v$h3IG@S9>)v0ZJ56j+oZEMcv#1-K?N0FNPI-$En>3NqXttDc
z=H`wqft>7Y%0b&12m8th2ZxKZ=CZc({aufuiMvH(e0P&Sek39%>WG`CH$LW^xKmi<
z2u~LW7q>k#SH|{l`>ma~7h16Q@gc#3i&|Hm!A6gZ@>ItGQx7regB*o^BC}tnHl7l-
z-F4$h*Aob>U^zP>!02VWLl$3#a`#`kyu@o~RqYc|r_<-D?@?#1OWL|s{T(^#k&3zd
z>0H82kMSa=lirK%{69uql)0BSh7oVT+HAIaRoTP+azfXA?V456<P(-yvNno58qzI~
zbkp-B7B*KqmcG^>S~d&$u2bzGbJG0VLI|l6;8|QHwHPP=wdz_nDxFEBFbEaYOh<NF
zj)Rx}eH|_O-jOQG3MJ(I<AW1wOR)lv)IOy9+`#kNwdDMQq3^X>4!4Y-Xs@l(OIhkZ
zAC8>JS5qX+$Y7aa>CNmO2pd7(6ml33U)|2Ic!qA8z<@{{Y180gX*h#^R2135rOD91
zHWEMb3Y2aU7`WmXFgo9cU@`2-?TM&aCL6#zaXa`b#l(Mwap>b*zftPn2mIPs70I!P
zE;$vK@p|FRi{TF%3@P9FF)8?#+BWNZO+au@wVn03lS!{$(=5rNMy<d|;Y8PbpQvPr
zi}`!CUtB*J2;r}P@LCvm&Bmwf0RB}wxmQf9I%|&Wk>g-3!vOC&AN5t6@+X;X*W!=I
zCe|i={k%^I4iEHv*O<zsZ#9KlalJrgCj7%fwN>$+D{UC%w;mkcJ8#&tm{0?QE&AIn
z3^`@R8lzQ=iyGQbEUxu>lihDdsJ;$UVyctn{X%<gRHj)u+cv=!!rx?w)A-5k{dlsr
z*hi6#otIpRPrY_oQQW3C(9djJ?_(CS7Beuq#Cotj9-tCYdZpO0JWJfwuYENflhduf
znd2AN#xHKIA|G~^Rm2ZdC!gF64ahM2VsqOju33)}>S(6#>y76~TE7f)Ge2czsDc|!
zT=j=cNzO18(F=iaF4{qyeHt_wP}05RNjUX?HMjyBI|&&XvKm9DzHh)ZcOQ_XgnrDp
z_+0Uu)phyD1Lnj(UgO@`l6<erff<KCH2qaPIn!e-7Kf<ybH>QnIP&x0p7BsF+lc|+
zTydP^joTqWWl~&Ne47#z*t2m(BjhRS`rp5L&aup<Y8W#bCM)1%d?on>f!D#tq}TpR
zHU{uid}owlSl%ab*0P-D-3GxBXZg!OELbe*6JG?~B@jqy0~;FvHaR?*mH>KWJu^%Z
zrpF6dt~!FyeK1P_h5T{rBN4?Deaiy^m29xaCiabf(+rGyA7FyqQzZq_Wt=?#H$Wk3
zK%GG#W%d)z2ij}Bo{~Ea5<*ykL?x{OV^(ce0*2o-az!U&LrVXCI=`OVuDHO&L$d}F
zS?0GfxL{}qAjs+F1z-T{^Q5iRe8Hx3sZI%wr0xe}Ms#Xp+q6$+US0&uxB3xbx^A`f
zSxQOZZ6Tk`<qsSrA~-hz-#T51i;d-;-R&ELO5SeC-;a<YOt;SW%$Z$<S&5NTkiajq
zJqkU$!@$GBgh9yKL`lfZj6MdC#JaO0X~say6WJ^hR6#jxeup2u$gj+1V&lMZ#HM>n
zpqL^ml~(5s>2AizTu4i)jw{--Lpw}B9t>z=)n5uEKn@8rRAqKTA9)%8eMdEj16{SE
zLI^{%%<7evD%x3*PQ>|>Dq;jUg4^rm({>9#h;H1tX*N+tcjr!y*FF0iX#Tc<Krq~=
z{dy6Ci%Nli>BVc@&yeUjWc$+(vQxHyHWR?p{HB?YI&ig`R($g0F4WCHp&%xueFRLm
zdv048fMXNKhs!m&m;d7tq}{oPF&ifp4!z>b7UXD5eEbhvC|Ep@7LXJp0}BQN?S2a?
z4T$GR_jn$x>v-+6@n@(kFaSyfBExT+^7_&<V1WVA8?s|O(P~S8IWd6j2EDtBivX1L
z7+VClobIKt=@bXSp8&*CD}p&wqTauj{#C`(Fu5mxrfo5Fd%B>V!NI}bk2?Yq7qEBG
ztqlfLylA2*dekoBy4GM&u1*!lAz4+S@gE3;e(yS(#nUR)3dX~vz{WbhhM+>Th;H%2
zlOe@;(A)$FYDSY9cn^#cQc<D1|9M;PWUg7TeD#cutUn9xH#0h`az-;#>qSqwumaON
zy(Gdi0B{4qaj&!vGdGu*o~U<+tSdplT39Musl=tn0@!Fchnh=B`}zmkGFVcL^GLgP
zI@e;iZDPfRWka4L4>y>SQU><R02cu5hS4F~)O2|lcvp`AKyRPzmjAd)>B7h%{jXC~
zGIs4E2Ox`adhVCYCt6*nedNGG<X5$+pkKYz&sjS{V&aJWrZyNuUC=0XAcJLxA$t7B
z5KYuXXS@M%=NqJn16Lo1dg!1uqTGD&1068I&{;utPoYK>fSl`E3{d4?O6rk@l>o)S
zO_<~^{`$rSj~dWj;+EIv)VaBkA&n*~I4<|X#Q0ix>&1p+XGFzLC+h{sf)i6#ep`dw
zuZ9BPW<>3#IIyb;l2=M^5G1v<K56@BIVEFzj}?OhL6Lr=S3qDu#dcPb*>oLdAqrV2
zdi<jqfS}!`a84o`8ad$d0Vx_-mU=wv?dE*4W)EIIyMY1jGzx?N)}|Yi)$Xe~x9_mu
zNr&bwqH<XmG&=2P2a&g`bj8q2R-ms?37HWZ0@C~Ciy8O{KePxZ|86x#><7$aWr#A9
zk+}j>QLWprDhN*<@3yp`ct(KRAW(VAK*|iCQxov>-oL+eA4t~hgIWfB$K!<HcG>lz
zCkcRIMjoDL7ai@DW2Q&`?&Zsp1OniXBnO6sxe+Tqz#7fHL~t-ALhk3XKF*CgBgoBD
z24f%?%AR}toM{B;=U08+dmBg^{q21)sTxJYXNKmL?%D2w`Hn89u0p0tb}wo%XAe1y
zxy#<daLX>C5u4#O{Jb=SMf7M$1q03DQp?wZFB<46K(f3jR6_3o!~p_{o!9RT?PcHm
zgPqQaKG%D4E!U;w8XkRa`OXSS#pNuOGv^th-3DuabMsiqy1E`Sz6>h7_`8GseCw`h
zw^|tT%Zdx)`u`3>lyKQf{0TBGo;-XV{`Nl*<*XHg9UF_Tluj#d&r(iBne@AG*5^&m
zmRELV#n}?S2KXZ5<0)s>kWX%tG=|Fg|L4aT?PRk{YF+Ehhh406B(k%-WVvplw1$Q<
z7p!U@f5Howi~aXcK6owBJr-b#)6)7`@x!zKI==n?!ma;Tgf>r6F2_7^Nze1Co-ZLO
zUhwKfgFe?#h4f#gFM88vv~cO2(I)7w)g{1+iGBT(5bvr`3Pgrk$Foa53VQXD%dgp>
zUCp4~jOQr8<$lxuhWK4dv6fNfj)mBcc0v~R_;RCbO$B$En6mpn8?q`c)0%Wt4gaFM
z+tH&nkgLl3BrJ?u73+`8|Cs1})eLkL<5Fi!7gC~~fta3Kg%{<qu9Y896s&qvy{Im?
zKQy|Ru12!E+`F*PeK1fWXBsBg#YGkAJLHZ&&Ed))k@+`UTYAz}<R9-R4v0>Gu{tA)
zYT4@Eff?4^gIf7RFLKT1DX)XM6bz$Hoi3F^uLiQwh^0j>?94k?Z<qHj&4%KJDp)-%
zxpEV~bm<~En?Vg!pL?uOn`I7_K1PJJVZPw{@Hyv!?A%Lo4H&^F#h%kdwn==V|6`7g
zH9j1;k$7>t0prx_X!qI~@`)Jvxxg~5qYc-KB8r6>{E-TqLnQ53@%!j3>xGVNRCjio
zPp~?-{S6W9!j~Uq+YwjpPTxnNYCj<@qHDiDxcU`+PaMMjg6rr~KKTVkwg(}hn>_O1
zRYm;e5AKGg^rgPf#lE2YFb*dJ{dpa&;38A+5{y}N8qQz})NaVtlAq%*r{+&0nn*|=
zmvg9pvs`&zH(7%lBe^)N-VWPLbg^+SlXy}|C}VR$b|pWB(sQnF3Q6-WLZAH5ql&qV
zXDXKCbH1ldiNjyNVZEr_?d|82mAS7vX_mOzrlZ#(ZEG-!8Q5@N($*h7SyYmDVB^em
zL3uY~Wu?6-VMIjiuz&CknN!QFtT<1om4F<M4(5iuwvL`e`^{e`U~7kR&+Q#z=bT|3
z#0qTG)7$g-SYDNuLqmT*=NYP>4^KL?o+BqWY|P38SV+Lfv#D8Gy6gPH*Y~_m3@rx2
zKHni!`#L;5Ug(<&gcjc@=tu_nrhE|Bj*&F?L67rX^;PG+^4x`xTxWF&!NA5Vr>G05
z6;8udy&%_TNu&@|dq&;L<vKSpv?=^rN&GB+|C(4t?YzK}tw>L;Z&hGZtz|-uK22sY
z^7?0cA(!mCF^xF?JQ^`B-+82Z!aYMYLH1d_52h7ZyEDg7m5i;`=af&Zd!6=&K<Dji
zS>0i@bFNqaVl)~DPaMs`(}TxE(1K(*^G>PL)9<Pyq!<T}Ca#2Tr;YL0g#{A;(M)`|
z3gV12`-6aRFnYO`7BP`KN)^*_dg5U$aDo6|H~1qMJ4&ewZffLDOVz_sVCud$T~AQh
ze!$gj#A8q(FQ=qcs04i#AjE$Dfgnk$^!1IY3_iUy)Y0ImLJD+uF|wy|W8>GP`O2>u
z)-FYyFE~!oO1!1&*p7gcBLJb0-4pxJj3&F-WsLK;=sppL<=C5d#XRsz&O6?smu5@r
z^`cj{W5u7rs$u6qNxa#j^!NZB9EnTOn_cncHEjBhQiZHX2CD~bsCG`X#JFk{U+~TV
z4_MDX(9jS9fz8ct-@ZYBMjU8Ser8$IJXig!vdjT2f_OkB=0{5{ziF~-i!D$C|1?3+
z6rZ^SM^!a6GJM`m?L$4k-Ri+KnodO=^X{}U^!H&nE;}0=2+gp6?(VQ+{3<aOOcJnJ
z=vB@{d-?+{=ey0|2L&46n?Rp~dEFqQ^DB_U?+@0X-K?xZWd#6R(d<na4CtSfSp#J;
z0xHyv3P)0Kl}PhF4oyzB0*^2GlYKfEH_k7wz!2-zAhaz(At$?^M#J@dUbHkqQVPzs
zTcV=0QroY%B~V*pkE4uu^k=TWdzV;jv@KC#^ULn9Ca&6c<#!G*2wVt>h!lYq2)ug3
zv4LAa<Z_r-5CpzsJkOEVZw|rc;OOf)<|?4uY1vuqLifj6TGGejUo?GMJ|mLZmp%M8
z%Hos@-6>K%7i>&?wgq_AH<o+34b7;Zw**Fu%eg(Fs49P*U6Duoa8ZRLzpUjSgamtq
z-NsTapGmBiOzkTfpmG!ISReE9-ow&kx+P#d7lZ>^(f(Xj%a?|Rm3fbqI=edE4^qlk
zCaXCCJNMc}GAX7Aw}Ql70Wf;-BJe_uWuvoLtS37GEz4GzD1(`YxYxNYXaIfAoUftf
zes*?T_TTK;G`P}$&J<;8{0(ApUe3>9RE|-ci;2?fRr)NXV;|YC9(?-rsTj(~rQVe0
zJ#z_SQc`(Ydu~02<9CptqWRsdQN*@Z(q-SCoL##mkBaxlpZ-8d%iZb^*;IM%lt>^!
zsif&4East$-vC`3<WRzR$+jLvttE9i&3FF}Ha`7zxa*UHbtC~%|G5qb4F-Kq{b8l5
zXgrkx0)%8^qt|iAW0-ewTm8CHmnND36yIVKBt$ukp$U7e>TI_~ZzO}(GZ<W!9RAEm
ziXYE-gJ4J+rslvjpP6)>%5Z;jH-F+gw1mvxz+7AWbjw@VX-x*;LqN};J(dDP495cO
zKUkSKo-erj?@YR{;BflVoik4D(7dQN!VitRw%9*WIO{aK;)kP5YR-r5^;@J^S%fG<
zCh?zsUi@uwZ4Mg7mbMm995k&Az5?wVF%^{*$Uu*fqowa-<KBWK8H6Sw`1D4@on*jC
zbwpT~V-^8<4*+ktg={EaL1`EbVrA~7jec-(Ncvf1XHzkYb-a%txDRU_?ZAd#odP^l
zD6HogJUIl<=j#148m@tK5e5k04h#f>l0LD%KmC7EHV4(sDRk&Mv~ytViNrw50zt9^
z?uF7eRQKMcig9L3S>R5&ovFeV=u|tKwibVms9DDcuH&ytL+q4lr^T)GW>T^gli}Rh
z_oNh%CaOe8L(!gE>&e2(ez{kEq0Hb+7~%}EJapX2l>7TZ<s$`&M(98t=zcs8HW(pC
zc5dzl{NJ~Lg?V%H5eE?V85tSh{`|=WlRk~&Lx#PY)2kroxo{s?;h>|tbB6;xPzBq$
zdE}Sx))P_ukg>!-5#9Ro?G$@Pn5I@Qra3jG0`uCU)T1n;t$}%0USyY&*>7u>=qd5{
zO#u(y-{qx2-7fiCC)gWM;?*T38#F&Ia^GbJY%>aS<~cbD{6HZZwo}aGaj^anz5xuy
z5X_|ffZ~B?un{Ov+CcyMXS`Gd3RX(c0NntKO-R&qa47ER>1Z?KBPOF$Seli`;2~gW
zo8Km+pb42+Y|^-=NRHNNp@DR3t@43F9({sjDb3foV3gZUjtdecRB<I-gJ!8kPtIvf
zo!_KYIt)C4k`bnuX3|%ngC0u5ta(bz6XRE<BR2hCGKkngl<^@_aBD-v_8stgVI;&H
z6B-o698rf*a#|UW9VmW=PbVIfWe#t4%N5yVQTi@n<*Om~{w5f2lF-tw>AhkEvBS56
zNhRqvW2d#D(6zkzJl)bTh(c0MAT%Q+qLKyva&9h=OrkRU)OTSVBafC9cRh@L^KLvK
zgu(qi{L$U<uZ4D7GyZo;q^}xyoo=`5iH|CVWqh1LWZ7_0D(m0}AoySYC>`zpCZz(Q
zPhS4+#_IdK?mL-E5$J^~p_odGKAz*URu3@vCrSPY7W?ylL`WRV{{Z|`RaIFv_Rk-)
zCQC}w<H99Q0f7%NYpgr6ASS6hOeX7!>(6mCeekeJqwXaYsGrbr=Up5K$#8OWxRG~K
zxD;H6tBhd8Q3QA~xHEiF=S=J>{L@-MCvv!iko{$~e{Q;2H=oI}iyh@_Qf5@LLMJ1`
zh*KNHTzmC~0O7ZT0@qY^QKajzkE!}vt>7irjDU=1mp{v5Gp1)zJQLJ1Sw3jzY2IK?
zXQBT%eSnBncgcpdHj~sIuVt8i#0^4BHO%jNcQ)(i!4$**f-RD{SD-|u?`~)Cmhq5&
z47v2+I`G|g+P~6KqW$GJuEo3@#-rGiyY}Djgf%7KOWQ?7P=U4}36S=L!$UW4?{KE~
zJe7swqw~1bvZJTVa7tb8nWlC(Q08SNCG|kV`$)5T-)nCc8~!;ttyp|qP_s%6(?(9w
z16lyXZgF#m^7bX8<zi_14rFRsSmaXjTj2F@Q1pqOF-f2fZ^Dyg%KpR!CLoUYEBEQf
zcR}G@q>mC@o78#;@k24U(?WYJ3_%D8jDw#)f8I|EsQYd?8pT-`53}sc>bmayAY!kP
zJ4h9~ha4I_-09+U+l?IkRbx&9lLEB09OPrE0CUO7iErE9UKI6<5A0}uz`a1a_ah-%
z#<ZA2Ymvj}7Qx;(Z(ho}ti0v%`%7+EU$%e7#|8uJzZO=6?J+ZN$IpBu4BJzGK!p9T
z8h2iE^L21iU=kFJ{{H>>v%!IQx6T|G&;n`b{NTX1*z|y7U|`^|OTpK8v6BqsacSb0
zF|-{gk&upsOQ%t4aZ6cQ5!mAARqHNjgFgp{t6(~Tak_EfdtHD7|H{yt>Pef^#I{fp
zMS)$HkM4;;^5ZV32b=HU9F@Md!XsJvCzocHl5B7B@VrA5RKrGifEIGWH$<W5fU~$r
zws+^s`$*u8(R&>dp`GP)b;Th$10&h1^Ulz7bzZk0PoJwA@BQIkSX}z%ed2OVK#9?i
zpwf#@aS=*EOGUL6{He%5RRlqkV01$7!$-(vYP$SXy9WGp+rb|att^zV8I$iztp&Xl
z#wjY8rl&!7)ER|}_I>*<F|5aAe(Geyv^8uIW>shjyK$Ue<B~$sFRki0I9UwJClVl7
zNFg#34&h60j{2p(JS6BHn?BcmEUCILi2arme2KxOkNnc~E~O)Rds`cj-*FmHo|(F}
zCqZk=2PdE`U<P5<m2U6fg?he@-mqHw#7_9c3!}jUKstgF{C^+w{@9rI^{WJXUx-Oc
zIst*+&f#}+qvZuIuNE2Jw8r{ZLevomNQ!lE+|`_H+dPPQ1Nyy}H^A1zEHQ1!W!-F=
zQEY)x<<X-{Kwz6Hj}FfG0-kD<^6h3)G5z0eQqhS7vmt(0%KhLD%%<A2q=si~(vX%m
zO?BmcDbx)xXcuv0@B<}T$fy2%PuE@1fUaC_0*|-?orh5qU)49?>_zP2qH0=fM-477
z6FT*;ePy@(_IDgOr_Oe0GXBLIH%&!*@cSE#v3SR^_`$I&Ym85K=}1VL`A2p8%JQ{j
z`(z*x(aCXoW-sExRK(jXRaN+;Vi7(Eo>fjbm#$0eej@lPG#(JBIDafSMT3as`NVP+
z%#yTS&o=MhHoE_C-b0{FMK%0ribW+qwqz#6tnpizGUD1ttXKn8)t_g=optV`fn8<&
z>S7gZRPIkzTfG>x)i4pI-t5tsC)jbGINeee&G`TLo%<k~Z1<X9uzeu!YAVN_k{)%2
z+FVwY@hPV55FWMQ=IqL40t+${l7|4HY37HL%$W&m+{4k$MhN$Fb3fXoVYpGFT9CoQ
zxcISjn-qc)HQlXPZJ+$i%3r)^G@-UL#1oy~j^7u4Y4Jw<zd*=iSxf$Ke;N-YIKS9k
zbGPfM9cl@kkJRpZaOqz{mi>F$Jd^GFlCpLsM_bg=j8V58*l~&Me(e4OxV_f<psYeE
zy1D(04}0fZsswN#Q)PSpF=;orVjE_|_qbexjS*9UE>yFA>*Ik;U)13Ej6HVZtJ_{W
zmJ_dh#jy;pvt|CT&b~UTs<rDEBn?0X=@3y76_AiFK|n=HL}`%jMnFnHMM6@g8$nvS
z8$r6e1vcQOyZPqgc;5HB<BoCvxMz&R@OWUe_gc^MtT})47n)gY4y0Oy!3Ig$Mk>EV
z)EY!IyGQqSiCqQBu_`DA-qJgCawlH#R&L0z?rkIWy)i?HDf*S-0N<)S_%8}|4;wF8
zV$yK8q{hai#-do$dVjcXVUD)a#ldD~^6GgNt`Q<y%n_|coq`YJ36!yRCXN>yvsO)b
zi_70>HZ~lrx?di-ty44btA>{RtX28H*cQAh5EQbeLX=}CH};ArYtJM8Dsvm}v9HwJ
z{~)n?iMp6F`;&@TdfyYMUt?XinczrOjME=q@p8fRx>SxWd;fh_;)+zuqYfS!O9GwM
z{AW{pIZAhTorO49r#4FP@Wf#{gGi=r+Iit*z|*4T*o{JLN6eNqfXkF!e#jnok(jEE
zfcwxL8Y_<Jv4w}?k|CjyjZMUi!Jj`r1Q#wOPYz^!*KYECfDH9mu#h2TQG2v9UIDW5
z^JhD6T;wmr2@M6cKH^P*_&VKu%2OiV=BS`Rj67Gsm$~h(7(~OMDt7dPBZ8Z8$TU8}
zoM?J&bswFrpsv^ifAR3mn^MQNrmd^~2HkW2Y_NMwKI-eyyZ>?lYC(YGXn}fqGuH7Y
zqd%2F{|wNzO}SKkMf&vfV7}e<cF-`vteh~5O-4#;deo)^3o=$MzGtP@Xy=4UyW5S?
z4M%a`vgGzR!(IV8Lu8vi?vO+vZA@%{@IHQepE2$bKoJ6X(@}nhef`U`jm)YTt(%^a
zOjJa)$j8-93aK@FuawD!B)PTo99@8`cjqfB;~oA;lk5^wN!{!AqgMPsfBr;zDIf!b
zw{iz479D<jH>PH1H_mN952?Ljan*e<hjkaTIaJfR20WN}PCU*x{hBAwjjqf-s0+R!
zWoT-8VXtg?ureCvTF})tLL?+UVr>n_B`$;HClnM9b+gv*1)g92?QrA%KPetwHTb~B
zYX*`u9DdBYM?P2X?EdyG*<2X&@=l5J0NMt`*UEw%%EgP&kB0v%0Osu4^^ZuzA$(CB
zL5!i;&V^>DT!RR-*eO4LTm<?aM~8qIl-iJa{&RX8&SQKLq-a5`if3kYIb@MLt0xu8
zX1sX|^0Xv?MHB1FN2Mswvz6b|1jCl5;2VI3bGRKlgBwver_p8L#LdB**8>G|6q^w{
zSjHhWFc7vr5K=Y308R#!fQ%O?fdR}QcjXJdBsNA%D67GEIV((l-hxaMG^-j)N<b23
zgX0mDf!^R2*_AVW9M?*F=|M^q^>Bejhq6Jm_``S60YZmwrC2KbwwHzxlR69(yjK{y
z0D|6vwKLK9F^Iw2-=8pbjI8ly;`Ru7E7!X3iR;M$)khy6_JQ}pYQs>T7|4X5StMGN
zjkt&T)^GE|vfHF9#`8XK0AK;ZvJPmN>2;{^tpq|M{)x7z)57)y8dmisil)q>(OTen
zVuI0(;CZsUlfx$2iN#4_AZ^Su8DIgcZZk;pdkWgS@9F8&FptElUK!Yf+XV}!@@QKX
z<p%I0XfYu_Gn`}m2ADxY&n-jlaOUh;@7Bnj8!)Q^t!|#_0z2rk!c&OG-C~iA>w4(G
z_qtUVWO+zb*d}@;0A^8Zi+LRw_rMth)w&l2^uIii;6c480Y0`+9%+NY1soK#PNtOL
ziZNrq+{zFj@YMD>32d)M4;;kThuQzvqYTnJc6N5)c5&xv1ZQ}8d3j(5czp%I#l_Mp
zl0;q|$!!~VTdAnVEtLsr(KC+?4Goa(0Us~Zi5yS7<*L}o<8=cWo>v!3N=h*58yV#k
z6gJKu>HQ4S@6`?^A)7WgN5$jO%`^xfy2~1L5K_p=D=NC~zPf+b+uL@&Gydl>1~|mi
zV&TPLR71=fcr`hdEI|Fi%ljT^n1Psh?|C%-^GvvBya`nv_xP^lS60pT^Q;0Lh$}b{
zoo<1$8sM(OANzRl4Fv^G3j;-T;QoUZ2WCQpVdNqY<ZXXX6U!-HDI04qUYl;39}EK3
zZ&W)npM{DvQT72Qs2g+*=3shw8<eO}5dx-(B%S62jg{G3)x0Nz1M@<4sHUq?zcUs{
zjw9ekArr^%@`;EijgG895KL~YAORENEyb%`kC6CbxF)b4E`#y<cOUJ3eaN}`0q6=8
zNZzs=$RO$U3oc=B%N`__y|5QGYEA?f1;bE?4%+bPRwjj3p+6YdIGRX|0&6FUFfWsL
zkBo3MxZ6e+7c1FB4i@u(-Pg|2?E+Ne`PdGxmOjV}SSP!i)|}WwtG60R4+@uvf^opw
z5L>cA;TVs!G(%TmR)G`hvukIgUJrww#at-*=<Lq%jz&U4;%UkP!~+XDZL#+RqeZE+
zlTd$8Yw`!L;J_D(4Zy_0g{d|<X=|*kw)QnXKJa#kvi_4AW!;>*>r8p&%NNu!nBDfy
zh$>>;_fk~+;(k1QkgSWfjYHu+uw`ebpQ!~xYNd*Oy#5U3x_2S6xM$oyj+sMP2FTxE
z(Kedr$t$YsRc5EA-fUiYNJQz^KDVKrqXc=p$vHW%CUWk>?E+{z4h^}tJ#v~vB96+u
zUGiP-8>=|$wmq6BPmEP4i3E4AY6J{i@B=aX{ri3H(}t9gJDHS{5{VfGi7pMeXI7Gv
zZvvZN9E36$Ko^E%?-N9=$~yBoaY6Bk0S<4!EqPiuNE^APEj|Yai&{TnUt3!P=YdPF
ziV|@Mt}7|aKL$$$Pdozl$XY7Bso78sU5NOLvRN*HJPa^3hRDO+ci7NlEbDX6UYQj^
z=OM>Q(0`AUIg|bjWWm}tFCfG?uyVgm)7>-l!&NXsmVt$Z5EL_rX)^f8g#n5U1=<A~
zzR#clO_p~049L&3=g;5u8UI|`4l8Ib&6*y5DHatT{xc=E9dQeT0)M@UG4IEBQUD3t
z;>OI2I81l(h4xp)0MdceJK^LlCSoB5>xjyBKCCO~bMJF7r)xWM79t2uhqRLiPfhRU
z8MukgwX3hbsetjy<;%ni-QUhbslX1KWO1;>6P<lR1KMm(tau_JhuGa>2kQ-MdFBJO
zOG1>4&khNeJIl}WWGq*O=ws5-jN1h^o<3Kc-QbO#UVEdQtIGx+Sm2%G(;a*njOpO`
zfpyxQscJtSeGHb!Hq5YFfVm&m7>IE+sL!b$;Qi?aD{BC#P;eyQd2TQ92L?wN6Ur5v
zAMxep+5Aw-M1|o1crnpgU0Q&CBqf#j-H<<rjScavCYB-p#UU#UbYW_s1OufTi#Y{N
z{M$jNWFa}yTsVTF(~idXr$^5MXO-5h?+X}K?V6pd!ZTcosV2v7-DTU)r0n@XQ3W2b
zu=L-(!-myI7>1JVf>}1qZ&R~Ur##NHToq)%f{T_tUV#MGGBq_pi-Qd7AunJs$AuqM
zGgt52@%5;5F)}qo?0>;$?lKLH*um?i`LOWE&>MrBT}H-Jpa&xt8SGa96(k0l;>(T7
zncq?{S*NeLpnd5238DjoBSRav6RwroqMvAsUh~8w0wWW@-u&n7JUW*#mb$xt%@2ZF
z`vLd>P*Bi3e)I?-4nuB92>6D}$PhL)J-+25+M$8;jJ>_jZMwwCfKX}q@L}MWXlYO?
z=;?iP7^Q9J-BIJ<c}DX7UHwBJpEHU1pbUCT2$YDnl%Vi0;=qa!$|i$0v=<yc1RU@&
zUPOM{^t%8ZH`wL?k_GCfy(zCgxTT%o9Yv~O>8+z+$?PzYrQUVq-hbKPX@suO47@r8
z$N21~OX4mS;_^*$nfNjka}Ro)0hb1~Jy^P2CG7)KvDpM)767z9Br(>nJu&{L(IND-
z+F02+fXaagEWFqzus|BfwzZgt+3JNy>f4-}5?yE!PAA7>HCh~Ko0pr{W()UfVZ6d?
zsOTsu<R*Bef&^UvJioz5E$jg2Ok8!Z5uD`)&B_MvXBv6@*D7s7Sx^UXg|2q?3W4S>
zM27F|+js9Ca=3t%CfKrqLmK;zuk0gO-VhH%0e;=#MAI8=xO<d>Z#ZXXXW{)=H6%Tz
zpQECq>rhrm`9KXcRX7Y_@90N>t_iLZB#E?P*7!|7;y~%dUg9)~kO1fwqjlJ7TBYQ8
ze<D1wxbC<rvrS(Ip5n~irgt(YP2@gK|2yLLqA&g+)5Do}B~IQX1F?J!FBq0+i_d8d
zBN}xeig!=Wak=_^LfGCxM~4BNMZRfPxzg|5Q@N;g_iJERwr7Azk_oohfypQqW?7Df
zrL@7Sz~a=L5p_=(zaWo`PRYayBSRtste`e$3cn5ZuM{@vRC8CHoptyV^#ym!Z{R~q
zpgGWBhs~V*WioZ`>ZXOMTByXEhJtPtl?E<&Z2TQ@^IWLGEVv~1A-hN=6Hl#wxU%Mf
z`05*mRZwy1S62?#7M^*|a7(z;%448ti%+21h&j7~E7Jvc%JU5c=5xzoiMT5)JZ95}
z9zDU78`Dy&1tiXy?^<nW^UYT8kG-HcFMH>Z=YRdO5AO%AeHb92HL0az&)?p+?BV;I
zgI~WUeq1P;Z~Lgm(NZ&L^5$ba=~3e^`jUX#zq=?brdsgP+TzB$i&ZRMBvDjHA;1{*
z_VM9MVk`jU1+qN@kDs4@C-TK`A<)AHLNNUOQJzFXlZgRB*REYlXv0vKC$Sk0Mm)42
z+!wTJt^Bu6N8a!ye=4q~gv~ku>|km<a1b{H;6KR&Ghh1$F<7kv9RhqT=Dw<$PeB=Z
z1B8+wYVwVKi%js4m#`}5H?*V`xNHCz9!QfCAbaxp%a=ui{rK&6>WqLi=;}(Jek1ZF
ze>u>&9T?1jx9iQdN1IMmMuT~ZHc*3QWVq&<v0E=aRA&k0rAz+z)#(Wr<7jH`OEUmA
z40~zgCz&SfSXsydYKMaSF`zEsijA2265wOc!}0gw1Fo}><}ZOS|NDyIzEe=V0zSkL
znc{e~HGn+F;Gl&I0geN_dMb8y_u1G0=9;xS-ka-*7sKN)BqHqA+dQRgA|Fz_O6*)a
zfEJ`kaSXH=d8pn_X*6LxR@XqD3DPJt#JIy@O<N*>mf(@xf24=`vp-PWHayfQi|hg4
zo&_-3qkRSEC+t0lvM-+fstN^oA~?b#x?2F2;RwJy+ldU>*3hq74H?vT-tiPquCG_I
za=dv&>o*|j>1^>4ix;l9^OQ5ZS!gi@f%g{*jy%xY&{0xR!M;R;85bVV2f<aD1b!=c
zFeN3u8!<2Y1o;OT_?%{;=jD+P)tEQw6uvqjxh}*g5NNnmaIrCW)#Sdwy(3Mv7I&Te
zisewD?PG!bW39>1!wV`083EgMXRWmG%=*o9l)h(Y8vtDi{AoLTd+UMkRR?|MAfyaK
z;mHdJ2$B&E*K@5?j0nnl_bl|NRU=JnIENSb<3zxd<;iJG-^b|~E8)aj&8$Mn{#F^Q
zo8N9E@X)>s4VXl4yY(d$7O=nJRN26F!<FQqyBt6>LP!~vo`zU*L%9l0er6(*qQ-`X
z)y4(vj_bNmMZuW`rL6)4t;!@8I&SE{UKy7L`FTk!vX<)CT8rb&O-*&jh6^^C5JRWQ
zor5+r4~w^T7WJyC=H)~h7TB|CX@&URbv+k<E0H)yXK7UU0L5!^tr#FXz0EK-FkA<(
zi^3YBN)OK=5xxVHYR^!*Cywg}M<BS<Z*?FmYWXQ1sz%99V{3AN6FMg*n4ELh!DZJI
zbS+Pi%BDTaniNV==1T6`fJ>F-1p?S~47=sqDe;N7+&hNC_J?=X2)6`O__LhJXdJzI
zGt?D<p3V&oJ@`T@fcO~>N~ruGDS8qN3x`ZM7l%T?E)d*qL}2m=n>6KRwuZjSx+KE(
zsm~TyRJ_t5ymJ8xT9G)>x?OpapUwnfD<dkj)Nj35@xtz-bpU^)u-;(aQT*+orPi}j
ze#8ZAz~rpLuN6)vZ$-|lGyJ%~LRV9@6MD8lT=^`kFmrQHWiC{@7~g?_>C@~J=#0~C
zu1x6Jl9w}j%gKy}quh@Qjs9aC&O5EnDP5<ZcZn`m3$>uth%Y?R-_9>E!7P0K3(Toj
z+Xgfv-S^xpeO34a`u#^#eDT*dsPj>yyFWZn9O%y~W$LfGHZ!GIqQVWJPkBGFVlY~4
zg<wecP5P<#{=wy_#eEWB{_WnUuLB5rapV|O#K5j2XV)dq6Al-LayYTk?;BWs&$d)C
zR*3O|DK`@LjIjCk_ur5*t2}~86b1>u>nRG17+mI~)kWa^Q{ZI3$i<&sdB}c*w>g*K
z%NnoK`1EY&Pb<c2we9ah7};&-?_q!ei|kaPS=8%&3X&_NxjJ)%e9*Z9a{Wl=@hhOG
zUZCNM0$?3pbg&u(I1s6>J@cyz76~9ENSh4<H1=1u4`B?V>2`DlB6Vi!t)?Hzc2uLc
z*jHLuF{8n;`P$+o`aP&X5^6=^ts3^v^HUSTA3k!h2j}KK<813_B9^T&E_kM?*)hr+
z3l$QNPPZ=P`Y4qfUdqW~gPsZZf`I$`^C$)IJ)39K0hJVF-B6UDj6Vg{;j}CtJP00w
zhFZD8_=<GaO(?B9IX{8PCA<=lto6o2H3Na}3|)djKul8dxA1~-SbENTKdDK?zkxfD
z>3Dwl6obS?r~ngAsjan_F4d4}w%&kB1QQEyy+1M=32qWG*bD<LVQ%<OUs8ljeD2(S
zu1+INZHuP-{B)t*ddlN?E&XL?63kH*WCTBfGa&GdYrv=Nk*uu2?#Cby+NJUe*AklK
zZ}*eSN`pYZ5t<;PWa-F;zL%P9$k79>X46K8uxyIUiD8oRsWE`7v>z(BrSj;jL99!}
zx(_>~B;kNwPm`1DKA1MjZh%aF%KY`lx-aYMESZgw;rF>LehUM1fbcVA<p(b6G@!i)
z6>0_KtNhSy(x!Esf8ZR^u${0pKM!gZ81Y)*l3Fv|_2+i2YG)u4uKyCM*^r)H{!~VW
zQ7C*1X8akGncNd`L$e8mh5iPyju952caswmJVs8ASa09C4Ssy|M8bzxeG*oWTf+rT
zM)SZ3+<Jh<{^F~E>g)wD-j!mltoE6mAf}=Mv}nvL*{J-m+qX4F(6`y=9HLnteEHfB
zPYu+xGvg=Yo&)IFbVtqgRWTv}TH2{WyLdJ&EiHU&t+5<rPzb!@Jn0IF?C_KlSR3U0
zV{GCG127nZaevRu)Nzu(BrPpn501zu6(>k$eSQ7I-@ku9l92%e{3xRUA&-%<*4&k^
zYxUCs@-Lp%`Yo)0bdnJk*mB7M5TKtZm1yJi&^iugEWK3x0z2#YsKc#u(YQf72c~h=
zV2TW=9Tz;B_U1iz26J@yPj(w803W`U_C!n!>+$0z*bPAuUmNTpL1<ly6^6$@;aaxt
zOfVyq^OV>(!FDDCxrS4s#}3m3Bv;G~U}>%{m-QfV5cU&xctQS;MB-CZ7Yx;(R2d5!
z#cXK7vwe721tEvSs(#z)dOj^JLLn6y>xv!@e^2umnA59%>kct?dJdy7LW`AREsGL#
zdY$Jw#+S>U_c1_rGPflg8M1|@hXby~HZ>ChhVF5Ng<qSSfp>T=oXv%APTi6ohJA*#
z({)7SbMGE_iW+yk<H@=Oo(s1S@hKETU@ENUvSfFNj&+;c<hW_IUaz18A~EQoOV-m&
zfPp(|GY}0ydj0^*oyO<=E?)Da75v~u_a+b=;;DlOk@G`wK+Sh#NgoXO;o$Ow@`jS~
z4-z>AF%ySdC{?6WZknwf8@-_QHJ%mKu2);{4Q9<>A|i~B_jaljUcU4iGoPFBCgwee
zvVryj511!}6D-P4rwS40zu&LRlye;}>BtCN0%G@ys~Z-8I*D-K;mm~S^{?wb*6@sI
z0*B8%n46Ld>Vp~d&xbtM&NL3#AxWm-;rju#qoASD@LT-6_YcX{fk=x7J)Gx?%<dn2
zK$prueFlyl8LCw=zATkt;9}VggE+1XO<6G)tfd|f=u^053{I!KWa`drP;<`M{&|-m
zva>AcFf-+4_`2l#kgAxO8S{iok>3N)4}s(K(RX0N3GdDT<!4_q(|vll_Gbi82%A&O
z7?8Xde}93B&0}y-X^&+ehZ?X9s9>RK1WzmIqXMI&rJ*x~|IpRb3xXj+H|qnW6#6}I
z)lxGNyMl1@lk^iA+%w!gT#+;+II$hR18AJMBv2%1PsNliBgPcxSxd>&q36>+%c(k6
zMuy+J49-x1Z{@%}iV&r?AR&=}T&&Jlbx4{42Fxy@RZL4ydn-~60bi|JkZ^@9nS_<z
z_5=V0t=Qz7qqMSd`upx)<Q%W>7L7X-0}OT*2xdY!F5#Bz56!DK%u8P{N#vz_qg*f@
z#T`qOZOlI>g7!S^_8m+xad#-Eh05nN^8(`*6LZ7V$Llceg;Nx!`n6!y+?L-Md!3ID
zH@#2)g@n*v{WNSg>th_UsgED;Z7go=gJ{@&#XHV@34q)^iXpStBJo2szp@*rlS`9v
z6$v(FcMgu=6D*e>(6W?lvYVgmR1JceJ@WY2LievhW=I#*op4+@*bYxe*>+<eucruu
zpV3FrPOT8v=*2}DWJN<1lGg@nG5$*%jzX6Swg?oX5X*RLSr%H?wsocpg2rTHg%0-u
zxO45$0WeyhSP5N8Vwg7=h@!$QTI)z=o=UuM>PJJ}0g*P-Yj3k4qM?=QIe>{HOI(^x
zE*j6pLCCTS!)`f9Mu2jjLDFBl=L3OrneJIYS&d9huh-JnD8AIJ6C)B5fhRZ2muwck
zg$8}?_b1bIh?zK<l33s1mx{Hq8U;F9`EKn7P!bXR1lD+CUWY(ih^$~8m<iOC^-RRe
z#-90uMmsFLpBpMMVZ3z?OP0s|k>quRt^jW3rlUV%&N9lzRaVCA=(pD|ncsw2Yet4C
zFfVEVD@n3Mzp$MwMY~C^2;q#{ueg!3Ib)9$k#&{X#|AosvtanaN>zX)tt;Zzeoyz8
z9CYLuQlTvI@$vq!b^Rfp&j%Arb`l<V(?Auw$;2BDm`zhtdwfX=h4cpIMVc!=yT46z
z_s-PzjrtADG0?LGB_~VJx|vcYN(9stS?H%%+lx<PzMWV>K;xi92{!a}!0w#zu|#9*
zT?|{n)gQImIe?DWNz%E#9a*}`m;!*R1O$S;NdKhHZx7XC(KB`RHX!eLj`Tf!@q!C5
zN1)uTg5Gv@VNn)X4om`T^*T@8=FC8sl;0zRXA994jsiQCc-W;A0cRFRb38kQ4n9MP
zgLwFXm|IH-eNpmP2VuJ>o*#eI(kaEz-v9uq$?*faYKkjAVI6x~dD+0Sjo1-)D_)ZY
z%o`{g-T?t~Ga-x#dq?0seu-jXCcy3ZJpXG`fM;#?DMDbra`W0XkCSnG;n`U|u+k%5
zu(htEGuQ1{9)mZ0##;D>KV3rsB|c?3V72uR8xhGSY?rG{OyR;4n=fHB1uol3-wJf#
zNQJ=&%>Mzb+$SNi+;Lm}mXZJYaYzSv?-4_oGB`j0_KS+L=>S=FcwPsu*8@+yp20y8
z=$$b_)!tCRG{dWGs7=`*RtMEW&LqUo=;gFh77LL5w5>#NbhJ(u9nU1Tgdb&7Qj-Fx
zIRr6^M)$c3Em*-548{$7aE%34JL~Ej@r)xZiq`@_3FHfhfDAP^B5;BwLL_*3K6ad5
zFq$#;%?J2DETy}bH{!>K=AwKjRvL{9)>lR>8qsUHDGo#vZbcW;Z(Ph>D3t+J59WCd
zeZBP*AvYuUe7wDrT@G9il8gOy7sH6x_MMYb@YWq_;~s$Bz1Td$db1yO<OTo^$+Rf2
zkOdfftPD?ulZ0gRn^b5Ph951*S9&q8-<A(?ldCq2boKQBLd?tVR*Wd1do0ZVH(;Ha
zP34SA=8NDE1&oirzF23tJAlNCLPObs!5JG+TKZ<#-ca`GQ!OCP!_fo#(klsoH0Z(T
z;o0-Faltltq9kum!^6f(0H4<DHXB>lU7{LJX^xhFf$8}89QTZjj6lbdE8_G}ib9WX
z6W*rJz|Gq6v~m6<DmvPXr3XP%MNyTM^OLg@<B)?0zup#HobmHtgRZN0pfCRWxoE!G
zhyx7x^-$Pf4%V<#{^aLpDxYkpPQ=tBLA*P;axU@a@T~P3#K?kpWU$hOAA#Figx<F4
zbKs5OLR~eR%1D=zRp@`7r5qo_iy^pOeS5Ae8_(moHRJ9^R7gn3<MDx`21E*PN8?rZ
zs`52ow0@5hgBH>81-<-jh8AluI~{Z7<j^9aOzENMeJOQZjC6Gt^1Ff}COZ&$<#o7w
z<hmi*!?{rex!7|XL4ko<<GY1lP*eC7Oax0N6s~#3*rf6@jEFXzjjbs|ksC$Db>NOW
zF@wuYBxG*V2yN~a*S0@X0|i-$DtGmHAAbx;(L6auVco?yi#A!Lqu!)izzJoXW^@jZ
zFUTsaIRIQ1IHL3Ynf&cA^fJGm`E6j>5to&y!^B~TkfjH##bKVHosdXz&+;n75x)5a
zUZsuP>vYg00Nx3{n8v@@T011p9%UIVZJ02#)?|+i3pog{ZTx3+hM)P=&{2%iIm8$n
z?-C&%FRwc)w}!i~=BPo;-2BQn@#Y%ztb`IZQEm1R>42Hsj*|L-w~znL+kBLU$}+V*
zCg`L1yC%$St0IDlI+7c9t5_a|{$0cSh0Ug_du;8zV1;^kco=wyjn^#U>Zh{ojwOq+
zT||4YP<U`|qJQVt)Ql>%@?XK&p=hm1nTN@Qi23XHZ*|h6$Q!xEvv#om<pN0faeItu
z^3j>~`4w#`V_R7CE~fiv7tRK)e4P&YOFgLy>^J@e7=eHPzQdCfn>7>5>n%+|%~B3#
zdnbR2@zNJ8%$$6G=DIm*O|gEJU26%R+CmUDdVd}E#vf3u@;&-XGr82;uk|F8*(ANh
zSQTA|S7)5*jdtHQF_FtyeGuzmvZ8yHZ%u)EzLZyv;;aU(Yc$Ow-$}`ypxmCRS@>rx
ztE7LWeDA2gH#zQp?8w9!nevn^Abktz>c(m5j~+|&FIJDO>_kdyskV3qea)#XSbEPx
zVy5mph4z@B8ZPZ8w2eNYt~qLj9bj~G{6#nzeW-tAco0!=Y9vUVu(}Xf>lUZ?$rhfj
zF!d@RS85(?n6(BY3oI<Y)Z4&;XI3qgQ&y(9j7<(xg0!?|Qs{1Rs<OHkO^h!IkXJF2
z`ttr%TV0R%W9)ipbzb<m_&vC;c6D}QXyG!kgr@hE<9B_XL}%y3*OY%C0Xg7W*g$#0
zEojl?palkE1}M0gaV5^P*!UzMe*;1`qT(_4W+PR-7mA9&QiJ)VbWf`uAdlamKGGd2
z-2ZTX&E{VU(8pSnO4Wn2gy)dqxQ65G6<XI_dWfqT)3()vY|xdgsu+k~#*_oeY>%wq
zPbt=lU*(P)t+ut+?tPbscVTBse9bbwJ-bm`gwbhB$9I5r9RNp|2K|Itd~16&Ki0t#
zRnVKU{jGA)`n5)}d4k<u^jxePp}0KKK<$hlXaa=9t?NWj_};3*nRi8M{0&;#X3y;8
zn0rMgmQV!19|XXI(|2(&2Mc&K7oR0x&8LRJ$y%2rT|`S=i>68TC(gPaLf4OQp_|az
z6%9H)$?^&cp1{6<_-y!PF-WxoVZE7sco?G8Ox+o$-Y35=;&AKq9SU)(a||%uayT--
z*82!NB{t^V#Gsb4AGagZblJKBqU0%`J6W7Pm`b_2XEg%wBp+g9WLIrd65ot^TC_a&
zw$ss9Z2f^@m6Gq}?^FJt9#tEiZzVQUG;`;)g}%S7tqq<UFsg<+Wl&hU7dRH=Y}(iu
z7UgTWSo=G8)ze$x`2KMKE%=Nse)khTp${G*`7bE;MPZ~1&>jFk5U4;{4H8y(6u_u0
zw!FN0ble?7Jq4O<DELjeB1=Y>Uib9&8nP%Te)-^Xe*=V;`sj-=I!n0q4|a!jyKGEG
z%tf%xoEzE_ct0Djl%WX)E)D>tZkpkdY&y6pQP$^>coN~05-%X7K$@+^GDCgP^}nf%
zuR3iBe6^>(W+&&CnqJD;#y;FNTJ5!ZF<??sImv?I<LkRH$VPl>*l)T}MDL>VGE42T
zo*vG0LqOg1*5uY32<iF!`Rfm0_ds$8qH!tUlk0OmCsY+$a7Aj(u&uWweMqS!IO*3m
zrz5&aYF_+c{_bHZT}n?ATr#AAj3C{Vdj+~|XxK^%z^EIvn?>f(<>M03KGoH|4z1Fn
z+gg_o3=&*Nq1jw}BLFz9-1F!4pP3X4jg1p3v;3JOivlA@ykWqs0e3d5?D!3&-6H|E
zTXtK3MXaujEMwTxMsg7pl~F(t8%$a;q)1uyq0h=0HhsvOxZ4wZQV(5v!&y%mz|_th
zZ@U#Cm0>qD{JGzxnpQ@`Wrd@q0Z9Qs7-y{19`6iMEfN>l8IJ|U-(6BgAedcRunhbf
zaSmzr5C=wK;S)objNdP1{ykH0Z`=#HXE3AgK9McIa67*E72dRUJIelO`R4U^<79HG
znJ=7$+A_NC+`j!gL^+RVqm`*xt!@5I+~b3G8va3z=k>7b9QIQgL6M2!?x-cBqrTHK
zIn*+adh%z~$!d=>)htWb!sdo~Tc0*vVm2%Gnczvv>W(?*_T3PfGus^-ql1IRE008}
zOIL-4Kwl95{YN0+IIl)`*Bo3l3QdPRl8tQV1O2nm?l~9bfHallv_pG%P&o3dwOJe7
z=3ApTc;UxT+x*Kj8L0}u9EW5xgao5%ek8nHiZ+J{qEhaRD)1j+eht#<3+i6r)BWPE
zrVQ}fkRdI_0tFOap0?=mvBj6>GX+^$gl%(>)1k%^YQ+x4373)hHCK5r(kL&2G%e>K
zbg4h>=CBg$(W$rOnhCHt(-IOEC=+wrC#w=ubQG7O#<uJa&3-9h>>jxb<<;znWhLK)
z-VK^S4Dhk{pn(8)u)SmlIt}6$p4TF-|C$s@*mm2k`;-L8+rEoSmnzzx&>gkJC56qv
z7t{VuX3pl#vEBtk;fS0e11tEWZlm4L>;w5PM@7zQrNUadN_SCLl|aZIhlVQMi<;?T
zF?CRY>|q18Jr>ig`4#|{z@{8nPmtzBth7DGZfvsCU10JOX{i^fq<}aV_?7f~ri`>S
zte9snG~n8}U_g$|O=yz;{J9MfDgf#jn~QzE&CTbK)*GAz3{8!7M|Z96YF0+=e|SR;
zFpM3j)vsS)O%Wdd1+=KvVHeM|v|DLD$wr`<n%pjyZ>z3|nVCsC8Jc5sbs}WuA)>qo
zq0TUk@%Hn3*k!lq|0pUbXfT76qC^hC3#yDIZoI=eA2HE5=@;UlT}yq;x%%L0XO*fV
z)=|}YfH?KrC=tMGaiilFgh$L;Bgr%E5qw|BG~a}~9ZttS4ZG)_*B<fYwG3fe0=VTo
zLk!;TFyFAy+!*?*AiXEHp0wn2Rjx-(#?0ml2={exQ8hIc185G<AUe0hASB1>?d*h`
zteUd`oMZGg&@yx5EnNPc@~1bI7^dkD2JB$MjhwHs?J?4TpS&)kf#6FG1C4C5fJQ8A
zl{erZ1AK2f=T#vL8<evQFgtm9qXCm@jTNSo?g<k-Anxwzc`PNR1LoP#(gvL+meB{R
z0$|TT^xN|nFWC25ITjS;0N$P`_?05>X)$vHxS4=tDX6H__S3l~nG94rT)e#UQM2~J
zK@_@_*04EeMQRK<h*MryOb7G5ZL-VVztNRH{U-Ru9S7%nJ<sZa-E&2@osbrU;Bc{u
zRG-)e=dRBc>4Etmfs6Rqt+1Af4fO^qoa`ea)dh}sbvBvjTYiB_(w#dx9Wi4-0D-E&
zxS+ez1rK0tjN(6k(j8YS!oi3mt9bo37>xTqn0hW=v*35GDYVo=q&Vr<Yrhs=yg}is
zQ9%|AVPJO374TABU3zJ}qBDi)MdTNmXlt=;OlVOU1O*v%!!LSWbKu;B-U>#1Vk#;T
zjx+>xY#y(~yf9%10oM9jejgwU4z?2pK-Y|b!dzmIc=l4Y1)jlR93l;XAcP4Xt+;l;
z98CH6XvdF=JH{OgYu2hesmY<-9is|x1$ckvML<ZPh2xk4fFBrvL}{aXwDN|)Jfe2W
z62o$6Hk88#^)y*Fwq2Y|^QoGeTI5C^)G;*Ic_zrT(0oEwGEd63TO-%FEXwy;bW)<~
z+XmFdv}I(UMO02N(fmBzYA{*reerwiJ?=bIn#hH&aj9nZ!I2(-c#Z8oIXu~}Ucl%8
zsE;@*>gn$0Iasu5&9_xI=$>gpp`oA30=K)sntZ?N(MLVTc|l!l97#<-a;g*yE|CQd
zYSUmxoI{tk?~$n)nhP6tUftN*U1JQ-{&e`KR0jBl&?!s)vZg0gw0!G2q!)^HP-b)p
ziS%vGvA|J-@obk}H1K;T)P(d~l{hk)45HsB8!6p&_mYQ6HwaF$O8=w<&X#7`0C54u
z1uaHeNjYFg5Cnq-^jVhkF<H!@$${XSh!q9~h7w?)wh6qmV8txu2___mRp{a2ubFc>
zRWZld@zRYlUviuEt1RXFxVa(Y$#d^gO?Nl1^e?jL)eQJP_V!Lu4X~w*5Kx*qf66Ya
z60PB$Y2egvSf8ZYE=(3ZKQZoLcA=e=HVlg%^UZE$=C>;vW%hALZp|k2gyO4q_TL9g
zR0nt#-F{)aA5Tey1L93T%jgg}$q5*iaRF`j+VJhznz<YGLAKTN%JR0HRk8Dfx4yEf
zH-vIbyi$!0$d6%sR$zDI3+<=-u+s<J#SFKrgOx3E%-gQ18IzEXO`wFY!Tl5csF^;A
zab$@#JV}Y3Tp}vW&Jil!EA_*=?tjJ0NwDZ9&n-e3?($aZTT82)gq*~pCI{G|Mog-|
zLm|>;LuAP@>1Sg^!q{hVveg-ymkPN$%saySw`qn`a$hYGeJ13Mt~y!LJltKfHFq*#
z_DqXhn9QH-BK%x>I#kV8uzWi@ypF|ef_5=6qLq1T`QwOar{JR3Z;^qHpweT)7g>b&
ziM)dQ-Ph^sJM01@Y;e-W<1^B{sj|vG_!q>kuh%j!9xijdkrwbmQW||bssa^lP(NG-
zWLPSv6px+9`g9u{jJBJIZy+D_6swh^zQ;3QM<aZWjqB5UDN?yhBeCwhsY$3!{n@$L
zoQiy(Z<=m0+8Qr|FJCVC)6M40Zi4A_TkYW>^WSP0c@-XPJer)gY$KlO%SuJo#6e1y
zUrgiK3aJztH)p;u($y2kw%t&W%yF%guzp6exliyt=W$$<bJ*z{fG_p&JcfC%ebeM}
z2HI}SMZfE*igY{LBCXsr#buBc_C4RuAG^WI6R=K)+E~OoK{XK#Sk=bm=r$Y}Z9j3l
z@ZV3O1mTFuBO@xQXg;5`gxv~<%(GEkdun|3!$Y}7#M|F*(N-LoKY1jQI{NhKF~;)A
zih9z`2Dz6jz%`=oe)OR<3$O=ZNtqGGAa+Y1Cq9T#I5dR?H|?$+9H9b|jZhW<k#+zE
zNbepN7KW9~1m8t%hL_0;*AEn`bWT1yfx#nJ?DImwW!3ABd08x~z$R>?j-{Ku^jWzR
z(I*yeQeU>%xWkSA_(u?;-YTR%=**`wj=L%FO`Wf3bc^nfNxIcTi6FN+%^%_oar=VB
zqZ%ZAmvc|&?x%MRI2<*+TK=VAZ4`k@d~Ly;cK=N1h-ZS5p?L-#5UctE%}!B2<eRN5
z5t560VV9R$!S}cW`JMYtFQ50Bo?(6PAKz;$2SO$u?tCsSRn_eO{+uBpU&nvGh2Hhw
zHXd0slHvcFV!*wVzxhukfBMTl|Lu&CdqS=ExAXtMf8@2&UoFVt*M(BTw+XjUCh!xr
z7Y|P!$bYUIe)*5l@kcS;QNx8&*FkP|SR}4TuI(pye?4>w<t@!Vj*R(DtVoI?ZuA&0
z(h1VrwnI$Xzy0@3TYdf)2cbV_-cNgJil?~*>=vyug7lY8m);2$`&BUU{)iQXIdytr
zkMTS#@^wXc;1x6XQcviT{*M<sC0QUJ=KuB4{y(mUzThy$>1O1KnJ)!<!1>Z~ZS_@a
zarxu9Jws+qGqau-$Aq7kWqDJ?+6+w4t_vMdHTmE87gu>Wg*kWf%mmZM1amXq)F#e0
zKsRnwrL@Kfk1joPQXSvQ6yJ4Kzx<e&X#L&a`{s3H7qubczUuDLQdnqo$I>jFYjhXl
z<iXb>M@eO@e`RNS=KxMvujeK-&KgsVd`dBdpOb^K;BqUfZfBV;kz0qb*5{-a<hm4R
zTB}H*m8@?udk^os9x}~cbNLTpuSXGp1H?q=&A5P2q+ld-BzL5{WlN;&ScW>gt6x6h
zX3sEJ%^o0j0Qy!P@7W7ExZS*n?@SPpj0xcP(CFrz@b5JTl_ZMx!4rt<M4=*&MWOlv
z{i%`4qZl3$A%Yt2RAA4qRH;hX*<ArXC{#-ZvF-Z(jdb!*d&s|{r{XfjPxU4ir7rW!
zUE0{Y#mWk_V_NHUGKM(e;DV*83Gu0HHy^B7=Hj2#LHm{eYJ(U7)0hLuajq^vXfm%u
zSZ@Q>hN1t-a=tCaCvEwJ%^c+sinBsi9v!5=%ASZ)mM4L^QCpk2fVu3W<I}=v*@*yH
zov6~)O%IDeplD&hm@JA{&nNr?47<iEzi`%0pi9kh4>a2jf_Em|0*Z?rz~s|$-u-~-
z4zu_`d`>)OENZ%`F$HXaoLl=7&eE$`m#86v{nFA>EOWB)b1=Gr{#TVV;3T!yWPQYV
zYSX4?>)=Q~V(LCBvw)M2`d>VP5eiYDNZA0Ly{pJV7?5~Kr$yAX3bOps-NDaZWT~|W
z#)~NfZeo;bL_$g$9PzaoW^S+oNXS-REfh^arad{AGta^T1&nwRc`E!1){FOmG@g*3
z|IVWF*az`5`XucA>(?WgrS0vfJ3efzpB!-3mm@fcY-9~PApll3P;G!w(zey|l|}Dp
zzX0KNw6@*_dBlB)D6(B1eUAe%n_yl4<_%w|fA}(_GAeD<5drgw4a9?xt+<DZ%mztJ
z6py(8Kp0?Cx(dt#2*l!t8qyaC<=Q!uRxp6oWt(o4t=7(2?UrH<{2W#LIaMKNgaJ6;
z7&E9@_LInLUeM^=5Fz_b-lsAU3Jw#b>WZ~RJ)B@4RSOCphjs5ph`j?tapt09Iv|N!
zT<ZORR|I6HVLnC&RdIQM#-OXeOh<Q;*NDTmKC^QGzw<00*4KoD#+^kdokzueNkQ{(
z64N3}|5wl>{IfE$o&p$mMXDCBAbk%cn(Kge=UCR9iE&$|04x^@_HoApW+9O1MyN?6
zLo>w30kLLtS}qM)8u9&}kul>xax4up`&egoUxWw&SDUj+0${+Mu>(!DEdBm$)kd8j
zT43o!oE*=YbD0m<gJ$G=Ru-41;dJuq*uu(c164Lmu{$73L7tfu$c(#_M>`G>3G5AX
z`YtazZCDz2)%Th6gpTpwzSM9H0;evZn7r0-nBs-;|L%Mpkpmd=K}0(wxXY`RdpVsr
z5fKm&KtkyUaCiVKkAADhr4tDVeRmLmG0#TgZ6@aU@(e%VzhY2Q{YlMA`<)|6H@k0=
zt-qD_1;e(v%>XXPTfbhG`nBt;6+P@%&6po$W@Tyj&dWb_TC}2dw55c5fM?hh%vi1$
zbm>-6|2pID5duc+j4d$JUOkMm$y2%u)Z>2!mYM-+Y5GO<;__kq_AH3TjhA=9fJWgj
zjo9^?`oO|Kl`stl2jbRdv@~orH2ZRWFkcdavfj3^RCz#TA<z+lvHTF?SeQl&zeMxf
zPaX~X0xg-9d+b6r2%g%K38+A|^iw}i9;CGZIptW@;liqip_N1rr*Yctq2gBzWv^F$
zZ}YF*<l~Eg)Hc|t?nm73G+U!v9y3Z$F4}b5KX^Ux{AHf??78RSuK=Nd=>zbCAz_>x
zpdszPG{x)JZ?YS9YQfa%8W``vd{5}WmJ8ljD`5YG)rS_9$)%+cD19<0<%7E~bGAu7
zd2$W{5|bgg7p8OJ_w_)A;3{25dkGVnJHm*J>UdT1__#<lT-Xif;Rk>hO|Cg6HK={m
zQ8LL?*(MO{LhWn8SQ5x;Oe`$8Fysg-8h_*41JDz^v)7A*GS8l|!we5*!w{o)vmt=0
zqh3KK9vES;PQu|b1qTJS!&KN)c4KYofKKkErtFIsH&qKwUoA)R0y1EE>^N7~VfdbS
zR4_#{AO^CLH5~W!SgL-X0|qW8a=X5KxuRxS^Zr2S{1Ic(VbEWlCS&K>3o)d#e%BzC
ztV&qU_nA`hm-2FFAb$;&*dX5RZP{?x6Nmsm57fcIfq{<{bQlyB6>pt`C7SU4oR}9u
zqJlXiGP4a3T8B(`KcMoR+u!~MjBnWFK&=-rCz{pMgFEo&&mR>|rh=i2=Pwk`Aj)g?
zfs?8VCnBFerC2=2V@@l}W9p>+;)Am}{Yh+bZ{q~8M<l3K*W^P6wc2)ng>f2D9z0@<
zP%3D9da}S^MtOfJc0V+;@Pxd;FiKuk=kBw71)7Iy37wce1Qhx+T_pBHCMTUv>MtH@
zc=H?!aa<TJ+bQALv2@)zZ08-MA%qClCiLvWY>RTaE|YmtWM!q0KOKMbxbR{_>>ox!
z22UvhGK=lZ=cdKPmko`KFwIkvDZ6gvo%e<2`&&v1A{*~;T_Zi17-@`DE&8!EHUZ>6
zg11@dL6Z0IS{N|s?3!<@oS(8JFB&mBGJAO+GAP2TTR$&<{YuKm$M>tFLsH%pro-*A
z!m?K{US(!B6KS@;Tc$oOs!nrqu&F?zr~__+07T`jRJf4Kd+N1R%9xnkp@ZOI{*gi*
za$Jj({g<D=epx#hD+>>g?J%L@vV@FuFchpyQ%p}4RA@;TcK9+{F3=u*z*w3En<0-I
zZ<O3~uoBf}_!;=gI#{olMw^N>UBi3&`fP2TTZaoe2zJdS4%kJ;imj$)8*P8;=q8_q
zgdR*9^eNAG)jJ#O!hO-KJslZheRA9`!`}U|i3wRZH(_8i!y=>);Eg~pF8@hLMsaR!
zkvW{K(yPgEkByB{3;c*>R&^6S=u7YIi#FKzqX62q>QPHsS()RpDl5b-NCLE-A`=6x
zkr6wG=W|z^8{l@5T$ud9k_V`2EWV+4zp;`0epV;W!tMGl%^0y0A0Dn<o0f!g;kWS1
zY<31lFA5IpjOO^pkY5L0L|whM@7?ZmCmK<<#5kV|XcTK(FdiNmIjdd@_MZVruG}qK
z?*K|F<s9o9HIpPNs;Y(;?&to{zEsnC)hqq@sml?LimHl(wg#`+iTU*J_isewFUqJh
zUiM#2sc^!VyoP<o=x&CR?v~Af9o`9#(}&NWNs@)u@!=tUIJ?VcY+`aRLB79Y^$ZM?
z>J$|PV!r%rJv=OXvH1StPAo6^tT(aSx6Dj12^SZu6CYL?2~$@B(H7kgW-S7bq2Ati
z_Q9bm<+(8s;tIa%VZZ@*8_f%S7yzKFc<;af@daF_+qYq4)dk<mNblaza1q3xk^^>X
z=G<mxW)L#nH8j*z>vN7%Ix#OVWP2O@?U^d3DJ5)T*F0;!?H^&EaYdrwMLoP=RB`6Q
zFp*1A((Ea8piSbTP+7fg@5Zh5aO?Qk^+`)JK(3~PyL_-{{QU#i669l?{}`P+?<=R+
zcTUAE-|@Vlpdk5&nxw}e7~j7uJ+-i4eJx$*WHQ!ISM}IlmMrKIsC<ahl5>qVNYj6g
zPFcp?;?AyHbkY!V6S8?C1>&gww<Z`jY@Rf+hKa)ur=@`^5WCvGYRBbT(8q$M(5iLp
zZ+bRRGmwOS4%C#Zc5`yFnnzS}<vB(i>gwv7lGhwA6L)bUni+F)+@=slqDOdkC8M9)
zjxIwcRh+I26K_e$;bEwSRYf*YK%=LAk<IZTFC~?jK$-D<%d%^%@4{dpL&bdoE41Zj
zsa*%iPG$UQ1SK3Dd9yP#iAJ3&ZKhwinH4MR_w^q~M@3OUk{QUsXkd&1)WzL~b%Wx5
zyH5>r9~IMI*evd{$+$T9+>i==rhdeo{<M62z(9``Q?2Z^ne)m{{}GsHa8k~8Nml(r
zTbS0Ow^VjG`>Uz{$~(w|28}v5Rb9SIqw;n1aUkzcCy(jjJ_C;(O=t^_mh?{`yk<-e
zj&>~As$k}Z)5P66_xSNR=E%<#s<Lr`s+QT@c8ao3S!k@Ru~yyZihaWaYFxthJk&hF
zA$U=Z8DSB@7A~}9pD46gGnC#5U%X0PX|Dcqv7lt^?BQww0VF~BrFJA={B3h_L#=Z6
zw-gCUYXVfxN@Z^<G~n=dnB%rcyme0VXjrs8hPUO<eUoD6J$AaNT@1JCfRQCs=hW>i
zwaQkGFJA!1?9X!X2eY9(sBWA?oS(nQx_a6BUQ?)F!sy*>L_wRDfH>NMovwhE(0bQI
zmYK+qAvrGSBZ~7zX<8hwXP!>`h#Ncu`-Mh%P1`0Rpilvp4D3}-=`tPK@m-f?E|<=V
zLSJ>^ZYMwCal^TJnm>aP$wA>1^$WIyZx&%8gaik_X&kM8#!8~C%@*6$-Y$c9d4Y%n
zgjK*!1l%6Ra}=vljY2J;7z23{EbCwG?Kio(iGYgt`0-iTy&_jdG&E?p$o@Qj@+2YG
z8VA-A5b|D;<HEoWsP6FVbjQmbp%??$5hAwx&r8DCPTq>m)$KM*=t$}ETG)#7k7>V`
zT7=!!r&0^>DLqSRAzQ;Sq*6JsDWs#!-HoRD<1l@Nq_MK~-hnRRHdq2*KpzAjqeP!N
zBkdTa1m_dj88G>iE<1SZkFv>5yA6_JduLkJoA6w%4Y~&(J1WZA>1wm8-Y=M(Wsv1Z
zBr7XRp{$}xiBp!T*<)75F)%RiKYsY&`Oacw{F%+QtA9s?23kKzx7SQxIm*?)&~M}1
z8{A4BJf0<Lv1h3F{B^ex)P$fJA-9dJ@%TNZOA|g@oiUWx#CmHImwU2dX=^R~;aba@
z@?#>E@H_v$;AEcpt4pFE59o!cZfZEce(J33kj>s{N)RCUGGpp<>Q1v<#P`4J9U61C
zyY?*~N=9BYunkTc6FqC$`Pa%9pn%_%R2g<hukf3t*&UPqLDT?Yh&8I-Z4F^Nr|;zw
z&T^WiU1!GToh@81+r!bDi@c<~QMJo~tll==$7piba<8&ePccu%O8<*x)K#wE&89=Y
z`NPX=Cv=-%xc~KN?&>j};UXV`JqSc;qtDb4{PNltI7Se(`iC2Cp)vOrpKzkbFyNoZ
M;xZ4jM72Er2k!S~tpET3

literal 0
HcmV?d00001


From 7ba37fb6b0e69a827117de2b28dae93159761b5a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 21 Aug 2020 10:35:12 -0700
Subject: [PATCH 65/66] Update edr-in-block-mode.md

---
 .../microsoft-defender-atp/edr-in-block-mode.md               | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index c88a77bc73..9e3ec941bb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -87,7 +87,9 @@ Because Microsoft Defender Antivirus detects and remediates malicious items, it'
 
 Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
 
-## Related articles
+## See also
+
+[Tech Community blog: Introducing EDR in block mode: Stopping attacks in their tracks](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/introducing-edr-in-block-mode-stopping-attacks-in-their-tracks/ba-p/1596617)
 
 [Behavioral blocking and containment](behavioral-blocking-containment.md)
 

From 547126da63fcc753860bdf845925192d75d50120 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 21 Aug 2020 10:42:05 -0700
Subject: [PATCH 66/66] Update edr-in-block-mode.md

---
 .../microsoft-defender-atp/edr-in-block-mode.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 9e3ec941bb..29b20bcf7f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -26,7 +26,7 @@ ms.date: 08/21/2020
 
 ## What is EDR in block mode?
 
-When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. 
+When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Microsoft Defender ATP blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach. 
 
 EDR in block mode is also integrated with [threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Your organization's security team will get a [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) to turn EDR in block mode on if it isn't already enabled.