From ef0cd33d1d14e167b360b7cd3fd23d570f554b58 Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Tue, 17 Aug 2021 10:38:04 -0700
Subject: [PATCH 001/105] AADS query update

AADS query update
---
 .../identity-protection/hello-for-business/hello-faq.yml     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 405b6710ad..3a715535a6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -219,4 +219,7 @@ sections:
           
       - question: Does Windows Hello for Business work with Mac and Linux clients?
         answer: |
-          Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
\ No newline at end of file
+          Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
+
+         question: Does Windows Hello for Business work with AADS clients?
+        answer: No, AAD DS is seperate on-prem enviornment and device registration with cloud (Azure AD) not available for them via ADConnect.

From 3340cf5e13d033e17beb0870569512218639433e Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Wed, 18 Aug 2021 07:45:54 -0700
Subject: [PATCH 002/105] updated AAD DS and expand them

updated AAD DS and expand them
---
 .../identity-protection/hello-for-business/hello-faq.yml      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 3a715535a6..65c19ff255 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -221,5 +221,5 @@ sections:
         answer: |
           Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
 
-         question: Does Windows Hello for Business work with AADS clients?
-        answer: No, AAD DS is seperate on-prem enviornment and device registration with cloud (Azure AD) not available for them via ADConnect.
+         question: Does Windows Hello for Business work with Azure AD Domain Services (AAD DS) clients?
+        answer: No, Azure AD Domain Service is a seperate managed enviornment in Azure and hybrid device registration with cloud (Azure AD) not available for them via ADConnect. Hence they can not perform WHFB with Azure AD.

From 5e7f41f67f99d943ec6cd5daced76d2b5092e5c6 Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Wed, 18 Aug 2021 07:48:17 -0700
Subject: [PATCH 003/105] - added

- added before question
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 65c19ff255..d774f0890f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -221,5 +221,5 @@ sections:
         answer: |
           Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
 
-         question: Does Windows Hello for Business work with Azure AD Domain Services (AAD DS) clients?
+      - question: Does Windows Hello for Business work with Azure AD Domain Services (AAD DS) clients?
         answer: No, Azure AD Domain Service is a seperate managed enviornment in Azure and hybrid device registration with cloud (Azure AD) not available for them via ADConnect. Hence they can not perform WHFB with Azure AD.

From 76182769f5889e4a19ed0ad7bebdb9d148d2bd72 Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Thu, 19 Aug 2021 17:58:31 -0700
Subject: [PATCH 004/105] Update
 windows/security/identity-protection/hello-for-business/hello-faq.yml

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index d774f0890f..7d470d3748 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -222,4 +222,4 @@ sections:
           Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
 
       - question: Does Windows Hello for Business work with Azure AD Domain Services (AAD DS) clients?
-        answer: No, Azure AD Domain Service is a seperate managed enviornment in Azure and hybrid device registration with cloud (Azure AD) not available for them via ADConnect. Hence they can not perform WHFB with Azure AD.
+        answer: No, AAD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD is not available for it via Azure AD Connect. Hence, Windows Hello for Business does not work with Azure AD.

From 22099b37d5ee6c1c2dabc123b1390fca29d94dbd Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Thu, 19 Aug 2021 18:01:51 -0700
Subject: [PATCH 005/105] updated as per Matthew's suggestions

updated as per Matthew's suggestions
---
 .../identity-protection/hello-for-business/hello-faq.yml      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 7d470d3748..a6c2533e72 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -221,5 +221,5 @@ sections:
         answer: |
           Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
 
-      - question: Does Windows Hello for Business work with Azure AD Domain Services (AAD DS) clients?
-        answer: No, AAD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD is not available for it via Azure AD Connect. Hence, Windows Hello for Business does not work with Azure AD.
+      - question: Does Windows Hello for Business work with Azure Active Directory Domain Services (Azure AD DS) clients?
+        answer: No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD is not available for it via Azure AD Connect. Hence, Windows Hello for Business does not work with Azure AD.

From f4d31b487e0f58220b1f916837dc8dddad1479b2 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <v-lsaldanha@microsoft.com>
Date: Thu, 2 Sep 2021 14:44:14 +0530
Subject: [PATCH 006/105] update-5388078

updated per task 5388078 - Windows 11 update
---
 .../administrative-tools-in-windows-10.md                | 9 +++++----
 .../advanced-troubleshooting-boot-problems.md            | 3 +--
 windows/client-management/connect-to-remote-aadj-pc.md   | 1 +
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 6da0fdfdb9..6f70ffdfb5 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -1,5 +1,5 @@
 ---
-title: Administrative Tools in Windows 10 (Windows 10)
+title: Administrative Tools in Windows (Windows 10 and Windows 11)
 description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.
 ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
 ms.reviewer: 
@@ -14,12 +14,13 @@ ms.date: 07/27/2017
 ms.topic: article
 ---
 
-# Administrative Tools in Windows 10
+# Administrative Tools in Windows
 
 
 **Applies to**
 
--   Windows 10
+-  Windows 10
+-  Windows 11
 
 Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. 
 
@@ -29,7 +30,7 @@ The tools in the folder might vary depending on which edition of Windows you are
 
 ![Screenshot of folder of admin tools.](images/admin-tools-folder.png)
 
-These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows 10. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders.
+These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders.
 
  
 
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index d039c10c17..493bf99dba 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -31,8 +31,7 @@ There are several reasons why a Windows-based computer may have problems during
 
 **1. PreBoot**
 
-The PC’s firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot
-Manager.
+The PC’s firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
 
 **2. Windows Boot Manager**
 
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 4d8f35673e..a038b6738d 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -21,6 +21,7 @@ ms.topic: article
 **Applies to**
 
 - Windows 10
+- Windows 11
 
 From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
 

From 84e0dd479c2a03113a665fad621cf506cb1cccdc Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <v-lsaldanha@microsoft.com>
Date: Tue, 7 Sep 2021 10:17:54 +0530
Subject: [PATCH 007/105] update-windows11-5388078

updated windows 11 terms per task 5388078
---
 ...nced-troubleshooting-802-authentication.md |  2 +-
 .../determine-appropriate-page-file-size.md   |  2 +-
 ...s-for-enterprise-and-education-editions.md |  1 +
 .../manage-corporate-devices.md               | 25 ++++++++++---------
 ...e-device-installation-with-group-policy.md | 11 ++++----
 .../manage-settings-app-with-group-policy.md  |  2 +-
 .../mandatory-user-profile.md                 |  1 +
 .../new-policies-for-windows-10.md            |  1 +
 .../troubleshoot-tcpip-port-exhaust.md        |  2 +-
 .../client-management/windows-libraries.md    |  2 +-
 10 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index c2a8ea0c57..80304a3e5f 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -21,7 +21,7 @@ This article includes general troubleshooting for 802.1X wireless and wired clie
  
 ## Scenarios
 
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
+This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
  
 ## Known issues
 
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
index 8daf0f4ce4..da6bb869ab 100644
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ b/windows/client-management/determine-appropriate-page-file-size.md
@@ -74,7 +74,7 @@ By default, page files are system-managed. This means that the page files increa
 
 For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. This all assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
 
-The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10.
+The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10 and Windows 11.
 
 |Minimum page file size	|Maximum page file size|
 |---------------|------------------|
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index 8b2eb55f2f..12d6c0051f 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -18,6 +18,7 @@ ms.topic: troubleshooting
 **Applies to**
 
 -   Windows 10
+-   Windows 11
 
 In Windows 10, version 1607, the following Group Policy settings apply only to Windows 10 Enterprise and Windows 10 Education.
 
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index f7fdbd3994..fec82aeb5a 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -1,6 +1,6 @@
 ---
-title: Manage corporate devices (Windows 10)
-description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones.
+title: Manage corporate devices (Windows 10 and Windows 11)
+description: You can use the same management tools to manage all device types running Windows 10 and Windows 11 desktops, laptops, tablets, and phones.
 ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
 ms.reviewer: 
 manager: dansimp
@@ -22,20 +22,21 @@ ms.topic: article
 **Applies to**
 
 -   Windows 10
+-   Windows 11
 
-You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10.
+You can use the same management tools to manage all device types running Windows 10 and Windows 11 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11.
 
 ## In this section
 
 | Topic | Description |
 | --- | --- |
-| [Manage Windows 10 in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | Strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment | 
+| [Manage Windows 10 (and Windows 11) in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | Strategies for deploying and managing Windows 10 (and Windows 11), including deploying Windows 10 (and Windows 11) in a mixed environment | 
 | [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md) | How to use Remote Desktop Connection to connect to an Azure AD-joined PC |
-| [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions) | Options to manage user experiences to provide a consistent and predictable experience for employees |
-| [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
+| [Manage Windows 10 (and Windows 11) and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions) | Options to manage user experiences to provide a consistent and predictable experience for employees |
+| [New policies for Windows 10 (and Windows 11)](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
 | [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education |
-| [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start |
-| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 in their organizations |
+| [Changes to Group Policy settings for Start in Windows 10 (and Windows 11)](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start |
+| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 (and Windows 11) in their organizations |
 
 
 ## Learn more
@@ -46,13 +47,13 @@ You can use the same management tools to manage all device types running Windows
 
 [Microsoft Intune End User Enrollment Guide](/samples/browse/?redirectedfrom=TechNet-Gallery)
 
-[Azure AD Join on Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616791)
+[Azure AD Join on Windows 10 (and Windows 11) devices](https://go.microsoft.com/fwlink/p/?LinkId=616791)
 
-[Azure AD support for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=615765)
+[Azure AD support for Windows 10 (and Windows 11)](https://go.microsoft.com/fwlink/p/?LinkID=615765)
 
-[Windows 10 and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
+[Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
 
-[How to manage Windows 10 devices using Intune](https://go.microsoft.com/fwlink/p/?LinkId=613620)
+[How to manage Windows 10 (and Windows 11) devices using Intune](https://go.microsoft.com/fwlink/p/?LinkId=613620)
 
 [Using Intune alone and with Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=613207)
 
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index db00986ab0..50d666639a 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -1,5 +1,5 @@
 ---
-title: Manage Device Installation with Group Policy (Windows 10)
+title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
 description: Find out how to manage Device Installation Restrictions with Group Policy.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -14,14 +14,13 @@ ms.topic: article
 
 # Manage Device Installation with Group Policy
 
-
 **Applies to**
 
 - Windows 10, Windows Server 2022
-
+- Windows 11
 
 ## Summary
-By using Windows 10 operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
+By using Windows 10 (and Windows 11) operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
 
 ## Introduction
 
@@ -44,7 +43,7 @@ It is important to understand that the Group Policies that are presented in this
 
 This guide is targeted at the following audiences:
 
-- Information technology planners and analysts who are evaluating Windows 10 and Windows Server 2022
+- Information technology planners and analysts who are evaluating Windows 10 (and Windows 11) and Windows Server 2022
 - Enterprise information technology planners and designers
 - Security architects who are responsible for implementing trustworthy computing in their organization
 - Administrators who want to become familiar with the technology
@@ -223,7 +222,7 @@ Some of these policies take precedence over other policies. The flowchart shown
 
 To complete each of the scenarios, please ensure your have:
 
-- A client computer running Windows 10.
+- A client computer running Windows 10 (and Windows 11).
 
 - A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives do not require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build.
 
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index f64ee0de0c..03a62619ca 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -14,10 +14,10 @@ ms.topic: article
 
 # Manage the Settings app with Group Policy
 
-
 **Applies to**
 
 -   Windows 10, Windows Server 2016
+-   Windows 11
 
 You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
 To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 7b77f47742..3ba302eee0 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -17,6 +17,7 @@ ms.topic: article
 
 **Applies to**
 - Windows 10
+- Windows 11
 
 A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
 
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 183335b55e..06f5b50ca7 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -21,6 +21,7 @@ ms.topic: reference
 **Applies to**
 
 -   Windows 10
+-   Windows 11
 
 As of September 2020 This page will no longer be updated. To find the Group Polices that ship in each version of Windows,  refer to the Group Policy Settings Reference Spreadsheet. You can always locate the most recent version of the Spreadsheet by searching the Internet for "Windows Version + Group Policy Settings Reference".
 
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 4c1e8b1b7f..26ba85c430 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -196,4 +196,4 @@ goto loop
 
 - [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status
 
-- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10)
+- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11)
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index a287d48be1..66162e05f3 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -14,7 +14,7 @@ ms.date: 04/19/2017
 ---
 # Windows libraries
 
-> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
+> Applies to: Windows 10, Windows 11, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
 
 Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location.
 

From 8d5428e1955ced860617b80210a7624c9ffcc0dc Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Mon, 27 Sep 2021 22:55:37 -0700
Subject: [PATCH 008/105] update for win 11

Updates to the documentation for Windows 11.
TODO: Add section for attestation flow based on MAA.
TODO: Add links to MAA documentation
---
 .../mdm/healthattestation-csp.md              | 225 ++++++++++++++++--
 1 file changed, 211 insertions(+), 14 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index e570b9890d..c18c474d71 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -23,7 +23,204 @@ The following is a list of functions performed by the Device HealthAttestation C
 -   Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
 -   Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data
 
-## Terms
+## Windhows 11 Device HealthAttestation
+
+>Windows 11 introduces an update to the device health attestation feature bringing in support for deeper insights into windows boot security, enhancing zero trust solutions. Device health attestation on windows can be accessed via the HealthAttestation CSP which enables enterprise device managers to assess if a device is booted to a trusted and compliant state and take enterprise policy actions. Windows 11 introduces additional child nodes to the HealthAttestation node for the MDM providers to connect to the Microsoft Azure Attestation service which provides a simplified approach to attestation.
+The attested report provides a health assessment of the boot time properties of the device to ensure that the devices are automatically secure from the first power on. The health attestation result can then be used to allow or deny access to networks, apps, or services, based on whether devices prove to be healthy.
+
+### Terms
+**TPM (Trusted Platform Module)**
+<p>TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption and signing.</p>
+
+**DHA (Device HealthAttestation) feature**
+<p>The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.</p>
+
+**MAA-Session (Microsoft Azure Attestaiton service based device HealthAttestation session)**
+<p>The Microsoft Azure Attestaiton service based device HealthAttestation session (MAA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.</p>
+
+**MAA-CSP (Microsoft Azure Attestaiton based Configuration Service Provider)**
+<p>The Configuration Service Provider nodes added to Windhows 11 to integrate with Microsoft Azure Attestation Service.</p>
+<p>The following list of operations is performed by MAA-CSP:</p>
+<ul>
+<li>Receives attestation trigger requests from a HealthAttestation enabled MDM provider.</li>
+<li>The device collects Attestation Evidence (device boot logs, TPM audit trails and the TPM certificate) from a managed device.</li>
+<li>Forwards the Attestation Evidence to the Azure Attestation Service instance as configured by the MDM provider.</li>
+<li>Receives a signed report from the Azure Attestation Service instance and stores it in a local cache on the device.</li>
+</ul>
+
+### Attestation Flow with Microsoft Azure Attestation Service
+
+
+### Configuration Service Provider Nodes
+Windows 11 introduces additions to the HealthAttestation CSP node to integrate with Microsoft Azure Attestaiton service.
+```
+./Vendor/MSFT
+HealthAttestation
+----...
+----TriggerAttestation
+----CurrentProtocolVersion
+----PreferredMaxProtocolVersion
+----MaxSupportedProtocolVersion
+```
+
+<a href="" id="healthattestation"></a>**./Vendor/MSFT/HealthAttestation**  
+<p>The root node for the device HealthAttestation configuration service provider.</p>
+
+<a href="" id="triggerAttestation"></a>**TriggerAttestation** (Required)  
+<p>Node type: EXECUTE
+This node will trigger attestation flow by launching an attestation process. If a process is already running, this node will return code 202 indicating the request is received and being processed. Otherwise, an error will be returned.
+</p>
+
+<p>Templated SyncML Call:</p>
+
+    <SyncML xmlns="SYNCML:SYNCML1.2">
+        <SyncBody>
+            <Exec>
+                <CmdID>VERIFYHEALTHV2</CmdID>
+                <Item>
+                    <Target>
+                        <LocURI>
+                            ./Vendor/MSFT/HealthAttestation/TriggerAttestation
+                        </LocURI>
+                    </Target>
+                    <Data>
+                        {
+                        rpID : "rpID", serviceEndpoint : “MAA endpoint”,
+                        nonce : “nonce”, aadToken : “aadToken”, "cv" : "CorrelationVector"
+                        }                    
+                    </Data>
+                </Item>
+            </Exec>
+            <Final/>
+        </SyncBody>
+    </SyncML>
+
+<p>Data fields:</p>
+<ul>
+<li>rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller.</li>
+<li>serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation.</li>
+<li>nonce : This field contains an arbitrary number that can be used just once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.</li>
+<li>aadToken : The AAD token to used for authentication against the Microsoft Azure Attestation service.</li>
+<li>cv : This field contains an identifier(Correlation Vector) that will passed in to the service call, that can be used for diagnostics purposes.</li>
+</ul>
+
+<p>Sample Data:</p>
+
+     <Data>
+     { 
+     "rpid" : "https://www.contoso.com/attestation",
+      "endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01",
+      "nonce" : "5468697320697320612054657374204e6f6e6365",
+      "aadToken" : "dummytokenstring",
+      "cv" : "testonboarded" 
+     }
+     </Data>
+
+<a href="" id="AttestStatus"></a>**AttestStatus**
+<p>Node type: GET
+This node will retrieve the status(HRESULT value) stored in registry updated by the attestation process triggered in the previous step.
+The status is always cleared prior to making the attest service call.
+</p>
+
+<p>Templated SyncML Call:</p>
+
+    <SyncML xmlns="SYNCML:SYNCML1.2">
+      <SyncBody>
+        <Get>
+          <Item>
+            <Target>
+              <LocURI>
+                ./Device/Vendor/MSFT/HealthAttestation/AttestStatus
+              </LocURI>
+            </Target>
+          </Item>
+        </Get>
+        <Final/> 
+      </SyncBody>
+    </SyncML>
+
+<p>Sample Data:</p>
+
+     If Successful: 0
+     If Failed: A corresponding HRESULT error code
+     Example: 0x80072efd,  WININET_E_CANNOT_CONNECT
+
+<a href="" id="getAttestReport"></a>**GetAttestReport**
+<p>Node type: GET
+This node will retrieve the attestation report per the call made by the TriggerAttestation, if there is any, for the given MDM provider. The report is stored in a registry key in the respective MDM enrollment store.
+</p>
+
+<p>Templated SyncML Call:</p>
+
+     <SyncML xmlns="SYNCML:SYNCML1.2">
+       <SyncBody>
+         <Get>
+           <Item>
+             <Target>
+               <LocURI>
+                 ./Device/Vendor/MSFT/HealthAttestation/GetAttestReport
+               </LocURI>
+             </Target>
+           </Item>
+         </Get>
+         <Final/> 
+       </SyncBody>
+     </SyncML>
+
+<p>Sample data:</p>
+
+     If Success:
+     JWT token: aaaaaaaaaaaaa.bbbbbbbbbbbbb.cccccccccc
+     If failed:
+     Previously cached report if available (the token may have already expired per the attestation policy).
+     OR Sync ML 404 error if not cached report available.
+
+<a href="" id="getServiceCorrelationIDs"></a>**GetServiceCorrelationIDs**
+<p>Node type: GET
+This node will retrieve the service generated correlation IDs for the given MDM provider. If there are more than one correlation id, they are separated by “;” in the string.
+</p>
+<p>Templated SyncML Call:</p>
+
+     <SyncML xmlns="SYNCML:SYNCML1.2">
+       <SyncBody>
+         <Get>
+           <Item>
+             <Target>
+               <LocURI>
+                 ./Device/Vendor/MSFT/HealthAttestation/GetServiceCorrelationIDs
+               </LocURI>
+             </Target>
+           </Item>
+         </Get>
+         <Final/> 
+       </SyncBody>
+     </SyncML>
+
+<p>Sample data:</p>
+
+    If success:
+    GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM
+    If Trigger Attestation call failed and no previous data is present. The field remains empty.
+    Otherwise, the last service correlation id will be returned.
+
+### MAA CSP Intergation Steps
+<ol>
+<li>Setup a MAA provider instance:
+MAA instance can be created following the steps here Quickstart: Set up Azure Attestation by using the Azure portal | Microsoft Docs.</li>
+<li>Update the provider with an appropriate policy:
+The MAA instance should be updated with an appropriate policy. How to author an Azure Attestation policy | Microsoft Docs
+A Sample attestation policy that only checks for secureboot is here:
+TODO</li>
+<li>Call TriggerAttestation with your rpid, AAD token and the attestURI:
+Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Azure Attestation) | Microsoft Docs</li>
+<li>Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties:
+The decoded JWT token contains information per the attestation policy.
+{ "typ": "JWT", "alg": "RS256", "x5c": [ "MIIDcDCCAligAwIBAgIQOLMUhXOEQ2axV6zXp/KvnzANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDEypBdHRlc3RhdGlvblNlcnZpY2UtTG9jYWxUZXN0LVJlcG9ydFNpZ25pbmcwHhcNMjAxMTI5MTExMjUyWhcNMjIxMTI5MTEyMjUyWjA1MTMwMQYDVQQDEypBdHRlc3RhdGlvblNlcnZpY2UtTG9jYWxUZXN0LVJlcG9ydFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuOlDyU1sYAuAV53n7TrmTU180bOREgfZoTsdOyllMcsKciTUWkTO0vKDa8CFwGEHmSVTAEngDIHw1putio84HKZdcI6nPt2B74kJ/+5ut8KGMWtBm6GFWwS0TXti1rE4Os1mPpCYAsUyKxaEw4lBbEzGa5mGx0SGLdseuUIiw23S695RLVCciDaAvf+q/gBScFgZJm2ZxgkyNF7+MSvnDMU1xv5YLDQeh3j5vZlstSq+rrRbB5SVnuD4cFBjvGW5lXBLxMEjpBXI6yzFmFuw/OjZ7VClk6HSNjvvhSwJu4F1oHuJ0oAuABOtPpRK/898Ru+9qS5ZMm79775nZK75AgMBAAGjfDB6MA4GA1UdDwEB/wQEAwIFoDAJBgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBR/8W25+uWj5sg8lEKKYy1gdCqWUTAdBgNVHQ4EFgQUf/Ftufrlo+bIPJRCimMtYHQqllEwDQYJKoZIhvcNAQELBQADggEBAJGfbRRvF3EpG6ZsOcSmWtu/1LDVZq+fGspjK/7+ImybEY/zC2CsWWpz7pT54KEGYe91q67nV5GZoSz7+O4A4A5QtMDFzOnrFVicDo5Cg2EDU4YQDN4j4DyrbttkQYiEiBFexJImrjIk4bfW2YqZjtzR7XFDsCsOAUHNY8cnnKaZCRbXrLwP/LUYAz/NVkttO4CW4U/8OZygrarfAsVrsCsx5o2mXBlaRYl5xECWfvT2YbCFuIt3gZR9sau65uMWthgyV0XAR7farxycfMEuBkyb+IVPwYW5QGFo5M8a78r/rFPdczGPlv0Qvg7zrBm775xs8O33V4nOmC1tfsxXUgw=" ], "kid": "e5j-rIjIITYTB9RQSgM-OzOWjXM" }.{ "nbf": 1629758941, "exp": 1630104841, "iat": 1629759241, "iss": "https://ulptestwin.eus.test.attest.azure.net", "jti": "e325dad03894f09b12c53f3b5eac5e36824c89ae", "ver": "1.0", "x-ms-ver": "1.0", "rp_data": "AQIDBA", "nonce": "AQIDBA", "cnf": { "jwk": { "kty": "RSA", "n": "vTCRaX0IZMsNHfJPOVyiYSCM2WABZmNo3PSVTOt9mh0vR4Mon080EGHM_V3afjKJ4NxmEZ01XeB-1TsuNM2-19_JMWZF-wiBTrBWEjcUQ84AxzukaWD1sMsH2kiqjaxXBHEUl8Hhq9SRjVEEdT-fKLOzBO070TffvRCKVxZIRI9Ry6E6K8gMEX3CH6Yk9b7clAua0MrUxd28hMxwx4hy1HyCsFSnXb_bIaqxLYjCxisc9mRx2vO6IuEqEVskSYDc-5f8u2G98ld6PuiMkAhvOOEBmaDlEksvUpnA8e9nWO98rg17pjyOms9GLvgKkSgOKbK8wQ-NuUyXutQfaN2MbQ", "e": "AQAB" } }, "x-ms-policy-hash": "BpV0Jxx6oZ2AjkgXx3Gj7JiJ1NpZWGppjdT2OTtBR4g", "AIKPresent": true, "BitlockerStatus": 1, "CodeIntegrityEnabled": true, "SafeMode": false, "SecureBootEnabled": true, "TpmVersion": 2, "VSMEnabled": true, "WinPE": false }.[Signature]</li>
+</ol>
+
+## Windhows 10 Device HealthAttestation
+
+### Terms
 
 **TPM (Trusted Platform Module)**
 <p>TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption and signing. </p>
@@ -173,7 +370,7 @@ The following is a list of functions performed by the Device HealthAttestation C
 </tbody>
 </table>
 
-## CSP diagram and node descriptions  
+### CSP diagram and node descriptions  
 
 
 The following shows the Device HealthAttestation configuration service provider in tree format.  
@@ -243,7 +440,7 @@ HealthAttestation
 <p>Added in Windows 10, version 1607 March service release. Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state.</p>
 <p>Value type is integer. The supported operation is Get.</p>
 
-## **DHA-CSP integration steps**
+### **DHA-CSP integration steps**
 
 
 The following list of validation and development tasks are required for integrating the Microsoft Device Health Attestation feature with a Windows Mobile device management solution (MDM):
@@ -260,7 +457,7 @@ The following list of validation and development tasks are required for integrat
 
 Each step is described in detail in the following sections of this topic.
 
-## <a href="" id="verify-access"></a>**Step 1: Verify HTTPS access**
+### <a href="" id="verify-access"></a>**Step 1: Verify HTTPS access**
 
 
 Validate that both the MDM server and the device (MDM client) can access has.spserv.microsoft.com using the TCP protocol over port 443 (HTTPS).
@@ -313,7 +510,7 @@ SSL-Session:
 ```
 
 
-## <a href="" id="assign-trusted-dha-service"></a>**Step 2: Assign an enterprise trusted DHA-Service**
+### <a href="" id="assign-trusted-dha-service"></a>**Step 2: Assign an enterprise trusted DHA-Service**
 
 There are three types of DHA-Service:
 - Device Health Attestation – Cloud (owned and operated by Microsoft)
@@ -339,7 +536,7 @@ The following example shows a sample call that instructs a managed device to com
 ```
 
 
-## <a href="" id="prepare-health-data"></a>**Step 3: Instruct client to prepare health data for verification**
+### <a href="" id="prepare-health-data"></a>**Step 3: Instruct client to prepare health data for verification**
 
 
 Send a SyncML call to start collection of the DHA-Data.
@@ -366,7 +563,7 @@ The following example shows a sample call that triggers collection and verificat
 </Get>
 ```
 
-## <a href="" id="take-action-client-response"></a>**Step 4: Take action based on the clients response**
+### <a href="" id="take-action-client-response"></a>**Step 4: Take action based on the clients response**
 
 
 After the client receives the health attestation request, it sends a response. The following list describes the responses, along with a recommended action to take.
@@ -394,7 +591,7 @@ Here is a sample alert that is issued by DHA_CSP:
 ```
 - If the response to the status node is not 0, 1 or 3, then troubleshoot the issue. For the complete list of status codes see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).
 
-## <a href="" id="forward-health-attestation"></a>**Step 5: Instruct the client to forward health attestation data for verification**
+### <a href="" id="forward-health-attestation"></a>**Step 5: Instruct the client to forward health attestation data for verification**
 
 
 Create a call to the **Nonce**, **Certificate** and **CorrelationId** nodes, and pick up an encrypted payload that includes a health certificate and related data from the device.
@@ -431,7 +628,7 @@ Here is an example:
 </Get>
 ```
 
-## <a href="" id="forward-data-to-has"></a>**Step 6: Forward device health attestation data to DHA-service**
+### <a href="" id="forward-data-to-has"></a>**Step 6: Forward device health attestation data to DHA-service**
 
 
 In response to the request that was sent in the previous step, the MDM client forwards an XML formatted blob (response from ./Vendor/MSFT/HealthAttestation/Certificate node) and a call identifier called CorrelationId (response  to ./Vendor/MSFT/HealthAttestation/CorrelationId node).
@@ -455,14 +652,14 @@ When the MDM-Server receives the above data, it must:
     - DHA-OnPrem or DHA-EMC: https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3
 
 
-## <a href="" id="receive-has-response"></a>**Step 7: Receive response from the DHA-service**
+### <a href="" id="receive-has-response"></a>**Step 7: Receive response from the DHA-service**
 
 When the Microsoft Device Health Attestation Service receives a request for verification, it performs the following steps:
 - Decrypts the encrypted data it receives.
 - Validates the data it has received 
 - Creates a report, and shares the evaluation results to the MDM server via SSL in XML format 
 
-## <a href="" id="take-policy-action"></a>**Step 8: Take appropriate policy action based on evaluation results**
+### <a href="" id="take-policy-action"></a>**Step 8: Take appropriate policy action based on evaluation results**
 
 
 After the MDM server receives the verified data, the information can be used to make policy decisions by evaluating the data. Some possible actions would be:
@@ -816,7 +1013,7 @@ Each of these are described in further detail in the following sections, along w
 
 <p>In case of a detected issue a list of impacted DHA-report elements will be listed under the HealthStatusMismatchFlags attribute.</p>
 
-## **Device HealthAttestation CSP status and error codes**
+### **Device HealthAttestation CSP status and error codes**
 
 <table>
     <tr>
@@ -1027,7 +1224,7 @@ Each of these are described in further detail in the following sections, along w
 
 </table>
 
-## DHA-Report V3 schema
+### DHA-Report V3 schema
 
 
 ```xml
@@ -1131,7 +1328,7 @@ Each of these are described in further detail in the following sections, along w
 </xs:schema>
 ```
 
-## DHA-Report example
+### DHA-Report example
 
 
 ```xml

From 96f9551f2040fbbae5aed97ea35e89d0773c60b3 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 28 Sep 2021 09:24:45 -0700
Subject: [PATCH 009/105] Update healthattestation-csp.md

edits (pass 1)
---
 .../mdm/healthattestation-csp.md              | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index c18c474d71..7c0aef670f 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -8,25 +8,26 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
+author: dansimp
+ms.date: 
 ---
 
 # Device HealthAttestation CSP
 
-The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
+The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT admins to assess if a device is booted to a trusted and compliant state, and to take enterprise policy actions.
 
 The following is a list of functions performed by the Device HealthAttestation CSP:
 
--   Collects device boot logs, TPM audit trails and the TPM certificate (DHA-BootData) from a managed device
--   Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
+-   Collects device boot logs, Trusted Platform Module (TPM) audit trails and the TPM certificate (DHA-BootData) from a managed device
+-   Forwards DHA-BootData to a Device Health Attestation Service (DHA-Service)
 -   Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
--   Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data
+-   Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)
 
-## Windhows 11 Device HealthAttestation
+## Windows 11 Device health attestation
 
->Windows 11 introduces an update to the device health attestation feature bringing in support for deeper insights into windows boot security, enhancing zero trust solutions. Device health attestation on windows can be accessed via the HealthAttestation CSP which enables enterprise device managers to assess if a device is booted to a trusted and compliant state and take enterprise policy actions. Windows 11 introduces additional child nodes to the HealthAttestation node for the MDM providers to connect to the Microsoft Azure Attestation service which provides a simplified approach to attestation.
-The attested report provides a health assessment of the boot time properties of the device to ensure that the devices are automatically secure from the first power on. The health attestation result can then be used to allow or deny access to networks, apps, or services, based on whether devices prove to be healthy.
+Windows 11 introduces an update to the device health attestation feature. This helps add support for deeper insights to Windows boot security, supporting a zero trust approach to device security. Device health attestation on Windows can be accessed by using the HealthAttestation CSP. This CSP helps assess if a device is booted to a trusted and compliant state and then to take appropriate action. Windows 11 introduces additional child nodes to the HealthAttestation node for the MDM providers to connect to the Microsoft Azure Attestation service which provides a simplified approach to attestation.
+
+The attestation report provides a health assessment of the boot-time properties of the device to ensure that the devices are automatically secure as soon as they power on. The health attestation result can then be used to allow or deny access to networks, apps, or services, depending on the health of the device.
 
 ### Terms
 **TPM (Trusted Platform Module)**

From 9eca1f6ad789ea405828b01a3ba683b6002fe418 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 1 Oct 2021 15:20:33 +0100
Subject: [PATCH 010/105] Create
 essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 319 ++++++++++++++++++
 1 file changed, 319 insertions(+)
 create mode 100644 windows/privacy/essential-services-and-connected-experiences.md

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
new file mode 100644
index 0000000000..3e1363a9b3
--- /dev/null
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -0,0 +1,319 @@
+**Essential Services and Connected Experiences for Windows**
+
+**Applies to**
+
+-   Windows 11 and Windows 10, version 1903 and later.
+
+Windows includes built-in apps, services, and features, that connect to the internet to provide enhanced experiences and additional capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data can also include information needed by a connected experience to perform its task, such as configuration information about Windows.
+
+We give you the ability to choose which connected experiences you want to use in Windows, which then determines what required service data is sent to us.
+
+Required service data is also collected and sent to Microsoft for essential services. Essential services are used to keep the product **secure, up to date, performing as expected** or are **integral** to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
+
+Although most essential services can be turned off by enterprise admins, we recommend that where applicable you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
+
+Note: The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves. **Windows** **Essential Services**
+
+<table>
+<thead>
+<tr class="header">
+<th><strong>Essential Service</strong></th>
+<th><strong>Description</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>Authentication</td>
+<td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account">Microsoft Account</a></p></td>
+</tr>
+<tr class="even">
+<td>Certificates</td>
+<td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
+If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
+</tr>
+<tr class="odd">
+<td>Services Configuration</td>
+<td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
+<p>To turn it off, see <u>Services</u> Services Configuration.</p></td>
+</tr>
+<tr class="even">
+<td>Licensing</td>
+<td><p>Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications.</p>
+<p>To turn it off, see <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%239-license-manager&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480159603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=dLgSLUMjZnrPQXeF2havS8jUg8ZtfKirkWqTMg3hwh8%3D&amp;reserved=0">License Manager</a> and <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%2319-software-protection-platform&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480169565%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LPlTuyhJ%2FtrAJ72iprIq9yVe4QcGWiuFwHc3t721jvo%3D&amp;reserved=0">Software Protection Platform</a>.</p></td>
+</tr>
+<tr class="odd">
+<td>Networking</td>
+<td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity.</p>
+<p>To turn off Network Adapters, see <a href="https://docs.microsoft.com/en-us/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps">Disable-NetAdapter</a></p></td>
+</tr>
+<tr class="even">
+<td>Device setup</td>
+<td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
+<p>To customize the initial setup experience, see <a href="https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-oobe">Customize Setup</a></p></td>
+</tr>
+<tr class="odd">
+<td>Diagnostic Data</td>
+<td><p>Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
+</tr>
+<tr class="even">
+<td>Update</td>
+<td><p>Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date.</p>
+<p>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
+<p>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update">Windows Update</a>, Device Metadata Retrieval and Font Streaming.</p></td>
+</tr>
+<tr class="odd">
+<td>Microsoft Store</td>
+<td><p>Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store.</a></p></td>
+</tr>
+</tbody>
+</table>
+
+**Windows Connected Experiences**
+
+<table>
+<thead>
+<tr class="header">
+<th><strong>Connected Experience</strong></th>
+<th><strong>Description</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>Activity History</td>
+<td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
+<p>Synchronization across devices only works when a user signs in with the same account.</p>
+<p>To turn it off, see Activity History.</p></td>
+</tr>
+<tr class="even">
+<td>Cloud Clipboard</td>
+<td><p>Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.</p>
+<p>To turn it off, see Cloud Clipboard</p></td>
+</tr>
+<tr class="odd">
+<td>Date and Time</td>
+<td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time"><u>Date and Time</u></a></p></td>
+</tr>
+<tr class="even">
+<td>Delivery optimization</td>
+<td><p>Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.</p>
+<p>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet.</p>
+<p>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization">Delivery Optimization.</a></p></td>
+</tr>
+<tr class="odd">
+<td>Emojis and more</td>
+<td><p>The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs,  symbols, and clipboard history. This connected experience is new in Windows 11</p>
+<p>Placeholder – there needs to be a GP link here</p></td>
+</tr>
+<tr class="even">
+<td></td>
+<td></td>
+</tr>
+<tr class="odd">
+<td>Find My Device</td>
+<td><p>Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to https://account.microsoft.com/devices under the Find My Device tab.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device">Find My Device.</a></p></td>
+</tr>
+<tr class="even">
+<td></td>
+<td></td>
+</tr>
+<tr class="odd">
+<td>Location services</td>
+<td><p>The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location">Location Services.</a></p></td>
+</tr>
+<tr class="even">
+<td>Microsoft Defender Antivirus</td>
+<td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
+<p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
+</tr>
+<tr class="odd">
+<td>Microsoft Defender SmartScreen</td>
+<td><p>Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files.</p>
+<p>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
+</tr>
+<tr class="even">
+<td>OneDrive</td>
+<td><p>OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.</p>
+<p>To turn off OneDrive, see OneDrive.</p></td>
+</tr>
+<tr class="odd">
+<td>Troubleshooting Service</td>
+<td><p>Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience.</p>
+<p>To turn it off, see Troubleshooting service</p></td>
+</tr>
+<tr class="even">
+<td>Voice Typing</td>
+<td>Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows you to write text by speaking by using Microsoft’s online speech recognition technology. To turn it off, see Speech Recognition.</td>
+</tr>
+<tr class="odd">
+<td>Windows backup</td>
+<td><p>With settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account.</p>
+<p>To turn it off, see Sync Your Settings</p></td>
+</tr>
+<tr class="even">
+<td>Windows Dashboard Widgets</td>
+<td><p>Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a glanceable view which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11</p>
+<p>Placeholder – there needs to be a GP link</p></td>
+</tr>
+<tr class="odd">
+<td>Windows Insider Program</td>
+<td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s website.</p>
+<p>To turn it off, see Windows Insider Program.</p></td>
+</tr>
+<tr class="even">
+<td>Windows Search</td>
+<td><p>Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
+</tr>
+<tr class="odd">
+<td>Windows Spotlight</td>
+<td><p>Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.</p>
+<p>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight">Windows Spotlight.</a></p></td>
+</tr>
+<tr class="even">
+<td></td>
+<td></td>
+</tr>
+<tr class="odd">
+<td></td>
+<td></td>
+</tr>
+<tr class="even">
+<td></td>
+<td></td>
+</tr>
+<tr class="odd">
+<td></td>
+<td></td>
+</tr>
+<tr class="even">
+<td></td>
+<td></td>
+</tr>
+<tr class="odd">
+<td></td>
+<td></td>
+</tr>
+<tr class="even">
+<td></td>
+<td></td>
+</tr>
+</tbody>
+</table>
+
+**Edge Essential Services and Connected Experiences**
+
+Windows ships with Microsoft Edge and Internet Explorer on Windows devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.
+
+You can find details on all of Edge's connected experiences and essential services [here](https://docs.microsoft.com/en-us/microsoft-edge/privacy-whitepaper/).
+
+To turn off specific Edge feature, see [Microsoft Edge](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#13-microsoft-edge).
+
+**IE Essential Services and Connected Experiences**
+
+Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
+
+Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#8-internet-explorer).
+
+<table>
+<thead>
+<tr class="header">
+<th><strong>Connected Experiences</strong></th>
+<th><strong>Description</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>ActiveX Filtering</td>
+<td><p>ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</p>
+<p>ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.</p>
+<p>To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.</p></td>
+</tr>
+<tr class="even">
+<td>Suggested Sites</td>
+<td>Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.</td>
+</tr>
+<tr class="odd">
+<td>Address Bar and Search suggestions</td>
+<td>With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information it will be sent to the default search provider.</td>
+</tr>
+<tr class="even">
+<td>Auto-complete feature for web addresses</td>
+<td>The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar.</td>
+</tr>
+<tr class="odd">
+<td>Compatibility logging</td>
+<td>This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed.</td>
+</tr>
+<tr class="even">
+<td>Compatibility View</td>
+<td>Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing.</td>
+</tr>
+<tr class="odd">
+<td>Flip ahead</td>
+<td>Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website.</td>
+</tr>
+<tr class="even">
+<td>Web Slices</td>
+<td>A Web Slice enables users to subscribe to and automatically receive updates to content directly within a Web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices.</td>
+</tr>
+<tr class="odd">
+<td>Accelerators</td>
+<td><p>Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options.</p>
+<p>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word.</p></td>
+</tr>
+<tr class="even">
+<td>Pinning websites to Start</td>
+<td>When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has.</td>
+</tr>
+</tbody>
+</table>
+
+**Related links**
+
+[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+
+[Connected Experiences in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/connected-experiences)
+
+[Essential Services in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/essential-services)
+
+To view endpoints for Windows 10 Enterprise, see:
+
+-   
+
+-   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1909-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1903](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1903-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1803](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1803-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1709](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1709-endpoints)
+
+To view endpoints for non-Enterprise Windows 10 editions, see:
+
+-   Windows 10, version 20H2, connection endpoints for non-Enterprise editions
+
+-   [Windows 10, version 1909, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions)
+
+-   [Windows 10, version 1903, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1903-non-enterprise-editions)
+
+-   [Windows 10, version 1809, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1809-non-enterprise-editions)
+
+-   [Windows 10, version 1803, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions)
+
+-   [Windows 10, version 1709, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions)

From c249765865768d4b96d1e21ce9a15095a7d91fb3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 12:26:33 +0100
Subject: [PATCH 011/105] Update
 essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 60 ++++++++++++-------
 1 file changed, 38 insertions(+), 22 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 3e1363a9b3..95a06854e5 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -1,8 +1,24 @@
-**Essential Services and Connected Experiences for Windows**
+---
+title: Essential services and connected experiences for Windows
+description: Explains what the essential services and connected experiences are for Windows
+keywords: privacy, manage connections to Microsoft
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: siosulli
+ms.author: dansimp
+manager: dansimp
+ms.date: 12/1/2020
+---
+
+# Essential services and connected experiences for Windows
 
 **Applies to**
 
--   Windows 11 and Windows 10, version 1903 and later.
+- Windows 11
+- Windows 10, version 1903 and later
 
 Windows includes built-in apps, services, and features, that connect to the internet to provide enhanced experiences and additional capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
@@ -14,17 +30,18 @@ Required service data is also collected and sent to Microsoft for essential serv
 
 Although most essential services can be turned off by enterprise admins, we recommend that where applicable you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
 
-Note: The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves. **Windows** **Essential Services**
+> [!Note:]
+> The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
+
+## Windows essential services
+
+| **Essential Service** | **Description** |
+| --- | --- |
+|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account)
+|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services#automatic-root-certificates-update)
+
+<!---
 
-<table>
-<thead>
-<tr class="header">
-<th><strong>Essential Service</strong></th>
-<th><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
 <td>Authentication</td>
 <td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
 <p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account">Microsoft Account</a></p></td>
@@ -75,7 +92,8 @@ If automatic updates are turned off, applications and websites may stop working
 </tbody>
 </table>
 
-**Windows Connected Experiences**
+--->
+**Windows connected experiences**
 
 <table>
 <thead>
@@ -214,7 +232,7 @@ If automatic updates are turned off, applications and websites may stop working
 </tbody>
 </table>
 
-**Edge Essential Services and Connected Experiences**
+**Edge essential services and connected experiences**
 
 Windows ships with Microsoft Edge and Internet Explorer on Windows devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.
 
@@ -222,7 +240,7 @@ You can find details on all of Edge's connected experiences and essential servic
 
 To turn off specific Edge feature, see [Microsoft Edge](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#13-microsoft-edge).
 
-**IE Essential Services and Connected Experiences**
+**IE essential services and connected experiences**
 
 Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
 
@@ -292,17 +310,15 @@ Note: Apart from ActiveX Filtering, which is an essential service, all other fea
 
 To view endpoints for Windows 10 Enterprise, see:
 
--   
+-   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1909-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1909-endpoints)
+-   [Manage connection endpoints for Windows 10, version 1903](https://docs.microsoft.com/windows/privacy/manage-windows-1903-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 1903](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1903-endpoints)
+-   [Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/windows/privacy/manage-windows-1809-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints)
+-   [Manage connection endpoints for Windows 10, version 1803](https://docs.microsoft.com/windows/privacy/manage-windows-1803-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 1803](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1803-endpoints)
-
--   [Manage connection endpoints for Windows 10, version 1709](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1709-endpoints)
+-   [Manage connection endpoints for Windows 10, version 1709](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints)
 
 To view endpoints for non-Enterprise Windows 10 editions, see:
 

From f2721bf732ff94a0ee7aaee37fa479d1821b3cb9 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 12:35:21 +0100
Subject: [PATCH 012/105] Update
 essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 272 +-----------------
 1 file changed, 9 insertions(+), 263 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 95a06854e5..407cf18dc5 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -40,277 +40,23 @@ Although most essential services can be turned off by enterprise admins, we reco
 |Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account)
 |Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services#automatic-root-certificates-update)
 
-<!---
+## Windows connected experiences
 
-<td>Authentication</td>
-<td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account">Microsoft Account</a></p></td>
-</tr>
-<tr class="even">
-<td>Certificates</td>
-<td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
-If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
-</tr>
-<tr class="odd">
-<td>Services Configuration</td>
-<td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
-<p>To turn it off, see <u>Services</u> Services Configuration.</p></td>
-</tr>
-<tr class="even">
-<td>Licensing</td>
-<td><p>Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications.</p>
-<p>To turn it off, see <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%239-license-manager&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480159603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=dLgSLUMjZnrPQXeF2havS8jUg8ZtfKirkWqTMg3hwh8%3D&amp;reserved=0">License Manager</a> and <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%2319-software-protection-platform&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480169565%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LPlTuyhJ%2FtrAJ72iprIq9yVe4QcGWiuFwHc3t721jvo%3D&amp;reserved=0">Software Protection Platform</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Networking</td>
-<td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity.</p>
-<p>To turn off Network Adapters, see <a href="https://docs.microsoft.com/en-us/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps">Disable-NetAdapter</a></p></td>
-</tr>
-<tr class="even">
-<td>Device setup</td>
-<td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
-<p>To customize the initial setup experience, see <a href="https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-oobe">Customize Setup</a></p></td>
-</tr>
-<tr class="odd">
-<td>Diagnostic Data</td>
-<td><p>Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Update</td>
-<td><p>Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date.</p>
-<p>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update">Windows Update</a>, Device Metadata Retrieval and Font Streaming.</p></td>
-</tr>
-<tr class="odd">
-<td>Microsoft Store</td>
-<td><p>Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store.</a></p></td>
-</tr>
-</tbody>
-</table>
+## Edge essential services and connected experiences
 
---->
-**Windows connected experiences**
+## IE essential services and connected experiences**
 
-<table>
-<thead>
-<tr class="header">
-<th><strong>Connected Experience</strong></th>
-<th><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>Activity History</td>
-<td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
-<p>Synchronization across devices only works when a user signs in with the same account.</p>
-<p>To turn it off, see Activity History.</p></td>
-</tr>
-<tr class="even">
-<td>Cloud Clipboard</td>
-<td><p>Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.</p>
-<p>To turn it off, see Cloud Clipboard</p></td>
-</tr>
-<tr class="odd">
-<td>Date and Time</td>
-<td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time"><u>Date and Time</u></a></p></td>
-</tr>
-<tr class="even">
-<td>Delivery optimization</td>
-<td><p>Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.</p>
-<p>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet.</p>
-<p>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization">Delivery Optimization.</a></p></td>
-</tr>
-<tr class="odd">
-<td>Emojis and more</td>
-<td><p>The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs,  symbols, and clipboard history. This connected experience is new in Windows 11</p>
-<p>Placeholder – there needs to be a GP link here</p></td>
-</tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
-<tr class="odd">
-<td>Find My Device</td>
-<td><p>Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to https://account.microsoft.com/devices under the Find My Device tab.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device">Find My Device.</a></p></td>
-</tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
-<tr class="odd">
-<td>Location services</td>
-<td><p>The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location">Location Services.</a></p></td>
-</tr>
-<tr class="even">
-<td>Microsoft Defender Antivirus</td>
-<td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
-<p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
-</tr>
-<tr class="odd">
-<td>Microsoft Defender SmartScreen</td>
-<td><p>Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files.</p>
-<p>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
-</tr>
-<tr class="even">
-<td>OneDrive</td>
-<td><p>OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.</p>
-<p>To turn off OneDrive, see OneDrive.</p></td>
-</tr>
-<tr class="odd">
-<td>Troubleshooting Service</td>
-<td><p>Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience.</p>
-<p>To turn it off, see Troubleshooting service</p></td>
-</tr>
-<tr class="even">
-<td>Voice Typing</td>
-<td>Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows you to write text by speaking by using Microsoft’s online speech recognition technology. To turn it off, see Speech Recognition.</td>
-</tr>
-<tr class="odd">
-<td>Windows backup</td>
-<td><p>With settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account.</p>
-<p>To turn it off, see Sync Your Settings</p></td>
-</tr>
-<tr class="even">
-<td>Windows Dashboard Widgets</td>
-<td><p>Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a glanceable view which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11</p>
-<p>Placeholder – there needs to be a GP link</p></td>
-</tr>
-<tr class="odd">
-<td>Windows Insider Program</td>
-<td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s website.</p>
-<p>To turn it off, see Windows Insider Program.</p></td>
-</tr>
-<tr class="even">
-<td>Windows Search</td>
-<td><p>Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Windows Spotlight</td>
-<td><p>Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.</p>
-<p>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight">Windows Spotlight.</a></p></td>
-</tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
-</tbody>
-</table>
+## Related links**
 
-**Edge essential services and connected experiences**
+[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
 
-Windows ships with Microsoft Edge and Internet Explorer on Windows devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.
+[Connected Experiences in Office.](https://docs.microsoft.com/deployoffice/privacy/connected-experiences)
 
-You can find details on all of Edge's connected experiences and essential services [here](https://docs.microsoft.com/en-us/microsoft-edge/privacy-whitepaper/).
-
-To turn off specific Edge feature, see [Microsoft Edge](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#13-microsoft-edge).
-
-**IE essential services and connected experiences**
-
-Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
-
-Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#8-internet-explorer).
-
-<table>
-<thead>
-<tr class="header">
-<th><strong>Connected Experiences</strong></th>
-<th><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>ActiveX Filtering</td>
-<td><p>ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</p>
-<p>ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.</p>
-<p>To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.</p></td>
-</tr>
-<tr class="even">
-<td>Suggested Sites</td>
-<td>Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.</td>
-</tr>
-<tr class="odd">
-<td>Address Bar and Search suggestions</td>
-<td>With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information it will be sent to the default search provider.</td>
-</tr>
-<tr class="even">
-<td>Auto-complete feature for web addresses</td>
-<td>The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar.</td>
-</tr>
-<tr class="odd">
-<td>Compatibility logging</td>
-<td>This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed.</td>
-</tr>
-<tr class="even">
-<td>Compatibility View</td>
-<td>Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing.</td>
-</tr>
-<tr class="odd">
-<td>Flip ahead</td>
-<td>Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website.</td>
-</tr>
-<tr class="even">
-<td>Web Slices</td>
-<td>A Web Slice enables users to subscribe to and automatically receive updates to content directly within a Web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices.</td>
-</tr>
-<tr class="odd">
-<td>Accelerators</td>
-<td><p>Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options.</p>
-<p>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word.</p></td>
-</tr>
-<tr class="even">
-<td>Pinning websites to Start</td>
-<td>When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has.</td>
-</tr>
-</tbody>
-</table>
-
-**Related links**
-
-[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-
-[Connected Experiences in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/connected-experiences)
-
-[Essential Services in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/essential-services)
+[Essential Services in Office.](https://docs.microsoft.com/deployoffice/privacy/essential-services)
 
 To view endpoints for Windows 10 Enterprise, see:
 
--   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1909-endpoints)
+-   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/windows/privacy/manage-windows-1909-endpoints)
 
 -   [Manage connection endpoints for Windows 10, version 1903](https://docs.microsoft.com/windows/privacy/manage-windows-1903-endpoints)
 
@@ -324,7 +70,7 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 
 -   Windows 10, version 20H2, connection endpoints for non-Enterprise editions
 
--   [Windows 10, version 1909, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions)
+- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions)
 
 -   [Windows 10, version 1903, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1903-non-enterprise-editions)
 

From d74cf091d0d63176011c361bb81ee67a5721b298 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 13:49:22 +0100
Subject: [PATCH 013/105] Update
 essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 44 +++++++------------
 1 file changed, 17 insertions(+), 27 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 407cf18dc5..35361d5374 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -37,8 +37,8 @@ Although most essential services can be turned off by enterprise admins, we reco
 
 | **Essential Service** | **Description** |
 | --- | --- |
-|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account)
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services#automatic-root-certificates-update)
+|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account)
+|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)
 
 ## Windows connected experiences
 
@@ -48,34 +48,24 @@ Although most essential services can be turned off by enterprise admins, we reco
 
 ## Related links**
 
-[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-
-[Connected Experiences in Office.](https://docs.microsoft.com/deployoffice/privacy/connected-experiences)
-
-[Essential Services in Office.](https://docs.microsoft.com/deployoffice/privacy/essential-services)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+- [Connected Experiences in Office.](/deployoffice/privacy/connected-experiences.md)
+- [Essential Services in Office.](/deployoffice/privacy/essential-services.md)
 
 To view endpoints for Windows 10 Enterprise, see:
 
--   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/windows/privacy/manage-windows-1909-endpoints)
-
--   [Manage connection endpoints for Windows 10, version 1903](https://docs.microsoft.com/windows/privacy/manage-windows-1903-endpoints)
-
--   [Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/windows/privacy/manage-windows-1809-endpoints)
-
--   [Manage connection endpoints for Windows 10, version 1803](https://docs.microsoft.com/windows/privacy/manage-windows-1803-endpoints)
-
--   [Manage connection endpoints for Windows 10, version 1709](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints)
+- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
 
 To view endpoints for non-Enterprise Windows 10 editions, see:
 
--   Windows 10, version 20H2, connection endpoints for non-Enterprise editions
-
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions)
-
--   [Windows 10, version 1903, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1903-non-enterprise-editions)
-
--   [Windows 10, version 1809, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1809-non-enterprise-editions)
-
--   [Windows 10, version 1803, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions)
-
--   [Windows 10, version 1709, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions)
+- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions)
+- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
+- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)

From 0688525f9418d782464f191509be3a463f06d60f Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 13:51:52 +0100
Subject: [PATCH 014/105] Update
 essential-services-and-connected-experiences.md

---
 windows/privacy/essential-services-and-connected-experiences.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 35361d5374..87d18e28f5 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -63,7 +63,7 @@ To view endpoints for Windows 10 Enterprise, see:
 
 To view endpoints for non-Enterprise Windows 10 editions, see:
 
-- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions)
+- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md)
 - [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
 - [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
 - [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)

From b9da42087649f62ea9adf20f36f9f9f55d83e0c0 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 13:57:35 +0100
Subject: [PATCH 015/105] Update
 essential-services-and-connected-experiences.md

---
 ...essential-services-and-connected-experiences.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 87d18e28f5..1136e003a7 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -30,8 +30,8 @@ Required service data is also collected and sent to Microsoft for essential serv
 
 Although most essential services can be turned off by enterprise admins, we recommend that where applicable you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
 
-> [!Note:]
-> The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
+>[!Note:]
+>The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
 
 ## Windows essential services
 
@@ -44,13 +44,13 @@ Although most essential services can be turned off by enterprise admins, we reco
 
 ## Edge essential services and connected experiences
 
-## IE essential services and connected experiences**
+## IE essential services and connected experiences
 
-## Related links**
+## Related links
 
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-- [Connected Experiences in Office.](/deployoffice/privacy/connected-experiences.md)
-- [Essential Services in Office.](/deployoffice/privacy/essential-services.md)
+- [Connected Experiences in Office](/deployoffice/privacy/connected-experiences.md)
+- [Essential Services in Office](/deployoffice/privacy/essential-services.md)
 
 To view endpoints for Windows 10 Enterprise, see:
 
@@ -68,4 +68,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 - [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
 - [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
 - [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
-- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
\ No newline at end of file

From b7edef14405bd7946e0d4ecc3aa26c17455f8bdd Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 14:05:18 +0100
Subject: [PATCH 016/105] Update
 essential-services-and-connected-experiences.md

---
 .../privacy/essential-services-and-connected-experiences.md   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 1136e003a7..63bb96c43a 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -30,8 +30,8 @@ Required service data is also collected and sent to Microsoft for essential serv
 
 Although most essential services can be turned off by enterprise admins, we recommend that where applicable you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
 
->[!Note:]
->The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
+> [!NOTE]
+> The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
 
 ## Windows essential services
 

From 5af2c4a0a7667efb0228e778d209edbf5c3fe3b4 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 14:19:40 +0100
Subject: [PATCH 017/105] Update
 essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 63bb96c43a..da2e065acf 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -35,17 +35,34 @@ Although most essential services can be turned off by enterprise admins, we reco
 
 ## Windows essential services
 
-| **Essential Service** | **Description** |
+| **Essential service** | **Description** |
 | --- | --- |
 |Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account)
 |Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)
 
 ## Windows connected experiences
 
+| **Connected experience* | **Description** |
+| --- | --- |
+|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account.</br>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history)
+|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account.  Users can paste from their clipboard history and also pin items.</br>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard)
+
 ## Edge essential services and connected experiences
 
+Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.</br> You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper).</br> To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
+
 ## IE essential services and connected experiences
 
+Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
+
+> [!NOTE]
+> Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences.</br> To turn off specific connected experiences, see [Internet Explorer](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#8-internet-explorer).
+
+| **Connected experience* | **Description** |
+| --- | --- |
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.</br> To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.
+|Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
+
 ## Related links
 
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)

From 58cba274b50b79739fadb3f25a9b6522bfdac388 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 4 Oct 2021 14:25:02 +0100
Subject: [PATCH 018/105] Update
 essential-services-and-connected-experiences.md

---
 ...sential-services-and-connected-experiences.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index da2e065acf..6e5c37def6 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -37,19 +37,19 @@ Although most essential services can be turned off by enterprise admins, we reco
 
 | **Essential service** | **Description** |
 | --- | --- |
-|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account)
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)
+|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).
+|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).
 
 ## Windows connected experiences
 
-| **Connected experience* | **Description** |
+| **Connected experience** | **Description** |
 | --- | --- |
-|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account.</br>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history)
-|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account.  Users can paste from their clipboard history and also pin items.</br>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard)
+|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account.</br>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history).
+|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account.  Users can paste from their clipboard history and also pin items.</br>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard).
 
 ## Edge essential services and connected experiences
 
-Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.</br> You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper).</br> To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
+Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.</br> You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper). To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
 
 ## IE essential services and connected experiences
 
@@ -58,9 +58,9 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 > [!NOTE]
 > Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences.</br> To turn off specific connected experiences, see [Internet Explorer](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#8-internet-explorer).
 
-| **Connected experience* | **Description** |
+| **Connected experience** | **Description** |
 | --- | --- |
-|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.</br> To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.
 |Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
 
 ## Related links

From 0e14e99d1624d803c49cd49f06b1ffa32807c9cd Mon Sep 17 00:00:00 2001
From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com>
Date: Tue, 5 Oct 2021 00:07:25 +0200
Subject: [PATCH 019/105] Update script to ensure PowerShell 7 compatibility

Windows 11 has built in PowerShell 7 and Windows Terminal.
The aliases gwmi and gcim has been replaced by non alias commands to ensure this script does actually work with PowerShell 7.x
---
 .../credential-guard/dg-readiness-tool.md             | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index 8d3185afd9..5e6d9befec 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -22,6 +22,7 @@ ms.reviewer:
 - Windows 11
 - Windows Server 2016
 - Windows Server 2019
+- Windows Server 2022
 
 ```powershell
 # Script to find out if a machine is Device Guard compliant.
@@ -780,7 +781,7 @@ function CheckOSSKU
 
 function CheckOSArchitecture
 {
-    $OSArch = $(gwmi win32_operatingsystem).OSArchitecture.ToLower()
+    $OSArch = $(Get-WmiObject win32_operatingsystem).OSArchitecture.ToLower()
     Log $OSArch
     if($OSArch -match ("^64\-?\s?bit"))
     {
@@ -818,9 +819,9 @@ function CheckSecureBootState
 
 function CheckVirtualization
 {
-    $_vmmExtension = $(gwmi -Class Win32_processor).VMMonitorModeExtensions
-    $_vmFirmwareExtension = $(gwmi -Class Win32_processor).VirtualizationFirmwareEnabled
-    $_vmHyperVPresent =  (gcim -Class Win32_ComputerSystem).HypervisorPresent
+    $_vmmExtension = $(Get-WMIObject -Class Win32_processor).VMMonitorModeExtensions
+    $_vmFirmwareExtension = $(Get-WMIObject -Class Win32_processor).VirtualizationFirmwareEnabled
+    $_vmHyperVPresent =  (Get-CimInstance -Class Win32_ComputerSystem).HypervisorPresent
     Log "VMMonitorModeExtensions $_vmmExtension"
     Log "VirtualizationFirmwareEnabled $_vmFirmwareExtension"
     Log "HyperVisorPresent $_vmHyperVPresent"
@@ -1046,7 +1047,7 @@ if(!$TestForAdmin)
     exit
 }
 
-$isRunningOnVM = (get-wmiobject win32_computersystem).model
+$isRunningOnVM = (Get-WmiObject win32_computersystem).model
 if($isRunningOnVM.Contains("Virtual"))
 {
     LogAndConsoleWarning "Running on a Virtual Machine. DG/CG is supported only if both guest VM and host machine are running with Windows 10, version 1703 or later with English localization."

From 6a9407b27d8a52aa206f63671e269cd68ce6ddc0 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 5 Oct 2021 15:52:30 +0100
Subject: [PATCH 020/105] Update windows-10-and-privacy-compliance.md

---
 .../windows-10-and-privacy-compliance.md      | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index bf24ccb668..70ec74822e 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -29,7 +29,7 @@ Applies to:
 
 At Microsoft, we are committed to data privacy across all our products and services. With this guide, we provide administrators and compliance professionals with data privacy considerations for Windows.
 
-Microsoft collects data through multiple interactions with users of Windows devices. This information can contain personal data that may be used to provide, secure, and improve Windows services. To help users and organizations control the collection of personal data, Windows provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
+Microsoft collects data through multiple interactions with users of Windows devices. This information can contain personal data that may be used to provide, secure and improve Windows, and to provide connected experiences. To help users and organizations control the collection of personal data, Windows provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
 
 This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR).
 
@@ -44,7 +44,7 @@ When setting up a device, a user can configure their privacy settings. Those pri
 The following table provides an overview of the Windows 10 and Windows 11 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information.
 
 > [!NOTE]
-> This table is limited to the privacy settings that are most commonly avaialable when setting up a current version of Windows 10 or newer. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This table is limited to the privacy settings that are most commonly available when setting up a current version of Windows 10 or newer. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 | Feature/Setting | Description | Supporting Content | Privacy Statement |
 | --- | --- | --- | --- |
@@ -111,19 +111,19 @@ You can use the following articles to learn more about Autopilot and how to use
 - [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
 - [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
 
-#### _2.3.2 Managing connections from Windows components to Microsoft services_
+#### _2.3.2 Managing Windows connected experiences and essential services_
 
-Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows components.
+Windows includes features that connect to the internet to provide enhanced experiences and additional capabilities. These are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
-For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable.
+Essential services are services in the product that connect to Microsoft to keep the product secure, up to date, performing as expected or are integral to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 
-#### _2.3.3 Managing Windows connections_
+[Windows essential services and connected experiences](essential-services-and-connected-experiences.md) provides a list of the most common Windows essential services and connected experiences.
 
-Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints for their organization to meet their specific compliance objectives.
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services. For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services). This topic includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
 
-The **Manage Windows connection endpoints** section on the left-hand navigation menu provides a list of endpoints for the latest Windows releases, along with descriptions of any functionality that would be impacted by restricting data collection.
+The article [Manage connection endpoints for Windows 10 Enterprise, version 21H1](manage-windows-21h1-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection.
 
-#### _2.3.4 Limited functionality baseline_
+#### _2.3.3 Limited functionality baseline_
 
 An organization may want to minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
 
@@ -131,15 +131,15 @@ An organization may want to minimize the amount of data sent back to Microsoft o
 > - We recommend that you fully test any modifications to these settings before deploying them in your organization.
 > - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying it to ensure the Windows diagnostic setting is not turned off.
 
-#### _2.3.5 Diagnostic data: Managing notifications for change of level at logon_
+#### _2.3.4 Diagnostic data: Managing notifications for change of level at logon_
 
 Starting with Windows 10, version 1803 and Windows 11, if an administrator modifies the diagnostic data collection setting, users are notified of this change during the initial device sign in. For example, if you configure the device to send optional diagnostic data, users will be notified the next time they sign into the device. You can disable these notifications by using the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in change notifications** or the MDM policy `ConfigureTelemetryOptInChangeNotification`.
 
-#### _2.3.6 Diagnostic data: Managing end user choice for changing the setting_
+#### _2.3.5 Diagnostic data: Managing end user choice for changing the setting_
 
-Windows 10, version 1803 and later and Windows 11 allows users to change their diagnostic data level to a lower setting than what their administrator has set. For example, if you have configured the device to send optional diagnostic data, a user can change the setting so that only required diagnostic data is sent by opening the Settings app in Windows. Administrators can restrict a user’s ability to change the setting by enabling the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`.
+Windows 10, version 1803 and later and Windows 11 allows users to change their diagnostic data level to a lower setting than what their administrator has set. For example, if you have configured the device to send optional diagnostic data, a user can change the setting so that only required diagnostic data is sent by opening the Settings app in Windows and navigating to **Diagnostic & feedback**. Administrators can restrict a user’s ability to change the setting by enabling the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`.
 
-#### _2.3.7 Diagnostic data: Managing device-based data delete_
+#### _2.3.6 Diagnostic data: Managing device-based data delete_
 
 Windows 10, version 1809 and later and Windows 11 allow a user to delete diagnostic data collected from their device by opening the Settings app in Windows and navigating to **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. An administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet.
 
@@ -148,7 +148,7 @@ An administrator can disable a user’s ability to delete their device’s diagn
 >[!Note]
 >If the Windows diagnostic data processor configuration is enabled, the Delete diagnostic data button will be disabled and the powershell cmdlet will not delete data collected under this configuration. IT administrators can instead delete diagnostic data collected by invoking a delete request from the admin portal.
 
-#### _2.3.8 Diagnostic data: Enabling the Windows diagnostic data processor configuration_
+#### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_
 
 **Applies to:**
 

From 6c78f75a0635761f58dcd22c44a1ec7867758664 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 5 Oct 2021 16:00:14 +0100
Subject: [PATCH 021/105] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 70ec74822e..1eaf63cbfc 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -87,7 +87,7 @@ The following table provides an overview of the privacy settings discussed earli
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later and Windows 11) | Off |
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. See [Enabling the Windows diagnostic data processor configuration](#237-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later and Windows 11) | Off |
 | Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
 | Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
@@ -119,7 +119,7 @@ Essential services are services in the product that connect to Microsoft to keep
 
 [Windows essential services and connected experiences](essential-services-and-connected-experiences.md) provides a list of the most common Windows essential services and connected experiences.
 
-When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services. For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services). This topic includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services. For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
 
 The article [Manage connection endpoints for Windows 10 Enterprise, version 21H1](manage-windows-21h1-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection.
 

From ff6d89d721766550ac4e377beb91a7513ba95fc6 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 5 Oct 2021 16:44:06 +0100
Subject: [PATCH 022/105] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 1eaf63cbfc..b8ef1bb3f5 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -87,7 +87,7 @@ The following table provides an overview of the privacy settings discussed earli
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later and Windows 11) | Off |
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. See [Enabling the Windows diagnostic data processor configuration](#237-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. For more information, see [Enabling the Windows diagnostic data processor configuration](#237-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration). | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later and Windows 11) | Off |
 | Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
 | Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
@@ -115,11 +115,11 @@ You can use the following articles to learn more about Autopilot and how to use
 
 Windows includes features that connect to the internet to provide enhanced experiences and additional capabilities. These are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
-Essential services are services in the product that connect to Microsoft to keep the product secure, up to date, performing as expected or are integral to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
+Essential services are services in the product that connect to Microsoft to keep the product secure, up to date and performing as expected, or are integral to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 
 [Windows essential services and connected experiences](essential-services-and-connected-experiences.md) provides a list of the most common Windows essential services and connected experiences.
 
-When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services. For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services. For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
 
 The article [Manage connection endpoints for Windows 10 Enterprise, version 21H1](manage-windows-21h1-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection.
 

From 40d1d6559fd7220d3a2248c655252d22effecefd Mon Sep 17 00:00:00 2001
From: afirodiya <42394035+afirodiya@users.noreply.github.com>
Date: Tue, 5 Oct 2021 15:50:09 -0700
Subject: [PATCH 023/105] Update
 enable-virtualization-based-protection-of-code-integrity.md

---
 .../enable-virtualization-based-protection-of-code-integrity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index ea4b252a30..03ca52bd5e 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -311,6 +311,6 @@ Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true
 ### Requirements for running HVCI in Hyper-V virtual machines
 -   The Hyper-V host must run at least Windows Server 2016 or Windows 10 version 1607.
 -   The Hyper-V virtual machine must be Generation 2, and running at least Windows Server 2016 or Windows 10.
--   HVCI and [nested virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) can be enabled at the same time
+-   HVCI and [nested virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) can be enabled at the same time. To enable HyperV role on the VM, first install the HyperV role in a Windows nested virtualization environment.
 -   Virtual Fibre Channel adapters are not compatible with HVCI. Before attaching a virtual Fibre Channel Adapter to a virtual machine, you must first opt out of virtualization-based security using `Set-VMSecurity`.
 -   The AllowFullSCSICommandSet option for pass-through disks is not compatible with HVCI. Before configuring a pass-through disk with AllowFullSCSICommandSet, you must first opt out of virtualization-based security using `Set-VMSecurity`.

From c262c14d3bd6dad51251c0cbbb6d1f2b59b3b1a1 Mon Sep 17 00:00:00 2001
From: Benzy Dharmanayagam <v-benzyd@microsoft.com>
Date: Wed, 6 Oct 2021 11:58:34 +0530
Subject: [PATCH 024/105] Updated-5244097

Updated connected experience documentation.
---
 ...tial-services-and-connected-experiences.md | 42 ++++++++++++++++---
 1 file changed, 36 insertions(+), 6 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 6e5c37def6..58c2c0ab36 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -37,19 +37,41 @@ Although most essential services can be turned off by enterprise admins, we reco
 
 | **Essential service** | **Description** |
 | --- | --- |
-|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</br>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</br> If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</br>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).
+|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in. <br/>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).|
+|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism. <br/>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. <br/>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).|
+| Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working. <br/>To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).|
+| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications. <br/>To turn it off, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
+| Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity. <br/>To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
+| Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
+| Diagnostic Data | Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
+| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. <br/>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/>To turn it off, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
+| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
 
 ## Windows connected experiences
 
 | **Connected experience** | **Description** |
 | --- | --- |
-|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account.</br>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history).
-|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account.  Users can paste from their clipboard history and also pin items.</br>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard).
+|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. <br/>Synchronization across devices only works when a user signs in with the same account. <br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
+|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
+| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
+| Delivery optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
+| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
+| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
+| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
+| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. <br/>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
+| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. <br/>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
+| OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere. <br/>To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
+| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
+| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows you to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech Recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
+| Windows backup | With settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/>To turn it off, see [Sync Your Settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
+| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a glanceable view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
+| Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/). <br/>To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
+| Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet. <br/>To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
+| Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background. <br/>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background. <br/>To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
 
 ## Edge essential services and connected experiences
 
-Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.</br> You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper). To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
+Windows ships with Microsoft Edge and Internet Explorer on Windows devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.</br> You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper). To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
 
 ## IE essential services and connected experiences
 
@@ -60,8 +82,16 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 
 | **Connected experience** | **Description** |
 | --- | --- |
-|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
 |Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
+| Address Bar and Search suggestions | With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information, it will be sent to the default search provider. |
+| Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. |
+| Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
+| Compatibility View | Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing. |
+| Flip ahead | Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
+| Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a Web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
+| Accelerators | Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options. <br/>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word. |
+| Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has. |
 
 ## Related links
 

From 3ec75ee83c3313b375ff9da855b7f716b0b90f17 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 6 Oct 2021 12:29:26 +0100
Subject: [PATCH 025/105] Update toc.yml

---
 windows/privacy/toc.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml
index 96516c4786..af35fd6f4f 100644
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@@ -43,6 +43,8 @@
           href: manage-connections-from-windows-operating-system-components-to-microsoft-services.md
         - name: Manage connections from Windows operating system components to Microsoft services using MDM
           href: manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+        - name: Essential services and connected experiences for Windows
+          href: essential-services-and-connected-experiences.md
         - name: Connection endpoints for Windows 11
           href: manage-windows-11-endpoints.md
         - name: Connection endpoints for Windows 10, version 21H1

From 9ea750d0228292ee02e5850fbb28608d4867c486 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 6 Oct 2021 14:36:00 +0100
Subject: [PATCH 026/105] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index b8ef1bb3f5..af9c8e7a03 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -71,7 +71,7 @@ Windows provides the ability to manage privacy settings through several differen
 
 ### 2.1 Privacy setting options for users
 
-Once a Windows device is set up, a user can manage data collection settings by opening the Settings app in Windows. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to the Settings page. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device.
+Once a Windows device is set up, a user can manage data collection settings by opening the Settings app in Windows. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to the settings page. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device.
 
 ### 2.2 Privacy setting controls for administrators
 
@@ -80,7 +80,7 @@ Administrators can configure and control privacy settings across their organizat
 The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.
 
 > [!NOTE]
-> This is not a complete list of settings that involve managing data collection or connecting to Microsoft services. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This is not a complete list of settings that involve managing data collected or connecting to connected experiences in Windows. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
 |---|---|---|---|

From d02d62187fca204b37bcbf1581eae3e151d441ec Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 6 Oct 2021 14:59:44 +0100
Subject: [PATCH 027/105] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index af9c8e7a03..9d28f8f85e 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -80,7 +80,7 @@ Administrators can configure and control privacy settings across their organizat
 The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.
 
 > [!NOTE]
-> This is not a complete list of settings that involve managing data collected or connecting to connected experiences in Windows. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This is not a complete list of settings that involve managing data collection or connecting to connected experiences in Windows. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
 |---|---|---|---|

From 515a1236125152b31121ef200f32e845d325ba01 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 6 Oct 2021 16:54:12 +0100
Subject: [PATCH 028/105] Update
 essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 24 ++++++++++---------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 58c2c0ab36..35f05bf092 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -40,31 +40,31 @@ Although most essential services can be turned off by enterprise admins, we reco
 |Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in. <br/>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).|
 |Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism. <br/>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. <br/>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).|
 | Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working. <br/>To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).|
-| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications. <br/>To turn it off, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
+| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications. <br/>To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
 | Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity. <br/>To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
 | Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
-| Diagnostic Data | Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
-| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. <br/>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/>To turn it off, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
+| Diagnostic Data | Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
+| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/>To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
 | Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
 
 ## Windows connected experiences
 
 | **Connected experience** | **Description** |
 | --- | --- |
-|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. <br/>Synchronization across devices only works when a user signs in with the same account. <br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
+|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account. <br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
 |Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
 | Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
-| Delivery optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
+| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
 | Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
 | Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
-| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
+| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
 | Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. <br/>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
-| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. <br/>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
+| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
 | OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere. <br/>To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
 | Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
-| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows you to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech Recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
-| Windows backup | With settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/>To turn it off, see [Sync Your Settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
-| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a glanceable view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
+| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows you to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
+| Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/>To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
+| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
 | Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/). <br/>To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
 | Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet. <br/>To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
 | Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background. <br/>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background. <br/>To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
@@ -82,7 +82,7 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 
 | **Connected experience** | **Description** |
 | --- | --- |
-|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
 |Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
 | Address Bar and Search suggestions | With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information, it will be sent to the default search provider. |
 | Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. |
@@ -101,6 +101,7 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 
 To view endpoints for Windows 10 Enterprise, see:
 
+- [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
@@ -110,6 +111,7 @@ To view endpoints for Windows 10 Enterprise, see:
 
 To view endpoints for non-Enterprise Windows 10 editions, see:
 
+- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
 - [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md)
 - [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
 - [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)

From 97416189c9d72c789798dbda5d1b7fddb7e40242 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 6 Oct 2021 17:30:07 +0100
Subject: [PATCH 029/105] updates

---
 .../essential-services-and-connected-experiences.md       | 8 ++++----
 windows/privacy/windows-10-and-privacy-compliance.md      | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 35f05bf092..9facfe7e9c 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -20,7 +20,7 @@ ms.date: 12/1/2020
 - Windows 11
 - Windows 10, version 1903 and later
 
-Windows includes built-in apps, services, and features, that connect to the internet to provide enhanced experiences and additional capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+Windows includes built-in apps, services, and features, that connect to the internet to provide enhanced experiences and additional capabilities. These are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
 When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data can also include information needed by a connected experience to perform its task, such as configuration information about Windows.
 
@@ -28,7 +28,7 @@ We give you the ability to choose which connected experiences you want to use in
 
 Required service data is also collected and sent to Microsoft for essential services. Essential services are used to keep the product **secure, up to date, performing as expected** or are **integral** to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 
-Although most essential services can be turned off by enterprise admins, we recommend that where applicable you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
+Although most essential services can be turned off by enterprise admins, we recommend, where applicable, you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
 
 > [!NOTE]
 > The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
@@ -40,7 +40,7 @@ Although most essential services can be turned off by enterprise admins, we reco
 |Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in. <br/>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).|
 |Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism. <br/>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. <br/>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).|
 | Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working. <br/>To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).|
-| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications. <br/>To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
+| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows and store applications. <br/>To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
 | Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity. <br/>To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
 | Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
 | Diagnostic Data | Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
@@ -56,7 +56,7 @@ Although most essential services can be turned off by enterprise admins, we reco
 | Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
 | Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
 | Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
-| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
+| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to log on to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
 | Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
 | Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. <br/>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
 | Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 9d28f8f85e..fa1a4416d7 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -35,7 +35,7 @@ This information allows administrators and compliance professionals to work toge
 
 ## 1. Windows data collection transparency
 
-Transparency is an important part of the data collection process in Windows. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device set up.
+Transparency is an important part of the data collection process in Windows. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device setup.
 
 ### 1.1 Device set up experience and support for layered transparency
 
@@ -113,13 +113,13 @@ You can use the following articles to learn more about Autopilot and how to use
 
 #### _2.3.2 Managing Windows connected experiences and essential services_
 
-Windows includes features that connect to the internet to provide enhanced experiences and additional capabilities. These are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+Windows includes features that connect to the internet to provide enhanced experiences and more capabilities. These are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
 Essential services are services in the product that connect to Microsoft to keep the product secure, up to date and performing as expected, or are integral to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 
 [Windows essential services and connected experiences](essential-services-and-connected-experiences.md) provides a list of the most common Windows essential services and connected experiences.
 
-When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services. For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring the settings that are associated with the functionality provided by Windows connected experiences and essential services. For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This article includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
 
 The article [Manage connection endpoints for Windows 10 Enterprise, version 21H1](manage-windows-21h1-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection.
 

From 29ad55134e1a21d6dbbf58d425f6d2a2de9f9305 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 10:08:50 +0100
Subject: [PATCH 030/105] updates 7-10

---
 .../privacy/essential-services-and-connected-experiences.md   | 4 ++--
 windows/privacy/windows-10-and-privacy-compliance.md          | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 9facfe7e9c..c842975578 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -55,7 +55,7 @@ Although most essential services can be turned off by enterprise admins, we reco
 |Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
 | Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
 | Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
-| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
+| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinpu.md#textinput-touchkeyboardemojibuttonavailability) |
 | Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to log on to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
 | Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
 | Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. <br/>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
@@ -64,7 +64,7 @@ Although most essential services can be turned off by enterprise admins, we reco
 | Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
 | Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows you to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
 | Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/>To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
-| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. <br/>PLACEHOLDER |
+| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. |
 | Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/). <br/>To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
 | Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet. <br/>To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
 | Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background. <br/>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background. <br/>To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index fa1a4416d7..228e0a16ad 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -121,7 +121,7 @@ Essential services are services in the product that connect to Microsoft to keep
 
 When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring the settings that are associated with the functionality provided by Windows connected experiences and essential services. For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This article includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
 
-The article [Manage connection endpoints for Windows 10 Enterprise, version 21H1](manage-windows-21h1-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection.
+The article [Manage connection endpoints for Windows 11 Enterprise](manage-windows-11-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows release, along with descriptions of any functionality that would be impacted by restricting data collection.
 
 #### _2.3.3 Limited functionality baseline_
 

From ffd2596aeb6b83b43391bd869f2cd24cf2e7f1db Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 10:14:11 +0100
Subject: [PATCH 031/105] update dates

---
 windows/privacy/essential-services-and-connected-experiences.md | 2 +-
 windows/privacy/windows-10-and-privacy-compliance.md            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index c842975578..8958a39396 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -10,7 +10,7 @@ audience: ITPro
 author: siosulli
 ms.author: dansimp
 manager: dansimp
-ms.date: 12/1/2020
+ms.date: 
 ---
 
 # Essential services and connected experiences for Windows
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 228e0a16ad..ce508c60bd 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -13,7 +13,7 @@ ms.author: brianlic
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 07/21/2020
+ms.date: 
 ---
 
 # Windows Privacy Compliance:<br />A Guide for IT and Compliance Professionals

From 86c4b28cdc15d1eb52c9a74db1eb5d4516102df6 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 10:38:00 +0100
Subject: [PATCH 032/105] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index ce508c60bd..84781d9b7f 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -113,13 +113,13 @@ You can use the following articles to learn more about Autopilot and how to use
 
 #### _2.3.2 Managing Windows connected experiences and essential services_
 
-Windows includes features that connect to the internet to provide enhanced experiences and more capabilities. These are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+Windows includes features that connect to the internet to provide enhanced experiences and additional capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
 Essential services are services in the product that connect to Microsoft to keep the product secure, up to date and performing as expected, or are integral to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 
 [Windows essential services and connected experiences](essential-services-and-connected-experiences.md) provides a list of the most common Windows essential services and connected experiences.
 
-When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring the settings that are associated with the functionality provided by Windows connected experiences and essential services. For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This article includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings that are associated with the functionality provided by Windows connected experiences and essential services. For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This article includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable.
 
 The article [Manage connection endpoints for Windows 11 Enterprise](manage-windows-11-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows release, along with descriptions of any functionality that would be impacted by restricting data collection.
 

From 79d67f855a3c210205490293b6f1cec5888e177c Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 11:40:30 +0100
Subject: [PATCH 033/105] updates

---
 .../essential-services-and-connected-experiences.md       | 8 ++++----
 windows/privacy/windows-10-and-privacy-compliance.md      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 8958a39396..abea067f98 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -20,7 +20,7 @@ ms.date:
 - Windows 11
 - Windows 10, version 1903 and later
 
-Windows includes built-in apps, services, and features, that connect to the internet to provide enhanced experiences and additional capabilities. These are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+Windows includes features that connect to the internet to provide enhanced experiences and additional service-based capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
 When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data can also include information needed by a connected experience to perform its task, such as configuration information about Windows.
 
@@ -55,7 +55,7 @@ Although most essential services can be turned off by enterprise admins, we reco
 |Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
 | Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
 | Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
-| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinpu.md#textinput-touchkeyboardemojibuttonavailability) |
+| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinpu.md#textinput-touchkeyboardemojibuttonavailability). |
 | Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to log on to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
 | Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
 | Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. <br/>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
@@ -89,9 +89,9 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 | Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
 | Compatibility View | Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing. |
 | Flip ahead | Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
-| Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a Web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
+| Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
 | Accelerators | Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options. <br/>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word. |
-| Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has. |
+| Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email service might send updates to the tile indicating how many new messages a user has. |
 
 ## Related links
 
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 84781d9b7f..36203bd9bd 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -113,7 +113,7 @@ You can use the following articles to learn more about Autopilot and how to use
 
 #### _2.3.2 Managing Windows connected experiences and essential services_
 
-Windows includes features that connect to the internet to provide enhanced experiences and additional capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+Windows includes features that connect to the internet to provide enhanced experiences and additional service-based capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
 Essential services are services in the product that connect to Microsoft to keep the product secure, up to date and performing as expected, or are integral to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 

From f89f51c70cda70d370a792d6b162df878daeb0eb Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 14:01:59 +0100
Subject: [PATCH 034/105] Update
 essential-services-and-connected-experiences.md

---
 ...sential-services-and-connected-experiences.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index abea067f98..ef71c7d2b1 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -24,7 +24,7 @@ Windows includes features that connect to the internet to provide enhanced exper
 
 When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data can also include information needed by a connected experience to perform its task, such as configuration information about Windows.
 
-We give you the ability to choose which connected experiences you want to use in Windows, which then determines what required service data is sent to us.
+Users have the ability to choose the connected experiences they want to use in Windows, which then determines what required service data is sent to Microsoft.
 
 Required service data is also collected and sent to Microsoft for essential services. Essential services are used to keep the product **secure, up to date, performing as expected** or are **integral** to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 
@@ -45,7 +45,7 @@ Although most essential services can be turned off by enterprise admins, we reco
 | Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
 | Diagnostic Data | Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
 | Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/>To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
-| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
+| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service, providing a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
 
 ## Windows connected experiences
 
@@ -54,9 +54,9 @@ Although most essential services can be turned off by enterprise admins, we reco
 |Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account. <br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
 |Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
 | Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
-| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
+| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers, which helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
 | Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinpu.md#textinput-touchkeyboardemojibuttonavailability). |
-| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to log on to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
+| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
 | Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
 | Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. <br/>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
 | Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
@@ -69,9 +69,9 @@ Although most essential services can be turned off by enterprise admins, we reco
 | Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet. <br/>To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
 | Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background. <br/>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background. <br/>To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
 
-## Edge essential services and connected experiences
+## Microsoft Edge essential services and connected experiences
 
-Windows ships with Microsoft Edge and Internet Explorer on Windows devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.</br> You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper). To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
+Windows ships with Microsoft Edge and Internet Explorer on Windows devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.</br> You can find details on all of Microsoft Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper). To turn off specific Microsoft Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
 
 ## IE essential services and connected experiences
 
@@ -82,13 +82,13 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 
 | **Connected experience** | **Description** |
 | --- | --- |
-|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps which, can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
 |Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
 | Address Bar and Search suggestions | With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information, it will be sent to the default search provider. |
 | Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. |
 | Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
 | Compatibility View | Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing. |
-| Flip ahead | Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
+| Flip ahead | Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting, your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
 | Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
 | Accelerators | Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options. <br/>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word. |
 | Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email service might send updates to the tile indicating how many new messages a user has. |

From f217d5a70e7551f713e4dea1ec0cc8df580d1da7 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 14:26:20 +0100
Subject: [PATCH 035/105] Update
 essential-services-and-connected-experiences.md

---
 .../privacy/essential-services-and-connected-experiences.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index ef71c7d2b1..3862177845 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -43,7 +43,7 @@ Although most essential services can be turned off by enterprise admins, we reco
 | Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows and store applications. <br/>To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
 | Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity. <br/>To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
 | Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
-| Diagnostic Data | Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
+| Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
 | Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/>To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
 | Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service, providing a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
 
@@ -54,11 +54,11 @@ Although most essential services can be turned off by enterprise admins, we reco
 |Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account. <br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
 |Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
 | Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
-| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers, which helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. <br/>By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
+| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers, which helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
 | Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinpu.md#textinput-touchkeyboardemojibuttonavailability). |
 | Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
 | Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
-| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. <br/>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
+| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
 | Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
 | OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere. <br/>To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
 | Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |

From faeb825d0ddc810de64146f9259b0866b2b41a4c Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 14:34:05 +0100
Subject: [PATCH 036/105] Update
 essential-services-and-connected-experiences.md

---
 .../privacy/essential-services-and-connected-experiences.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 3862177845..ac4a221c33 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -62,9 +62,9 @@ Although most essential services can be turned off by enterprise admins, we reco
 | Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
 | OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere. <br/>To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
 | Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
-| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows you to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
+| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows users to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
 | Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/>To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
-| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows you personalized content like news, weather, a glimpse at your calendar and to-do list and your recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. |
+| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows users personalized content like news, weather, their calendar and to-do list, and recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. |
 | Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/). <br/>To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
 | Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet. <br/>To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
 | Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background. <br/>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background. <br/>To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
@@ -88,7 +88,7 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 | Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. |
 | Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
 | Compatibility View | Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing. |
-| Flip ahead | Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting, your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
+| Flip ahead | Flip ahead enables users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting, users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
 | Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
 | Accelerators | Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options. <br/>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word. |
 | Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email service might send updates to the tile indicating how many new messages a user has. |

From a70b7e94e16f27307b943e6a85b6978f6c6aee12 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 14:49:04 +0100
Subject: [PATCH 037/105] Update
 essential-services-and-connected-experiences.md

---
 windows/privacy/essential-services-and-connected-experiences.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index ac4a221c33..7dc04a0384 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -24,7 +24,7 @@ Windows includes features that connect to the internet to provide enhanced exper
 
 When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data can also include information needed by a connected experience to perform its task, such as configuration information about Windows.
 
-Users have the ability to choose the connected experiences they want to use in Windows, which then determines what required service data is sent to Microsoft.
+Microsoft gives you the ability to choose which connected experiences you want to use in Windows, this will determines what required service data is sent to Microsoft.
 
 Required service data is also collected and sent to Microsoft for essential services. Essential services are used to keep the product **secure, up to date, performing as expected** or are **integral** to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 

From 1b2f8b5ba365ef67dc145f56bcb7edaffcdd9737 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 15:05:03 +0100
Subject: [PATCH 038/105] Update
 essential-services-and-connected-experiences.md

---
 windows/privacy/essential-services-and-connected-experiences.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 7dc04a0384..0ccfb8e476 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -24,7 +24,7 @@ Windows includes features that connect to the internet to provide enhanced exper
 
 When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data can also include information needed by a connected experience to perform its task, such as configuration information about Windows.
 
-Microsoft gives you the ability to choose which connected experiences you want to use in Windows, this will determines what required service data is sent to Microsoft.
+The connected experiences you choose to use in Windows will impact what required service data is sent to us.
 
 Required service data is also collected and sent to Microsoft for essential services. Essential services are used to keep the product **secure, up to date, performing as expected** or are **integral** to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 

From d80acaa8b2bfcdf7338a0ccb80313b28ceb821a3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 15:19:59 +0100
Subject: [PATCH 039/105] Update
 essential-services-and-connected-experiences.md

---
 windows/privacy/essential-services-and-connected-experiences.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 0ccfb8e476..d5d2775754 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -28,7 +28,7 @@ The connected experiences you choose to use in Windows will impact what required
 
 Required service data is also collected and sent to Microsoft for essential services. Essential services are used to keep the product **secure, up to date, performing as expected** or are **integral** to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows.
 
-Although most essential services can be turned off by enterprise admins, we recommend, where applicable, you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
+Although enterprise admins can turn off most essential services, we recommend, where applicable, you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one.
 
 > [!NOTE]
 > The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.

From e4e1af71ed95ff4e262ae6713b6093210282d3d4 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 15:39:48 +0100
Subject: [PATCH 040/105] Update
 essential-services-and-connected-experiences.md

---
 .../essential-services-and-connected-experiences.md       | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index d5d2775754..a124f59bd9 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -45,7 +45,7 @@ Although enterprise admins can turn off most essential services, we recommend, w
 | Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
 | Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
 | Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/>To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
-| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service, providing a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
+| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
 
 ## Windows connected experiences
 
@@ -53,15 +53,15 @@ Although enterprise admins can turn off most essential services, we recommend, w
 | --- | --- |
 |Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account. <br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
 |Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
-| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
-| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers, which helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
+| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It's installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
+| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources, such as other peers on the network, in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
 | Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinpu.md#textinput-touchkeyboardemojibuttonavailability). |
 | Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
 | Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
 | Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
 | Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
 | OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere. <br/>To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
-| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running, make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
+| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running. The service will also make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
 | Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows users to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
 | Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/>To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
 | Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows users personalized content like news, weather, their calendar and to-do list, and recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. |

From d241b64eb755ba45f185bc0ce1411f04ecf98862 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 16:07:43 +0100
Subject: [PATCH 041/105] Update
 essential-services-and-connected-experiences.md

---
 .../privacy/essential-services-and-connected-experiences.md   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index a124f59bd9..2a94ace0da 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -82,7 +82,7 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 
 | **Connected experience** | **Description** |
 | --- | --- |
-|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps which, can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without a user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps which, can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
 |Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
 | Address Bar and Search suggestions | With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information, it will be sent to the default search provider. |
 | Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. |
@@ -91,7 +91,7 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 | Flip ahead | Flip ahead enables users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting, users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
 | Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
 | Accelerators | Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options. <br/>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word. |
-| Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email service might send updates to the tile indicating how many new messages a user has. |
+| Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has. |
 
 ## Related links
 

From 9d71d77578c21700e24cadbc18dff6e31fa16502 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 7 Oct 2021 16:13:43 +0100
Subject: [PATCH 042/105] Update
 essential-services-and-connected-experiences.md

---
 .../privacy/essential-services-and-connected-experiences.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 2a94ace0da..5ad54e7a9e 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -99,8 +99,9 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 - [Connected Experiences in Office](/deployoffice/privacy/connected-experiences.md)
 - [Essential Services in Office](/deployoffice/privacy/essential-services.md)
 
-To view endpoints for Windows 10 Enterprise, see:
+To view endpoints for Windows Enterprise, see:
 
+- [Manage connection endpoints for Windows 11](manage-windows-11-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
@@ -109,8 +110,9 @@ To view endpoints for Windows 10 Enterprise, see:
 - [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
 
-To view endpoints for non-Enterprise Windows 10 editions, see:
+To view endpoints for non-Enterprise Windows editions, see:
 
+- [Windows 11 connection endpoints for non-Enterprise editions](windows-11-endpoints-non-enterprise-editions.md)
 - [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
 - [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md)
 - [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)

From 4e77f2107da79f8bf2fcbfedd06413d6d51e89d9 Mon Sep 17 00:00:00 2001
From: Alice-at-Microsoft
 <79878795+Alice-at-Microsoft@users.noreply.github.com>
Date: Thu, 7 Oct 2021 17:02:06 -0700
Subject: [PATCH 043/105] Add content on safeguards

---
 .../deployment/update/deployment-service-overview.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 546749d1dd..28854e1093 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -29,6 +29,7 @@ The deployment service is designed for IT Pros who are looking for more control
 - You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021).
 - You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise.
 - You can benefit from deployments with automatic piloting tailored to your unique device population to ensure coverage of hardware and software in your organization.
+- You can leverage safeguards against likely update issues, as identified by Microsoft machine learning algorithms, and automatically put the deployment on hold for any affected devices.
 
 The service is privacy focused and backed by leading industry compliance certifications.
 
@@ -52,7 +53,6 @@ Using the deployment service typically follows a common pattern:
 2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service.
 3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates.
 
-
 The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager.
 
 ## Prerequisites
@@ -74,7 +74,6 @@ Additionally, your organization must have one of the following subscriptions:
 - Windows Virtual Desktop Access E3 or E5
 - Microsoft 365 Business Premium
 
-
 ## Getting started
 
 To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application.
@@ -87,7 +86,6 @@ Microsoft Endpoint Manager integrates with the deployment service to provide Win
 
 The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/graph/powershell/get-started).
 
-
 ### Building your own application
 
 Microsoft Graph makes deployment service APIs available through. Get started with these learning paths:
@@ -113,14 +111,17 @@ This built-in piloting capability complements your existing ring structure and p
 
 You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring.
 
+### Safeguard holds against likely and known issues
+
+[Safeguard holds](https://docs.microsoft.com/windows/deployment/update/safeguard-holds) are a key technology Microsoft uses to protect devices from encountering known quality or compatibility issues, by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing post-update issues (such as OS rollbacks, app crashes, or graphics issues) and temporarily puts the deployment on hold for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you may opt out if desired.
+
 ### Monitoring deployments to detect rollback issues
 
 During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
 
-
 ### How to enable deployment protections
 
-Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your organization, devices must share diagnostic data with Microsoft.
+Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your population, devices must share diagnostic data with Microsoft.
 
 #### Device prerequisites
 
@@ -174,7 +175,6 @@ Follow these suggestions for the best results with the service.
 
 Avoid using different channels to manage the same resources. If you use Microsoft Endpoint Manager along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
 
-
 ## Next steps
 
 To learn more about the deployment service, try the following:

From 66deb0fa5a5c8cf167b45489e662c016bafa38d5 Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Thu, 7 Oct 2021 21:06:48 -0700
Subject: [PATCH 044/105] Update healthattestation-csp.md

Added policy and response token.
TODO: Add image.
---
 .../mdm/healthattestation-csp.md              | 221 +++++++++++++++++-
 1 file changed, 212 insertions(+), 9 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 7c0aef670f..dd83b691f5 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -51,6 +51,15 @@ The attestation report provides a health assessment of the boot-time properties
 
 ### Attestation Flow with Microsoft Azure Attestation Service
 
+#add image
+<p>Attestation flow can be broadly in three main steps:
+<ul>
+    <li>An instancne of the Azure Attestation service is setup with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>
+    <li>The MDM provider triggers a call to the attestation service, the device then performs an attestation check keeping the report ready to be retrived.</li>
+    <li>The MDM provider after verifying the token is coming from the attestation service it can parse the attestation token to reflect on the attested state of the device.</li>
+</ul>
+The protocol implemented can be found here:<a href="https://docs.microsoft.com/en-us/azure/attestation/virtualization-based-security-protocol" id="attestationprotocol"> Attestation Protocol</a>
+</p>
 
 ### Configuration Service Provider Nodes
 Windows 11 introduces additions to the HealthAttestation CSP node to integrate with Microsoft Azure Attestaiton service.
@@ -206,17 +215,211 @@ This node will retrieve the service generated correlation IDs for the given MDM
 
 ### MAA CSP Intergation Steps
 <ol>
-<li>Setup a MAA provider instance:
-MAA instance can be created following the steps here Quickstart: Set up Azure Attestation by using the Azure portal | Microsoft Docs.</li>
-<li>Update the provider with an appropriate policy:
-The MAA instance should be updated with an appropriate policy. How to author an Azure Attestation policy | Microsoft Docs
-A Sample attestation policy that only checks for secureboot is here:
-TODO</li>
-<li>Call TriggerAttestation with your rpid, AAD token and the attestURI:
+<li>Setup a MAA provider instance:<br>
+MAA instance can be created following the steps here <a href="https://docs.microsoft.com/en-us/azure/attestation/quickstart-portal" id="quickstartsetup">Quickstart: Set up Azure Attestation by using the Azure portal | Microsoft Docs.</a></li>
+<br><li>Update the provider with an appropriate policy:<br>
+The MAA instance should be updated with an appropriate policy. <a href="https://docs.microsoft.com/en-us/azure/attestation/claim-rule-grammar" id="policy">How to author an Azure Attestation policy | Microsoft Docs</a>
+<br>A Sample attestation policy:
+
+```
+version=1.2;
+
+configurationrules{
+};
+
+authorizationrules { 
+    => permit();
+};
+
+issuancerules{
+
+// SecureBoot enabled 
+c:[type == "events", issuer=="AttestationService"] => add(type = "efiConfigVariables", value = JmesPath(c.value, "Events[?EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && ProcessedData.VariableGuid == '8BE4DF61-93CA-11D2-AA0D-00E098032B8C']"));
+c:[type == "efiConfigVariables", issuer=="AttestationPolicy"]=> issue(type = "secureBootEnabled", value = JsonToClaimValue(JmesPath(c.value, "[?ProcessedData.UnicodeName == 'SecureBoot'] | length(@) == `1` && @[0].ProcessedData.VariableData == 'AQ'")));
+![type=="secureBootEnabled", issuer=="AttestationPolicy"] => issue(type="secureBootEnabled", value=false);
+
+// Retrieve bool properties
+c:[type=="events", issuer=="AttestationService"] => add(type="boolProperties", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `19` || PcrIndex == `20`)].ProcessedData.EVENT_TRUSTBOUNDARY"));
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="codeIntegrityEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_CODEINTEGRITY")));
+c:[type=="codeIntegrityEnabledSet", issuer=="AttestationPolicy"] => issue(type="codeIntegrityEnabled", value=ContainsOnlyValue(c.value, true));
+![type=="codeIntegrityEnabled", issuer=="AttestationPolicy"] => issue(type="codeIntegrityEnabled", value=false);
+
+// Bitlocker Boot Status, The first non zero measurement or zero.
+c:[type=="events", issuer=="AttestationService"] => add(type="srtmDrtmEventPcr", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `19`)].ProcessedData.EVENT_TRUSTBOUNDARY"));
+c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => issue(type="bitlockerEnabledValue", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_BITLOCKER_UNLOCK | @[? Value != `0`].Value | @[0]")));
+[type=="bitlockerEnabledValue"] => issue(type="bitlockerEnabled", value=true);
+![type=="bitlockerEnabledValue"] => issue(type="bitlockerEnabled", value=false);
+
+// Elam Driver (windows defender) Loaded
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="elamDriverLoaded", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_LOADEDMODULE_AGGREGATION[] | [? EVENT_IMAGEVALIDATED == `true` && (equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wdboot.sys') || equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wd\\wdboot.sys'))] | @ != `null`")));
+[type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="WindowsDefenderElamDriverLoaded", value=true);
+![type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="WindowsDefenderElamDriverLoaded", value=false);
+
+// Boot debugging
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="bootDebuggingEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_BOOTDEBUGGING")));
+c:[type=="bootDebuggingEnabledSet", issuer=="AttestationPolicy"] => issue(type="bootDebuggingDisabled", value=ContainsOnlyValue(c.value, false));
+![type=="bootDebuggingDisabled", issuer=="AttestationPolicy"] => issue(type="bootDebuggingDisabled", value=false);
+
+// Kernel Debugging
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="osKernelDebuggingEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_OSKERNELDEBUG")));
+c:[type=="osKernelDebuggingEnabledSet", issuer=="AttestationPolicy"] => issue(type="osKernelDebuggingDisabled", value=ContainsOnlyValue(c.value, false));
+![type=="osKernelDebuggingDisabled", issuer=="AttestationPolicy"] => issue(type="osKernelDebuggingDisabled", value=false);
+
+// DEP Policy
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => issue(type="depPolicy", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_DATAEXECUTIONPREVENTION.Value | @[-1]")));
+![type=="depPolicy"] => issue(type="depPolicy", value=0);
+
+// Test Signing
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="testSigningEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_TESTSIGNING")));
+c:[type=="testSigningEnabledSet", issuer=="AttestationPolicy"] => issue(type="testSigningDisabled", value=ContainsOnlyValue(c.value, false));
+![type=="testSigningDisabled", issuer=="AttestationPolicy"] => issue(type="testSigningDisabled", value=false);
+
+// Flight Signing
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="flightSigningEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_FLIGHTSIGNING")));
+c:[type=="flightSigningEnabledSet", issuer=="AttestationPolicy"] => issue(type="flightSigningNotEnabled", value=ContainsOnlyValue(c.value, false));
+![type=="flightSigningNotEnabled", issuer=="AttestationPolicy"] => issue(type="flightSigningNotEnabled", value=false);
+
+// VSM enabled
+c:[type=="events", issuer=="AttestationService"] => add(type="srtmDrtmEventPcr", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `19`)].ProcessedData.EVENT_TRUSTBOUNDARY"));
+c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="vbsEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_VSM_REQUIRED")));
+c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="vbsEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_MANDATORY_ENFORCEMENT")));
+c:[type=="vbsEnabledSet", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=ContainsOnlyValue(c.value, true));
+![type=="vbsEnabled", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=false);
+c:[type=="vbsEnabled", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=c.value);
+
+// HVCI
+c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="hvciEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_HVCI_POLICY | @[?String == 'HypervisorEnforcedCodeIntegrityEnable'].Value")));
+c:[type=="hvciEnabledSet", issuer=="AttestationPolicy"] => issue(type="hvciEnabled", value=ContainsOnlyValue(c.value, 1));
+![type=="hvciEnabled", issuer=="AttestationPolicy"] => issue(type="hvciEnabled", value=false);
+
+// IOMMU
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="iommuEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_IOMMU_REQUIRED")));
+c:[type=="iommuEnabledSet", issuer=="AttestationPolicy"] => issue(type="iommuEnabled", value=ContainsOnlyValue(c.value, true));
+![type=="iommuEnabled", issuer=="AttestationPolicy"] => issue(type="iommuEnabled", value=false);
+
+// Find the Boot Manager SVN, this is measured as part of a sequence and find the various measurements
+// Find the first EV_SEPARATOR in PCR 12, 13, Or 14
+c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq"));
+c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`"));
+[type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); 
+
+// Find the first EVENT_APPLICATION_SVN. 
+c:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] => add(type="bootMgrSvnSeqQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12` && ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN] | @[0].EventSeq"));
+c1:[type=="bootMgrSvnSeqQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="bootMgrSvnSeq", value=JmesPath(c2.value, c1.value));
+c:[type=="bootMgrSvnSeq", value!="null", issuer=="AttestationPolicy"] => add(type="bootMgrSvnQuery", value=AppendString(AppendString("Events[? EventSeq == `", c.value), "`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]"));
+
+// The first EVENT_APPLICATION_SVN. That value is the Boot Manager SVN
+c1:[type=="bootMgrSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootMgrSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value)));
+
+// OS Rev List Info
+c:[type=="events", issuer=="AttestationService"] => issue(type="osRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_OS_REVOCATION_LIST.RawData | @[0]")));
+
+// Safe mode
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="safeModeEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_SAFEMODE")));
+c:[type=="safeModeEnabledSet", issuer=="AttestationPolicy"] => issue(type="notSafeMode", value=ContainsOnlyValue(c.value, false));
+![type=="notSafeMode", issuer=="AttestationPolicy"] => issue(type="notSafeMode", value=true);
+
+// Win PE
+c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="winPEEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_WINPE")));
+c:[type=="winPEEnabledSet", issuer=="AttestationPolicy"] => issue(type="notWinPE", value=ContainsOnlyValue(c.value, false));
+![type=="notWinPE", issuer=="AttestationPolicy"] => issue(type="notWinPE", value=true);
+
+// CI Policy
+c:[type=="events", issuer=="AttestationService"] => issue(type="codeIntegrityPolicy", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_SI_POLICY[].RawData")));
+
+// Secure Boot Custom Policy
+c:[type=="events", issuer=="AttestationService"] => issue(type="secureBootCustomPolicy", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && PcrIndex == `7` && ProcessedData.UnicodeName == 'CurrentPolicy' && ProcessedData.VariableGuid == '77FA9ABD-0359-4D32-BD60-28F4E78F784B'].ProcessedData.VariableData | @[0]")));
+
+// Find the first EV_SEPARATOR in PCR 12, 13, Or 14
+c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq"));
+c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`"));
+[type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); // No restriction of EV_SEPARATOR in case it is not present
+
+//Finding the Boot App SVN
+// Find the first EVENT_TRANSFER_CONTROL with value 1 or 2 in PCR 12 which is before the EV_SEPARATOR
+c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="bootMgrSvnSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepAfterBootMgrSvnClause", value=AppendString(AppendString(AppendString(c1.value, "&& EventSeq >= `"), c2.value), "`"));
+c:[type=="beforeEvSepAfterBootMgrSvnClause", issuer=="AttestationPolicy"] => add(type="tranferControlQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`&& (ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_TRANSFER_CONTROL.Value == `1` || ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_TRANSFER_CONTROL.Value == `2`)] | @[0].EventSeq"));
+c1:[type=="tranferControlQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="tranferControlSeq", value=JmesPath(c2.value, c1.value));
+
+// Find the first non-null EVENT_MODULE_SVN in PCR 13 after the transfer control.
+c:[type=="tranferControlSeq", value!="null", issuer=="AttestationPolicy"] => add(type="afterTransferCtrlClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`"));
+c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="afterTransferCtrlClause", issuer=="AttestationPolicy"] => add(type="moduleQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13` && ((ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]) || (ProcessedData.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]))].EventSeq | @[0]"));
+c1:[type=="moduleQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="moduleSeq", value=JmesPath(c2.value, c1.value));
+
+// Find the first EVENT_APPLICATION_SVN after EV_EVENT_TAG in PCR 12. 
+c:[type=="moduleSeq", value!="null", issuer=="AttestationPolicy"] => add(type="applicationSvnAfterModuleClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`"));
+c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="applicationSvnAfterModuleClause", issuer=="AttestationPolicy"] => add(type="bootAppSvnQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]"));
+c1:[type=="bootAppSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootAppSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value)));
+
+// Finding the Boot Rev List Info
+c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_BOOT_REVOCATION_LIST.RawData | @[0]")));
+
+};
+```    
+</li>
+<br><li>Call TriggerAttestation with your rpid, AAD token and the attestURI:<br>
 Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Azure Attestation) | Microsoft Docs</li>
-<li>Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties:
+<br><li>Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties:<br>
 The decoded JWT token contains information per the attestation policy.
-{ "typ": "JWT", "alg": "RS256", "x5c": [ "MIIDcDCCAligAwIBAgIQOLMUhXOEQ2axV6zXp/KvnzANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDEypBdHRlc3RhdGlvblNlcnZpY2UtTG9jYWxUZXN0LVJlcG9ydFNpZ25pbmcwHhcNMjAxMTI5MTExMjUyWhcNMjIxMTI5MTEyMjUyWjA1MTMwMQYDVQQDEypBdHRlc3RhdGlvblNlcnZpY2UtTG9jYWxUZXN0LVJlcG9ydFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuOlDyU1sYAuAV53n7TrmTU180bOREgfZoTsdOyllMcsKciTUWkTO0vKDa8CFwGEHmSVTAEngDIHw1putio84HKZdcI6nPt2B74kJ/+5ut8KGMWtBm6GFWwS0TXti1rE4Os1mPpCYAsUyKxaEw4lBbEzGa5mGx0SGLdseuUIiw23S695RLVCciDaAvf+q/gBScFgZJm2ZxgkyNF7+MSvnDMU1xv5YLDQeh3j5vZlstSq+rrRbB5SVnuD4cFBjvGW5lXBLxMEjpBXI6yzFmFuw/OjZ7VClk6HSNjvvhSwJu4F1oHuJ0oAuABOtPpRK/898Ru+9qS5ZMm79775nZK75AgMBAAGjfDB6MA4GA1UdDwEB/wQEAwIFoDAJBgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBR/8W25+uWj5sg8lEKKYy1gdCqWUTAdBgNVHQ4EFgQUf/Ftufrlo+bIPJRCimMtYHQqllEwDQYJKoZIhvcNAQELBQADggEBAJGfbRRvF3EpG6ZsOcSmWtu/1LDVZq+fGspjK/7+ImybEY/zC2CsWWpz7pT54KEGYe91q67nV5GZoSz7+O4A4A5QtMDFzOnrFVicDo5Cg2EDU4YQDN4j4DyrbttkQYiEiBFexJImrjIk4bfW2YqZjtzR7XFDsCsOAUHNY8cnnKaZCRbXrLwP/LUYAz/NVkttO4CW4U/8OZygrarfAsVrsCsx5o2mXBlaRYl5xECWfvT2YbCFuIt3gZR9sau65uMWthgyV0XAR7farxycfMEuBkyb+IVPwYW5QGFo5M8a78r/rFPdczGPlv0Qvg7zrBm775xs8O33V4nOmC1tfsxXUgw=" ], "kid": "e5j-rIjIITYTB9RQSgM-OzOWjXM" }.{ "nbf": 1629758941, "exp": 1630104841, "iat": 1629759241, "iss": "https://ulptestwin.eus.test.attest.azure.net", "jti": "e325dad03894f09b12c53f3b5eac5e36824c89ae", "ver": "1.0", "x-ms-ver": "1.0", "rp_data": "AQIDBA", "nonce": "AQIDBA", "cnf": { "jwk": { "kty": "RSA", "n": "vTCRaX0IZMsNHfJPOVyiYSCM2WABZmNo3PSVTOt9mh0vR4Mon080EGHM_V3afjKJ4NxmEZ01XeB-1TsuNM2-19_JMWZF-wiBTrBWEjcUQ84AxzukaWD1sMsH2kiqjaxXBHEUl8Hhq9SRjVEEdT-fKLOzBO070TffvRCKVxZIRI9Ry6E6K8gMEX3CH6Yk9b7clAua0MrUxd28hMxwx4hy1HyCsFSnXb_bIaqxLYjCxisc9mRx2vO6IuEqEVskSYDc-5f8u2G98ld6PuiMkAhvOOEBmaDlEksvUpnA8e9nWO98rg17pjyOms9GLvgKkSgOKbK8wQ-NuUyXutQfaN2MbQ", "e": "AQAB" } }, "x-ms-policy-hash": "BpV0Jxx6oZ2AjkgXx3Gj7JiJ1NpZWGppjdT2OTtBR4g", "AIKPresent": true, "BitlockerStatus": 1, "CodeIntegrityEnabled": true, "SafeMode": false, "SecureBootEnabled": true, "TpmVersion": 2, "VSMEnabled": true, "WinPE": false }.[Signature]</li>
+<br>
+
+    
+    {
+      "typ": "JWT",
+      "alg": "RS256",
+      "x5c": [
+        "MIIE.....=",
+        "MIIG.....=",
+        "MIIF.....="
+      ],
+      "kid": "8FUer20z6wzf1rod044wOAFdjsg"
+    }.{
+      "nbf": 1633664812,
+      "exp": 1634010712,
+      "iat": 1633665112,
+      "iss": "https://contosopolicy.eus.attest.azure.net",
+      "jti": "2b63663acbcafefa004d20969991c0b1f063c9be",
+      "ver": "1.0",
+      "x-ms-ver": "1.0",
+      "rp_data": "AQIDBA",
+      "nonce": "AQIDBA",
+      "cnf": {
+        "jwk": {
+          "kty": "RSA",
+          "n": "yZGC3-1rFZBt6n6vRHjRjvrOYlH69TftIQWOXiEHz__viQ_Z3qxWVa4TfrUxiQyDQnxJ8-f8tBRmlunMdFDIQWhnew_rc3-UYMUPNcTQ0IkrLBDG6qDjFFeEAMbn8gqr0rRWu_Qt7Cb_Cq1upoEBkv0RXk8yR6JXmFIvLuSdewGs-xCWlHhd5w3n1rVk0hjtRk9ZErlbPXt74E5l-ZZQUIyeYEZ1FmbivOIL-2f6NnKJ-cR4cdhEU8i9CH1YV0r578ry89nGvBJ5u4_3Ib9Ragdmxm259npH53hpnwf0I6V-_ZhGPyF6LBVUG_7x4CyxuHCU20uI0vXKXJNlbj1wsQ",
+          "e": "AQAB"
+        }
+      },
+      "x-ms-policy-hash": "GiGQCTOylCohHt4rd3pEppD9arh5mXC3ifF1m1hONh0",
+      "WindowsDefenderElamDriverLoaded": true,
+      "bitlockerEnabled": true,
+      "bitlockerEnabledValue": 4,
+      "bootAppSvn": 1,
+      "bootDebuggingDisabled": true,
+      "bootMgrSvn": 1,
+      "bootRevListInfo": "gHWqR2F-1wEgAAAACwBxrZXHbaiuTuO0PSaJ7WQMF8yz37Z2ATgSNTTlRkwcTw",
+      "codeIntegrityEnabled": true,
+      "codeIntegrityPolicy": [
+        "AAABAAAAAQBWAAsAIAAAAHsAOABmAGIANAA4ADYANQBlAC0AZQA5ADAAYgAtADQANAA0AGYALQBiADUAYgA1AC0AZQAyAGEAYQA1ADEAZAA4ADkAMABmAGQAfQAuAEMASQBQAAAAVnW86ERqAg5n9QT1UKFr-bOP2AlNtBaaHXjZODnNLlk",
+        "AAAAAAAACgBWAAsAIAAAAHsAYgBjADQAYgBmADYAZAA3AC0AYwBjADYAMAAtADQAMABmADAALQA4ADYANAA0AC0AMQBlADYANAA5ADEANgBmADgAMQA4ADMAfQAuAEMASQBQAAAAQ7vOXuAbBRIMglSSg7g_LHNeHoR4GrY-M-2W5MNvf0o",
+        "AAAAAAAACgBWAAsAIAAAAHsAYgAzADEAOAA5ADkAOQBhAC0AYgAxADMAZQAtADQANAA3ADUALQBiAGMAZgBkAC0AMQBiADEANgBlADMAMABlADYAMAAzADAAfQAuAEMASQBQAAAALTmwU3eadNtg0GyAyKIAkYed127RJCSgmfFmO1jN_aI",
+        "AAAAAAAACgBWAAsAIAAAAHsAZgBlADgAMgBkADUAOAA5AC0ANwA3AGQAMQAtADQAYwA3ADYALQA5AGEANABhAC0AZQA0ADUANQA0ADYAOAA4ADkANAAxAGIAfQAuAEMASQBQAAAA8HGUwA85gHN_ThItTYtu6sw657gVuOb4fOhYl-YJRoc",
+        "AACRVwAACgAmAAsAIAAAAEQAcgBpAHYAZQByAFMAaQBQAG8AbABpAGMAeQAuAHAANwBiAAAAYcVuY0HdW4Iqr5B-6Sl85kwIXRG9bqr43pVhkirg4qM"
+      ],
+      "depPolicy": 0,
+      "flightSigningNotEnabled": false,
+      "hvciEnabled": true,
+      "iommuEnabled": true,
+      "notSafeMode": true,
+      "notWinPE": true,
+      "osKernelDebuggingDisabled": true,
+      "osRevListInfo": "gHLuW2F-1wEgAAAACwDLyDTUQILjdz_RfNlShVgNYT9EghL7ceMReWg9TuwdKA",
+      "secureBootEnabled": true,
+      "testSigningDisabled": true,
+      "vbsEnabled": true
+    }.[Signature]
+
+</li>
 </ol>
 
 ## Windhows 10 Device HealthAttestation

From f6d6c426d78f33a770ea693b721bf81fea31a3ca Mon Sep 17 00:00:00 2001
From: afirodiya <42394035+afirodiya@users.noreply.github.com>
Date: Fri, 8 Oct 2021 10:13:58 -0700
Subject: [PATCH 045/105] Update
 windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../enable-virtualization-based-protection-of-code-integrity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index 03ca52bd5e..5d7ffa6cd9 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -311,6 +311,6 @@ Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true
 ### Requirements for running HVCI in Hyper-V virtual machines
 -   The Hyper-V host must run at least Windows Server 2016 or Windows 10 version 1607.
 -   The Hyper-V virtual machine must be Generation 2, and running at least Windows Server 2016 or Windows 10.
--   HVCI and [nested virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) can be enabled at the same time. To enable HyperV role on the VM, first install the HyperV role in a Windows nested virtualization environment.
+-   HVCI and [nested virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) can be enabled at the same time. To enable the HyperV role on the virtual machine, you must first install the HyperV role in a Windows nested virtualization environment.
 -   Virtual Fibre Channel adapters are not compatible with HVCI. Before attaching a virtual Fibre Channel Adapter to a virtual machine, you must first opt out of virtualization-based security using `Set-VMSecurity`.
 -   The AllowFullSCSICommandSet option for pass-through disks is not compatible with HVCI. Before configuring a pass-through disk with AllowFullSCSICommandSet, you must first opt out of virtualization-based security using `Set-VMSecurity`.

From dd4fca93b1a3a64149dab14802e44d757e1ec500 Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Mon, 11 Oct 2021 15:18:42 -0700
Subject: [PATCH 046/105] Add files via upload

adding maa flow image
---
 .../mdm/images/maa-attestation-flow.png         | Bin 0 -> 81911 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 windows/client-management/mdm/images/maa-attestation-flow.png

diff --git a/windows/client-management/mdm/images/maa-attestation-flow.png b/windows/client-management/mdm/images/maa-attestation-flow.png
new file mode 100644
index 0000000000000000000000000000000000000000..5bd288d0aeb9a5ae32344d19f58903e61da0db4f
GIT binary patch
literal 81911
zcmc$`2UL^W)-D{&wqZft0)l|pP^uzLs=(eBkYb^ih#(LkM1;_rTLBdTw@8r)$dO(W
zY9NFJ1OzDoqy<BXfPfGJQbG%Xy8?*1&v(D^ojdOT-;Cjqyh+wtvpw^fbFKG%qNj6t
z&o16w5C~+?)hmD8fIzlmAdqbrc5DMzc3m=k0sh<Ma^tc(1l@RK1iaa5tER06f#imB
zELr{r-tWA3#n=S`kt%2Z+jQF6qzeLBNxu4r+AR-@v7VhT%?y2o{kZZmHZqDvQ%-NA
zHg&x)iOO<1tR8dX{J{gKHhsES;iOgQTEvrdy4L#DiAw9Ctta>n#5@m#yt=5au73Mi
z7Fwjxt@cjEBS<y#SnVkex5g9G82_GG(NrHs#;86LycokSjT6O;(O%{_enP*?4@$_W
zfr!Zps}$T}rPD>-h4u9{Ngd-9?*UtllZZoL)!=no<<UKfU9^`sv^5{^S-YgnrCwZc
zPv=ZK@log6mF6vfIV2BRY<66G8?)tI;SGZ5CfT*Ou4?zPZ%t?gtpA)}elqb8t@W=W
zu0qrFlV-4qCn<+|p|z&#AKRTAxJkwb-us5BU<%Q^g-158jUs(;bMecZ?A%8k&FVpO
z&r>m*R<FN_bJGpm)$@k1dlPo!TI9>;^uKq#b8Fdc_m%|Ry5C~U>US@So)PLg9x1&^
zO4D1gT@<!Hauvm=Em!!@M2$Y*gM@H_GlK8-txc(2unXgBE$@n+?cEq6^%1$*w9hwU
z)^FFzQnvLWkbqO{YZVS_Kl=LDH(oC-k9BFxIW060JHM}$qr%~<c%RJL7hTmn_7FD4
zkl2AqEP6y<`>6T1KAD-QZ@g>oN{*HW^&a>x1NSeJRj3D%=f;b_jR<4Ie|KOmcGuEH
z!xJd7Q=wmm;rqsnCdZOKmGZsx+&XDyGklYY!@?cPhSl9SCJGGPg_-EWPKl>tvrCoX
zWr;dYd>5SWbk!A|A`O##yCi&DYvH1Zt0;{$KhkkKx#*i+m&Vbg;mZ+2yH9UOVkuNX
zJ1EHOiGVNpKba#ZO<gUDSH!{J7lKijf?xWkw3m{Oe^813+kYo5+SLm3Lm{la7+puG
zb30geSv<C^4Xm7QLO3_ld)~i@)l#nu7rgMiq^Te_)pKiH<H;<jQB9KKmP;Gj{p#-F
zd!P9MlS0qbre7<WYp8`E@47kLiuO_oe}lqxm%+anz8K%lv$4`dY9E8ub$M9{4$U6@
zf{h$Z@@{&)_$o3%yUQ>$Hr#V-Ps7P9tCqM;$G;m_Vn(ra{Ig<;p#Igl_;k|1Yyqnv
zGs#;QDHBamIMs9b?1tghsg*P!#({}cINbC?gzLmBN^ycJT$OGwFtop|dfZ2%5P7ZS
z{Oupg_X{Qq7lr!BuP;VWt7PsPygOx+RX%$ug}L~c`VYYo|6G4MJ({@OhW)!ty9*jo
zGVlN{>URPtY|h_qFjBZEy!&-tnT?F(^bUo%`r1zn{0!r&`?hBr&eS~dO+g;#`#!3G
zmD~>0C3vlb(aj!`);9b13JOat9&!;-6L!I^*j|zq?%}z(Azy|1Bl5c^bWy6y{jR$0
zEwhTIT?WgQPw2<rCoPm-$b}D@ZnqRri^9F`CQfa+>ay+S#+*5NeaL(FYfefk7s9{D
z=>Vg0{`HB{v@bA0*9p2Xx!o<x<8F&%@18oPzgmZHWKx>u5PYB7CveUD8-}wKs&wGF
zw6T`|UxVzwn=HG6W<uAA-E{bePlF)O{ziP#dpUeV1148EK8^kx@FZPmU%Yyq>b>W1
z;o^sHCJQIlU<zV)@{#@Z53^}g*K3+BP~o5FxIrpmzW~@Jnx1~gCmlVg{8E~oSHR2U
zLi^ANO;4y?r!JyX%(Kt;`J;|ky^2@m);@j{dE$}Qp5B)?Tr$7F*8mG*EmUrhF*lh0
z9kSGSP+B(2C*K-AS-cKu7vv-R6n!FZz#ZJDqSkRzVX)RA*~>6~BQkcNBS(FA=Bxwp
z7Iq@>HTl-@uZqhdqJ=L->AruP^sypK+t(HnV34PT<frWD`}{Gl)ZKoN`5hJGIIpBW
zf`=BG+U+5ooJfq)wesG#Hs(b>di)XX*iGWr3tC67-dr2!sJ7;Z*(-s!6=B;7KAtM)
z`VNf$8*o=Tvx{)3SMDS8>)*R3ijoem4bq&Z??FFandnkD7xvvv6;1-2-8F$Kn7g?F
zZPG&jd+h!1+~WTR&~r(Z65VS8byahHlZ?8^!#Yk-&m|D|h!d&^@7py`ZG}lgJ#QM0
zKOUA+OrSIs!cCdV+$BGNOYD}1FBKb!xKIcmq{EndkoUVjJUQ59K$L;0AjZ4gMo>CV
zrk+}qBkBwX0X01CHAVKmJ6uIIR@(OB4{zq!Z;>$H{K4B{U`4C6>{O&KfD4ck&>)lt
zRg=cfXAi*z)Mjzdmb8q@lK8e<`30NrFrQ|EWiK!Q*mQuElSe}ViZ0;k(H4I8%nuLR
zKx$AT9slYoVacla2bz{u(jvMp`^mteaC_Spf-T5QpW^cp+}fwvC_T6gKVJ62)wX=c
zcQ@hyxnzQ>GBpfi+UpA!Ws3>-cn`HTWi2^Uh$ihm4adLQNLcd!6HSrZspnW}nrz?|
zC`zTLnxE|P&d9{Ib(|Y%4A{u}+=~Jh2<Sqjhbr8mtL_y@8g13AB^VQCIDIz!jjY?S
zOM3RdWepV^{7dEfVwQ}61oi{6dw5XnrKE-Syf?d~^7^0a*M*nOFjBFhOK{3^Y#aYR
zN7KpUKw-EQ4N;5|&iBjEOO{Ng=c~)jBW5~{XlgP>_n-OX9mu5EB)ViaP}jokmh532
zFr;}ZHhhU%z^ax>0BPY>Jxld`-i48B$PZG%b*yx+jw5s-KBCJ&<vEu6iGrOH)NvF%
z!=?dG;G$H89n(AV8V0}2MhaeuJ^$uM4g&<@VT7WD=SVs*h%?)$oDCg*ey5jw?lbGc
zRdcM~i$>T?JLwJWf2|U2((Xs}@A`oDYYH6yVK|P%7L{jztmPMi^Z#{_{Wp`@9kL+X
zySMEA@WZFsY%Xw4dq%}8X+s0*CLatiNjslkr!dnjt{z+mDN=fe?$gCyhYxA(mxIW4
z!t1zmQ53#eP7t~Ku(gNaLdel|Fw)$S+FF6FK2WOWLjQ}V_Z{ipMBWrvQ7E+#dZV=t
z?VK62y&q<Jua>OgBZQt5=%ksBGo0dDPaSzz;*V+Xp}xG)6Pb!$2WAc-J1vgSFK@&}
ze_m&lL!WO2O?=bWEX?kyHDwny;Pv&TFeY-;+;eJ!bryphak6|pA?$VKF$)eqWN4pm
zNbx>iXg`5r{6yKcJl23+YWe*>s{cCorCaZyx^ZMD7JgHC(kmA(G9k1!ligc$k2vWq
zlq=pV(l7rj&VF3UJZ@G+Q}a8NWG6jx48PT~^}}hp?=7I}wP84?lTObVcu@bCczd~S
z?t2zEm|fu@czADICgBIkJp<S@_+k<vL45<)cK%Np_Wykc%z56&ASg=sEV8K+g{a~V
z0%ZUMz0dIl&#o<s21<%B*@<m;1=N(HKP|NRq2XPWU#U=H1&xW#_Nh+?%v`q%krvT)
zN#}JZb}IYow5JOdt3`DM1kJQ%h%*B^y@Ns;1UUomFum|G>B5!`othgx{<c^Ze5u!z
zZw1=Vl1cYrV}+BcGaZb&B6K$aCW8PG-*op2v|{n(&oodS0Q12vLo*~;HYSxWSqN5+
zH$br2Hx*#b)XlETdy~dNUVsUxrMm2-asLxa`7IK<Ri-ilGTu~-7*_^t^26*)K&s=L
z*boh<-$LZSk^Gg}zg2YsMOVPV?_L08H`UK((6)89J!8m9Kur$J67x?eRh$nSxvbAd
z-RWXwK*B{vdT*MOlCfdGvf;UJUO<d0CJd0-#uGi>DYE0kx?Q^X*kCpRS4_}?|69sn
zuvxRt+F}N4UW_Z><ST-ecV@Ad0w0qYlA7xKxAogIlQF7*{32Rs$w}iLx4WJSUIhwc
z37U8g*3ys5rH)~YN%cy9=?ve$@5Ykw_5EiFvKOS$+>>yB7(0t^k8o0U2SZLM6#9Ny
zNukT37hYd(t~DE9dG$Bxs@%5c-ziN=4kuvVcbIi^ue-5R4+>a~9oWbfaN){1zyWj|
zO&2=UVlF?wD<NEjS-RNrdee`36tD;W*WJ#wTDow)g;2IpAKk{zPHXfHM|2tbEj{2D
zwRk0sa(^fl{&@!1mN7fc>bm5{@Ro4B{5@>VjXr$i4f=ayE&oj!`+q;k{+r3vGryG>
z;3I4<{#s6mmLmQ&_mSNmc(cU{l}b)9z>OsM-fG95B&`CeQA3M5*6XBpz_XU#%M8s}
z$ZkSw#gN|h&r0#4be(LUbP6nR@`d>-5a-0i*-s|f&F}b<bh!CaX83MQq^=YssMqmy
z+yRLu+nsCB9CQU0zIRTU@LUb`nF8IqDe9S1Li{*(J+o*enS1bSe%nSW<Unhj)ZP^J
z$ZuO`t;FhDc({x!iu4lAci<y$>@%eMew?wIqv<;gOZr2!H0Q%;1#fWVb$TBl6v<U`
z26Sg?O?ThEI&wK6Zfq6t11uwy{*2`%o=Gkd)ivLuW$YoPAnrQ;r|0Nu0=WGl@Qt{5
zz)el0#a|8q3miESeQPt@Y<2{LfouLUY`Hn!;Kjku*^n$I#I67coTlk$dv}kO6Nr<L
z1BBf<fon|-ExiM`C&DT&B)5&6EZAme={P;JSa7rir5Uu9{o~u|yVTqW>Uyb*7O)2}
zLJK9+6a9t7sgiurZqIWy%w|X3HH0tUtPm++(qz!G6|&7@M||t%5hsynCqJxasQ?u%
zj%*q*V8EY=T@Y{CtX?I;a=|jL#Yt$b6*Y6!#Lk?ZK*V^3?)lw<#3jB!hhO1%7r55P
zI@{EuP6HN(+`c|?qTK0_W>Zk-M<Yv94^74OUeS!^_W?wN%$#<=Hr0<3&amA=<Fvla
z%9~j$$fPvCFGBccKpap}tSwh?XX1LVta%G85lMJ)3X*d=`8QIiOmwsHdS6XBipzw|
zZc2q1WI_~SQo@!?9)b+`I-@umQqWw&rWZzS6*Uj#g6bIo7d&yc{hZ#!*|prSaYnoV
zZ3y(jMUXGok!|8w7ur>5<9aTsmB!>h5zMMmbMrL?UuD12zAG(JZ(mNOYJ|4${#oIw
zHHFH4SBTw=VsY4eAvfg@Iu>gmC5x^P`}N%VM1QP*Il%M4W}5s5G(szOb%OGi=j)Qq
zs2#aOemM5!?&@_Or*&0a6x^A+7Gf{H5Ahr4uS0yhvZhoBm(h_s;lrBvb(8ImTvyBO
zi?6xvkk@;Z<$B-0zOBLWF|a|H#u!`nh*PT*=M*OecCaHDvc+CDCoI1D$5Q*hFI8-_
z^JDXUc@fd83%i|@y#9-j$DDlZK?45#u5P18>bLo~f7-AV&yjVp%8zjecQTGDdaiLl
zE{k>FIeTK=7j|cTU;Kwh<qCWAXkEZB*so^j_aUD1b}125_U6{OB=@MVwO1D<))jBG
zS%)Ln;pCdBKJQ=c<N6q|Cn=aEWPRb>6tGE(?+(z_0H>l-a-8&<Bxf`^B7>7(Xn^=>
zcD&869BNLD`u@>X4&U{U%zidh)L#Y7?nWXP{(#*6oAb_EtXskoCvtAxe+(%<cJLQd
zopo$cr&^}7r~gxIZ!S&EZAxlYsLEsFGyGASd-p?lHm`{iAQa8D*g>lbHdq>aV@N5b
zMIJc@Is3=2>g0M`&|GA3HR3^(>;yYD1B6bjNz5Y!OGJQ3+9D3`T{WhL#Lv@(sF{2<
z#U#~U)Izzl<E{LF(Aw{es=xxlNZU-<GXl}0VmOUzegs5-S_D{?C`_ukWoQ*FavuHc
z__y_v0*PS0-30}ntKoWdZCHvTXltuxa-mm8PqllKOu}2hYBCoMYtL*Bc<^gTXz81L
zP22YN#Z752NjCeBt&lA+HYCbd2{c8zajeF}?VVa2gtpta?muO(wVnM3<o4&dAAYW-
zXYw`qAH#%HfA{!rFWuHcoW};17|r`kQ|BX4MiKju{SYyQ{0GPx=?xg*x%6Lr$Nr}n
z2(Wy?<(2*}?aS|bfaIC%KQ@)?t+_+_fqVTLq8*umnFY<c7PV)1?O@YrL&{{vvOass
zX}@~6>v8d!Y{M4oRSf||3-H|kQ=A0o{6oKIG3()?{QOtDT!j8QuJk|bb`cs1kGBvE
z?i|?202ev_;WJ_}t?FYY>+o~qA2a8Cw$T_fgSj8M6P#MGjvZR2CSSYs@Z4(2ByTJ`
zig<W_Rpf1$=JzP#x$=|#AW>1@qbT6PsWqQT+Xy(L-+%G?fWAns#l2c5gLgo3zE=GN
zyF4o2;|>xMwT47SQr`m(AV1raXUDKVunvHUpti=C35cAv*Bk$SPP~A%u;g0SfLvVJ
zu?D^nAc{~<*u$|!?DrB2GNb!54uB$2a2@LbbROT@;rx69JOCmt^ZXlDK_FaJFd?_>
z?;AxBvB#e{6%8r;!JU0)=s%{Z`4x%SgFVq0^Lidvx_f=utmA7c15DxeuVx1ls{X8J
z&?fcYm~Z#9Ut${!wrB;y%<CsHeg+K)WTt5~e7M$N4g$&f3=E_C10??smZl7N(vR_u
z{sh`U7`29=PF%}42z$2jzHdoESm*eRF6&y6i~e)FmER6QIGs*@c_SndO_B1wK82Bj
z9DOmn;<*aCw?FU1MBdO8uLk{=i{5LOuJ5-HO@3+e43PhTv5J+s_bU^I>q)`Lqr!nb
zR4yQ;%{X=r)n)pZo56}!eUE3yk5A9a!B!+sZy0GquD!Z2;SJwYwb?@Z3j06zu>Zs<
z1lRK=*r(O}PrUd)nuA>^)CkRbpbJdDZ;zJ$B`;ouj$8{);4Z(N`?n;_cA}U)S#MKw
zH&Xt^Oa9k0?QitiMuk<osPf7}nhEk%=<T0s>sJH7HC@1Nr*v?F3&B;pBV%%DOY@fX
z9NKHYyWo*YW#(k9>9FU>PF+*E_!Ul@EzQS&j^&U)e2y2I2hR4{blq4fuDrKoDV|mH
zRt6tG<lx&f%Z=Tnb#vbLhzQ-i^5_aWY*;~Tbokh<dCznQr5fX9^FwHIwMyI!{Zc;b
zt|wKR)|KVuX)cz6e9DBJ-S-1c&VKGk*~N9-AROj*dR*=BZp5L*$k=Jr?HK(?TPB&g
zd7G(6Q_*4^C;1HvFB(rhdxc{@>V5!!7@@WBF;m(A^YBx_v_3|RX)i+-J2d-|UWVtM
zRzP|;K&)3&tkG*;#2Zp_6oph&Aam5$oHx^u(sRQ7JWo`Zf#r?NQDmA7_hfgF8f9W6
z2cEu*Y&u|K{c)U%B$zc7Ow!u5Pj|tQ(?qjtwBKD@w+CF<@c?<mdOf~)j)uxLkIH?l
z&?bT{-}iJrhci6^T8e%x<m6nhLn1|Zu0V3my^1o)MTVavmsu(cFP7c&W(oaxSmyN5
zeTmi%B}dZ?Ua}C)Us49|L~GAn8MmKR$uNv!Nh?xehpIUa6(O>477n2@S7^UiP4mB`
zYCtp)|48@Sv<67|S#r(lC>uF`Z{)*!&F|&T_IUUh4a7crif9f}ol_r(>5C1)Tpr%S
z)#yW*XiZ|_)7qJ;%RS1cd55L1Ovlo2j!LRpgJt_#T=8Kr7VpZD3~mZtxE@DK(S7cA
zjZwEaG37SBubqQF+e$wdth%MyHZ`!b@Bka^b_Z3XY!elBvidpSpw96~z{u*QaCD2)
zqU^R4iDnOT?kyf_sABGnWDuYeil_Srcz$OoL{~~IyWcW^(FDWWLtI+qEz;(xJ;v&v
zJkZ7uyG!Pa6%JdS%f5M5a0R~gV)Q?A>5Q?@bXIG#Bz>Ei+`!o*{j{Txi%1O0;~I{B
zR2y2=NFJuv;`4YeLPnnVkI<U^_Ifikv%UCgnXxYl+NLWO&^Z|M@k*COy^7a4OmnL9
zv#fz6ehtZ?*3)poo~)bZR%Lq2_}^|nAZ_dT*xI?y&KHxo<(m3Y?uixJ%2Dz23OicR
z;ZDgtN_+eHdYv{`R={Re=!NsXWicy+R*xfz+x{$T96XDv=ar>()jO0qzt&S*nxKm%
zIx3NM{_4IonHy+t3j{P*vR&!feD>l`q0q#Ocug7{GM1C$JFG%NKk)Fzpz}*S@Tl^f
zd$GS=C3Mu^wojB1xSXc;5#w^9VQ6Y1)rKaB*vI^ODMo8Ro-sK<H?B^=TnNl)%6#QP
zWz0^?q%O|0<;p*|iRUOg_5%VxdJKr&Dt^@wT7U|Tdv=Ht#OK~u4OP<VjAEo%D1|#Y
z-Kv&TYz;fEg))fcM+n#O(%N|&|171Jco0hBv<7%Whh<fUbQ&-Fl3F^%Z^=1u3nH?J
zP1UlA6|*{+<Pw8n)mtncJilt%#BunNTckdV#|x)2$rIWVcBbA$#x$f^viEZ8s8wpV
zTG4=9*#5Z$TJED|XR25`$yr(x<)ZqCl@f>2>nk)MYoDK#&#t2N)GqhSgfM3p&1A7V
z9Xdi6EG9h0ElWM()EWH*?u>(zO1yK_V&z+M{gX6@!_e)<jpj-QMZ=1Zo80laT&)W2
z?|n5koqh8&Rq{GbbT%jxB8PfpRilEltK@z&)yMNagvo7DR8E;sfl-{RTpGQyEF~uA
zNf{BSHw3dv+~YZYatNv*yHRV&1n<&Y>uHyjMZV#qGRkV{5X#Q8&{Y#2CR)T<Z0SK8
zS{0h&b>==gm0k*Ejn>2?{b3G~cS)^_cR$uHj9Ckk7VnxrG@$j6WQ;JlD_w|ASwRJY
ziU!g<G|2v>%D4{tVKJiA0_G4~*kTQfNJ*ge6#E&^9;P&qaiN6@&`GlamrpwKLDkEN
zqy1!Fa@s2pI*ZZ~Zv5E1n2z-8R#d$>Ged~j^B=ij=AtCxHPS2p+?XgaJ*Lovbl$0J
zB($#BKh{7_6ZHgf-zMEnPJP&65B|`^+v`gvsmySu+*9(Kp3WY$ahlk$0#T*pg6=d@
zTgHIPrROriBrd{(kY|9OyKLT_+G=Irtt&iyj<)od6Z&tjLX)nN>e-$wwKSWO!=kr@
zX|2~N#m2pgabIWW)$b}-7ehrSnaL5zXUuAccACrKqWXVPY5a>bQ><n?iD3~tByq@P
z%tJZvnKF5yinnH0yL_2ZrqwH2sYz%LNkPVbj8Ej*_VQz^g;|U$q12g+`kA9$vs?BS
z&+&#ti@v5lo7*N`HVSc<-xeeC`Tlmse;YQa$d$$-vOrA;tD)GB6~hTEGjfh;cJ;n#
zJBF92Gu1=8e}JQ=N7JfHFVUap{H;<q=Po^ZHKGHP%RBdK)+^0v_NL%@m9PSbqmB;3
z;|DXGmkg}r8WUeNt7ao8=c?%HfpmHjBSiGsK@qyqC`PWU7Y*eiEmk`;JF0>Yo@Dmq
zKBAMVrk^ooh!z-&$8+sQgwD%6$Khl5t|g8-bl3}IcVtV9w`x)rZ4S-t@eh-Ue_P<o
z{;mx#Gss@}*`c|eGE`ce0fY5uvc;k)FTo=o82u?TSXIv6N1V<u=qHBuPdA5Kh025-
z%4p9OPeI!MPLZ3Pu(p8ge*6=m4cIHwE6ve9ddgK1CKrba<)-Fv_&XI%6sW)yUR@TW
zg;u%AX<CKCY3=qpq0@G5uVJ*0nKEMr1D%PyjH%M9esWhRU!&pIh`~$Fl+rFn2qwJR
z9y`=CCY)AOpBFW$5D1(&%*JJ3%MjH`r{{=^9P>$+oPi0oz_+UXYMERA^nvB>@tBsy
zf|gEMv<>s=+<uXe`I6fE{7rvSl=w1xOk`Wfe6YM2l!{t6F;b^DI#;KOWY%;S_;t3}
z7cV)3d}2?jV82Qn8j5Fx*ED&FSJAk_`O4z&c7s3|Zn-90gJs77-g8UN<JCIFD|Ir(
zIL$^5p8pupFT*F9ZEj%9d{58o<#Zf7AI+B>nupfPB8C^_GIN7^?Bv{pX$IVa4iwKP
zh-<dSR2|on-bv?<%$~^<2CdK|+k}*!Yo6vt<83PI30=||YB}Aji}zzIY^0kvvt7Z}
zE8CSqye`b@$0k;s!z!jaCx{KFwNAHkWH%ZTfL~H#jFaM8-Fy{cd>91Y0e3xhIHh$q
zx0;w}V*G)zS4MCmcs@qKyiANno%c!;>-T(L!;gVQIf%tOM5$y~xj4%7-Z4qNM6fsy
z+4jc|mP)ZJg>hx{gmxM9qdZ8}A&3rSUeo-gJCr?jN8u85Yuth{`D$0S8=X>J;Vjn1
z>-N^UTQAqCQ7dYp8m?d*E~XIY?&GI^H|}N;D{u76k{p&J@=q&f4#q$M)&<tTzlc<V
zDTV?#cpD)ThKbZ^oHJ{@+adFKI64{Ho!VaNb%tJYB{R#R8(sz`%wDX4n~n^<ZbN!G
z4S7lM0WUu3)YZg@$INMfFpE2K^Z8v?<q=9D>?PJ9w^&<lf~kY9m!5Pk<VAq|_|^h*
z7_#LOn;<vGRikVY6$rVM)AUPFiia~w#~P<*OzxDpg|`YpIAWy|rav4L$Uhj@K)4w?
z5Ttpq2v#Hz3P<&HhBlc?cF1?g`=uH5%Zz^sas?Tlpc0ietU6YdYu;gHH+C@N70x0!
z)K{bM0FW=GXEp>=V^Grp#uipEuB>)T%oETm4HqM;2~WrFn_O<q=y7&+>COe<Ym%+e
zjg7=Lh>v&K>!_vDt-v5M=cBDM9L5AQ+RX;A(+od5M?Mjn-)LTzf2zyVu2j+)M+e7<
zK_6Fza5wdptO0hAN|To%Vh4UE-g|fvv4NWS3(@*M2PNR81$;<LQ{h8%h*R~Xh7w$F
zo1?6o5>?M761y#w7LnY)OlXmJN|T<X$T)CYn-AaH9ZIh_H)}F5pJ-C6Fd;pe>)Ik0
zqB8_Uq9I#4g>RjQ4QEA+etFHduYM6(ze8s4fDD#{nJEbEc*>M(1)>{Fs^rbkzwn}T
zVJ?U)1KObkrc;=ZMX*I&f=+cPFsK4t&|!=(<CU7l#HBc*An<g5;XJgz70Q7AS1~+R
z$FHajnYV0QMgAjm669c+(HXDJw|D$#O1wEmgmsLBwqG)Ksz@$;rBzsRy|Y&P-TWz7
zCSR;t2Vb%?UI*crGBV8TCL*AyO<AhMN>6&iPC1bsOS9Bhig|1HwQF|Jj%%lq?})-`
zKGt^gb_D{Iq;?Y9J13nR3oD4ICtWt}bYvtlbbt}-5V#<Fu!tlA52L%@4`pa%BAu`{
z&iMaYsABU}=FWcHUT~Jw3B_=~V&1{nS3~JUf6A?yM#x%pOVrDB)GpfY7rdE|+ZF<g
z<9*N4*p&0fD%8Y=0Ne4wdY&Q#f}XBQhQH2JgmCk5#=GV9o(}CodRd*<E+gk0oa`h$
z@|DGEnU?8vNC;peX!2viGvPIMh9JUq6^S-^S=zDp8W>ivF)G?5R51L|a`!cg_PoKc
zkdq>L)Ea91z9xZDQs=ci;O3HTFf8nZ(x-UBg=v#>ruhsVMT{|}ptY8A7tUQ(^KrDa
zMnPFF4jV2ryQlqHx6|_u{B>dGj(%*MfMExtNdZ%=oxe~ua2HqIk8`_ko&q}}dMndm
zH4L++H{E_5_*17@OUI`*>(ibRu?lT`b#9AO|9d%}VH5fgYB0#AI|YR*fDLTxdDf$&
zG-T!=F|5QD-g7OA4?D?da}0f043Dzf1@HHZyCrIj373vL;@)G1e&RMzL$6#?Pss6O
zXm<JAku|&hB-%%ac~6`EjG~D=Ccpi}o0{EameIb{k2MZFr$|RJ=DF1=lSw2=rwB&3
z+^97@56jWdfV;EgMrXQRDJmVEa<|Sq<JC-nca9x@+~wwF7MJC}#1wJrs_h=Y8l!VP
z&~awbxdk|^3I2V7PN)~o1|oL<ABDNtpP_Oj^}>=1ojQ2FztqYQZFg}yU)}A^otKYg
zyb2$n&+)qb%h@8)<VjaG*<!$f9(GP8n2sJOp#7`W{v?g@cS<YmoD&sBBG1zs0YD5N
z>oqipvoJ&&H~Du<j3J29<HDd2nuv7E6IfA)y*4G>nWXiYCB(g^0^BiqRgY{P!HpF7
zX5}K%Z2H|E7W9TH_^MXH6_wFC9c4X}HJGAUEuYsw8t^twhwQluo9M$3jV}e9cmp=y
zzkLSAP73YXB?c`{(kVSkW{>%hp-hfLf>ujjT$9d8{0?UYYw(;7G5Q0g>V++%@_A^4
z`PZ&aVg!oB*u}IfOepphjcY8s?jx4HSPj<*geU6e%Y3zVa_$24Hr1X*>-RHWbQNVw
zW@ZQysq@d0MXyTsWSCootE`vA_*A<9cjV59#F@#(#iMk(YS`4~l#|>QT2ET*oW_!3
zQY(Yz%Hrz^vNx-lFEr>MXt*B=aD)yLd`9GVJMB*VM?0`w&z>#h<TeZ8yk5I!h#46N
zvR1Z}y_@$yPJ2vfzgyyvy->&5Or4=fw<8RiWN)vI538^w3^+oQr&WSpwlzVerE1!t
zqo{qc@CDLoa-NZ^!So0NC5;#pQ}6Yf&|I9LXZ+r!!ON!y?VPsILia0qWz{hNJw3Uk
z{=T1#zYsLPxYOS$1@HocewP;eZljHq9{Z$gPm34uOBQESdh5WbD+`samO9|-68fI`
zp+#7m!drwwq}CKYr?sWEvH*<yTzdv2ws^FHa&133T?Zju4Ieh8ERFW_#TbW|Mev1%
z($yIiKF>aJ#5IaK33i;b=n|8AsCXe9TrX5`5AFBMcD?Ug)o%sskn6piCYIMI?nHJl
z9{$J?3QF?!J1o}olrC1mBJ0yN)h4)H|8(rE;whCNy||~$xlx6$Ynl5y(0iz6Q)Ca$
zA!NwKaDzBBpwF1rWoM?IT4{FAMBco7Ywz(~532EE(i3VzBE|R`t?jf*huicvh~SyM
zV3&92Y9!&WbB7?h+cP8QZOn`0<P|>_m+3JE9J@Pel@xH-DeRof+&O(sQJ5n)$XL4Z
z%q_rBpAT5o-`93)NzFCKWB(yjhr>}?cfT8ftApUYq-WgpXKFvox}8+WV{JZgwD)qy
zbZ2_C@1r^qx>8|l?WE)*v58!qMZzTSBm3kCY)_+jHWcr2p6v38jTR3}dqZ1>K4~gp
zbg0yxEPpGeUe8k4lkoFe2{-`<&L){#QC1dgv3hNzJhzmKv75nX8`zn8^oxx%MY~(f
zs!Hx~{>-b)0={QG-D6p_Bt%h-X@U!d)a+FA8Zr4gkKM59;CnZ@=d*#s$4<0)SBb}x
z-kObkWoUd8$LmenG3nK#)=L&ptIz@R+&MuY&!L2ntQtX#dA`hEkY>FIjcTRgSuN;S
zZY^Qy<WUfzSXjRc#ooyopGCH%#1_){iV(t1R44wHp_j>2z?+4A2e1G;kRVT&c&<o4
zC9Bpm;@ui~MH|xNJbI1U#eLQ=Mxp>QMy=&xr!$ZweuMCH{M75>ikq)C?m!`7a)&kU
z5}czuRB1$-+>v3gh_mq;!U_anJFEpMOwNL8Q-kAl=+se45Hsny=v0J8PMQ>$1Q)~c
zGFME8fv{e_(og5eSqS-RHpKC}n=tjVhoU-E&}XUDy9Vwm_ZD0TJeRkFxdX0|U{J$f
z#r%+=;zyv+QzaU*a{=FfJa<r}o~VvmBvP_XmHZ4~!)bA#a;b?J<Uw6E9dH{+&UVQ}
zhRj_@Q0-M=zUqaoFlGTu8f8dvCW}66)#N!p9)V4;VTLiWQXgpM(O3a`72T9yS4@TI
zHk^sh)ipD&s`)hPdxN`4Ml0dXrwh9yk=g7n0@6i%(?zWxdj?#gKqbX}<SdgO$UYe|
z%8hYul*s`fJ+%C~1A7o=)#iY<3REp>aioUU@QEy4aB6iN3pA>9>z~ZGb32ll_mnLD
z?9;V;mJHf({sP@h+CX&DBv{q<&_t0wwctV!d@{ER4yuWHQiq7c-3#M3v?GhM0+(4v
zEtFs~NI2k&nLU1^6-s=}Let>0PF75>_NKcOg``6GNv8yTN;mMfM;U@zF%G_PJYb59
zjEPide;A#TZQPuNNb?XRQG#R~g~wZUD4ywtnFC=(fo^nABad+ly2lnn6-gauZ}}!n
z`VGW}Gtjgl7H3hDR9VTrtWe*|gnT=!tTD5u=5V!xaJ<9UgIJl&YAj49i*}2<2^T?x
zG{0c?v5m$+I}2&r7i20dcbL|X@{2R*K!qT)XUQW*liD?6EL6`4xM6k&mdf@QKLh77
zy}0fVp=4|iqmzVt%q(ajF|Kn@r0P?h8vTU_w)bS|TLmuD8<2u@P+m#I8{%mhXw<YS
zbz-pC*8nzMcg*6UO?x&DZ5Tz%bCMw2b~v0GkN&d*D3}$)S9BLAJA7Xvzu?K9QLpXn
z`jJteH-zk&g}XK8p>;tP?Uf|Weu5$MRFEJBM*C@{sDW((Q9ref0v@z^3}m(LlItDv
z$`|jRrwv^~cJPJd7UZfUGstq9ts=A-mPMsOzpr&9RwAxJQe|1pHy>?m#|=uhlYmK@
zZJR8mF!lf{Nz`vACp(*FP7dH6sRp0p6`jEt=F7m{cdOY&bQI~gH)$(6mu2-2q+_6p
zleyLxmXAK8I_?1nM?ByA=Iyd_?<(rawN~~gwPDH%a!vI+rayw*;p*k+ypomIm^m4P
zf+Lc<*sT?NJu)6OS83L(F{xm!3{?Z=Ph8e@rC~8&MP*y(z-7y_9;0i(ZWP(s-vT_(
zV?Dime;k!4e*>V+s`w)p=z;wew_~7MZkl(F-(q66+Qyus{pGA%YQM9BdBkFFb&Vo<
zV6280dtgE`(?eNtgim^Q!nMp&n|ID!@c69(6J%cayhnvf-czP*V`8Muu!>{I92F4i
z`N@(3#i2{E=?@|e!t~dVb`7NP>ncwAfG^%v=I)8FyhLiWO<Ux3m2xU_;FO--qw0RF
z;aso#yi4jp!NJ*9N75*hHdAu-VD%2rxFRMv&3%-g_~s%!TGJ~Zy(kZxhB>y@`hZHx
znW+=Fkj!tIW>XXW-fXD7v#32+&c53)Evw%uq28MqK~%F^5%X<DhZ}&F=m5>t0>%z{
znep?_HbH!yO&*(zuI~Pw{aUeSzM7Ags2~H%w#qvaeIk{@M1hKgO>Z!(z3R0+E~DN3
z-%3z?v`|nOi0KpN<LbUWPMF;m@EbVxFu$>tRsI)>cGHsJai8yY%zWGx^8w`N<CU9u
zcz%EkgzMT7i{QG&b49Rsg{iwABugw4Vj1otm3Ptp7j{F2;?{Q5{s@&L(+<URa>!9M
z0zW6`_VZ1J`a+^gzInGyT=KD&hlE_(ku`7>PZVF>D{Pi?Zf?;IM9o+pf#|Ggsrac%
zh)<RoDkJxl|Ldn+^*53gp|kU6a<c|gl*-@kl#G@IXSQ;_uI_sWsO?vex;H>Dj^W1!
z%f_GBYKJ~ozPC)ySb=vXZbVW7l9RStGuRe^-SmXDqay4LEIZyiWRV{mmIr^@!)I@^
zUf$RbEB|?`g}s~gpKU?cbPkO$oFD(sc2WP|?KZLtj<sVOK*C=Pzbf&6w<9h5k1go%
zjlIJM`+qrG0|C4BRsX}?MsN1^(*L_1_FoRN01X&%ZtOIHcaWT;|J)8@Uu_or^(+Or
zwD=z?=f?>(wvX=rzKwtO>`&;=o(l4H-;Xl@C;u}8{LkkIXYZH~aC$2lQpA63jsJ8~
z4FW0uD`rnFINjy^m_NQnXYIrsu(N-|&-+%Z3r_g43BZ2etombv`xi`Lf5`ez!cnza
zRu>blF*f;qUmpw*@Y@fhWDm%3N4Bal(yd0w?Z;_IFwOt@F$MOZ8^=omQhJTL-8<SB
zrWUMl81p>KdhKYZ?$Y6@$)%aEL1rTvnbWO&;0&Bx82k+DTafy~<(et)-U3T47(IwK
zSGt&?zHo>pJK;BLC2-T%QR;X0;1Gz?wa0s;O^U4M4jT?5ygmhWYexq{ynM7qlxf(P
z%hPs=Q^9W+>XtvMFJMJ?MVcCL&GxF?==AQ&3}KF!6z5DdhU{XF7r)6_Ax=MKPAC@@
zufz`?WD3gTJw7kHJY@>*zyxA3^%DdnlIWua&%$4Fi9}@8M$cx~8WMf(qGwdArw2)V
z*lR1OJ%P&H#J&=Q%9&T7gkrz6wAnE3?bZdr?drkXI|5S^D_cL(rUnyCBSd{=9<@eu
z&-yW6^e-zmojFp<yn8UXY-OqTc)P6*f2N8jZF1DA$d9lXbAdcLdiZ8drfz%*ZgHm8
zs{OohxB*njx!6m`nK}m~>QON{-IIF?`YN3?IADcSp5SYWhN}9p$c<N1*3Q<H-)NSu
zLhH9|HA?C&9iZu!mYik9hAy-eI!s0CW|N}BE#fgg!=?QXyc<OXmX}*o!;-g>IBx2`
zQn2uC{POpx)~S8^O_JkfbA|6;ncBN7yT!~I5oZSYIL>1<_j0TX8({hUB&5;SYD|LP
zLTA*7L&xtT{?2#N_q(1}H1uG^1bn{XA}(j>#+F==kr!z5s^}PKAJ*Z|jyG5O)_gaR
zP?TM(KZ~i4^tT*{YH5Ev5vOwgg7xa?kRWi_f-8D5eIz>kkigz7!$DE1g+aGJIX@+A
z_UrMo?WyrnNEb#{`tf#-5T+AUzth`xet9fceZkktG^I&r{r<)P%ilM^mg9tvJEKx?
zyT$U<p*;_fCSMh^4iTf7g9n2%qKD`F+>wb>??Z8QWrSmfo|<`otSw{r+w}mwC|J5c
zYOg_jpnGb0^v^%_88oebx;@J5c28F0Yb6uqGLO%_AJs>~kf>DuyGnAtf98Sq4*RwH
zxRC4&HHcQWSW&oe-&xvlp&GEnxm{T(!}<8J{8Rf3FF!qBlr8acZ#d!%L0Bm{UhL%B
zFDp-NoW>fm)39s`q)iV(cj+E1%K*OmEv^anAX^iYs?DECyfdYT)K9$6v_nr(tEaph
zwWGLJhX}Czg)%l1_LyoqkiTe_`5P1O*K3{H>%a0WeIUIrtIi<2%d2#;zqYa+L`~PF
z=|Soa|1(F8?blWk^l|OL*YlpBrFcQ(2uc6DcP)oZn-b)g!eMG-N879%4sB)#cZewM
zSuXgbAj_OSSR|0(OLxAWpq6%af?N9t+9ICH>?sVKYRokod|^GZdTtfMb17fQ4PBtP
zH@EU8<?6vV@5UlJ7V4rUMaC5;$9`K<p>fKqB1eZtUF=;vCV^Y#^*;!fIMeXDq(Bcx
z%Tr$n1B=Czztk7*TFLTp00s=z53GCFzEG!~XfRmUH*8fX>u;Lbb$NOaubvPIv~FS4
z=}*l(wbuYD<y^eD1jMz~7Kmf{jTU&$ysenK0|l#$D_oeWsh)zGzIwfW8&%N9jiYQ2
zPQrbrdpXczFIAT*OAT@fil3;>3Xj?(Un|{E#(R8A4B=qv6481%;jN9CyS(SJ8>9W1
zb=~pl-%iX2iAQQd%RDDU<;=?F0ujYdL$5HN<afd+S`mnvu$oX^ejkH*^ay8j_@L&B
zpIFhbZyz%ibNb~<9yY;LLUfEUP|;63D4C#i%hv*~q8q0Wr9fTC$k`S>IOpdLck&tz
zG8;Tu+pw-$gLRr}dDXKL=^bAt0bRxc?Z9mh?ekX^zePtX-=$SrGA<n4F6d?MJVD6h
zNUqGh9~s9t-HPZn>U3G46?M=2%i7EL(5$z9Uy5kW)S!D7DbhVi7>D^_=%k$L@j0Qw
zr?Rv)ER}pHeg_mKNi|^-3eLP*z108$sl4`>bfZY9Xjt4~IvG*s)8G6sJfS9>w3n*P
zssM_2dAcvS-SCTOjp1NDUe@u|vK-%iDF0XCXV9|2@(|#~y#*@J<z&vh;MDwRa@fFy
zh|4x*MGABe@9TYvc*)aacmy0h^?nZyC83qFcJ8tK>_$`McA8mSrWiCLbLrj51s2tF
zR7qL;2r*y5XJ$4K_yGtvglU4LV5dBvf#i62<=$zk(dm`1cY*U&Tt+3BcCQeIJHpN%
zK~NML3M+UmuBUb1VEWFyYd@H5d!ltMC~kMIA0ZC<bE3{{!PjBepm$?zOhWh$|Jg4e
z?LDMCk%{-ovFd~FvcISJ-|h+Pu|0to6nSf!+SL7Aa^=IJg*w5oAyN0BqfFxn!b<#D
zjW$1qnCJ2Joy@}2%3dlfZcJb;ijyxsCgprGIt?vN(Obyp0C~%M>J}ma>o?k#J1QEo
zUC;+^In;ItS7!)fVWL>U&{HRmc2Y>`kaCnHYkt&hFopcPjg#lcFMXp2y_T+zHN_|y
z5R!^lzC_|ibb}^DblukO?km5saYDbmoI{s}CK)>UzWdVWe~sf$e75a1eiTc9)*e_#
z%_8Yz9mTq5GOVMuC~UXB%#jQg6n}|OOf6n{kjj{s<S4bCx`)&zy80-oD#wl;SQq5Z
z+BwaTkCC{kHV2MKQ?J8sg2JnbZ;DqY(5G(^iL%hebh)yH{BT{j%MS&2=~@k^$blFt
z!<Bk`eqf<8={NM{<LDufIh-1_%g%q|hd^9UF6q)2gZ<ezK5(Jd(fTZB2LUnHO8z36
zP?A$TfvwSH3=L!^oJSUTU3I3KgFGxCK#J^*9eXO<VV=*d<-6ZHfzJNq4n60bwpb+)
z7cT5Xz<F6Z4}s^1ELaWPgnAm}DFS|ZWj^6k&%Tu%U@kGxz~9y$RM8OVz%hs+u>BjB
zXq$>0YWp~P#geL=IX$Q<2=a2mSkPY9=Z=x{HQ1N;`v$6@vYu&+^Dhg>Q!Hei(-dMc
zW7OxFW>M@Lc%*i&Y%$fYYh~YDb9U<nx%~>L#)zO12(ZN^0iQDDd<@Oy>2`q<CFq3`
zA;S`pPrtbo2pM|TE~*a>V?IPrcus!lqnI?Yu8w`XwUptr5Js7Z)2?*_HClG{H_F=R
z*6Zh*Doag@l3(Dnis!JvzFK?a71N`2jw~+&v1dhH25Av}Be|I_k%O7L2E(BSo!&JZ
zwi;tIE`JxsD<Mn0oSj!{84FXAC-Hz>rtm(bd3i3f!$0UbC(6%@gx{-T>FcyuW?|Mj
zM;C6GWWH<ysnXmy28Uoo)d{m%gJ&Mc&__1i^U@|xDMoYIjC)kKeQcX<xf;g~LK)mE
z-BXoYAQv+VzOTG$LoYEANL)`n`FBmIul{5?3#Mk%;WdA}VxNkur{BbW!TrRut0-~`
zx-c6eyf-=it<LBeNFadGsTQ+yyp$54lgGr1(b20ntlr-Fc%3ezaGfC74p%hh56!bW
znotTi%p)<~I47-<5^FoI4<$6WvH~|9RbMsd6{<39bf|4Qve4q3GYDK<9W<+6(8q#3
zbc6jN3-48RL_J?SkUr98l(<yFrlz({lgw=B1?O+?03<)yb1+gXBJnVU?S*EMlGMr4
z+T-Z}Hwo7LdPq2NrVwb~@Px(|NKRGZE;Ma$g#C;MqdVWLt#Ej}TS7pTELR;jrZ&2a
z^}2SvOmHFnW=#f0Vob5{6m)R{Q9O>))eN!;Ff)(wBiRx2nEHWR_9@E_9<j-0QxFg+
zHLC}UrKACkHHunS_RqT=9##79Tk>QU>L!P^1x6O%RzS~sCY7Y<5pAUn{k)~bwv3Vx
z%VPs%ZV^>~nB`EIZA0G~=CG~+8ekli@*F>sXKe?8M7<Gvha@azvx$XK|GE?ASB2`n
zv?x6VrMMeJze9R>&5b?TvJafbaGLskyk9C_l;A8~HfJgsFaO%hDgTzo4S#9q@=#Dk
zJV%7(CZGs~ofu_bHiR`CxO0&CF1yt>j7!shvj53(sxHT=uJ(i2UNb_{Sr>aGdd8vl
zxtLVGzo(Gl0&6;iIiamsV?5d?oKwG@U9A{Mi2?cl5C&^hS{+g8*mn+Q%t?&KmvzuP
zSzkW-EO1Do<h%9nv0i4&8A^&bbQifz&qP^Y;mSn@)=8QHmH{oIK4kR=mu+Fz1LbQG
zX-6QpcaEGYot<GnD(Jb$T6KCKO4{~y^BD0kDOz><=@X58DZl+qAAJQ(7tJl=zTije
z%R}q+x;a}8eE}80%_eXBE^=#ZMK4u5Xba@_2joFBa{bCYJL7BbQGd+(;P+eSv=cmW
zDK|f4`?xO0(XMuvlrRIp_~y`!Ju?##eLTmk0;ialKn>)1CwkND6o`k8Lv>{_ySGEi
zIZ;|3^i|(_ll>_*;q7WeN=j0ou*s~}_nBvbpUVij@r;1SQE?APL&+GW8|HD6zV23*
zO@p=fb|+4%FVOpr_ay*YK8kEcO8^dcE*`afQR)Z;qG2boYIXKKVn-vs&A5QOFZ4W#
z>SLGb!k-MM4k)|cMNdr+bI(yxT=Lk==xYFhM%72Y=^sp<e$mHshmT{h$SjKLUDH~!
zBS)}|;eovCOeGXjxmEvWFZ}t)pB{AoMKE|k82e6|jA$V@$~>WWd$?!AeAI{_-<ihl
zC@xuSX8zOQva*aEcWO!hc>aq%qs`S%lLd*#pg88?h?*Oi5Cg`SbW|orbe!OBl~^it
zcrUm!>0`*}5{q~u`v$oZDLyIotyck_XzKMIc?+}6W4*-+a)di@q7Ut6k=yd`^l4jF
zky4+rjEWVnKc$XneW(^s&NLhraaYBMK$ynBu7$MmuO&<4!zU{@0gU%LybcjD5ueHx
zwtl+)p<BE8NO**S%buF(64CpSsn3SA<dhLp-&9k6dzL+V;pXMc%xUk5V*C1;KWp!a
zsqtZ7c7zSpxyKvh1zOM%28=x5MCisymB`({f!nyq^<eSK!R%*WeSJ~@iZM<_a9h7-
zKo3EbBRRbEK09f>yOZfP1c-zk@%}_L$y-7<=*~{QCf)F$a8CdG;KUH#!lXSg(AQtp
z;&hq#;a%V^IY*TW2VE$eb1AoLKjz;&Qmorr7untPwc_hgi#OD~(_PEtO=m{DEYflI
z32kyIKG*uRM*}DzBSd$dcUK*HI6~IW-$nH&C_r(vjP9AI)~7-4PF&aluni%)IxhG3
zvQ6oj6B)a;lYf=|fbWAR6ojX4drA`78j2CU<phmDEk6OHSC#lI46iyTodVPE!-Lc>
z0@V)M1i8IGw&@#XWsDso(<0)pop$FAkn?Vt?9eG$4dbu<-e~rU?F)<+N340|NwGeI
zE|RYR(y$6LKokj>7@qdtw*?}mK7AMj+iLbKFV*s`P%xzUQn1fXmOHW8-y&dTPFftC
zrtP2JKip^jH^xW$@U|Q9;^j=qBc$kk%C@6+qsX=_0X)Nl(NfXNl;ukCKf0>Se+l*#
zuI8Tr;?6`D`{zA>22RxL1f9%FJnPa2*dtaLPPia*(a``z+yP?rd`iu&%y8|Xzf!7q
z4U)6#49C4kZ`qPRolgzZ2PjT8G3@p=U^h#)pat167tZF8&4w<Xqb0dpJ4ZUWL=q-u
z1}YM`HorF;?42ZeOI`_jfR%OpH2qc-v`Bo-f~lFyt4<^ywc;QJ+6h}Emck8p<S3?l
z@x;xVWKOAif)Ou586u^72To|bFhZf0%YlCsrT!K~8qF=_t!?U7j1?uw9Ns2{mx3-f
zd%kDQrI?$NM9f?;q^52cq~)Sa?O9M5zw%nWtNd(^7bCYX{3V3BpASuCf+~3`TX+1M
z)$8a(`&0^2a^?(QSiZ3`97<7LXsNACCmZH_ErVLnj<}>6Aq3j8QmYS;y8W4<REpN;
zIe*yis;S}WmHv9+y~;6MzsqKF>j<QyMQ$yN9Nt`#=QKTT8_rd?Jwe7(nxWuez<p?L
zh1D5_@{>QDl8XMIA3yaF@N*wl6w0C?_g-rzx-q(mY9to=Y&Zq81A5_XRM&J+u6VMb
z09A@*#aHwa-OJ8wlTQf4rF|vJP5x}oBXoEhBtT;IsT2VZxVJYEGLi*uBf8CaamSzw
z9RoKuSJ)hiZ{ACF@kOHZln!qzk!5GN_f-u&FtSPhYAlZWEOeq&O?`c&uGLfs?{#Fi
z&2oK4YRJP{ikGG%o5F_bgJr+e14qm3b^~n3-2w&5>quaQvXbHnbO^_JcMH8vcdF<6
zEpuX$0v?|M@nJTJj^pRr!FNhesk+qP4XlfM8#u-Pc7Z@OF;6>U5rOgX)JD%R*<A)+
z$!jZ}LH)gkWu7(UgcwkWupfvA>|TBm6`qRb6IIfFHD+InlY%a^ah%$>Vr6o%GpkX2
ze5JQUJel@F=yqerkXC|xW@Y%keS)T{Kx;(n$5CvC@zKa{k)Kv{ZDlmpXQ94uadvRw
z)r7^3ZhzYyiIv0z8Dzm?(q2^s)og(>#{3xcn}=6+yfQLr@vkS9?GzOO6F?rbu~a-z
z!b%}gZ()!#78-}Lm<*y37m}<&r?qYM5i|i0qPXPeN}}!r5G<!>_PH)r(Of_i&2X@;
zwU)E_pw)u%FuE>!!mGb+vW+H@t=_B@D@yg$Ph5Ix9dr3nIICALX88dUHv&CO(%)N#
z)x!-&g0NQcpSs5w0U&PcNFpX!bXYks3Mi$32U*KD3xFIW8;j{SRt)R0!j0?;JEWEQ
zLIaSTyfwX*$4;c81=GQuhk5lUt&oX%b08bs(7+b#de`MJ<vr0`e77mqddJsSNL)+R
z6revz=H8^ylM%t0Z*eV`)mJiI&Wm=y&kPz2*ZW)Gu?R)~{&E6nUM$yq``y)q`XGIu
z$`QLVyZ(E~KP{=*4pW0=ajdk-?s#NA2b(vpYbBCby2(&H5#n8XmNg+EHddxAbIsv~
zWP<$6=M1yEwo+SX+QRtTYe2Je)_sawM4gQ<&<IHua^7k5UTDxnrH(_9(dboE1Ue}E
z+&*fuxoJ28(-i3kcdVb8FX6{GU5VNS?hRe{{k9_DDk5X&Ke6;oZ+4oFpE$8wun^F^
zh4FS=oy!ZMH^bHUy?b;1b=F0fBGZ`_uL|s3_1hxPw*~aKbEAF7t3e~E%u1W+Q)5ST
zt*ox-t&bSo4B^pS3;3fXEf4l>;G$!xxi5P5W#=x%%bA<S;LeMSt;Tg64=IuwzkAd4
zP@T_$98}u#1Vh2B4teQ-HPqxa&I+D5wGe8mX(+6<4RZF@x^s`7xVL)G9@?7cSmtyj
zDqh)BTIQ%$Cg8E@AgdB%T!TH4AZmR;X>aH;Do^*i1;wb?j$UEB=qKV02J5%W4y96G
zi}6FiZM3ToHxS$32O}AB&-FxdJ(kJT0)gq+ooA~pwY32c>Z^*WCoEv;@KGr36-e!D
z282Hay+AxC$7+-_lbdd^-nj|Fwf1<)@&maF(B<i2*KdC}G@*9snj0!1wW-;lH?53+
zIB^$R$7loOrT)~cDkqWKTMSya!mc_a?rwz`xvq)_(JE)x>XPDP_~YVB_6ElTednGH
z&t_=_1rQI5zV!dr-@hCIBi~gWoh<a4Y9qDVUK7X$!r3uAK@+zrZWoBnZtE@=`xT{p
ztg_N3)=QJF8iaXgxPt!;_+HSLGUF#1E{BI7+z#OqU46)3`GFjw-r^v)?vZ6bldq8m
zLP@4^lKy8#_WBmdLYMQ;4^NKJgdLSFeBI~@7=mQRu<lrydy>2h&0+eyd+<cJ1?V*5
z-M|A?Zl*1LitTO?25n$LQ~gfnByb=EC=gU~PZ=&)(-~AWYbjlHDpE2STj*Dm4MH1N
zAn!tbANWc!ntPuTXSJUJT+nvrT&JHGoFoz3=?*B{6fU=$EO9mJAb2#ynyq%@1Y=Jt
zTS-H4=N}<qmWC$TryIJJ<EiJPc5m|KCcb3>Bj1FPZBrS=CUF-$3l`aV(n7D>pGw;m
z=?$z;JxrQlHL!ad9>k@^J>&^b2D>Lma~t!!FBKR@=qr&_p3b-f`_wtqk}>Hs5?t-l
zYKjIOzWYexeOhuL!9DI~=L#YJRQRogkHO)8_`j>_8_n<;oIM*%E~R}w_~OiF$ZqL1
z)jsE|*Iuc@1#X#3`ppb>NSz2ON$ANQ%XiO)>imzW{C1SC05{a7c)2hFf%Uk#=6Z@w
zL5U8a%pMV)_MYY|>MpR<7|)cv>h@7CKhcf&zsUOTxF)af|5$5jU9?rf1yrq~fMB(X
z%vh~OML`8*Cn_Q$OIAW4Lu-*L3ND61hzpRF$leKph%yoZA+iz~A&>w8LJ~sO?>>qB
zwBOh7AMy2q=RWtIectEX^T@MSNIOOVD5dfMU^=(55yxI;a1{SXvpnXM-*H@RG-{^q
z5CAov`&2e>xSs?3x5<}{cqUOMFlV$Jqp6VZnUS9W6U-X^?73^~U0Sq1+_N|G@fk-_
z6-GSHo5oF+@|9MuBgW>SRhc!PrKd%Dyxd~fTb3$`t1bhriETExJ$j5?`?5mtdz6tC
zmWk>uY|E^-OQ8T>081?W^tS#4<yaO#NUmt4`cNRK{**${!I5Pp9qQyMZ&}j#3oDZf
zV__$0rK4fCH|1%@`mgvyPqkciBpDT(kv#^s-^h9Oa{>3K;_D&1wbuAJ1?l=yUJt@Q
zmDkCB6`J86+B(o3ZwQj((U$Vy?Z;IIiUMF)uWeS3N?d!MFU(ZU4c%-2DP~cJ5%$eA
zV7u)8)T_^Lg`Ll5kabbB-D!DdIo`}I0B_7U0@#)*yjCRg%rZMxWfBcMP>2VSA|D5m
z(|1|G=B>Ki)E6ZW&w+G~nsw5m5}1Ig3uq929nwTeZ@NcY?27TrXM6%mjgXb$-l1&w
zqv*BYx{ex?qT4?XUY>WGoGugtu!gn{sA2g0g=;U~pX>!dhIIy8_;k8t&Z2R#_FsvI
z9b*J2564tXed;nffVak<Ye4Ag#W1%kYRh_c6EJaMJx4alBunBFFCvo6RE!r^%WvO_
zwMn70rKqY<IM(+WZyffSt>d%GW#c~54o7mctJ3k?LXiDgi){M+YoW{{U}+`=LF}uw
z?pXsWqMBK7%X5r{nR<iIlR6LPl~lcYrLtwmw$$|&4u`&XwC_%1%X^v<x%O}XS}5tp
z+g7@eDk7&giI*8BIzz!N%WZqe5ft!eU*@eIx?FP7cK+dQgFW&W9@SkSa7@G;7Zn~w
zpFIGf>D^Jm(Jj3PIo$x#%C$A+*bE%C2>|A7R?ZS6aK$w?Js?N=^Na33UEvvA72$i1
zJ?a0Oi$`q~fL=;YN=si@z4|u4I#^=Q<TTT!s}6F++~fL3aUp&M)4Fb^rW5c=@=0am
zg(%on>MFItU;Y%FP&MDN(ssAJqrO#d)3ig?;`n!O&-=FJdPzU`04CVjaufqciAW%2
zP;t=y#y7CBF9!2_4`N>b-0k;1IfKq#j%k)>ydUH}d_b-{U*gj=+|6n3Q`Z4N8tBC4
zyYr!Xfa~Zn_=DTaVIR!DFmDxA8`QGGJUzB2oiTg7-^<&3yCSSZ&+QFJc3tvjIg49H
zr&o)8%9R4%;YOU{TL4SGe+7f#HfaQV_lB^{JX6zFtkuqk$MU8h`i?z_(7JJ8o_94V
zwpJ4Bc;-k9yF9O{D_0ydGU7&!@ZSA1tghzE*&jtp$0yC+FW{I4@@ODMSPAcD$DaFB
zb$8c-h_V`3?EwbS^1f0T;xzbv(*Bmr;SR@MZ~}}AN_G9R{bC~|OE{O4=G5@ABEupw
zKl(6rmUf?9cXu88boAt<r`YMOtKv=*v`X^!TrLHn10#w&*ZKY~$nG>Fgm?Y^2ipoa
z%ENNHOTITMKv;&ptlEb(-8OJ-Q%T`T{OiZq@o?_(jZr^gdk^*s{yZc4tDq@wi}X=U
zQ+Nz3WBGTmU1neG$_1aNSYJanTEPRw%ne~lE#MsAd#0GFyrLMSUx1)Xe#?vQ09p<T
zFs$;>mW;jcuYi=;P(#Pf5SoW=eDm7Lf6&P*kz|R`+xc)Rsx?6`(Y|W&p<o~Ug2H%P
z)v{NNbW0DtwxpGbh;pt}y@F<7*V@ei;T$3(&HDa&>&7*IzJ%P{R_|+D&zm5l1-I&{
zG4)N?vK7IXT+AL>djT<#<3ZYYz)>>|@5VcT63sf5v(ndFHi|mlAL@$qG^%`I{OYg3
zcPD5u7xvZB#j<CGbmJ*i_4L<h=t+iVc;k&X0j$XB??7r0<bTe|14t=B;1<l-01p4-
zo(yBf+!6dJ%MdmHHERCd40F_PiglO7N(E@chgDxVSori6w;l*fd3Njx|49GP(S*Eh
z$GBSuu5I0pbyOY+W!og$OZD1wA?{X{om8f2;LSy_)<^2OVrP%s1|}fFVWw`e|8Gtn
zAQ+v(H$)<%PXi%-*3HQ(C&CL=tP=LB0^Z?OAU>AP8f<L<;NQPbXThh30ED{9$qTBX
zR~aEK?nf+1t}tE}16R)8Jd{H-^XQr#dL7rz$u2j99=-X`i-UKl-U@f$VEQ@e=Yblz
z+`nUu+YoDxeBDtGSUz6tIzrq>W2{O9{Nw;YrQ#nv1+dUI4aa{3jRyv{;k-+i>sB-4
z0jlcCwO8#JUpk!%A?SlK`6Qc1laeE~2S3|9X3HL3SPQ#K{=%&{JUQ#o;BZ}MeP%_n
zt_1!HSpSd*WLWXr@R;sc!<=HJX%2I1EG`@12C5SvD?i}+MM%&8illNvcRW3<4pwRl
z-PRwi`pWt|h{yNp>WJAX;_Bz_HsL%sP>Tth*ekG{{|kC=!k72fRkc-<AQ)!rPUmBJ
zEx;G;8!<9FTD91^IY~MzNZ*UuFOt|5TgD81KIBt5D|-Ju45s%**RO$qI~>A3@9AvM
z?8*g5#Z1n1#xdww7iLoO9i3*hP3iSSZ9+Xz5!Vq3YXe@*r-<J*4()3Qz^JWyWhQ*U
z1o=t~fL3vTbm)El6{Jt3ic9C&H%r)?+Kj9VYRgV86kPZg?D~s@f-p9-6lCt~44rL_
zYe2Aj0+_pwHBWMk!#hdX&^QAFs@gDs7z}!>^$V%a9>PZttI>!hM?-DSfqn~sA&6cW
zA8>NzN@#(<x-Lw0W+h}QZI9+b4ucHv=VLcuuy@D5?027zk?JBQR0X8+w3p+fDhn)E
z^cp;FzX4=1(TGr$qyta-HP2O7Ok7I(_TKVEu)AO6>f75PkCcVQhAUYloz0CRsHek4
z+B^lG^#lzWkNhI1=R`sfX;4g(ZSO^B!QTCkL}8t22v8<)_V{}>)cOE2SR+Du#F9$^
z*2o1=Yu;nniO>EOFb+V1mPlLpy02hQG}*!dQmuc}>ufTpMzH2T&b2g|6DI%6TiQwa
z&VXW-K^qrs2=7#(@=rcq+meFE2DY4l*M!=S^X|mXCT$2a_uiMB=M@GeIzEFfj`laA
z-?*Jy@CKOo+*yyStC`{368{p^C>y{5wgrS|n%S0%Wm_gC$2@95)o&7gVx0E#z#>?$
z#^twOH}{fc8s6bZ(yh+q-wpxxCtQ&{j`Rk>J?6wyc{xb5Jk1ya#T0*OOo+GpC$wy9
z?4xP`Ak!33hf4B^3BqS6{RUklS5#1HoNgZaIb+!}SqLHW9DC=M*hhT`&-6-P;Pm<c
zN0|XjlPKh!58?YV(oAm$^$6d8zdCctk<i#_e;2Ae?Y;A&-Rl@G-QFIbVq$s)NhOv(
zyr@!fjDTENAj?PtT>EfeZ4I7iy)_rqp7kNmb?=R>rCB|uY<$^;My8RZqf!8AQL#gx
zuQN#2r*UsT7WV8i+&MB{lJN?_d;X;}8GAr-@T~U}ceR+{7`39c+&DZ_HS_1qKw7}T
z+FZ~ju%dDtZ3sx@p&?PkCM*^`e@Rd(?YQ$iwxf-*qqV;%|CNf&J+4<^ivbm;@BL1K
zF`p3uCP>6O+r6770m5n%$#a{3{3qo<>s<IXgQUO0KxOkdZ{y0rHb5)1O$bO%Z+gZE
ze~qMp6<QlXJR}4SM<*1D`)9ZS{py?_9Ves!p}VA+Bl@8pDy%R$S@0-ds&(<RSAuR`
z9c_Z@sLjHdAl7Jb?=Ib8X@|Btdhw?rJ9wF^;_5q@gopnw@qNz~1xq)914_4`9u?+(
zPEd|GV?FoTNlX5`&I(L!-Q^lEn@PhrcTdoCUDp^%@>>LWM28;irzADy*Se_&--eUW
zZFcl^7`|PK;+-d&h@0#~nX+fg5=~`2C(}?nWug;SDY)5^+#pK%caw)`C#sWGV|~H<
zWu;8)$Qr+`hq9|6XdXwE^Fh|)nF3NvkYfYLCAASzA8?jTZk>D--T3CIRwuscMHdts
z2fa%n{5-xAc2`3PlM0gj(`*VglG_vVXvGWkPL<F@kD`!kmlDpzc!%^=%Ab}`dWrA!
z&LeXa@(pRWRq_IO%`lg6;lw$C0D<@<n}q5Os!tC;`=&yq?{bNqH9iAIkJxM*Ml0bI
zaSXTlpmg{s8g|uL?K+<b>Q{XTk&Vqt0((p4o!}J{$@|YD{$7|#tP!g`C4(orgoGK_
zT*m>F)8+ZyCLm6T9?adDnP^Mk9pMQcRRGK^3KR^n{8&(mTlHWH2FuoryT;8VB-YHX
zVNQ4`>3~p#g~#444&8Y2%FBwlL~2!)vLPfdL$b_(Z0jR)b-JF~=v5!^M0elFF;{Q5
zewD<Z=GVddb4W=5=|sqps>QH$O{~?LSB}5XGaG=~shZzgovb*t@kg^8(R}){ygb5W
zZI@q&s`%rsEJM+2iYw!#Lipav+?BL1GJhc-7{F;<pChHqDWEUIIS*g}wz84)msKml
zM>gi_)d5HVunLUSW^wg+Y$@9YXoXtP9W<lRM;o(<E#T5HslOyZ3Z^ekpU)%7#}0Ru
zsyM_hSGl|?FL59`{PM2Oe0^jdC~W6Z&(0nZxj@kTuZ4m)&GpniWEwk00=$+O6m4rE
zaje}8fEOdAvKJ)W%UnlVkmOpitLuopEI?&lWa+9*^B6c25H5kjA7Q+fa%v4|90LFx
zIm3N})z@r)nF9#nKNth_l>IH+k0`F*Mm7Wu9b{8y<+kyquq*4;+42V`W`ER_6fi=Z
zR04}~<B4d>Ehk8C@I#<A4q*7|#-wQF8)XdAGqn<A>)4nADi(ym?JFv0J@@H|y=<u%
z!4eRSrU1bCk>57^l=ovX*^G^({+Qq9#|8jMY{&#r4Kle;*4P!>JP7rqB{e>ZVE}Lz
z@ks?Nw=-$?h7$Nf&Jk$4KAy+m8}Zy<l?nbXTN)qry)A!;NCTQ2wOX^?RRZ~Z5ho30
zs)`LjnF8EsTCWU<Bf<mMMmg?Gs#P%Z9Q&ffzs;kmpePw2nY8L{t_unX#f(yBF%yFx
z*;=_j!;}X%O&KPJD0`QH!EGDN0Z2x`gbMu5aGJHC?kv-t^nNttK@paiiiO;p*MayM
zs!;*5(M0W@oi82oQa<9f3R+GOb^#5Y-mcb{vvgKjxHOI2Q#m0nxr_e9H?$2KSH(0i
z6wT!gt3C`@jvL?Kx^6pwUu=D_=LHsOygoGzFX72s4ZDLLDX+}#u1oiNL{iQb8zyGm
z=n93>L(oY#+jP_wcGXU!JKohOW)Ih^I9wWMKIx@Yl$=G|@+Qr@dBfUFE4(nB=ZKr_
zw=<GgDtr6jD2K}`Ob)R{<=aX3HK-NeaP_`#vZC&O;U<9SxgOsby=!NF0{<pevL1E`
zd@BYZ>JgmB;LpKSl@{vb^`rEsEU72=3|o{Fo+nT!gn0(@4a;(wgu(jDQ;uf2I?AD;
z%QG!R*D>9NxX}72fpkvVg;vlpU1<DJI<M6H1><R7Z%H^t3KnH0oBU9B|9fha3d~qR
zXU2B<i>l<Uwdx|v3oBUN7Ij>7z>YPufm<8ZN%n;!^JE=g^*b2-)iii>T!LSy;fV+l
z=SrvjbY0>%y_j-ZLyZU(EijO7IJSY;NyWG-G+5NTp_AL=zEjo&%rRlVby9}Oy1J8n
zZu=KXx?+!wPA}BgQ)vdEoVX3RJAF-#xx0GwhHps4MdmEr*5*|kB7`=R-eZ`@R`o2)
ztuzyx=Lfq=d$IMMJpyuD2-(1j>d%~|AgTeYA7n0Gdl^D^vQG@8uRqhY#`Zkc1g=PU
zVf?@2c=A#CRz96}DQh5Zo%A@FmU(ckoXW^Rwuz+UykKKhW_+GN)w(2nd0~n|xYyi7
zRr(75{`6PNGb3YX&1$ajj$C%rV+w(yFh`rMKoAZ~)IbC~YlFBJ!^{aUapl~VGMwV0
zA-#Yq(590Vtnre&Q6G%|njG9QGd(lv-;|QMZ_-1Y&BRAYX-AV+pB)2Pm#Poy+Bvc;
zZ#Ww2+X6^e`+v5bTWK4lM`c)IQz8Z#oreY+&kXLjovsADXMLJ{@To<K>7*BzW0r1M
z`-dyHg^Tp)mk~=|Sr+^e&aq-cExyNrS#H&Y6WQOfyK4Novv7OubDqr7(rAew!?jkK
zXqK;YaLnpLX(h@_AgvYVF<Gg2c@Y133-vVU)YxXfV%KWcm4Vhhpd%0cVo8^OY0)cz
z_zpA03?LZ)tesdfx`ncz5Bvw7TT-{zr*_zf>r9b7A6#BAT%}y5dxou?nTvdP8hB{c
zoFhI^YX2Zp%WV#7qfQ4o^IjnRd!>&E`ivC(c3>8FX}+ptJ=(h=**m(8&Y_injfZ3{
zDRAf6&|(mgEhMk~vYB4{%rg1=!(9?N3zNgYmwB0wvkw{|Oct1@hhxHwU^)d|py|^w
z4fGj<7eK*c0>|Dq_N#yFn8~@2>cI&nqBx+3z$yvoDetWBG7-@o(>-x2KLcejKhr~?
z>R-}@R(4nBfT0b5d-%S+Rw)W*`M|3{m$1t)9b(>Wrb?Nf^E~HVq?bD728~npRbPD}
zOx=$WVE3+pRp)vP%_lvSAAn#{P@cu?AVqAZs3a29yJHpP-sl$vPTh}f42li<sDZe!
zT$s)sP-fDmg2D|Xb?%#L=#C+d|5-J(?G87C1{9z_YeTZa*W*g>QSX>xi!N<!us=L#
zAiuuqFVRuY@`TIGSz2z_NU3=Z@BYZ@ua=kG0saD{4r8x@l#rqN1>zp1KQ&?rEL9CJ
zT-_u#2)34B(t_QT-5$7TvZFhbKR^pd0R4{Xt#XOYZs#tnM%C71^18S{lf+J%uqs>U
z?C0B1!#-#o(dww@RnP%^;r)Ojcj#CHJFEG=)s1(F_|Z(q%F!FeO~5!~Wm(=WDmf4t
zT8hr!C?_U95F^5oY~XwIUB<hLvtRK`1A5?eTMNQ)5ee5v_oWb;LNX+`M?Nk#skqbF
z(ZyY(-Ty%6Op~ZJ$ET|+wibE(Ujl6|^^sKVVO8<d*QB9{LIZM7=>)usM+ojMo!F4`
zl<UQN%jrU^SeULhYF||z#Dyug6)id_NY9ChURgSRgTv16(!I<b)1~y3$_?4TqcroC
zvRT8eDc>GIdb?DNH$$n0qegGrx?CD(kN<nrZ~CkB`1B~gUGh#sA3gkSgPmOn5CJn}
zctepHByKlL4iu+|64=(+(cbfaPn&t?kGiD=@aO4l-k{T`6PG*59PN+fM9N3JvectC
zTP)mAFCij@?_I4eDqp}x8=;Od`=v6$ap?UJ*pwH>Q4#-T<C2IrvTMz3ffa)~4=CJ?
zEEZ0bx8Ar@ogA0_l8`NCjQ7GrC~@}{`J{!B$}S0R^iRl>99wbT1)W4G@N;9nqWbe~
z*$^Sn(AHT!f&(Ol{r4?wCz-UMn8^k~_;*a7F#oS20s$a4bL5-=07H>pAga=4V-y9D
z4bxNtTA%l1BSPGi8-VUx6^-BUEw`3C2S&fz|LxY2DMt=9>Xb-9vLU=aIFS#g55`gY
zdPUU%J>*^z;n&KNMGoOEg(VZEvCTWd>K-5#SNVcSHoyx&0|IaXBZ2bXr5ObBW?f3D
z4AiV?zhsbDmS<9_7r~}DUD7l}@`Mg-?Phggkg64;d>89T!bMwd{eELfl^ED4w#bU>
z!d6u-%d3RfRy<bS=eY(+hZ;*GX-^i&jzseq{SG?gNf!`RxJs=V?=x3U|6RDV(+~Y4
z0$z61hI+=aAN0sW9bcqhF!>7;@1J*pR=6B0@E9WK7J;trMJf&?J3(N}eazKH$Q7@}
zH~QzS%ysOyymtnDGn%|Y`1$dM<bk_7@)f6J1;u!QADt2`9Xg!zI+qs`E1b@7Bq4FK
zCf&n-EBcrd(|Wyi&m-3(7^V7fk%$NIiMDV0pi&!@C&$chp9OX=`|WI|fwu5y);C~K
zjr#m!g#orz6LzQTsY@sU@UohPP8u#)R7<#m7gaHksq3HQ#!~u8-p;jCiKh8fNhjBp
zz$<6uQE?|p?^qbI=Y4zqvuD63Axgg7*wEM9*x=ua3GpOSHtI1>=xVwJ!C3XHYAESR
z6M3LizJ<xU;t=_o|28~VAO{z{1xlhY7m8pm9%?Un<-7tFD->U2c<+zVZ;&qM?iFDr
zwaF?}*!#t;>;IazBxfHV@WPFQE@f~v1oR|qS8<@8As>ONIsCzn#bDZyI$*LvwUIem
z9Su}Wexf4aq(aH?0;2$8<8v#4zdO`5M81M(kgi~#QbKyZptkX{JKQX!uFxH1K3ghB
z7F}F%K5D>?@fa8`M8B#IK*du~<~=MOZ@<8U)m>G)`vZyIF%7exryHoI#$P`el;se3
z54bLb1&B^u37xd!C44$g*LLG+)%f8q?6<jH_sLiE{^Ac-^+x_cPP{^_;X85L5axpm
z<CwZye!3P!)9xp6Oi^?{bPEPD$N+(mB}vB}6S+ows8>KIRh|Aun*>BD#2XloRy=1*
z9)Soz)gD{S4&QiLXn=Gc_>t%MS4Xa74LR=$E|#B<Z;R!ddBq79K1zGw$zD+_e%G;w
z4o3t{tDsjR$eSvE1VEh|BPYT2FLmwes(#Clh`7Z0m5%STV&jc!@&1wxd8*-))GApY
zDIb6?%erV5h2_yrY~1r`-fOG8a-4wQ6+-NXSKHJmV`<7Ho}C{HF`!H;&GE?@UGwMU
z^r;bl=HzoA-oNYkM0r!V4*CTNtNnt#K_AXjP!7HttIpc4>Idi|R8Z6utgQK5<vlsi
zTj2Qxvwqod8a_`@fr$Y$Rrac`>u7A@LX2Jc8Th<zO6HWkO;x>9&*1RePBPn0{fcnt
z6#y8al6Qsk7Y>f6G?h)o1czOM9U!Rz!Y56=vCKi)-<@9_iVPJUB2?xs7_#Thx&-}%
z?Kd-G_#_n@?m`P?&jsG~mUrCxXz?<RznE10lV|}4z5sOK!rFR%96w6r`yehCw06_h
zL9IUT!Iu(nKS4OJ`V>e(4!@I^LKR={g3I74oY<#M#z`~u%O%xH{qj^ZEv_%<{yEHK
zGcRYH?9NVGTZl0Sqi`<N2p&`v3eQ;sitk>|sTQHZAnT!<>SM=zA86&7J+`)%InOzP
zhE-gvR_9k-789tv3v?mom&azRK{s;P(XdolowYj9JCInql)_dPhM&G(pXo8^Q$v%t
z5yKbUrYo0TlNzo>kSuALh!9o9^!j(Ee=(t^7kVkwC7cL)Q{D>AYw?Gk%AXI%&h|kW
zBe>%re+^ZrKp!Bt8MLT@b{-iE+z|rSE^?yeb7hL?PjFXluXJ{@6jQs^!Wnip;|sYx
zVwr;Zd5f-o65_>W5kIrsIguse{Cp4*g_O}lT+vuj?#D{gu4pd!YUZ`q!pCSmY`sgG
zJvRsxRqLP{T`tzwu^<>usZhmix`YR<2RWPOyo{`8aG+T~C(`qn3ZuR~;j{=AtpQ_g
zP?L9BLMp|;(D(!Ax*8F;Ft3!Hp+(Lf_;G`F!XdQMUqqXbwtuuRYmDX^(ofVT`0>91
zz|($kezUbL0!-(^&Q4mDCAf_R^;53=O*~w#@3`W5b%E=NjnP+rMJn^ABcedT_eq>O
zOZwnb&+it=?BLF|Tmx#-o5t(hG(+(jc$vT^CmeYhgj70t5O$hZ?ri%5NJ`v6u^bqf
z$Ls$<J3%1fis2iHzdE9{U~_+Kbo_YKK#gr=g`0w)V$**9W#;ojHbIGpHZ93%di4+p
zx(Nzi5xLM>*gxl(Pj?Ak4=_P-Kd5S4i^vw0fI!GTevjl1_ZS@d_Q%*Fb-F&6It?aO
zVy=XXMkFDQLxZn%GwPIGY51Q-Zpp_0?avhzo@BiOT_mR|2Pf2^i_IsW*wdz<4!X-u
z<2imA6pf1vXxPIdfolBsAD5Zwo3j;NABWwIz!`6}H*7+2?2SP@f){@*{CL(fz$Ta%
zC91Di%DTBNw1>;JVXfExIUp`t(NzwA^yYOu!(d}yM)Yy}r++c)cJ+aJQ3a@Qhd~Vm
zet|X_>mB?G!sBJ&at~5z@cskrK*|@A2Q~1`5G5~oHy)A5N(G#F{MqM5u2uF*SHd`j
zl^Pw`00DWQ3i=9Vw?QpJ&H?=sHiQI&t;$@ewzFES3<mA&(05lsnhi*^&>lHYH{1Hl
z^pMDqpa{rm+BX5tlzgiYi{Sv=I93=hQ<-8@B0csKGm~{e?_qGu9Kqqn5}4)B8pU6Q
zPzB(k7-_m3w09FVl6N4IXHPk5^Y)zS;NDjsZ-YuE4qU{U@;jk-VnufG$5?<8-&u34
z^1>0=lg0m|F0GrSYO}jPkDif@Tx-i|+TRLo;u#1uhM`ux==L{*AFot-+XRF9#I2i;
zs+(pz1xG-EboUpP|Bj+6ol?XJer^{GxhkjpPA7(@f+Whs#dS?H#m)02R+$b(=3ntp
zqBl9iU7+L0@NHNofdnd>7rq#<RS38jtwwgDOC>W?J^Y;(&n|b=J8nbQoTC7=0u4fy
z<w1X5$=xa!2xpFjt}?xC%e)7M6+Bs?A*fsRbaacZna7W!oQ73LC#*Iq$4NA#qLCKu
z!z)}F0Kx)&VJb*&f>KsXNY*~NLYNHdBLcOs*)%j(d=r#94}g#70^W=Pp=%J83a~~u
zadAye5}KLFEv^&@f%b-$6qeO}c8uUbR<Og09M3Le(AByBv9Y2Yv<yG_!dbVz=><nq
zj~^q21IQDb*@H8UG^OaHk6yRh;4I?3UE0a?0={<Wrl*zmE7#+or-$mh&~*RlKTVC0
za>wz>G}Xl)r7II_%asi1X+Ur5-YBwMye3wGhMR7E66`W4qu7Cb+Z@<X!$XT;JN{=H
z;&b7$lnuEmxk|a?CN{3A+(G|{4eJ~z#ng?1{`x-C?GrS!oiBo27~oTCL<)8XXc0Z4
z21Bmu$H;&w!+;RQxsyk<|G7pP(h0x!rnZ4|EpF;4SfqfoP!R4!8SViavj4QuKSxks
zG=x~=4H{Kc#S+8m<o-zFG-b<X%iBLa`CReK5sA0ux3`wL|CIW5#M~py#Zyf)GwWjK
zlBedv1e06$ByJhrXPMB_x?kz??FF_Z_Q~S)N6_rR3tFds+Z_MhlfVD|S|X&;9M<GG
zQ@QE6;k>{|RtSQ`jGwb9HN%DA7F;Ere)%l1ptuJH+u96q@KWk*v^`gjrd*5+k;&im
zF}^LYymJb%I08M(TW~?fjAgufF_lcf&cCL=jUYrVSfFjq(^kMvK2a;yjUANo2yzUA
z;p+mPmY|h=SJL{{a`qlTvun9!6fCEAK>?5vf}1nCg=tX3Eqvgbs5rfE1MJBG3<ROA
zh#A;`luz?n6*;Rot>z3njG|9K2tOk#V^pGvdcolvibXrq8ieyv_(PZ#SKji1vT4{!
zu^nw}`p~&kdYonEvjutO@aVVA_gpU&FM{pXoXL$nyKrM?0b`O75ecoeRie!PvN1w7
zd80HjZDqfRd+OA{PKHecfjd$vVmDu01iSDMYLxx3iz7;=Ur(fN$&2peR>k2>`$zZv
zfmv~~?Wl26Fh==QR{yNZ)4{EJ*pcCeW1@YFVX%GMq3>QkIj3mm<IDs7aV%LO8X`&m
zJPWy0Lr~}Nx3Bxmi6vFacbx$>wsMO&fgru6NSW4S0=v56KfF*7!d#(E_u&Pu4MD*^
zU{hVSmqlYwL#(5i+0VecspECtBx@Y|o~vIm>}qB9zpT)Y8kuzO>a%6ma=HIJyOW?w
za)kSeKG`7g^VeRzOqi`XB#GRYRcV>F1lDT9fo$xr$1$~;;j%dL`&<^l$fyR(G@Jey
zzMw=a*k%@2n4~`rN0wt-u36cBp*DDP*1vDYa~E@=6Q{>;Szkzvqj*@MW?c2E%uI5h
zzhF==b3S2uMqs;`8Zy74azIm+2MGYBkMemzB$A9sSOYlzyylyiW_O<9rPr+BYu9w0
zqF&izNG>2ul+>2P;n0?M{<~%2GJ*UWoh?@&eIr9+up<n1pL_L8+LxnW#{l_@WLN<C
zJ7b4wzg7)LFErm%-951q7H+SRKPLn{BN61KMa|_l!K&wZ4M9NxV0+gwZOZ2qn{$&1
z%{19Ui#8kdWAhfG_gVbs?TRQ<nqY-Hr*9=eS(%8&i#~N<@$6gA*<1J7!NVOc&R_qW
zLJOJ{YZJ>*ePPg}TmRX(B5EaTZkE0{vBoA3@5k;_eZDh@Dzj(~xcZt{rYaM7T3?Z5
zKYwP~%+!mL_)vNYb8z1Wi|f2jLw!mI8XhtoN0{B^XnjSz#7`uch@Ng|Psu;_(X9I4
z?z6+J*i|85g}0=n7gZ_k9IfOh-Oi*4Gr88EEc}BMIEVu&UpT<59dFd8O`S-yJVnR0
zV3U|TLTY?m&n#kOIjXuy5%?ih&A$G!GCw{>t%IzWHQ$VJKPv3-Gt#)JWi7nzX2{y%
zL}Ybz;4f(#VWSD^uT`$^rqr-v24?#?SrTQ~nI(*5N4z-EiaSuM6WnS2JJ?=&=a~dN
zH@UQ0x!EZ9xx9F>K-oW@XQv_shQU&;G^+54&z>8KL#nb)5Vw1BOKMmIg}o(Bs1z0-
zi`pj_v2D65dDlow%l!~VlQnIF7_2p*-Z2MvcLF;lU3eBca{nO-8c~UwYwLLd+lAH~
zc^4-#-T5p{<v7)xJ2);8vk6WWdcxI!Y14?>Dy0(=H^zFEZ_15lU|xpL@(SUt+m>9d
z1R@F22Vm@~xhX7>z=|;Er+q;*Jy#`pULK*Oc_P*YH&`DAC##v`O>-8bl}DY=*hxoA
z`{1)gV>`rSNZ`P)A%o|HkkD0@vs;KXRUED5^3b?2g`n^w8mQU?%b7UVvzl+#vT|fo
zG2)wfe8NT`{)njQj3x)9&Flh19pirtMHN9~V`k<mMT>R+;#(&Iqy6jfi&D`RhV|S5
z==|vo610PdMfACSJ7BGAG_p4lg~3f_IjrW0hATNZ+I^SCPVS%8+R*boDCOw1wQYv^
z4$7ij%gD)31k7)Z>==bFkQ^ZWlM=rNU)6bmw`fFAAq?R673W4(VMi&pJ<^*hVeb_p
z_ZPs0i|N#`KD1f>fOPyNAf-Xj$iunEp|I3L{~G6BP9?*_y!M&!CPRMe%sR(JiS+{g
z3XZ!MdK}ACqH!YQ?rwvGX0?bZ+67)#;uVnOn*WcDrTvP*4aLn-(KRBp%C&+l1e$js
z+yP-DZvQpc(kQRR-SP@Eo8eYD`7!V`EOo>G#HwU`kV#5AMgt@MJ@>_J9kd?Jl@ToS
zZf7^C1Y_M-yt#Y(=*Vvw!^4=)i(ttWh7^5IRY$n~@)lm$7iL(@8WbH}bT;^l)o<os
zmd1J#o(Q!!sM2%{RIOT8aUlx{&{E($qcvfoF;D8yhsEdIz3IRlQh;FHLpDQ#^;9ER
zL}}IuZ4zc`)Zt-JGvAOi=*S|uG(A8w<H*{~(2NJo{4r}=eXyCG*<^hw!)$*<$p6RS
z6<-+K8g6cb9ZfSwKMS-93HM`^w%q5u(=ub^4!^ISV;Ml}74J=Az6Kh@HKHuyMYS~-
z8p!>$1Q-)QG)(uPmZc#%pMCelQdl_fxf+>uWn@a^+<eQ78YG^n9mn6#fTWFEg0oXf
zM;D`U>PJUsW*0scK+5)oOOS=%3tpeXk{)u8w00**nS^c&Zq|c_$aHR?jU#5ohlgrY
zF!Z__uAkJ!!Hy5coyI7p{==};*{bN3?D<>tY`DbGJ=WTSFrO{?i*GJaZ@|hmkyyg1
zBO2Uk=7nY8>4%69&UCX={?Fc-ppj;Xo_{bST@*)I$qZrvZN5YgU?$Yaw+5iCe}vxK
z{)dByx9TLMC|~G!9OG?Pt{BXOUdgnXXE#KqNdUVa3%zBDfta3NJxDmSN1xJn1n?6t
z0L|z>snHBNR+tsXz_viV<Qh|2DtSs0-Du>!^p1~TESQSZ6RkWLrEkDUOJc$zYf!$5
zMl)pf@L)wgK8!jx9b;)&P(aw9wi-5iLt{;|YRD-_i`fNmfZLGG;LArsaOjF)AtVps
zh+@H53!)0u6!)yCD&5SM`+ClbLV*A0`R?Kx2g(XswEI$NVH$D(GZCWPoOi!TaL<tj
z_cDX1I9{T#LsoL?ybW$bR1BSe{p;)k>;LiquP>c5xZpB7Z!`DKsv+`6@a_k6H;V<E
zH0^#-A*ALl`eu~>Lx|IuS`fQgoul{lTgZ66J2=!tB`N=yK8-ECzN|j-K8Ic=)EyG;
z2Zr%vi@$NX;&c4UeudvDpd@e$`2p^l0KVYef0Segh0iV1_Im8{ei%J)o%TKX0mP4p
zx6SQANHnmK5CQ!3sPH>ARMY>QAJC5ku2|8Ej4*Q33jUP}2Vi3_b>!qV;fFL{EG#2t
zUP*s%%;)<4hmQ}LqVOJ@kaxKwGqR*Ugu$2BHS-qsGAtuNM3Exgt0kDMIX^j;2wBE|
z`QMTi=X6wW6d*dq6p!T7_~B1e(6LF<0>V1-0~2(a_p9$oO*=vW?LUSBA0x3<fM^yR
zJL@`{zyr)s9{#_A2&YZ=!BfGxMdbt)lX%EHeXV9UVGC2`aLJoek+$98$cHK9ftkY2
zmHo;S|JPC~<nx}4cf66Ag%KqFS1$t$<SH+w7plg}sdIHi!fN1U9Dsqn=Oh_en1H;@
z7h~zBnvFhs%)L_VOKeh(niU<xU~Pf+#qzf#X1ijDbm7E9ttW|l#0Ju9As}KQ9X=ds
zfyB-~r60{}QvL+-;Fd;)QKO#wXog0z1Ut;YUISIU_Qj;x`F>S<c^rRpq9Ktoh^e`^
zhtVg$r(W=ZYd0f?H7IKU3?+okU!xnJVG^wVvs@XFE0$goZioNR{HeU;pWkW0F@!Ta
z5*d@)$PMIp>kKfOn;V)e@yoV`;nHiOClrow?o-IEFNvF)48$tA#lU)#zgTZi20LPI
z{_n1za+dewIQPGnekLW*YHVlYT>k>Q^9zU$in;>y6_cjl?0|tq?++3LvFF+X(D<K0
z@B+R(B)z!@RQ<gnn!A39s|vt?D?2x_Zx4<$<aF$yI}iKWkwtWA9v0Fi$c@krhqq9!
zhtEgR`y$Y&=EWZx{EhAC*umFm!fvo=dIf4?OE#G*Q-{m{EE>cOq55wj2H%7hlq;JA
z?~FJz(n&TP?xl;dZkMJ(VOqikaAupDut-I&pQ{|lWLN`DdeP-$2c3B8-xFiqoy8o@
zN>k76AkMOsG29yvJ1hyLcUk4WU>)!D=+AWB^pfa_L&&wOK_tHLp_b@$CQ<1HMYDPu
zhZD$`rYSwW#5Nh;DKSA&599PJ_vSrp;+hjA%!bH&nRK$TPJ^)gF0utsuWG*!r;Ldk
zeqF6H(NIrxvr}SVvE@JEW0|O?O?Lg6Kxo15XrxaWC%<?ogD;5lPwSJ)saygO8T%$i
z=a^i9rT58)dv<6a&>dg%Sv7L9)b$48H393$ebXg^<0qRJ!i(PjpF_(RpX*6EjM3v}
zXw!B=dwi=!u<+7#=cPv;W#40Z7CY%*t@D?$MLXGHpA!;q9FDxp)u+<Jhk6SGiosH*
zAToloJWqDfcv7FK+gL<Pg1wGaHTej|H~IY3!t*qUkmOnw4ca78&wnKHiV|<j4O(CU
z!TxEQS1KaOA1{_*_kpv&aJ@mhsJchE2L*>mHIB9~x;>t@&qP)fNIQbj<CrI8;N*K*
z!>wR`$d<vXcc=ZD8f#nlliVOgD<I}E2k%-D281UuBja%f%j0=r)cN!{%MB#e7+N5`
zZuTCewEwIuQyQm`sG>h(wSSLAHjCqR>WfZZcw97GKQBK4JW_p=ioHySlt!F|Jxs4s
zy|YkF)C~}HfMLiWjIriqWOnMmNz;~Blkzt6!<op8VpH=4kF5P0xLon)nzmw*yiL&R
z5D7a*m85S$hBo&WCgR@@#?^yF#=d(>KH@J+r0)JVgS%Z<CNx)JofkMgnDO&|;1kI|
zuYN>L?-EG7krh&Ak(1ul`%bP2`q)!<PBD=v`eLGMKAG?nBr1>9cIA)HtwLRdZZh5-
zg?LtzJl;mPr3s?@q|0Q`vwy1182}t`BkQ=%29b(qi_wHB7vm=J#p3_vu0MRjv=13~
z1f*2^avPVO^WVOEMGxi_mNg2Z;h}(H^)jvriaGO*72Lv?FB0w_n|i=Zz|DX3F1OtS
z9c8at3vRzFTegpIQ5L(5xZTS1G@@m08<EtGNh=CPs3ytADM==<t=R&r=pi&X!Su50
z_p3bBp(LU-y6<VA4s4f1Z8>&r?lbGhx;QI27X00ml_}%);66sXbm8}Xs*9*wi%(ve
z?Om{fyw$503A2q*M&}!(xaZ^=f<x?E21|`m$GB_nP3i{P8k(x~9gV(wK6~=Q{hpre
z8W!sHDCxaJC~P;y%N-sw4q~Q+W4vJL!gYx?s)JXkdffIE?2`u7`Jo5(I&06fSu+Mb
zUdPJMyX@!PE<K^4g4t;P;WT9=*vYHGy#Y-Q`+X-r#gRa~@MSw6EkY;7K=XLjzyq&<
zz4}cp)my^4x0*?B1?ie%e=>qOp|(?emloG@1=Wc8dGWGjnyppiqES{(NQKBhJ6~T$
zq*zA@kbi8AEUy`>8z9AWH3!8(aMd~up+A%@(_!f(UEN`|?>?eE9WN1;TogSH;mbeW
z$+kaqRJNy=(RrVk5}2M=+st343+&-O*an9I!W<V7@p%d!zmyjYVqBS(A(^GjaK`%m
z4>Vf)G)Om)wI=B*=Cu3Tq`x0Dvy73wl{}WJw^GtT>yf_kv;FuK<4?;{q>00O+3lgJ
z&L~6&S1qe2QI{9D*6ukIB9oYTR}UXL_1l0k_z%B*4@h(!|Ao7@lql}E#rK)@%A1<(
zioZEZL+&^F!SEguUQ{j2uwx~;<lk-(;3mZM%BC~*!@t}NbfgI^_d7b3c~?x2PwJXr
z1E3d`c1mi6Z=AXlY~-0-XO#_e2b2(S*W~d59<&H{Oe0F?!E3Og&fknay5Sm^eX5S2
z(k7(1<lc7b6)@SV_`%S10sH6;le$gZOU-4=bjb_{|Erba$E7}o=`~f#IAkc0vL{o?
z*(Bjf;6Oxn4#?V|@O{RxCm@3dNx_z~$!D=lJKwVzdaLk}^C~=7Oef*Q?fJ)ie^ky=
zY`ZYS?X`n5>s(P@>q#UGIKeA(tIS2C-8r&g+~E6wCVedHb&P7a(aRX$K>%mryLgj%
zJ^8S!S2d~~*yOv+tUt89Udy~=Jo#5%<c}5+lkbT#_-sP{LErm$N&9o6LG|F=^!_{6
zDLYXp#70uujy^N5`8V`sx{mLl!$d$}rNqV9j;;Ljx&*(^C_9D|urCYK2tXm|O{N+`
zfvUX6esiNG!iky-GxPk0CSrNML36HC*6U2PA_c5(X|<0|8>^9HO}#3tt&$dvcKFAz
zXXLJA{py(jt?gt|B#2Q!$fIxTBWWi*Zd(Z(JE*3S&nw|jtie+I*Cr2)K(&u5Eb4ve
ze`RE`>y0M=kK?YOd+thT49aM6D{;;$7g<?^9|>5=a;>gVJ`309)nG+pJ4g7Hk=ubN
z*a2;gYF`i1-H8_g^Nlw*`bPMB=Fm$ZH^D8J!Dh8=Lmi{i{~+qsBG)Mg^+Mcx9}=5k
z;hecrA2te#G6`Kz7ihzlzQSH_0-nda7hco@Dx>O<;OudfSIIOjG377sACqo9ry~`U
ze#Ky~(-PG*dN6dof5%JyXROJHd}8%Csm9p?c-UKG$gWxd6exZiFRcPbM0~3YLQ%C~
z&Ke`~OAl(Wp0?uFYlffSv1r`<+J-szN?u>R&)(dLil1!_gn`wUIukEs@2cyM>gt^g
zptyMx=3BJk-|KWLX8&9)!HXd*BYUb^)YD_K=;~4pv$g><@i9Ay7A1Us>bF!wBVD_7
zSq!%p{^yM*94B}f%iMa4RqP@U!R_mIs_`9QG?JV36=oA{K3%Kfd=)YS4Fdh6Ag_?o
z0afm{>A+qd(Qv9{awxX+$xkLfZ(nP-HjA;pg+IR$3t40Njfsy-F4cCPNvs)tm?V<m
z+OEaGHzakq%uY1L^X(k^V*1Q|i<iJItJA-_wUZTrgRzi?PrcmUx+>}R^QE1BUK~-v
z!_V@V&1nPzmlJPzA=~soK<&lJPp-tOun`(g#+x*V0!FFfbk(s8%orq0{KWJ!)tGUy
z`(oH$b<}aT73EbkZ!lamee-wU;qCQv>-ygD<7Ejo%ASdbOD+|-PQuF+NdZkPRixGw
zNabJTZA)SqlF6!>qX1d+-WLEn3)9F@aY4$?U{>h+Q7yDr(TDFI+-k5dx>vYmWv5{h
zv%T=LZKjZXcTzV*Ib9YHW-y|fzbc`R%Mvo8Ks_L2r(Okr6%qwt<h$g@+>IbMngvdt
zSQa*CRonymJk$VX-PaQ}QNj%<#Qi_qnlRWA{?I#!_p^ZaU4cVFQw9i{@D^4si#&jE
zZlT!vbH+}vt57llT=1cmur8@Ra@Hko%AT^6Fn?QNN89W9HJG=fw*JTK%HnkqMZ@>o
zXu50SnjSPa{<8YhaZ>0*=AcE2Z&Twk5<r-@(I{&!CG9zrh-1DF;M1f<0EUzIH%MX+
zM-0e2uS;-ZkTA&*)zSR(Wouz)kEp4V3XZ%}&YVX7!2Rx6Q&z*=It&I^^I|2v+*;R6
z8I8L2RcpzfmDKRg9Ai7}jG{99#8#~-EKq>QI|`hXJ+EW*t^6Yu-q{8DgcD_;(zfW!
zs>P=6SSdYT*I?zcH+M$1`nVkcBLx}TTlmAOpPofzB+csfnR;M@p!L%`#nfRb#obDL
z-LODErVpLZQog3ZqZmG_`RVKD7TFx3&ZTQv0W6+t=*S|>5vW*MHEqAA3GBo78tQyV
zh}R)(+WtN1;T^_bhcB#>rqN`1`MZ7B%N20BcU1c0cj7xQW-Tq7W+y5x49X`yex3TA
zTEYDC^{o_Ld3Nk8&AdWSN6S~r*C(_D__?0ADeV^Sx!IaISpl=#zyc#mVEV;t!PaYl
z|L=MuS+mPfh@$z*u$%KQRxf>*B}|Zb-|fmeetnC8W@PPf;sr94SR@)cVb<bs;%ZJ9
zFR_2&w!ktfVv}Nu2cVycC=Rb3X@lX6Svh!Ei3b68iW?&7*GP&_B)l@^#%i$@pKb>5
z(X@-~Q<9^wwVN~t{ghy@ix1;w#uLevKO6sK=CStZN(3&93-?ApKE8i^|L;xNIUCJh
zJ{KCdXe)S<T8T@Z9l`te3mq1|zKYqoUI9Rf0B}^Ltb3owH`tGv9J2$XEA<S(H6=+C
zZK|%?!2bCY)y$w){j<vV*0N~@F~s&tQ<I~+jo3Kn07J?92KI->4X!HV*K>3Qz;j%3
z-j27;sav`9=slyJM|eVX1j1MPv^<@KnQ`<Qz|aR}hkxIe;TJUWD9&KNQkF@A&?>Xu
zBhDs?yOA}8txyKdMHE&kKlta_As#4_R={qjs(oQr9XM|J;mjfKgF93fzWvW51rrq&
z=uqNp5mNr>Rm~4SJZiF5eZUb{F}vX?UUU0(<n$7vS*tSl8`xV-oz3a9jN*k~pxf)1
z-nrFiZDr~{5lGu_y8UpKuN~<WlP%=KKT10ctaNntZ{93?NZF4iaMc1nlH`*@Ly10}
z7rXun+x3S=s(-XHbDt;crI=c;UvnFCo0@DnZqAG5H?luU-;!dS+=l-CyVbrUubJjQ
znPBJWWr5-!HMUa)iJ7}$yS^yKW@w2JKkuqf<H^Jn(}*(U_71p}DYoWG0{yu)Wg!W7
z?%tNoyR|W_r!q@3&uXC$(1~i!?Jl2eKf;>DuvIVA$mx!v;b$BUF~x+nX3ZT8DyyCO
zoBNK_tw7=Gg@z364D=sdDIDYNHum@5C3_kB<!8A8+ALX5h<o+$DvFmkjR(S5M3Q37
za@g@j8qs<Lb~9zmFKTq4Y*Z<jzn$B0|301}B7d&gF`7mg&u%zx_xp<=sU6q)qqG^+
z(V#kDqN9h6cp3nKa9MBC7PB^RR|1yxw}yAEAo?d^x_#qaQ(E4h@8CC}U$6r<u1?v_
z?g?#wEBzsTPa{^aL51VCD245>Mt=Cg{}6;@HX)ZO?`Taa`+>Jg1R3~TJ>-G5$?|ky
zsi!quI9P4Unkxd^l?ORnkM=zJ18Mv!^I-(ycdq>}NQIMYtZ(Aq@A60E>6n+oHE~md
zn(5Cri8vvTXyCXd-#kpY0~{R<0Z8UD{u)?nm}b?}R%YJwg)gH_F2=D5J7Ymiw8`4>
zmNY>%L#iLL`~8B>?BO^Ap0#j#ag&`3K>-XOC{{6>kW^HY0SQ1YTMQ{=B&wO$UQ7*8
z-P_rN%!Jk521pkeK=ja3c#FeLkL;=UJ+;XFIEV?#mi_UdTs0-tdmKKZO<pbuUzIak
zHBC_P;r-IL1~D<*fRzJ43X*!lKGW&u8?h1}GfSW)`wS}hj1=vDsUf=r)%2WQgle(_
zm9_++(qR(~P(m!b8Bk6ecabGd*i*iO4}YFaE23F0y1GtND&0{gEXs7vi0m1<&iSz@
z_19ih%*l)U?!gtUcE!C(+puB^TyKhdPB{OPKQDh*tf&uBzR{M;2UVEf=6iaZH+QBp
z^EWEM7iu<2nUo&FTq*dc?>)uaVzz@x&Zo`Ctn8QmIYF_5J;~HWEgX8)`Ey))i>^wU
z-=b?Z06bXZtB)J^HS;gt$*p09jvtIdtS;u?YD}7V_!SJ6dQ8KMMSkAYY2)hCi+Z+L
znFUkp&LGSKR&yd3YPs#w=@FCkYHqSF;V8-yfD*?wwZ+z}#io5FB|v=HH{;)%r0mo;
z+x`5{@DJN5X<ZQ*BA$(j-WnBUJ5m`qC>}^L!`q{bpocXT)z-hgQ%tdJa*Hlp`7o^L
z?l7%yeyCz><IiB5d)*NsaD<oHU)<N+@SY*$L{;Fps?A{&D2wH2oWZ&x{%oW9MAi9U
z6v`p81>$V>pF;VdaE3O2@=SHdUvr6zo+-S{`^?-XCTf1QRXR3vmcdhqmLQdI0)+tZ
zW6#Kn@{ENNZ&#CkeVwFOfXRp#rk~8`Kd^#Fg+ohd*@gvFkoXt5Z)ff##QXw?bA_Fl
zE?L2N=K!Y3Ud_=kcU`gUR^uv071kfeTw_l}^xRuI0j<KHQgHH7ncs!PjNKW;lON2*
zv^^j8Zgo#FW1+=sTC#n!!Njz><C-vTc`r^{PqP6hg5SE;a{hFCrAQuoO;{YFKohkI
zvp9EA^Df&NU4tq4P>AAE1u5^M?6Cjuk=T6FyP+n)?D4o_rzPMcaThh=^&gYeFbreL
zSVwhHl4MT|?unFk%+&8OI+!>5tdD)Si?V$9aSZ;Kews_M;#ur)(;iEDV>*u0@pNJ}
zU{C4}jX0dErnoKiysR_XcIWK?NayL@LM_G;KD-+<@2KB;*^M_pmaTje-a~{B^x$S%
z>T#Z1$LC#kkkQ_S^Kb`TLylvM1DGdx^$`HT!H;!i+*`T?4glCp|Gw3Fo?aDLSUmY>
zELe4)cDf=3XUFZZ!WV`236MR~T06l*+e*b^^9WO#(9bd;g|vE#k$bdJ<ep-Bqp36%
zFb#p}j`XCOT0!ju7d4gOi~T(*A<^SxV_mlXn#YY3H4%lyxOZQ9zD*0_nmO+zCr(ve
z9=9rT0wRBQn+983g7Pkw4^)#qumXVWTGobPzeYu`i9GqRIby3`_MG<0XTxr-<h*3t
z3czIokqFKC-lM7I?=0l!W-<j;VKYvrUb`PR`aMx)%6YOYX~)s7p@rs5S}(3^Xlerb
z7(uGPnxL2NdAph_+?>Obi?^)#bjshz>0Si(*|5%tU-2P8r(Hs|@_yK?PC1Bx9SkC_
z>vT2}1mYhoggeuGo9`#sN7OV!D6gtNk~6#K|2(%l#x!~+g@o(sP#L8VPp$scnWU!+
zsFjoM?YgtppSzbm=hCxD3$)-YQM;a!55QF*U&(SC!x_}*oKE8nq*G@dkCugOj2mzT
z&y63gygYLs$J|-7%jzRIMS-Sxm~6@CoiOXgi8?aRE%G?BF!0{W6g;<k+~E5c!{6(X
z&ZCf}Q3Dyq$tlH$fP{ZA(wx1pmT8i4Mcft7v^#w1mumB8br~QDtZ^%-phl0EgJ-4-
zdY%FizNCS9OZt15rUcnko(^E;v&Oa8Y?K=bF7qx)h&A{N%r1LM^U58dE^MsHRaQ<=
zg9p2+DF{oHc&|M%qcS?DSa`pY{wRcHvc)0VB`Rupb7k~+h7Hq%fJSWxGVY<_VffHQ
zp1Ijn<;9tH@Vm$bH7GY|)OLZ}7*DiuZIUV9yUSZy0V$5}R|4B}AW!qYgo(<_<0@7-
z_U91ihqe}foK4&|Zt%_Tvg-6=iaS=&<7%d;p7;P>Q<9<f%A>6rdFAqW@QQ(2?qiMv
z4H8Y^LV4g+jk0Zb#6Gdlg4QBGEm<Xa9)Ta5$V;Zdt)R~vglizJ@Ue*i9U2;Z$P7JI
ziK^^0voiCXNXM`adc8ZA34V?atG@rKm&QrQO?E8yLsoOx7vg}VekmBAbpUeI0SCbX
zr|<b!rRl|{$kS)FQ}-~~{TBS9TaBW<_7Wm)po7-D@&{m&G$r@CjeX&h$;=G!b@;-U
zM|K*n`Q+(z4L5Z$C$)sufsYsa-Hj0g)iEmu!-oIqcG$%gBWV$D!N-jgCTgK=R#Uuq
zfmX<C-djD*#hpO&>lO14y^13wtblSkvS$-yZ0yzY@p+k;{R-Qg5s<<zl~h3#qF&A^
zRvcV{q6Ai-9gJ!>m;?p%arzysBMOWFg^ebw3A=x4BG1vSKW3mqHuPud!+?}T-4Y5M
z{or8{fQ*SY%&%o8tsT$7rQ|s9%vrLUdsi7&fD$3>n9145(DsFq7wpa&;g3sDzgU?e
z#wIGWhW_RUq_E0VRhh0AtHDgnvs0SK413U%$(glGQ{-A5@^2_a)hCNRN#!Arhifq5
ze%!4<US2D27IAwy#uD#xc~M{rAj}s?(z-Dt05Mw%=7%b~YMEx}+>v}^0CZ-QR|>1l
zgC19>OOsC!0b7<!>{I#4>>B<Jj;>!dn2&w+w)&Xg>QQG8GkRkb9gNr|pcmcM6jkQE
z3%NwxEi^Y^PhBGX-V;7BtNIkv@EwDJ`URYIiJGcU^2{TspA9Cf@#CsKKqTZ;H6E~K
zTw(*DpiL&xeaR(6KV<FdsW?Deff!LPcj^nlN>hBR!B-)!f}$%}=>wC>PZ0-?v{$6=
z<WzC!^!PsSvx16CgY&2xeaL1OKgAYsEb~wg8O&9GvP}KV$@i=PT@?k#G{bE(y7W9f
z(p`qv7W3IP(s|V3z72lkdmvI!19gEV{%~D=#Fv38Q9Qd^a3ho5gKh}RK88XjDfB1I
zgC9!+Z9rcE@MD9hx9*l@f*Xy52a}K=Ur_r_Sm{J<@C+x0f~@-0G?4TdD47AF4dwhT
z<5(Gh_2&h`gfcT|n-oB!<OfCGz!x3(LY}guw0*cX>V{<e4x`}b69Y%02gH2Fofa^N
zkIyd2DF$Ja^B-}2U0Z2YDqc#>_C6QzT4!}C0Q+WE;fjB)J6U^f`~#qn?GLLf&e4G#
z4IfP#eiqex|CSiCqJ2M%E^r(Lv~yB8xVy?hCQoh#OK89w*r6VDXR_**;08xa!mh}4
z+8RUl<^|HCo(i9b^#5840a`Q6zwG!1zU&pAcmn%GOJ9*UAXyzu?J4R$(5W+jHR8-o
zXl6#JYR-JX8+MI_Ng}{ih}D(h-5_1XF`M}PTeSt%!BXEIa6c7x_JBq(eu$yCTc1<i
zY2kju31&`E!zzI<ZX+5f?wnY~c*G5wnxH;gxWqRB=bPGU#y|m0g&oq+`%X`IOFRwB
zzS9Dys@`%OmmCgB1x<+K6BSXvm^^Gsa(?pv*n1DCrn0VoIP*9oV?{?)Pyrnk1w=qP
z0<nUWz|f@y5T%HLL5L7az(GZkqEZDZ(n60&?~DwhRH+d{8NmP{6iF!3|L5Ktm2rID
zdEWPX*SFU9Umt7Dc$1v7&pvzq_V4Ud?!Bab6W%OyuqdEZkQ0N>g@*kr1#}=`GqUd_
z>CoR;k1knFp>fRi=Oyb(m1bWY12J&>nJJ$>IL|ONNEYqiovB6XDO&PabTI9Eh!X;}
zx4>yV>R`_59a`ILf03u|MU?AnFiyA@m`ld~%YzDbLwXHG{TMAGiw?#sSza>7ms!_#
z0M%_Dz!>9x9JV*yybRdeJkbBo>|!TiB-;HLO3cY9aI+tX#8EK)$jO~sh^oOac=gE~
z!@ZUUnId!$3kdOfNOi3aUtV-HU7?0W7r3NbPv+OhWDQH1Sdb{UCX21*OtFPYGkve*
zx>A6)Vn4%{wm3H1TQp6c?JuM83d=as^&q&N1e2bzGH?#=B$~;HUf&dKotQOeR=Mvu
zNyUNc&Dwx|fCFwu9Ym1!(z?IVBpg_3DdV(i4+tIX=(Tc-1IJPpuQ2AJE{oh|jfVx!
zD7ey6L_`}6pyYJBE;I!~S<T#$@%$ZaTs(iP9JD^~d)=}}m_DZ&hwnNwtl~Xb6T?40
zv!WVDb)vtRq9@GHyz(<}=(+wY&7Zv7dMym}ntL4_(PG;(WN`D@%QB+<T%om!Aw-**
z*-dRn$BObayWBx)*yS5ou!7Ez5m~LjwiBv$5UC~(l9|1+Ijch=l|Su#z5IN!uBM66
zj3KZ0PRJwn7K=`R1m5XEOXprAVjDDbeVheY4`l_X_$UE~nQ+>w4Q)t7#h||=Syu)G
z`NUZ9jkMg!658Nla9~-f*m));nPQUxMa3;R`SnSAcB5@z1Jv983`et-(s&C#j6)am
zrLUvM>%z+!Kz!Brh(pt!GdpRx3>nAbBgdlm*43F5D&#G6(t7*7X>;D%1s6e40S$Pr
zpb@i9Mzqp`Hbjd~7$CgOEW^)tDi)T#x6eHfIxBV<iAO#6>MW8HZU!gXRqkFN&SB^%
z_f+DV0cd<N!%@)^KVDct=eM~J#9H{XbuDmbg@+h8%DwyTI**yKqvE^g`Gq(FURoU#
zN<mN?xdEgot0SW#CQ3WQ+j^OuJCt(4|C*Y>b}Ooi3vsl>;2TGfFO8ZMF1=J<xiKET
zLtc^9DKebZ_uNwrobCX#9!<C>4Nt<NBPu;WfxgPwf*ta-%nDq+N~eR-O2t?rDAw>J
z;<%8$Um0my>W61WsRc`Qpz*$ng=iBZZaiEB9l4^g2))=s0$Gy+S5<$&76n(RNLg3_
zbh!hbAwgFb1F(glON}RREP^Yadx-AfQp^bs7U*{YL{D(_za!LVL9^?^3QI4xzvo9*
z4WX)txBG&8txoGIsU)uwaCn77TO5h;*u7OrI5v3p0HC@0N>z|0$CsooU6}flSRu>F
zO>)78HB0?)!<+ECai44Nr8tA#<Awm_{*K3h4@QNRQbm>N;^qm?`#}RolUQ}d23mR_
z4ONA%&_%n!lNrUh`Y!^6w(r<^p+<~fnZOr1toZ7}gusxvy|rbupHc0|6LoLpOcSRV
ze|lcO|2-ucPD;bGgk>;Pot+8<FL^qpSVKutCTr-sHTY@Aa?nnQEW4Uv8mu}SUPyD6
z2GLkS6QkG&+Vkj@y2XZmZ@{#TGVg&2JHq(eNdtDfHcCWEjk4nJ5u}Qhaxd*FAn*m(
z9}1mwR_nMV6$i%pNS~#>ZlL^vaPWKey7Sg6!+Dg{W?zAgO>7;9r;0Sr5YT&*w*t5S
zyea_lBA=C#umd${tu*-;!CiU^or$uXQAcHma}LGa#>LhSp4dS1wzz~|2bN=ARo;UP
zT8K^7owpavYm;sA#nz{$-y<|c8ND4MC>#%gws3rS!n}8YdC)0G+KHs2?pIu5v<qnj
zLk#&$N|`3UlVtjACc5Bb7gIiLIIJLlv?QrHnVz^DvXV)e4X!)d<ZD|ZB<SG1gEev`
zv^IfS*5*AIHJ4gYOesit&j?eZXtgmeE@>G1ou2M4n9diX>W8KXHYH|Knd^-V^l5lC
zo_x=f(cPU)X|7~KSVV|YoN$~gJr^Gq!Jp+F);#@4DQ-x+FMPVcW;`vCs^AwR3TWz)
zH+U~Lq%g;yS8B+lcETw>#mnSJwu;y7=JnAg2C)VG1zhN8QIcsam+lp_I>sAed;#v_
za=6KoyIL44zNsKQ#QqXrZvgXR`(xK)ZhQA=j>qPe<2ZNT3{Qbavu4H==5)DEUw?0C
zp?F+2MKL~7(yJ|DS;?Pv2tPOe3_QW;x%>EHdVOP9#E$Vwro2IKt({r=MDBEPdL5%p
z7(cWLRmDx~e+E$c#w?6uy5%e@eN^FB(G*Jc98<wh5S1`4B1DuHIU=O#PtQM&R|~v8
z8ZLp??-HdoCr!73$7ZQJp{2!xpKJ5qFJT=g+lNpUM#`8jZPQMI-r4?^1zA*guCV6$
zyt0zof__EoZG#szUCIq#r_S0hXk;(tmr${>N;=qDp?dE3o@0fT>*a=-Tys2tjrOl9
zLqqFC9cRtKmUZ*#oZw(^>)BPJAX$aXu|Q|R=96A_6|HGj{^1N^*&|Dx&>bp?>sBH7
zvxICy>*@oNW`v0XhnJ1ev~gk0ILM~4&j%>$V^p-A78EeN_a$-jEd3!fgB8!ITzo;X
z0#0oqSBMe%XeBe6IZdPcn>V*%oVr7atz~s>NlCPn_tcA6@+EhiNvnOgLd}))=34ap
zUSIB+=Lz$})W`g_p$?3PD`gQ(7rQ>%s%D%ZF}ujD<$8vHIIp1haiFQ)vVWYY04ADL
zmNic)74()~^_-VI$HIVD3;2H&0KJW`95_4Sz&RB%Fs$RQc#SOVKGLsld}AuNyt6b@
z0arPGlvog%*O1qzA9nw?P@76yfLaHQ3mu^|r;u8@da%05s=YR$jHo}<>$vw$?~rGd
z(C{^aiEg^>CEok=!#I_BmSA~-;{&@os-8xn^L}H^UN7zQE>D1G&B`}FUulu_ouCLU
zrcW^a>lU-9%sR$f$8!I;#y0yHe@4r=sSw$IVUkGY!GM?zeO0Ln5{Uf<!|y!ja|JPi
z=xdXPKZR0~o2uvKsZY4jCK|ljEjk_XZ5`S+aiQpF9hKf?ejaPSLD^mUXhW49i&;S>
zl*=c^<ad!U^yD()vQpgrAaAl=JvEfnUvR!H@Jt?mU7E+f^>VYSglG@U?(sNcTj&;f
zoKqCm+qJzbcBE|7@Whe%6A1*Z#eVP>>djR$;H@yI@-TIOEGL!2OSWIDc>jpL!29)&
z1q@@Qg|_&EuIRd!*4JlBEXSYM;T=@q9GzHwCB{0cb<*ETdr3oW$DOXB)0?mNZ7B_^
zvD0-I^e$*}%5>fuQJ6-tsb3$Hoo(xpu=#l(ej=;I-DSr(MZR8b^q8pO@V+co*TC?C
zSHUryip#aSdb0b{qtn^uDAddStLq^YUz~b(BP=eiE{=cprkkFU9^sTZG1Z(jeN>C;
zxYs`plcu}>eH|+`abjU>g6wK2u`Z6BtBJYR40O|s&{652h2Kv+-SqgmWdUKE?=i=>
z_+y&Utr&tFUcEU<)=RAr&ueW|L)VFt<#ZP$+lLYv=CLY;%dHT49qx3I&({!=rm3|w
z``ifm#e|Q=p#nj8LM(o>$G-1S+z(Gz6a!C2?)DAkpxNo%(LVlD`YvwYOpok|v&#cE
zx}$1`m7NyyvgysENeW&eFTMEMdsiQx9^O7)&#ah;U`{`@UETaV=De>1D}KFE-!sO=
zC(_B$dHwg}_Fgs*rR0z1WaefHbUJUNvGSfcP@_UA#hxp3>XKfUBbSZ!Y?Nrtv)!Dk
z9Rw2Y81eX(i!?$CzH!c}Bb3B}ve@{(KORui2R+)Or<Aj+rt>%5K#ZPl7x~FQ>PbQW
zjokoOhI!3*RND^!QPk{PvWPx0qVSS%ETNgS`FXi209kaNc^%JXLUpzkWQ#hsPSl)z
z*3s*W3!*}Uteoa+T&R6adCus(tq(0{?X~j)d)pQH^eH(@#SV)FLD*V{2a-9O;GQJ5
zGmi+PuaQ}~x`Yzq52p^fi}h!{zq?s?S14(`aHXa>rG4i(!?N}AhV5A<`ZW5&c&#Y}
zd>1|%{SJm~^{{Dpdd9XSbUI(2sx%@UkvyZ;HfvmXR6kq>35ArUV)?lsQx{JE&AAww
zm#M3_WOCUSLc;PcFNa8%lhV~=l;;DUIwc~xOU1<WY^!<a@`+9QVZ(CQqAngmq4qrR
z_60*uRY;h6*mOVrrgvB<36mylOysQ&{Xu`zJ=3XNLA;dNnIx+>p(C=P!LEhS?+Ftt
z!JFlSRrlQ|);G)%(7q1NEn-yjD_`uE@qD$eRgyM;?oL+<Q%VPDCD`3(>s1%WBVe~!
z%41y_uK(C@UZT8H#1PNR@z@njBW#U6oekEDls}tIsomjcJYRs!RJ?a20W`bXs}5_E
zQ=X_}N*2(e!7S$6Wc8@_XOWX4<f5fZ3t9E?)F+JmF`=~QWtNm2S)7^-t$B-1Ll`BW
zy25WAUAI^^v0`iNWX22)t5iyFbq1gc@63@Uhdw_YbiM<B%sab3-?ZlF&<2nSzpDHl
zApOq`G`|5%ayru`@mTE7G&_(8=qz1RGix(GqcO@>AyJ_>Dd@bhgOeh2x@6a#F2@#T
zYg{tH#bjuI{a$O{kbykG-cYnmoyRLNs$SnDeom#Wj`~Q)U}a(dVu3$EQ4-LA=^jyu
zMRcGR>(zdx!<pnXJwds;dcNtKp2nT=tTf{b?;$G4D9iS3u;LQHv*S!0Q~Pt4dJN;~
zYutouz@yXQG9&Us{%t8Px+|u=v_txH%RmL}%l(Y5BxXTUXrO(JUl;iymL=?+MZp{B
z;d$%h)Ok83d%?uU_JQLBpvc(tk75eR)OGXN1P;dXkS?*xJpa_)%`A(`GQQ=`(vMxC
zrzORMQ^F{AI>W#3ujjSq1Kc8z)<jSMfF-G?U3x&<QW8`Q*<f=C<~)sFn#B;KO5$jE
zf>(ma2QjLNN?Sc0FA`RG(yPE<9;8*KYCDw0wLtFPAOo^pl$HUJ8{N>XL7ShBHk{AZ
z-*oGOo}S)gb4jzx)}*ER(|Uq|FYO);pN=_`8f`fwj;l>5Iu5nfNTa7aOac$M@Hzv6
zF5#J8Xbz)DBu85oq<Lm{^zvgeo-0*PP}2eD^>PhIJR-YJHIJH3;yZHy>B-ltGI+)Z
znN#T!K$R4|l}0cTMg`k5E#2mSC#n@bvf|==cb}zBHzX$Eg|&3AlrV=mv~A1-tCO01
z4=s3_RX1352c0LFmGHPk*SG1*b++U`8ft46t38}1fdk!WerHQ{$C&h`2rV8ktY{k5
zpkgYN@WcAp2#9$yN*o#7)|EGOl?v?2{fsnY?COEHubaQ7$aUBHHtj(92!?xGfjqcs
z(4X`7=#PXnh02k4#A#H;20Y)GN)0B~Hs(GULG<#r>emN)nnVjdtYe60GMC)P+sZNp
z1-d!QXB(ffxM?}BC|Ui4uuzH>*J9SFOYsOxP``jQ`n*J>QUNDA?{rjPyctW~g$Zd@
zCqzN24u3S*nWaU>X(q7Bsq@k2YI7*V_gfd<*Jn5%i+U@g>J%$T!;upw<aeQ?NmQi^
z-dNK@hsDCO6~W~o*GEbrWbZ=4I<S*IFM|gLRhT*Lxq~yWo~0oujP}%8jY-LPgl(;!
zAMm{YniR~p6tSAwe;ojwN3U>3WFmO_u>!p^v3YBTLcex{L~;bvMwjXJpz{b?xjd8v
z<_^KyeD|3)EW&KGx!QuUXp5vB79=rptE@|Pj1F83Gl^{2g6k$SB11`xBi-2w^C#--
zMM(WhT5Y@0aVw?i%o7aY2ZEQss=06qRhopJBvJF`%UCP{v};21Tz8>e)PPN!x6D(8
z{!8iCT(x`gV+CV*J=6ILEfu5ElX;xLOM*?go?uM*7nsO19a}*k-A323960M4clk0&
zXkj7ma?OP-tLgX(L#E%y8Z@IY0F0Y=wvUtL?FJ$-qY6jU-Fw`5Ztx|_@6xAaJi#ss
z%Zx~KKF{)vJyN|dLMTp9m~0cX`FV53gx_UTigC>QxhkPMU4??>n{&-Q==t8G$E_aV
z_qoK)$nW-39Kwv7z&sxU^E|(`%zUm6p@POiqme19VSW>|-=3QIvqoo!A3|D$`QJUg
zF$haj=B3R`CoA+57xVj-QgxnhIT@_Y3v%{M=W86jLwNxsEN$kD;EGY0y*MD4aI~R*
zhsUW{hx%YJ6>T7<O5jB4AKQC}LQjXIUtLch>t}jKcLQit)U->D$ai+x=np>*B2+Sj
z)M7j~ftk+(??j-U*koOeehf1uj>zJBf72s2owKiPIN`;9k&{9k{&93ezEDb~s$Ey_
ztX9PYCY&=wf%9j(DCR6_H9HrJX*kGJlk;krr_nXi>STkoE469bhHihprn$q6a=J5T
zX}+X&fy6cZ@JM56nU{Xj_|Ya(lR{lvXRn`r5=bJ1CQCy-y*Z!vUYWmMSI_Mt2S!d}
z9ZOS{VMuw#h*XN3j2`f0dW8+4?|N3$5TvCX!B}-{^(DyH;6DLyi#2lfzq8JO2>oAP
zy!c0<Zv@CqOmpe$_Tkg3Ad_OBs<7B~{xE*!Ng{Zm9?IH>e*paBV`o503cAz|mh{1d
z-1`9-C{dB2W$~IkN%0dqp>ntQp%nukC!QNz_+D;2Fpk(+CjSul4)yZs#pA)yl6%88
zbOUGxH5jUl-Mwi@yC&5hRN)C(Jq3sjC3ZaR;_+RLiSXLcOHLQ?Rn?&Y=A7AHSeh@B
ze-wO$dTAF*<^<&}*3Ul$%LzaY?J}hvL{iwQ1uSU;pjJ~SNQY`BKQySJ1d=bF;@knP
zEmdu<_bx*87a*?Y4}cXzi<dO?pO9i2t<Ne~jUms94Kn#Zz!mKxnZ}T)H~*UFgx*Mo
z3VDF#Au^QxuekJrPjCK3d<97pNM0(<Zu6$_-o!yxI;H*|Jpzdg(9KEGJV?Gj8t?~z
zeEi|1cu2zl-Fc~Zy~>)y=94=Uvq3rIL#vjY;0KHLy2LEqhrO8jumNrG*>*d63^v&>
zSMu;iIb+9b;hu)S_Wl!UmHRgH$5Cuz*1=xlDrglYGRUC>Nztn#Z{R;Sz3?j{96TNg
z5*{y@_AB3e&~T_ZKQP^?P4n>AwmO77d@tpeYe>X9Wiuc)FBD#6vsDWLl6@=O0T6t6
z;B&I5JNhf-?U=v<&=-p!WEIjf)O-izh;_&UyYGd>43*_5@P-1^5OS(0HAA7h+x`XU
z1~+miL~6Aya6C#GId`o05IkwJdAm*kBs5+d*<pxd!WH6?mA&|A$r82%WQ%B<U~s`K
z+=j9m9EhPjIN+nIx5(10=^nEfwD1M-Zs1&>97L~slv|){Vu<`m$FwA*K6}BCRS&C_
zg51V96w=ZO6x2X&LvDxw${<}9LQY5!-7vD?cU@!~c-)W=H!k%Ks=(fUj)to@Ajd%S
z44v}u3#;H~v3z8YUI_~stf~Q4>{KZtOaj^67`MoS94Uc;yOrAvt7VOB1Y4UF7Xcgj
zJVuU_bpcm`qIt+|Yu3SV2j9rU28`rYHUZszV~l*-l2+8@9V7$WqZ4knYFfBb0E%#9
za0@>8r>!0~IQwS0NKINxC#>bCP3sbF*ucn5{Z-Q!YVa$$?*2$Wk(*F8{1Bh9Z&kB+
zUIxoY9yVcd9pJhg`ogC;89vbQS`5+##Xc#GwR6F*u-p)V?0wHcT_SAe2Z+KW$t@kQ
zN+?Cd3wfVJqW%T<lAAX%3xF*CXLt!&QZz8T$$Ll>1_67w?^G^`3n>1C;LWI060IXw
z;V*o?gMnk=_Nm*S&N0ivW<0eHcAQwGWQqK0v3w2e6z<>PC>dqjk^2$+F<m_|1MVkE
z89B_@5vpS10rx`^Ila9MLlt!pIfyjTIx@OsGt336ZgCE7XB!KKHhULD!AK|#k@ynX
zPS8RuCxEP<2TQ<q6o7?Sl>u#fVD%zVuo+kluwO0IV4Fp%eD2^5xP6O0*smyEq`CrP
ztrVC5d<cKS028CZTII#S0IS*z+wP44Y?-RfuyfuhBcG77b8n<;S~}^g5J5@6MmS}H
zV7x&L)(OX!I|$2dIDxng*#>Dy*E1bPQ}#e;LrK5`V%0Gr1gen;8(1Tud`cbmS>(>o
zT@rzh3R!d`26l#<u98%TplXjG>kV=mF-0HHFOYxgJ|aRI!Id*&1j*0j61f8gR?2M{
z=VG<6z8c1WT~<A#F2RA?fE@A-(L=B*MncM**<*%KLe((b1a~3R)*itgTp%C}7I_M3
zQ8uZiW4<|F5H=!83+YBX8>?;`VWTBJQZ__z^vgX6X+GLVKXG9E5x4{fK|(4_9jA05
zU=24Q!1AesTa|pe1S8AG82-5VU|=@Ff)=)LN7w6rVzR0#q{IstOKesi1=P-pJFE*c
zHEIuhq9<Mm>6J2^5S>DQ;#G?zSim%5C9z$w{1OCS+<RetufQ>X3GqzTE7(p)nXrNu
zKf|>TeU^3!{)}K1*#okuK-{bWpGT_l1Q<bpZ;=3(W!1vK_ep~vhY`vD86_GpT~&D^
zQ51O<(#&U8IH*8#l^<ZjVib;)ZiEkg9>cw~J%aSo8s^$~GsFVcaLC6i>Nv%$KCyw}
zAf^j9KK=^=hbj#?JQ}2t>c;Sa9I?{R#1&}-x87w1S4Ozor|XeFW67qN?KuND+!}%q
zazz=#PdN}<M#$9`ejrYji|}VCfSDcWMB8iFZ)_?~(GtpL#ZizE7G(?{U=%ZB!z*$V
ztO6a0$tqKLS4{&;$jgVr9pwy<4`N0LHm||jXedJ=pb^e?E(LCL(2(8d9#}+x)~66a
z!H1Qr+&&ZGshbdhEv6AGjvzgfhtS|`h@b&w20KAH5y30U9d1@q_!C}zz(OJDX5;5b
z_3=l(K%8pvBiyHVa9A0z!)i0k2V$~_D{SH1B)&pV2MMZEzOaB91Y%<Fh~hJfXvn=C
z!s{t-7_Yi)4Z*Wf0KrWU!9;?xg43hB$&ZjU1@#gp=MQ>_)dC(v9sct*A`W5ZszKlY
zctl271i)=0B!p~cTEvEZ8a9xfX&=HB7$a3&Frrwgvfc8_V5<&fp75y9umkBAa^Bhk
zix4h*gBOQ@lTF<?YeZ52Y*d{7aVP;rMP7nz7LP-KWw9O#M<3}agfDpDF}u48Miu*D
zvb7n6DjXYCk*A^R7U5w?GFTM=-&~XX3JyY)G0YAPQJ+cB7RH2_Fk%r~amc`8o1j2i
zdW4|rR6PU%A3HXxP$F>B1J<3OG!E4OyF@JTb0o#XgH%->!Y~#ull|oB2ee||bKXiI
z&-iPD^!HR-YctP$^HD(}JR^wIrg11Hf-{DvLfDZ2RZ^&VMBtk021#_hAf5l+F7Kcz
zXp;`)^8r@V5D0dBY4M7(+(P$JFkOk?fVjEgrgjkY0&i~R`Qe@LpoTJb;7TM1-T@Ns
zXd~f)a<%|p0gJDHNK|5*SFZE@h&^Wn;Gxr>gQRNT)$4GJW{B_)1WZ81?1K#`RBGZ9
zryZP+qT(O6KyjeYwmK?KreVY$%K3eSTG3BtVCSLS_gKS%(4Q&rl%a1xg|rUXR352?
zU5dKOa~UopLyHqfd=md$9%vp3q?aICqVDL}z-5dU9=|}`YI`oMg~E3Vbmj`8<eO9>
zxNrW542whVffcj+!C}HzKtqQ-D6>Tcj!G?nXxPt|`ts*JUhtIZ7clk=gHvE&Vj#4~
z3k?4aGKdW$e@p~N5PVFhhJE2_D$3%TKh%oPJdyyTG;U8nsH+BLBDIhhs%ro6D`<2m
z7#?IHks6_2F7-a;<IoRc?6DtQR-Gfjc^dTf4up~6%P@a?L=o^QGLp^1;M(FE5-Z@+
z=bq3f28OD<e2G{UTnY&7q!8?45KKeAS?RNJ0ImZ95j2BKG40RZ0iUWaB7+-r`3GRJ
ze=h;^nPov)4UNyV4T(fjG;oCy69?RdH6|hK2EM4e_z5!LgH_0<)B-BIL-$h>0DWR7
zD$u2d24MY&PBxu_FT@OJpY^YL3)Doc4}Pio<1>z-npOyRL6<u~Tf@nCHi?2S0@x7^
zF2%$@jrUMVfi*^~`(jT4kk+d+kiiiu#x0BxAGox*q@#*tUC<920bg9c#`^)ERTk4;
zqwg2Xocm(>b30W`NUPA)8TzvtM7SPYYJ`4~B91^Gd@H7%RwNB)<KTnOJwYUE1=j!&
zNWg&0$kfjy2tHX{Lm~ybOaS!v@6C%4Iw*(Q@i|L_J_Q7R>82iF<W~0d1p4h|I(z&C
z*W7!**eT&NiGd${a!!2FSrue>|5n21SvVvcM8c<x7JRbE{L+t0AoDECV^6%`2H5#K
zRP813AChxIp9E4qEe$}QxP{lm8JKE`X0cOE@S8>EnqX5s%uY_g4`OTW|HT!52mG4g
z4pF=M#Tb{qXrA!p^3vzg8MNV(gQTV4^1o0yb-<Q^5ELl(7jjrr``e&SH#LPuHSkyU
zc8#NHUjVlT%>P3#BO@cqLhU{0HP(Ahhx68g^d8KW>b&4b&gJ@AM2)ZuRY#K-uTS+!
zjC%*e%H-)xbwvJ*tIyjRn_c)W@sIUU24ylNZ!uWcsz};F^!?-q7fdAR+g-8?hphAt
ziDfd&yU;;UKC!US8MxH0+<Nx*oa1}vy@E<bTo13RQZ!5MwC0Cqr|C++SURzwJ0u<=
zblB7}@qWSvZoR3#Cl%;f&P$-SPj+m<L;l_iLf!tHN6#m9d0swfBJ(I)ZpiOv%#hsR
z@snnbiNXKcn~E&k#6RC5eZ61VpY!nf%XzA+zZ@#3`OK;(`X@M_x*U5Vy9J+JI8}33
zHQt};)m08DKSFN^T$%tCxXxWxn6C~T>;7?k7q7=dg8CjOnXN6)uSoJx#DB0hoWgKV
zfb%A(Q|4(!EA62C&*v|f&1VEYDc|0mR>!!%+@xY{Cf}U#gpsJ!Z06XQ=C09ZgQ{!w
zlJ0fv6^8mzw=%EXSNd>Z-G%LsHI#}TdgpHMJ|f>&;})qNttWU=MbH>4o?W;g;H7c1
zOSjDNBga{&xx-r23o-pp%f*2T$9~Qa$&ML`@_$6+xKSc)7d-t;TE3IOWtXR2`P^CW
z@Er!uMF0<KBO{jB17NkOr&ghQWyyv--VEi~ob4dXRj#~tkZ$bWubg0?6}i0ksiON%
zCBBhX>l$Xllj(fzU&{kK4+RN|ovd5+d4;|T`R}UgL52IAyZz^>flGDDvBlft<>>r3
zm*xVK?2nbq>hSg6ZJ~^}WQ=L2v{;ubpAJqRabXMD>%Z#uY8i+?rH<zV$Nze4cv$9N
z0h;8Nn}WnSyvMm(8O}U2mp)QJ`rEtVVSd)<7NyS{{lF4jP7EJF?_+Y_2337-F1-i#
z-gjS>lV2M5J$DSb>y?SjPiDS?m3iB{56D*#;>QzMO3g>l)xSO~;eS|PuFCWCY{0^z
zoKGR8zkX9dAE)D?lJ&Y1eLs$G<LwW1;lER`*R_R5<Vej-=MyJ>T?_f0lRqG=akkX^
zV2xj3&69%d7Sk182V0~fnZF0V+1fIN(M}QP3<Xb~FS|2uu+lq+ln?ya0~F+CCZWAw
zD*H@*YzMX#zkTCw5YGQZAR)fYfuAPTKxU^4dvrbDT+|S1^_e2L9c;;uWR3-jEhbn+
z>kL12lq`RBNH>gG;uT5}^9I~GkUxp6PJpexJ@>V-)oy}hs;GPcxUuRnO)nV{9Pycb
zl@mV3=YXf!21GDRmVrp{Y#Ad>{W``hsJV0$JBes}P#-7&?gx0OPUt1J<Y2V1^~Xp;
zH2mUG^3!FwQ5>9}iCwSp+g{TyLQW*yy?_T&?t}g?jjiSMff8UUIF3wss?KroOYTZ6
z+hr#J{qU7`dAdSr_bG+Q7-@yHY@GBM(!FxzZ3=j%N;td2Z<G-Ab{N9yttlj_jTL^+
zojmfSUbmy@ev_@7V0PG0z+&XT67|bcknC3=1@3wN1&K5@q*rOWDd*crN55SUB;ZBx
zSXp&$=hw>P>+)<DxNh%D<ce`7r0+o>lHUqJB%Xkz2^uj2zArCD9V55-ZhI(wM1GR>
zsXs~1sp+;0;D%A3k_6}DTKeS^VTs#Bj$C<Te>lp}<U}eYMDBBXrx6It5hCvtYVZ}{
z`%@S(AATaFWm<3|KS0N&iI$drZ}Bp3%XOXg<pv3a{KLL`=EQ%9vP3-8fxzM{9-~lY
zh%GdCxu!eXb0m?j+hflI+e?4P+-vy+TGD3staGfZ>g%N@tTt{YyY(*gL4h5qR>Kik
z1KeKn-)VgPFpSBnhNDWh$G~i^Luv|T&NjMpTtJGJ6ZuLg+<Q#V5ysu{kP{>MKQ(5E
z@U#~N3yN_g!>zU2)M+d6I{Vb@dmJATY^lX8UY7Lo_YgrWe|12~NG0z{=xK78Ef)7W
z{w3f=cVtwy*7=`QW>4X*4gSN*Tog5DsL`wbloSteP8B8Q{GXb;$RJ7rSem^ga7q}7
zkUOJMZa!oL`0d47%59_~$_cd=xd>9az(ffCT)nDOmZVKjE!RjBvS8KupIUgp*sci}
z_tPRn7DO=tOn3KWKRrSEJH75oLdp250-YtOd`Xf_UD5g!B&x$&`T%P9q3`hLhfQPC
zql&aTw*y8*;Qr_9*172#M$_C!(0Qm6Zd{3Fv3&H?dfmb0d_QqMlB_IyV=enN_C_1l
zjrungE9gr(#bq8e*7UbemK#(`soK#xH#t8u1Wk)kd5HTNuj@83Y~zB2{KtO(Clr0^
zV|(0o&q-*PDNhr2Bx5T2oMo>F->r_eKh}8y8arPro!sPgB1);IJY4%5ih#{#_67vX
zHW>=QP|BbLCK)eBKk%5tYWY9ZqXEfKeTsDuTTiDH=N+#-`@HWz^zo4P0^z9}xFJ6o
zGA?5${~cglzN`WJRck@Dv5Px6KZH@nck@z1<>y`lKAJOD7L*@m>Pbx`NPIS_n4>>h
zw8#|-W#>eg0B39)T5TCv?MrB*e<z{i53lDzpE>kJ*#~5qH5(y9hram4tTv^w86P*D
zsr};{zIN`{#KJ~8EB;gV?o*6_uSCu_sGy1e;ud3fLrm0ae7%z=KZWtpfKB}E#X$*l
zUDNx2<v3H}MxHtG+Xcc{-Ia$&LAS&Tk&u%)81|xtNDt4e^gnn^+01lUP-*|(%a3dD
zu_|9{IJAtdw_S_owd8A?!ED~dTJeIGAH;_JIo15Nv7BUw4W@jS+V}-xT!utkLV6ob
zPz$Z~wI3T;<>4*&AzTNRjs*Ob)ik<~u4Ic4E5|3V1HnF95L)%qC4CH>)$X9P9`dwM
zn1}GghI%$8tv18jU;Bo$?BCOMNT@fur+u!3?lCbSB}wjw?vq3*oL{L*+DDuDb2PNP
z7rTku3!L{gzu%@D_c}y9F1P}#nbaiRI9OfyHLtVW$X7i79XD&}Of5~!E_>+LOlGv<
zCC8RPLn!0qkNZ=&X)_k-;brBs>Xn3Zpp|;vPKKp(ofsqBrjPH%OgHJ%$X}ja{Cw^B
z_l*%iLv4Ps-*Tl%1S?}#0ksgy#s3Guel~gZ)ex35Jw3Gg;fOP#E<JM?9KSfB^}~&?
ztQATqp`0MDrA?k`<9kCL;hV1l?i4sIU(4uIuj}`2rlO~zMWocskK2;DX?U-e*@(6b
zu52A4SC2P4y`;4+M_xI+aqNiwz;_i$zN9m(#Dj@Dp*3gxQWOfdPod(A6>cf(esnr;
zG4jQs>4n%r%G?Y%EBkQ~EMB4Fg9p|{0uGs(cK3-U^{>k&-u{(LPi!8hr+}yV^Oh3Z
zNU|#(?92$C9RkclDDI35fYO;y!!tXILbk>9*Gw<?MbYhR7)kx$AQAYxc2vnzP?=z6
z7WPwNe|0*MH6r6BiHXH7h!pm}q6-w1Z}}TitINY*-}^fQi#h05G>_lV64Z=Vk`Q$~
z2#M!5o_eP)4ju#@CFGb$_op9;63{}I^C=n15%p(JQ~BS{bo+gBE|QnvDk&$7)>@xE
zXuV9Un=2&L^)q&p1BKAg)+*|kUpznP1TagYY@_d|F{{%1t8;`{cT?)yw1mPF=}gI-
zEjTpiTJ4npCv+17#lJ1Tf3AR*G)V%liQ5bB35xj)tP2O0UzXCAKhly%h>BF%S<ZKg
zq}Srer(bww*VjyL2O{`29KnAbnZ%Cc?=!CV*gz`Z*{1lbsy246(=qS5+RkOZApM=-
zAih75s*8VrK@um9<GtDX^)Tam9pUCra6z)u7e$+Ov4!*e_K=wa&QHHNe4fy2Qt4-`
z&u@CZZ77ZPK{!eYWQcrc3>AZx)jkx&a;~8=)7@ZP#+4UDZvB?2Eh7iyk>|3DC5=2)
z_h*)rruZ|6th9rWNK9bG#EjU<<iJF7^j8T--V}Jm<K1sSV{6O2sSM7mZ5vRw>f$+0
zQ=L#suav(0T$EPFzZ7;i9@OG3=Q~G{3vZbwbh~Lveop!92D+~f;%mMs^y+d&EqM=g
zn+D3~09)pH>SK~7eIF*yMu&#iO(ZWWF4<G>hJH;{e4!HG%8Zmn<RdsRy^}O(%zJf?
z(*&rQLrlJ=k7+ytDQQ;Dr%Vxy@n|IBhR?6z4a!+bFEwhmV2b+Ml$t%<XoDv$&F`OD
zfDWqoe0Pr17!qo`m(|W=*}}Lvx&NS4!u<QR3`%vWd~GiMH)7OUV3~ngM&3BK-sM{X
zr`AH~IR~VoQU%>#Jp#8}qzlx)wOvr~y*m^_$|jPxk|BphD<^)jXBwPBYrhgly6?0*
z2IT&q6a_b2uZTG{L!JLD5zAT7N=YA;iaR}LC`nfE9ho`RolzZ^PPy@Atlb60m5ZXd
z*IMdlCsYAyE?Z?D%cGA#dN!1gd<WpPkd`oBuS<G^OaETfe<;jmTRGnaid+gNXdu>l
zEl71CkODUTrra~+$@*xG=ssD9gvE4Ps>8t3`$J|tp6RQQ{mOln-XfCKhD&N)xTq&_
zYl$EQC=6~y`$gqj?z-F5ul+|k#4zy*Bk$CJy04@5iSRZaY>rPL(0KHK74XyUMZMvy
z#5I!(#{MX!WD&|wZEzm-*H}H%rmQ$BZ+1}7PEHxV-&K!G(H77E+K9}Nhv!q4l1nH)
z8f6}P8nY;^6@pz%ho;MLo{8UviE9nFzek5>i|jcId*<-euBG_oh1UEBk0RRf6<Sc<
z8-K_h6#{VZ+?L90Z+ZXYM1n1mu)c%w)TP(&dW!-x@AMkbLWy5!L67}o&2Ml(l;o>a
zhD#Ia{SWz%pkc`3`veXNLGTd%Bo5t{g5>tz3L_zMv?&G4Sw#KtCz&#<|2gvtJ_jKC
z4iLdNlH)f?BV`!XVZ7P`*6=iR@Ivgnmb1~oaXX@pIe9eNNBUW{EHO7<HBByOE;xOf
zxG@BQZMV!Brx<?2UnxnG>TUDUk5(!XMg7ll?gM+{S|ecgPVQ)7oOX<^XJA?BrJN*f
z@}MzT{(#mlbcWsiQ?%^BP)6SgO~n6dS||d1<N#NLU3K(RN_AJsZB{DZv@)w+BEXg?
zh!3_8IsZ}e>OheYdrF;s6WCJPR7HdQjd2$U11}L9xoHKUv;m{^Byi}V4L8)ygTUt{
z34|nB6+Y6ZdE0s@mVV_GFGpf&#mxA8-V?URzgEkLM+t{kN!MXd%}v)q@lq5NiT#E{
zAtfT$wXCa!jGZw4$XbH2HX@+u;<r~bpo-4>-T#aPxH^+()_Tp_>?;s`do=^9XR(#-
zjJpNuQH_~jr$Px2tdN=f;BomxS`s@=fhvABSIZ66+{b@gf8e@~B=%Q(&f9$3ItRLs
z+ezpCZT5dA2$`}WIX0W3pa#V_5;%e&d{4W}3RjcHhc7@2TVP2_Eyf;->@Ae-ZNh7l
zHuf43RQI!WLO5*_3GaE7B`X!G?+!(fvTgYUn;zDFPR{-ck`V6*gD<mTNYH0<jm&^Y
z(CkgK(&KbboTotoLrZF<#!0qHg8wszuhc6i;MDD&mt~(MBb;#gU5`C~3b}FZ+DtYH
zLNQ>3e*}<wSP}j{2!3~)w6g5dUhsZluxj~vI{BZ;u(tgEI<S=Q)$3*+ihuH@<i+h;
zL;gJ~a3GMcxUZdTv6l}1Vys;_lUVtvV=wL}08{CO(D0JM3b;3GvZ#E1h(tX^zD3P&
z4*bc1&#|1gjDUTy$xQd|LPFGZx8dj9G}{*<OH*|X(mw?FYj?%?tkOV0wwr~b3}a89
zXVvMdgd8j)>938N2mb~2LY?~*sUcEw?nRX9KKX-D_o2b(9Qj4@#H=#wRbm<Ow@*wK
z1(+<&!|V+2KZL#Rd1?emj(QlDlktnfkaChz#wCXIxYo6XH=X-0MqNm^PoY8@oq15u
zbR%fM^^^*$PU5bu5@9ryf(iSxZEe^wl%kZbyz$`B+x`zUs~?hhH<8ZT%pCmyB(2}x
zctndAWP^aoQ$BIye?(G2=c$n-O&%(gS|vM3#wp-u_K27byUj*vsYS0%g#N443hHOo
zzPo&~U<ui(oUgsJt24!%mk;P<20Ys?*a>N>^F}LoO=6in51e{>V(%~de;=iOfCLVm
znywND&)H|pjebZ^zE(Nk?uB;)V8sJBxW_7+9a#&1XqojNY0j0xu*9k9mk;T>R-R|Q
z(p4e17B|__K?;Z;k`P|Y?|nerXrDxU(0>izl2T$~N``}TNFo{Zuzfowj&zmY<Jg|h
zl>dtt{#~NK)@~k*nJVezt5ZGpO88kbNw3)Sg|H_51}mqSFJ7=4FeXcIrv3x7PGt3`
z(nE!!_IUAv*;2Y~w}QU<ux<CH(Ex$C!~bog%~2dfojP#ADUEG^D5Q&xy8ms7vD=e;
zh53zK7V6z6^j~#XEW)Jeyqy*H$_OwBf@YmNlAS9FNqJu{jfEEU+dt0y2fIfJkvYja
zE3@t>(<}VSZ8R`bPKhL@b5ZnXe?Rv1xY;`EArkTrX^SD{9Dz#yev&<#&+@3GN#~6J
zg%_bk%<~6okHQ4|(#%Eq^9nK4Q8oqP70dbl9HJWz%touQ*B#8KdK|qLF>wPQ4L_$X
znt-i`XvS72{=sbS>19d^$%Y3^uke983GmZh3J-<qN0Zf@Vor#z#p{0*>e=Lb|0-1z
z+_&>>%P=!k->BJ=BA#s0(x?32#sp`|)f{TZJ}|G9J={%#q|HRHg7qg7MWH*DLj1I#
zeJ`8t08Jgfy#x(e?GtHm80J@L(hZo(aUufalz~@6BNBw``YLx+(lw(`IM(35p5<TR
zo6HZ;`mc#Y@rmW8vGglWSPK>N`jGY*b8WI;8||+Fh0O0BQ#?cl|ABBh$(lD~bdD1<
zH2Wu=@k6?L_!0#geOPtvFa<3Qe{-t}>guO#r7@LNGOkebQ<1|>1zZ1m4Mq>+rc0>p
zAF~Q}UoU-4f_3J9h;;`8GDlhOqm4AZjlm^VO%W2W<Wua1%8N9=Mo0T&j`n|u0U1Zr
z#8k#1-Z(60oJX>(u}9z9sr9$^lD?4<wnV=CSE)m*xKuZo2Y$8Q@ozR*AnSY@!EGC_
z-oxeLGuKQN|FRGDmmR>hW=)g{>bL3DYju+BE-76z%zShA4w=EP9c2{3LziPae>%yF
zPR4tG9S{FznH_4Loq4;TNJ;)fvle4#_P1>R(_X<}=eTPVsn|@_fR~!JYL<$T{{zJp
znLn3O&JLV@G!&8Wj1T)29=~jUvKN29;WBzy-O#0{F(m3rGk8EsioSu&KkrHnulD!F
zR2g0GoO$8>q9S!Het*XEqKf?$*+=73DLZ#3P{x1zar?cqC)%9THJiWRlYMvpal`H3
z8-{0G>Y3T|#_*o0*s;eAE`}ZS#~MGK`RUC5F_Q}yPOy};Vn#1pmn<CXwJFh>n<t{<
zR&8FnC~Ao`>vmMn$E2&#OdmgK<kN*6zdq0F&q(l|?8N9lI6l5$#E@~<bOW7ZuGy2@
z4LVb$PmWwO(Gprc{{L6_e{Q8>%@dp01|6opzcw2Q!&f4Hd|j>H3w!R~LrPV<v6G%S
ztLQrXBco?sr){Y2I&%F2Ho3LXlTuNU-{JUWQ+~o$j|fbCSMkAp*nTfnFFT~+x5lmV
z)XtE)d1<+5#T2My)n?npD)Ek_7YsdmH72<;y+AHE<f<Oqy~!-pjgr%p#kQw7#k41m
zA-P>v;5aFWLZ1S#ih(&%W^gs!o?X~*<BgI6LZuGrEYM{G`G|@ew19%rFr{(?rQM>a
zVN#S2m-WrB|3Ojf-VY~@sAXFCk{9m_@X0@6wSwSRn4=<#Ah8?BVNn`^YHsDM4dloA
zqCp+fle)=qF<WsAwZmnx`{0*hgGXH<JrtIDyeABFQ2jeR^<y^Im>!Phm3)grjrg|2
zEt|-<ua2GbohZ@7m*iy$hq10*hhHiUPHN`E@Xl(#40XRt?C6;4;fq$J3+A2N(*0T#
zGm0v8K}W7u;4l4pxrKZ)a67j7j-{(PS#RTvPBJa5TQh8E{Mj4#<W?q09n|@|EuIzM
zqU2h=wF(W3x-B2$YIX$2(D-}Ts)v5UHiv6ZYUp1*(rNwuD;xv!Zwm2!R}fXxo%x{%
z*9$BiauB+&3>?tQM&R<+6m;kP_JOP6S0#K03uZ`BLmw8Va{9P30`Rh(=Cupq7u!Hs
zuXPrzpt?_%^;6Bcli6Aw1zXZmq{@ic%xJ5al5+ZFNlwbczZ%%mc>`JXU0=M|g|u-4
zJ0-^(w&e*p4;_q^+w!`c?7)tK@-!tr22V~(;NR=XX>VN8^VqVn!Qe%!ssYvAARR~8
z`9e3UTMaiDc6CoRV><Oi0ZuVzMX57yJG?-N+CiDUX(jYd>Kb?xe1P>Y7Si-8$r(yP
ztX>=UZ`Vr;#MPw&2XAO+LbX~wo{_%MsHNl!d*v2s>$DW7p5s9s1zATrA6|3~kiz^G
z4qKwZyWSJGV<r3%p|dY9;;8PI2-l$d9#LXDx|MzfuDjC+{%iS>%mXHO$x$zz7Sk@q
z`9poK*v2sWW}m+_kMAK$8Bk|a-1Rf<4*kt@_S}IVqQJvejMDA+3i<tKf-c70o0-2z
zH+$QBS1Jq96~v?DJE=t5y}5cXacnsMfAPC#jd@;?q;_K|41X%;!YSjlg5MfXj4T`~
zvxdxi!XZRr#1uXkpYjXUkD!*N-!^@7A)YfS?5gnFW4_s1FYFC~p@asd<$RmYL+-KI
znE(H>z_uHnhA=}$p26`C3FaGYAa~q2{`MHanz(JO7!R)Y26W;9JjJ4Y*0N76nNz>x
zngP}GLKrdpw?}rVmee%s-0q=jwco9IBzL#X*gw+o#xYdG3ViALk6D*@mCG7Xb1<|X
zL`28z%|12pQc(VekhLMz^P=FVhPX=u_i|xLanOn^N;h?UU3u808(S7md7b3S&A=&T
za$Va60K+YLBklW4hRo3-O({AH+WSI9K4@I>i5a&#=|@o-i!<|mvGD+3w5nTUYWK_W
zKbR+Rp4GoG^q_)Op?jvkE9ES=p*$=7J*7C(%=cfLzS{;DRo-CSb|TxdI@#IsO>v=4
z&|#>&Mvmoy!@2gMob9A6&;5$j?x8=_9`DV4iW?(k=@d!RubMRH?X;&Jw<^*_>~|f<
zKb93*WmABQK%MmZfTox7bYbr_>RX?szRjQ??UWw7f9vXXT0dO+*_O?vgDO6lsC8)u
z6U^uo=4r|5-|Q*Rx>}@HuFCuWe#fk~{bl_mJc_;*P%a*<<seo`?m7Iy@<v`@WmM25
z+3#lQ!mB}0hU$Y8=>5HW*0TQ|%@=JE74Xw^kwas6fn0n_B6pz5U9AEI=mFa(R6$Mw
z=W@5u?bAv>eqV5=WHx|#B|7X<L0;o`QoJ>8%JbKQ_Lx?b!FZ+ixKGX+5$2xhsKsPo
zEuGyg{CmxqT{H(!ZAO)nqsJ)U+N2iqaq-1&=s}1m3l1kzu+G&Zp?^YK8_?%%7Q)E|
z&KuzSlTfG|+rBH%xq33Zwg&DHYV4OY*OJ?Bq)x}ei5m2<f^8;(Qh{M->|LRopTS>4
zJl7?X+D&bf2T7qiq}<kg6$_Z~;UE96`(ITPv$wQ=YJfCO7<Nhy)lm~n4vngDA1$8z
z7&WxY2if>p7)VLL*E(uxMqms9-&BQe!wMsXt-<&V8AbPuTNb-E?I(EP(b(`V9~P%`
zH5?2KP@(^;|28|VOr5+_tj@>BtPXw~E>-yP)iaW(?ZwoI)-i4KZnBpj-%mq93eWR<
zZ=^1l`}y4-bhVv@9$W$bEI8D^b2K1IzOTU?5Jgumr<cfe?mTdE3E#*!GhX_!{!F1P
zcSJEBAC3E^m-+JJ@R2jF^TbBjJD~QMMOSNtU)h4`Ti1_nk(0Q}Zg2Y3o2=|Dg!xrT
zkM=^xc_3iyHh3&`Vf1Ww;geYg>jk*+4*Ii@o~~vz-<g*`)=SKvys*Gpm-P;hosRm|
zV^M$OGsekhw_)!Bmmk}P)w0<D-Gm1Id>;Q?7TbjQ8GMvD@1_`Y7#Wa3Ncn$om;dbX
z2CjEAF5yTf14vWw1%rMJ$xA^_pnHqbX7pK?lpo2Y+)v|lmB#k}%?7VkG`$nu>QU#n
zHFNhqw~HgD%s+qaym?Y43+@jp@<&8VX>)^>>m%Wm8t2J%Q_c3>8AZoe2u_jYiV{1R
z$-oU?h?2RZ0ndJY7ZbJGXkDM-AUnx)GrLC#bivtWOta=`_SF@mQyAg5^FjQ<l$6oq
zmXwy#K7(QYN-I`d+hju+-u#XE+zTg)Dr`(%RoHy7yn?8@I>-CN@A!lAl0;D`G*$K7
zX}wzxQ|3-RoHYy0A6+Z?hVGLc!!Jo(zS3El@&}7NUZxR7j3wDOB_A<&wjf0@6ctwX
zz6+cx(R=A^k&{OIIO#Vmt^P#GIRY(~&G4=fT40D=3M&^gFV8cA8PSIq@?Cz%yO|gH
zb9ZYUk6)&(6!9*uH=Ig%BS<W$*gN4;A6|jxi`!k`SgVT1_GFt`R=EArcAeRz@zi-H
zz<rfk_-?k&|Mmk>r8GN2>1|GL?N=UT|3w$8x8BokvZ4kH&dDV-n*k-8K607rEy}N@
z(_D8m7am_Uyu~_xa=v>yVXl^S087z~U^Q1-m92O=Do~Ewnax$u(8204E#};?iDJ$o
zTH=Re%=ZPq^QeBIUt7J2%x!A-m=#nZdh8fF#m>w9n5kQ#tk(U91@!ZVDGvry-iQ$6
z?Gy<y>U{g=79V{Wu<tIkOvX-EtjxM>jp@i6QxE=gJlxxWL&C1iWcc@Y7gZdBhDS`>
z{M%IBws?8elYcatx$|uD!<NR$t`OnduX_7dtm&_#&>wx=a7*KEW=ndE$q&=6td70W
z$#7h})rRog_TlXZhsnb;i(b@%$v@J4Da?zn{3q><WBIzClJC{Nza!<_rz?E>g;72U
zD95VT3Zgo<y&0$b#qe+L9k_?7uPAf75sCJ!f8*?EzVTTEIzL@8<Vcxy=XmzSUh?qp
z%aVfCnkcDkEz-fVSd%iFvBlj3_?gy{)oEHxCw>zWqBo8MKzB;sq8QB&I_<sVmyx#M
z%4vhCZ%Z^$AoB|aabrn2&G)^PaKSxI>BF<@o`mD$F4Et+)UT#a=3#SwrS%RpuT-q&
zhD(zSygV}urL*MBZc!T2CEBb??n?~jkMcSN@ta7<V$)RpD1;faskz1<a+*z|`@yRW
zkYKmq*Z~3<bKcFYIq-UtRpd*{iUrEEUzfIG7_aNoD|zI`FkwS3Sg)fEB1+Hbmd{%c
zR;p|u&rvK#9Hp}sW<xmxsW;Ah8RAW%b%g^@8&s6rHPU|uR%kGDZC;q!*gKl#)Yq?5
z>FOOS`XlD&GOX<C@hQ`V?2n}jWGi!-4hA3X^&W&;e0VhgdZf0z!?%j8*d<lT_9jO}
z@c+0;r83D*&WOI;YLp|}=a#Z9NnuwZLl7ex;@o-D;}2r+R?fIK>1l@zi|+mXd1KKg
zo|k(H7|KeMI;hy)lk!>STTi()j=lA2>8<vhk#IV`s=nmqY=z#&cK}!=@D^p$?mj_m
zv$q&_U2|~dNhRGmsiw-)Y<fEx2{_W;_ywcvtyF7IYGGlCxQly#Z{Cy4YxG6Np!kGB
z4BGQp!SYN>#OueRe7g&W+o}sme6^g}dur!>Ie#=FSiGNq9A01Vea+ap<VSMX>n4TO
z<4<#^-@Xx<yW^l;!=N-Sm&Q=07QK5u$a_s$uMQj>#E;2MDR{VE^Uz(z|Hv>ZWcz6t
ztSZ=G)ZM(WllEr{%X090wbF~qS@rbe!@FffjtGmESgy8MjWhUuv0KU=5CQhdEp#{N
zp_p*od6G67pF7w5?)C0IDEKo!F8|s`8z0xqaz}^9QuE%sY{%yASibHQCtJAcQ5IAo
z-t^9%VQ*K0b<LO}rwL14b&HABX)#)O=vMB5d6h1_$WSW#{jU(t1BT?7*j{o)ymje<
zr80H}-*)}_4YOY<Zzn6W?2j#;9;7{O^KfaSUUu=Hu3)@-r`|o()XIuBI1(*dp%lc@
zKRcJ<ZQ8HfpVde|TxNYlmC}^yjwvISi8j&qR<G0#NM&rzq7Ki>N*ycHGzTwhTO7>4
zE_dAZZ21Jyw!DPw#2(3>`ECHCQ_A5oP3Az@a(u#-lUkWBnXL4U&gFi<N`pUiR1Zjd
zmM96}7`%FR*kKyxfcetBl)^v{;>`J{CZ-qB4u!awLVd+MaT{1QA<^L(G@8~Q;w!(P
z1LUUm1>oAeC&~RX*jr_Dw^Du}g?xyLc|Z1X(W*b0|2`$c%1Kj80HDh9-Ar!(e9csp
z+4MS=D%k`{tDb=c1)!Q>S(7`uYv1ti9i0A-KgJ}#u9z#)U9uf>U4EysQHwcx9^<&T
z@MKedS&8+Ccvr-Wr9O{p&#Cy7E2R#T(Ps;n7K?)8?&5VbO-5DnhdcZ(p}o0EY7(Ok
z%k|!(j2!~6{6aT%1jmK<PgcKRm`$!cauYGxxVV+<P};&y1ja1D;GSu>kz86Ie2;qF
zD3brctqZ}eeI{d9jWv~R=vpcpn<?p%9M4Bzh!wgur_=`0_0YV{5iT;8iwg$n#2(j4
zJSO8nP@FdZaOTp~v%)3*r@2dK-}T7)b(y}fzwyYanvvJD#0;Er_qJy=Yh~W^quA|b
z^m`QMtuEdAT8Z7q%XFU{S#9MMHZGX?W0Zfga?_^T$v1g@kzBGi9Ud~0L3R$qH7eDy
z%%>Rg-jE1UJ|~Z$8l1O7oBucnY|Rq@oE4FJXu$-9ea$z`H}^72h><<d$J8)FWt!CR
zY!U&FA327<6rH%Pxl+%LfFw0lTfxFpQ&h?ad4MF965r#EiJDFrSw>ZPRQTRpn<>>P
zS<lPW!Ld+yyQK5mxtmo=WR%{@TxhoL%Q9P@TD<s*6P;l9`o?~MRh~WAS^}1%ww$wu
zhUM9{i=X=jZ@GP0pZUpY)x9A<l65Wm#=U;dUJPc~(~LMK_ED$rtazMbg95>;NLehy
z%lTF7?B*Y5bY=<{Hvx{=f~gOrhYtTC&d0nvaex|{zIC4m`6|#PmlG|^=hrfExglfj
z4#-ch8b9X++@fk+&5$i@o2+r?BZ<BZ_1-qCA6z+Z$3wT<Em+1kd;96k9g5(yiPgRp
z(<R>Jm(L16cFN~z#+rL+Uu)Y7-jf91!e7+{8>Zxg{11CN7L}up(7oOeI&j9>{f}!W
zx#c^e*9Th?j=9{|s-5ZWSz)E<@Egqsy=Cw$H&N0|6hwmRMb55cag8-ZtmfL)+&BQN
zBPU*_nZNp6*3UzxhB0*WqUeTRb^eZHAP12@wesiXYDUontF<J;G22^oxMuPXZx2ti
z-1p=1ewDHglh4`Q7Y;{`2ncE>zHy4r6#t89d9htSQS>Mu7lqJRRs1+Y=H-I#8{X%p
z-lgO%&h_Th=?W#I8T*-ouc)0)I$>!Qg+Lwg@pt$V2|VR@j$6IEdu48IC^w948(BJe
z$H6I1Y;Hp3j$+N=8RE!xd}?WnXiI?5Z3?SAc#i)&te#Wfistgdt=#_H*~u`~JCxq^
z)Wz3z!UL0o=m1Ky&8?<)95U*e0!VIs%1tp@D)1e?U|QlJZ*!goR^)bhM})Kpg`}$_
zHCuS&7gKapsViP_)(CH5@hmpT#-MLcA>9Zw$p|rY<aOV?FzH{e;IdVz#4i8N?UT29
z!Hk4>W$NL(Cuf5%<~DgvCcY5eJ!iLP%WQ-2WM{XENtQx-A!ebgk12eH_|fky$<3}O
zuJT^(WbXmt<6A&Hd~`LesXV!@ImbK5doE+D(tH0{>GS~%qcNW`vhGFS*?zvl$%wNR
z)7`TC$M3E#S}ZvWI+$!<Et6fDGr6=(d{W(<#cx;HIn~4bu<(&*h7cm+rCy#zm`^X_
zbi6lwW;?|Tw=~IFyKo_sVdW*(+45lKcmR4a<YQ&?y~SBxOV>SqTfV23ik5gVJmvCR
z%X(+L`QPMqNA?=_D=Mr$@+-`?Np4+e3Z%>g?xF2_e4n9a9?Mgky=lUjqdjJnG${Ae
zu<`t?8!?H|rZTX);<m)vk)yP0b#7*A*zhHK^`MJ8IdE`MeP#(m`Aq^Or(ldJdrrLc
z(rD(%WEtyz^^|PooyU4^<=cXt3m3Y?yx&vL5^KsGJdVxpXU}PFQFM*lxUrKW6-rHE
zoSZSj^kKq0{aN8$UJ7ktOoWKD*l)I)>FH5^&0wkPO-`S8SB~rvthQ(+pCDI5{nZio
z)<GxMK;zl!C>IrLlAHY)%PZ%&S#GNtjnHLhyhXZjI>xCh(P=ryc)>W$!PL5Wz$(h1
z(1Ur~HQje4^W%NlPD8(CmEexBzLT*NvSj<>w2zf-{S<ViBp>zvw0CA<O`dDN@2abH
z1lo$I2&61qDI%hlc}j&U6$Dfy43R`dL_j7Xh6Iw-rGSDGT^6EDDN6xm3Nr{96ojY|
zqF@LDA(99o2@sMHLgxL_x~}i*ckQ!%w6DESI3@3s`?-hz|99t=rMxi1Jus%Y_-^>v
z%yaQ6vbsXnW{<b?+vhzihnPbavwLw3#%3OUr!ppaYf2{7?Yqg7h^2;94tJ|k;3Q@G
zrs@Xt&-t0-O>nmbn~@tDGlIm5>ei0uAJZP6{S9nt#>*(E#g)@s1}hk010{FGx+cA2
zX#}S-?g=(RdKW>AgEhc{Ls(m+Ox(uqT8(r4NOg$rVoUi!!3z!FSx36lGpTn=JAY9g
zW-W<=Gn>X|&ioj}nVd)PMmgR#{LVgZ7-y2$M=hUNB0KHc0wd*qnlq;qzl}KNuwyMd
z{YveC5?~+Mu6jO(i`x)i&Tc)G%a6TQm!W(r4FEF;un328d#~tOiw1%Nm$I;!kgVYP
zK(I-(=o5<v;O7Ht+bZec*uI!4GDCfEB(g0f)UznpZzD(S@q5T9>g?#miMaa|LKbGY
zh7^(&UAK|94d-2oM4j53on)`+fXwIXs#2MGwLY;zH^sJc<IEz^X13JNy4D*DJ?%AX
ztYfiE&;k=~B*;KkrgePLSYipQ_9*b6m}XJ!mQlW5TZcw(c7Sb8I<yD#ztSAx-y;}Y
zmJJW4?r)u}kKm^W1GaFc4Le{NeJ|5y-uaJ@d1aw69n!;<-8}dTby-n&(sG>x&b{Eh
z(y@NT#*5lj&b1dmva>SiJ<F3L>+HW6h>*5tkds6>)VE)}OXMGDRf}O6IBgm#!8hX5
zoDTJ0ZJ&X>^RGe&kS*EUVeef6$wc^eRGb>53boGXkAb+${%P$k6SRP)?v;C;RA$@W
zjuX0Q_5FRc!N&TKfozQJ@9{!SyMINjBt+_pfeyzf%KboJbqHQO#T-@iC@aCZ2XRi}
z?MpfZ)_4Ovq%vm6vi;?1WiTv+`HYBjpNUOAobAJgtRtv_uuc3o{$LQYbI@L&HCq(M
zn&Nd%scZZXCU3|y;hGA@YQ>0i6pBu|Ekz4N1=AjzHfw4y#{(_#{OF6+<l6HF+3teA
zp^{#=0DR(z=P8JO`AtGB#yiv{m%;##v_=x2^sVj3zS5^AM=%o$XCM>ApeLj_H|kQ%
zl{zg`t$x>45U%596E~qG>jP_9Lpz(~m2#dlCf*WW9^NgAhUrl)MfKKyX6@4fe-s%f
za=8S9EOj8(UVYd;4|{Ct{g5uH>UL#62=TUQ5QKxTCkkmW94c{Dn?S3uA7m2WHI1e-
zh*!j#@te~tmS+tlkog2#GPSp;w`U!)D+!TNW{-*D?DF!*U{xD;m|P8hl<svOPW`@t
z|NZ7CYdkn^<c<uKC)MTo6Q`-$E`u$O4ku2J+rm!br{auAeCdnYmT1f)L(G-+Ul0=@
z69m)7D*7-oA9TU_Y$I7a74FieMEbCF%Ojv&HffaP0=j;tBF#C}-5}#Rtfi7Lw<#<>
ze;M}UVreaN>XNN?;cd5beNa*PPj{>&RN0E8-FpNoREF*%oBioTy*{uyleXrtRa=xB
zB2cVF)xUb)%4YU;th5C(r0MzWcanmnc@GHgl%X9PwwPD9($<LkspKTWwYA_4f6mp|
zR$F^@pa>gQQ;zT3Q4G177?V*JuYbX&??)f8U_foGdMb;9k>5CQE!_K<&d?6;w0z~J
zGFh9{wNJkbgS-@i7{#u%NQ+YuWUI-suGjvF-;skf|0<+y#|IepzfIH;8${q&hP$ac
z+UUiBF|!6Tvb013LYG&|ZAp{ngPu5@gc3A`^lG=)5hHEiy?$lq3sm($vGk!s!^fCX
z$(lhtM&a~tT~<J_?TcFQEH@Ejj*T5*+f23nrQvWQ2X(Qyn~Y9{RHp2;gS}}r=albM
z;^$4S>DG)K=U#c@%5I%4aljt1YI%lCsRG`hvwx2TNRm1u{JKZ@^~+wLDKvFUtaJUB
z<F6Lo=L5QiJG-^_hrc;RI;k5KHP_J7Db2j;RFCBC+gyXHhRXDDnQK9KpiArC+nHcN
z<ksSqLN38+cY}unvpfCpy$A2t2~cXvokI2>{X~5~L7|WSC{A}zia;gY^U(fQrO0UJ
zWe;!`=5<^MW!dAM(yUvZCUw+NO<|t|hx6sD6Kz+oIJO}Dl(@;3nH+g5NjcQ9wB~u+
z=hP+TbhR%83m^Ws1IfyauAP1QwBGp8D}46CGebw5Q}NO^d4+Yd*Ll#!w6(OZIH%E~
z95&*o?i2HjhY3Do?S+x-vZ_>%A;LEI08~phU%1EHqd;8WM6{+;D~D2lLB6W?h!gv3
z_I>QUdEzlqagCi>3$Mrb<@{6Z_~m2gH-3hVUx19|(;Y6*kp`$f%W$u4DHYl`|AGNM
zTkmjm!3<x6pKffFJ+JAYiJZM|?)5@@+f6zzj)j5`kh@wHg9}UdbV-smif!#}QK19c
z0PAFQ-g6XzZm={QHAI1*Rm5z{W`9x}?%S+R05gm3oa~7}2_@<M!sc4gbBj9e*B%9R
z>cT4(5#VckBJqJRo#sQzZcFxV&ewXo!2Gx8`bu)YL@Ce=!#dTKOef&W7147#LdS~I
z?O$XPZ}1zp;aS{%8qRlOaN}8`ACKt5X+H`Dk}5;M%Iw{kx7G>jR%~i^Uih_Qr}qhW
zmj8#zdg@nfRG?PglVO>WHnCs;q!=<1q3wo>_GMD=m<0(l187`_-D<tTBdGz5Wx=Hl
zC49Xp@j8wQ9&EDX6WM*><m=$>@2!Z17%PhUZ_C|14OdMrw5PNsNuPJVw#gZ+R5R93
z=a)eEFNX=6Ur85gf;GikwgP9^pfCFhKmPmvN5t7<<R-;S;39UY@f(xlknxrKg%FqL
zib^+SvnzbCK(mrB4PUs0Q+DgbKX1V&T8xkP%#AkS2L3C!{*X&*dc|rA+wj)pGiW=e
z^2BF%!aznSiAPD%gO@cpOV=b}EK0R?V8}*nChxt9XPo$HsjI3lg&BM%DD}eZDR+l#
zx9NalNN*rCBWmr1m@VV6XK<3KsX9J#Avc50To+r8qc<MoeE%^&cwLz+w8?<ym~|S}
zI}-AvrT2(g)!J`^sf$6@c7q_dJx2>?qG6bQ4FZ!My==V4ZmVRw*;(+JiubwvR8RxO
zZ=yqTlVLbMp~n|ks;m4H``42^)`BeY2h9chm%mSB%jmrQE4kq`)8=0I)|rOx*i{)R
zxi)=12;VXIikqKk%(lJ+g(rmSjOS$21CRzt?!7*!+BzmcQ&@w~lrjTrrRP`)XAS&B
zq&uyJCu#zPdarha6G_{%lHP%#y1t@x%fVN*IWVZGMxf#Lb05QZ6wp!ZU1ecHhD8J*
zSgC0F;|L6<blB-|hW($V>Rue;vu5pkb?=9zE7HrgORgiT>E*?)adGxm*yLo=m>s1A
zg+;mdioYXatBtRW|1-O=#`m52_;{>SeNN`HZYxt6Pjsc?th=``sNb2xgYr*xwzYBm
zSyM>F%NJAZNs-ighuO@#3ihotRP^ED_)b7AP}+m=iCoiVf=MFUe2*A|vly>EY}^>~
z^nM|2vejzu7n}&U?=E;&h<<vaRlbSP=TzlRxle~gmnh%KE9#kT@qofbf_XvK5ewpA
zx&RBh<PptrU!IQO<p{Lc_Escjf%mRBuW7%Y@;)0!N?nly<>IXLF|)dPL$`_7Lm>O4
z>k+kAqd|tHL$%~C>jJKclh>^(C?)0eQ@9ce12LyqcwMj{v|}q%VlCg#Ni7RCoXTx{
z;4Xez#t+YmCNEIj(-}-U3aqa++XZOHtCIE8BLBbnz=|rMREP9hMhCo-J_|8ynZbKD
zynjFi+KU`AIzg)ntsTF3wV2d!eSC5whvz+D6-Xd!Z**c@jE%O^DGWC|oM*v!Bi*i=
z{yi>cn0L;0P67!tnP@2N9uvHJJDFLwkQFF7Wo3GbbtM{g=pKmwc61m(VXBo!w$h?#
zn=>p_L&N-V%x)|BGB&sl+o^3(1MhtwI)G9Y9pi4F7-ByT&25_|W~Ui*x`k)bGYclb
z=U9gA2e?5EsXb!-gATA;q#^b74A53-u!q98$&YL7PW(Pz->}{7X%OAj4#sJPC1O>X
zyh}vOEN@nYBv$;yrNE1I*Jq?V?!vbd5JfaIKg`kV)-Fz;_iWtPx_ySIDQ%HkahOA%
zX1jp@d*UrHqt@YCkYsH!gwGHub>M0h>AyOsO1kKBzF)R(I_x6D-}*fIc`Ev$^agPC
z7yeO?n;c5=IB8Dc+e=_&UzYWn7|Z(>J(5G-5DE`jepB!d2VBC3=xZA54@1RB=PJ5%
zW?H;9=j7ud_h!+Pz}jar*jUvv7E)vUJ7Z(9*@OEzi(R0f%0Olf77m@TJB2vsbWKR*
zzTLGA#<5ZRwU`eI%eO3>oG-&4i&7VKex3%&c&im$_eHs=Z0EdRP3y#?DMY!|8E?os
zgDjNYoT^we7mRmYtJcW$DT71NB_lQgl4NH7gR4w=XSwMvWZsi1)&*Jfk0X{s8%S|S
zgvw+mZt5RVI9Uc~TRH)W*@K>!EG+ENO}<gxDL8H=Sjmzq0&C|#Mb~E+15gT5@0zl7
zm$Rtodmf$Y<K*fw#e%~Ph8}9*ytT(v`d>MMKBxLtc!$^9GlRXZa0$$BQ*;QyYja?a
zhnOw03E=;?yOSGe>u#5yYSiAVQmk|VlZ2)#HI!QoF)U03XV)p60vT<U9(X^L$t8-8
zVv<{@t^y|4m|Uvu0)yVaE-N>eota1Pn{L?VPJJx$CKxKQB*k~>MY0h^Yv_jZmOl8!
z$c7Pnu46h#eMVMt82cK9UW@9;%FLt*i;q(rMpy%cP)JxjLD5iym;T^Rkrc=!ch~r?
zEOlMcz6mKdvk{w;wxf-Hxsm{bxr{szSAT-3J{v8XAuz4XXCI2dJf)x*l2FUFkIIT4
zcv{l{+fa{fj(eMg6?*u<uvw?UwiYk*7(GAk?aCaki9$;EH<3C6eSHR&IzLcyt+=h`
z1CU&{V*d{=X5RLvGVz^~ttON;xaojRWg@@gqWM7>6@IG00)6xZ>u=}xkEL!u)FsBf
zQxtpyi|uoG&OZ>jj;L%f$;?kqj7&PETha2o9?S=;d55G$RnzhEzF=dc&BIK&NTx;@
zJ-FBXaY~v2XOAUg)~2btrJe?P8}awsGa-`j(eX_5F#mLBZ3}<@jp(L+)LU8t+HDSS
ze}PkA3|TJuQokCe9eya)3#(YmpYW&8+A9aAk~g8;JWB%(`ocDun7dCiO|ovLfKRJ`
z8XeB`8UA+^TA2!=X3l@GgMjyGkIpVpAH=ct+F=_(=(eS%6NnUO5n`KHLH#C@=8W9Q
z+QU&BG<&9NnuIr<V<Fr38exf&37!kRsXJz6nGHX>lJdeB7d3o|4~T$xxtQ<E_KM8F
z9DY&bVp4k5E;N_U+EIM@?yx-(ypsQIVCC=o>_|~RW(>X}<wYy+Jfl}yaZ7xvSNf}1
zr%{T!@D9f-lE;edH}>Ub3Cs@;zdz@XJcf-exrSF~%|CT3#um|IMuzOM(GMLye<<H=
z=dhu>pKNw?^M3}@-Ci?_3EuHD$*L{m&6mUA+h@=wCb5>Zv=%>191ZZ0fFv>UN0P|S
z7G?<$Ll~ycr^5ovPTXMLEIOS52qp26?TkDZWAfc@<9ju@jU<m0S$M}03B_vLqvaEy
zq4zYTQRCk3_3A-~UjW2L(=19&-2N`$utF9IgamG)M}bQ8#J9H!oyn6<LJ=j9dD(Oe
zU%E}7eO-O;ma0H{W+;=^&EguByEGkMPeO(%Z>1&7(_zGL6e{h-s<BjBIyXzmt<%oF
zd2+jbf2}vj-H+NGhicAVqrA@04Zq?4YvBO%6+9`@sHl*XudBBbr~`~yZBwOo63ZEU
z7Dme@Len%F{$fMQjPx0PHy3l<JiqUXAVU335X2aru9ic`+gMa}lE(1k&`#NZF3_*`
zihuGBTGzh1T?mL>q)}`rY>R<>fz=(1w9NYHMSe%l(&W35%ONlwlDe0T{5rTLNtKDn
z7&qHjcM^QP(>p!i#<?D{YHlbjEKDPp*08zpk();9v6n+NfV=4sp`w+T&AU%`fBB`z
zu5c?eDe`8LU9VUdS4QDpj7&TV(}vTy2gNtRVy+w5mAp_Sz^9YNF|PzJ^}B31XFP5!
zqLbg6z{Vwes1)_oa$zb(85bEe=z}1PD!=d*gn2nLgm3i;_`nUexr)2kNn1l#TvIzB
zhxVgzsbW_pTZ&X%0_MM)2F;6N_-BuNl`^&Z>yKAoS0nLTi4kdgM5qYZX7^mscx!l~
zcR_52^8K?k?KRO_Rce7L5NAMVAdJcU>d(owvGOuS!|+9_TCBYq+%O-goOnYFowtnp
z_T%)+gF{cY;v#03(SSrWJ|37^*&PfBI>)%r+y<IO_obsIsJhDz*%-P{bp~uWzKt^7
zLC1P`pFb8FCMjAG;1VJ?wd16B5T~7fxG2h<@)LPXj4w$}QQ}WuVAI6fu~2!kDHJV0
zP&ju{F3B+O@6#E<CdTo6W==L6Xjusv<Z<7D5IcwA2bFC7f#+yM(PfkJt4%{00KhxE
zb5SfmJL+0@t&PsS5E%qPSF0NLd57xOEy$E5kXpp6>Kv8mt~7Fd(mT|=gB-a5kj%n{
zYd8};WOiNWV+8db=C=-TBy~J<zF1yCZCFYwVE;~xD@r0v-XS(TPQ*N{q5rN`rer<c
zHs_9JcScF9%xlWS6>Xj{ddPK-E!<4jXY(%j@Aof%QbgNNwl7UvlX9-*gq+eX#v(E(
zt8@x%>F|c0swUCtDs9&6UM}hV17SK$^48j}A>L=A&5l!6R!HNtM%E8!rh-pL?wk{Y
z@Fv+_ehb{zZFL}LO6-TrmB1^Ct2!q_iUHrx4(D3FgSaCj>ERm^l!}R}cvnP~yU&NH
zD1o)Nj!4`Vir7Xf-oaC`7WoIK6z?TZ;H3csV=pU(z7S-r!Fx8xxw)x^T6pdw=&fnA
zp=Bc@Qf=5KFPjsU!25>~#gMxMf+6|?weI9t0idx~vEmVr!uJ|kl$g5Cu>5@5wf2Fv
zmm{8Z=$qfwc#Gz>=d|*YlJAE%n_|%)QjfxAFJEyJRu3@7E2VolqexR+$u6=~S6<Q8
zMKI_*Nkw$3B`A-+lFXaXRWxcu-7b_M(0>x%suEZDdG-8PFdL4j2YY?I8Dv-3Z%x{}
zA+}?Vx#|HmpI!7oh*S4EY_t1rFw?<mG`41Gl0z;|h%BuOA-C#L(C$M2@wVhLJa=+v
zv8x=;=h{#1QViRZwp+ONDS)8yp!m^=xYM)JU%<ieqpp_0-_JsrH=V95c4g?^r2Qk*
z{d|OqTLQV;LDGNTKj6D&PCi5k;JJ0~`#@RZi11&+f;IBJUf8U#;j?Y&`k855dqFBq
zg4?+2w@0`q87k;>Z?^vI&zLA%Jq0`eQ%Nhe4lVe=T{FGaN3iJPY(G-e&?k&^nJaFF
zRQk2BtuG@IJV(~@I}N;(-Vwh4X|GpZYejG0Jb;vkIhdQfR;daJ#7${_fP8@H20AWZ
z2yA~N-u(w#W@6;cU4R!`A@2hHOhvGwOG2&_fE$~OPMlAwHGNeSoEUj4wiaNgVKYZM
z?a5ZHAfc<#dXl`)rVq6!z2nnDR*$O})JIBAW|VCan3%Zn-DR>7R|5{19Z-Om%OA~(
z|Db>9FZXnCShrEY1@!Gm>e5n$AY@EXmw^C|K`$vW=~xcIi-%rHS|v24x<0{*;TR^9
z^`1$(<@W-a@7Je;Yu*~-g3ib6zjVDclxvEgZrh=y43VvPF9xhBAvD0rC4ZQxi0B>J
z{GXh(3Y(1El7sN;lg4vH>^O*fp}-~Q?A398_sdZl^f_uuH-C1o_pWvi_kHV*$i3|v
zj06^4$l)5vs#`6^C+7aW8Kt_i5AOLW&Z)fY8<->zNr&t(A+_{LHY&PXa!=)};Xh>b
z#-VVFKlh0FvCp5VO?-RBdN*vytXXh^dC=r)Yk)Wf2HM9Dohu~u+xdi-CSLzoQ09I)
zSf5TA$dp925Geu7Jb|XZ7N3mS;|*f=fi4!2qdKxwV{GYY5|uDnZD?7Y+V|+vF*n&`
z2FJtl>6cej`-G_)4y;tNL(BPBdpB0*E7@pm2aJiQmfxH=f_`%4pBDWQ23PA7WuuFo
zw@@nTN~{LBndbR*>IYS<dBE8C^2>v|{jd!hhP0<FU6~Fs!dj^Of9+KMrUVNDxZ4fb
zpMJNh1$XH8?m3yjt#`k^s6JQ5d!6B#WMS0`D_<zG)RyxV#Xo20p07a`u*=&dX0XSF
zPh7Z~g{tX~09M}H^AzZ!C*2l}Kc-h_b|^b~nbj+rbINDS(Rb~2M?8}u;5_gx6pTt!
zlr5uFy{Y$iuuF#(h?rYSVQim|M$=Z}kE9}Nmp^3Q#`L-Lw@Yg9ef>D3)kcj&fc0`_
z4=^+jn74o0`}oy<)kYPqg^uqe2O*1RrW0~=5Q^}^wZZ70ksF@NYAm)v9%AJ(MPR=4
zV}K#;f@|r5dN7aRVy|A_tCzjGthj7n#%bL~1Rhhk@V<_Wnr)lS4toeTgbl|x%VfCc
zW8oQPlT+n{<i~5K+L!HEV0v&efM*DyJa_K{o<Ou2IZV1Q9iKzBWnO>_v;2{sM9~+0
zS9vQ|7brnXcp=w0puA2~u3_Qzumsq{`In3Xdw{OG>JWU4P^a#8A_eGF=vHj&3VP0c
z<=4^W=_Wk>nywe-u+L}S;~SFiw8ke^wWHYSqS1d(dTsSR;z!U@*3G`L(A=Xe#cInJ
zSo_tCF&6RSm8;>)YuUCduNi5@X8ijSjNcqT=gOHRu!Vts*GI9(YZ>)s;xUsD+^<tL
zRQ0V~W7{xZf$(61_D#a^E_s*!KyO?|@Zw~ppr492D#gcv*JiWnz1vgaBgTPYyX$w>
zCK;#M<6o8kHaLW&>r@kq(UCN{8r0h(^>DHuueA9lJrlHJ6z*m63VbngA}LuCmypEJ
zrytFabqQ!F3fo$@{lYSyU)@taO?M1X4k)aw*h;<Ac%|Hfq<<2D)`^s-!;)`m6z|cm
zhdq;_+#d?9c23so?L3pER{|v^!T&wwRsM9|BbyEQ4i!+C$G%RXWZ2%i7F!XwWqeCF
zkNG7{;_d*p6bRW)_Wfyth020?@IJ?jj9R;%ENN%gzy!|=&`pds9UF=sl*@Qm@DWyr
zGce6{E9I`ahcg5SdCb*V7^(w^Y+#1dTUe!N)$*8m0A~0N=j2Fkz`v9=b<PDl)$ekE
zYNZ)<UviI>17`MWuLnthx~AYW2B`@j!rAm{@^^DxA3k<>wp>cq>?HHsE7LsTSw1Zv
z<2j<R5o!^8eps`VOl$Z~#k<REpKP89uabM%F%yd>@3DdQ-Ef@O2cqY(pSc2qS+`A6
zLf4vZpm+&U@=pZn=!sR-WZn!`t@K7Rkej?F6=m5rWTLa3{`~0|gqaw~7KNskZRcQ!
zKRr4E9_h%T1O$@^M7#2B%p1X*JZ(fCdl=w)0^DIr@v?b(>ALtCQc>j({LEyfx@q9<
zh%L-*Q73*pq|VJ|+dj7dI1GQr!(+<ymkhykzS{?ebztQ@fH}qkP5D-mRYrOBhy4zu
zjb)W|XL}#lA7LPwD6yX2Za8!sXR@m029Syhxn|>Z@sw?1*lxw0!sPg(g@E9M3z@X#
z#L&sFnkU(g0l|X+ijoR#9yMh0O2N)cTJJW|bY@s?kmPM3es#CzPg!X-;U#t~y1!&_
z&CTDv!`n1WnqiZq<qD4!x$Mo;{r+G^CMjX0(K|vK;43(|fhFf1Qphq(x}S-^>Wq1R
zQo$@DMmW%5J>t9eCr$FfH1vg(!iG@WkLBr|%8wf*rh-=`xjBPzVBpasp5SJ&4{HR-
zxB3Rbkr(-4n>fUiiv3X{M?jqp!@?&F%h(eNQdGw^3ah2qEY-vKc~cZWe?1}vM)`L{
zGiOp1z_)O3oUsVNoD10chsqRpXHe4y(s6M<&-)O^GP@pDA4so_1we^MU;}-{vSfj}
z0Eu<-O8k>F|Ln6r%tw~Vuk8^TQJApVqK?)Drav%<tL}8d@sB~9%Lpz;rJ2I0PT^bn
zjyv|19_Y0+rTf5xI&>yL-IV#p3h@BtHAbklQ-olfy^+p7K)h!^fPaJcb6Uz+5{G-?
zcEz##;9m=#Zt-OkvEH6!J+*W0Lz;D{`>qJY^waJFwzv+M#V~MBZN`XPmD3p<93N?1
z^v{p2hBeIU2S8u1E~`33c3#5nZI64hhOC$DNXisF`&MDeP58UicJ4I;p93`gY=$@Z
zi^e`#v1XDsuEC8k%9BXsg>oJJt<u|bXsh`N7Cin3hYM(62klQdyZyISN5vzDotAI1
ziDP=yWL?{dO8U0geD2ofv%!x*J13iuMx_SL01VT@)r8z@5AK2Q`S9|;^fq=MFw}K<
zpPLTrLr@b3Ztn>N|B4F>AN}A#$Y$3f@{#Z0;TPul*Zjq=^4N~`yLLj+hduYMnTZaG
z;{a^elRm%xCf&zh__xDcaxfH0GB9?XQm|6JaaCYY<Ot=2qK!u0MZWkvArO5H2h&YI
zmD`qq0XYhBz4Tlkv275qf07<?uUmUXap~&oFq$bLDmrUO>n|~ZXTbo{0TXh{Ko{%B
zi-M6kf<8QpkyNB+c(F9>iK@-D<<Ziy+mkff`%j?cMcY-+@bV_o)&j0|k{rHiQ`-sF
zv!jwwYdZsN<fnwn6Rro~)R=$#EeJ+UI{j@~4{0fg6QpYHoXcHXZt|E|7k&W^15YX9
zg_zj~r7dw$5r{Zl_Kh2^*uxX;9mbaVC*$s)nL?<~`of|-Bafltx&l-V;>3FogH+-(
zRID~#gAS{iB+4WukOxAuSffqb#12<YLF)n4i*@B(hx;4%23@q<SoHAlu=!ATE8E>A
z#2}2~E1FrP=kd5DoL7I$*MPEJPv9Ko$f|kz$*%a4pnCOaQCRli_a;e^NmhTUa+a&o
z`k<A?H`O)D`Ce-~p1w^-evEaMi36DcqsF}9<obf~3L1@Z9BF(iDe9aDk1mn1Jz`cD
z3%|*z;e^8XWpooQ3IM#0;HxA>F6}vG)evxsr3K6erQ%HqeCpCqHBZv{8J_iVPg2XS
z;tR$zgm0b{?zWT!spNr-x91q#Z|Lby37$i#a|+OWIU)Fl;{Hg?@bUnGHoD|KdSAfZ
zzc73#VGzHhL?OQO)BrrTdjPF_rYV@Vxml*IVh<ErnGpY}Jp+$_q^!K2R)-EBz9e7w
zCzbpuZJWc8`N_A&bxl+9$5>DKueUoV4JAGhuLnX@bQdeEU*7=gj6!r;cGxAW-uo*A
z<98Zq+Po@(Vl#|1VsEvD@B}-%TrE-}QTIGnSb<`Ns<6*5r!M^FICw5#qt0LBb|QnL
z8SK<nA08vLE~t7XHC!9Yah=V#+NobOA)sE_P|89kh}CKpXc&}r7?G(}{ND;4)|Z`a
zpmviJ?~}E2;qpc(HESNx&o9LiSXWTViw_Jfl>%q4g7X07^=?Xam=!$?Ec?Ra!`G8K
zcnc|i`5L2o#ekyjVWmVSt#m2{d?$sb#>V=KV2<fA<MoGfLM;J`j<eLYANb<T3b?lC
zrims-O33anTFXR4kw+w(znXBwnr^3FR=c?qc@i*(_$zuwxaMC35@`+j){9KRb8ON)
z^J<ZzG+gL8kRRr3PrqA8b6ec<H=)JgD_?0ir5=&AWLTJwz7^GxG4}LHS(r<1kW}3{
zY0_>8%1@N@LjJ&J`4`+-0nuF2I!^7vuy#QGP<#wRu`P8uk%2*tMsYggo}m7E6OBlB
zlT>4O)^xYkfWFcv4D-*uCO9M;z3qRjPNhws`+Ua~qPtEjv6gTE%@?wp!gjNpv>3c4
z(7ImkOMs)Z(lNQR>tcTvv7{G>b%~ePvMzfB3kk*C9HMGNGM+t?_OQOA?4Y)!!zS99
zbg}9>GAb-AS3c6zaE_W4KNq`5Re<`q`T~LbuX_Ng(76~`rlIQ_BIU|ZG}_0i!!}!)
z2qrPPyt1jfHOM5iMW7Wa&Vj5ApEYGjw}EZu+%6erZ1_izBeBz4bn_S9Qwv4Rru<^a
z|0uD7MKoL*ojRTz#~~fJy9K5G=HeA}7#*x={5|7z<*zMd>s1NNE9vH97e`(T*cqvB
z!vzca0DN{`7IL(Eh1+wVz7{;`rpuB59!!?&I~pJTqRG8Y{fu`3*tW<<=F!!}ejq*r
zg{iZd{3c*`gDi|ow7p&i)lQAh)FW0nxbJY8TpI|EJW~Se@6h~P)34I#^;ro*a47g_
z();q!T~S<FM*TLwF*aGvu!a}h5JUMCg`$inUXdMvP^w_D?o@eh@+|{E&t<*XtE)MG
zV`>#4oe*%%h5277EbQPTtrLGOIM7`7R(doXn|}I{Q=N=A(nta{fBMVOD4G&|i@qLz
z>~YkFl41VuHU~2(?Lm^)85a+4JQG%97@cPVlF`0&h9LJzZ}2981@`Arq|jI7aakFq
zUg>0Z^9~rcckpx2s&*`J1NHzb2sVIdek)DT8$HmCLHvRam>5a$h3L{=ywXVl^ijJQ
z;)DHoL`tJM=#^={9V@!q4)%S{sknaB63UXN_Y3coO#;>^eft?|maeOzNx1DiYbqs)
z47phgU9dDyYKN3w6?&;TK=V_6I4qalF)wIBFT4glae`HQe<K(l_o<$Ho}lRHM@bt2
z2<2&`;HgfWfD|lVjrMZ>n9nR=P<HA$1HR0GlW`vMO3B3$>ZfhD&pwqUW71Z$g|C#>
zoG-?x$-On8OIF4jV?a1eJz%z%4E;soVwJ_787uspMpjk>^tBBc2JPx~ra-ginna4L
zeeS0`v-ZH&cyAVug%b<do#VLn8O}@J0%#3DI)4Xu_pp*f4~q=#dE@t%&%~6hWj#Vd
zt83_w$-4%pZ5*K;SdL7<MwC~JFSRcz10DE}L1B}c=cBY1^%dO}HN%PT?nX}9Z7JV8
zbJB}j6Z|}~Kt6x$V#_wBB%_p&+=VF}Tkru_s?+qu9$@?D!vE&+?$(WNUatS~J8wyI
zr(v3ylcK#@)$#IW9=u+Y43#vBa^YasQY&B;J`;IBGARHsB~E)NT6^=swH!Iar9YwH
zk9Thq?6TLCVzqD-3`pwjX3Nf19!tThHe18d=$4orcOAT~%Qu58GHIfeX4hI_j3=VA
z*h=O7k?htcYHZWqts+PPW+;)BHFdgjXkv$8{pX5d%bMV8L8^D>2mU%7B`O!)y=2a$
zBn$I@w}%$zM@au!RsHf+o@6~oHXNNC20q#4Jy&bR{o^A~$@(ODi6l$&^NFqMgA>GD
zva)$a@Ud5X4(O&UpxWbxNRJt9$<F{a&9@fo&b1ucq3rgPm@}&l!xQ$NK^W(A)3cI%
z?@$Qkj3s*+%4^qW4fkdoHYT}*$CV4FspspVe^IM|PlpC}r)G;J+cgdEv5m^6+lAbb
zCC3P1R4WSgeiWIvEE&^wyg>nb7hZ{_i)cqcF0i)q?kxB<z15$6eaUJL&^$rztW&t8
zO|Domkc!<)q3U{9X7ct-<D`c}sCxxx+O+^8bu<V@PM@{#ZkiGEm2ku_T`-QQny&Wo
zEtW)}FuDb~!j%Jn9}5H34uQYX!oUY`c7GkLtY9_~Dx2uF1-jFV{~9*`aIO!0YfF2j
zXsr`%a%tc89`W0Gur{%Y*mvX0QN-zc4VisAL=MpJ%9@9{_`lIfU_bU&n9WA|u*Ve6
zy5QNCYWv&p$Ay?u2gCl?VQ|jHXXge8T&u2WBVWOUKkFb`@;y+*g%J35`iHx<YFMp0
zO~Nf1;d_)#AvVanDa<|udEcIs$heVC#9yjW&^nTw_dXSrl*pmA?Y<QTqf&)aOS5Lo
z9p>AJCvAVTOWq)##=CeO%~?cysw(`h)oFDZuao9-!+bw)7|9#IGd40Fd1{NSvZZ$+
ze_^uD+KP5SY`C~ehH`(&p!~yQ$tl$<`MTf;4wo}<^^P5k5vFD^lzkZWw7aQil=_Sy
z=7G-m2HgoSIMMzr&DQI06;KN1WAq59g#%Dw)2v#te4i!zj9}y!M33idLXn!zcO>(1
zUjOqc1ZJS^gC6Rp#zj4UDm&~Z#37F{2*Ms7?iIeJe7vC`quy%9I;P%5cJ3}XBI!yQ
ztjGkOs(*sFrdNB1(VI_7f=m2$B7~6n7HHrDu$?rx@3Ou9kGOLHa|hTHzN5JJZHm-*
zXjoJ#Chp=er*cOj09$)@z(LJCk^58NerH(zawZJ=Xq#bg)c6pG>Ol6?NtoA?P~XDj
zFw<qKAfUu5nNX<FX!d_tsU#ASsy1thR|UYz)A7WwJLXGxRI>F*p+f)gSjwC@b%N<w
z%?!|tYSJh0`Mmwb<E>&p<sv9&D|{GB4ytoxE8%0cILXD65UuDJan{?yIBoI<Kny4@
z;s;2&m<)DbbYx$uAq&7$qz$wmhMcVu-o45ygH!igUA>w*v7AGIr;^Uw4_jxm1yTBE
z73_J!^Jt<HHqlyq(-g)8QL|<NDo)}d69lflQwi7vU)@6;0Ro2UX(*@|*F1h>KbWVH
zmEMV`D)Tp++z568R#IGDuzSz3(xAXeiy*PtL5iJC)8`~Nk0P~~^L_+ImXYog!ol|#
zmdh%gC7;agPeZR@D`PH)DH8!pOX;P|*DMbE(ot0J$sOHL)z9)iK5v`eXHFj4r2o;X
z8UU(@;@nY%DlOVVAohV+++=ssHfZuxZ|rF<Ndio<6(j)pz+?x$l^BQH+ED&l8ej(0
zm*qX)yFOB4bF)-<KH8W*PgS*Jj<5x$S(6YUZP>{}=LvIYmPMz63{LG4*T<EujVVh3
z#pN!3vBIWQ4y{!bUKSa5e<}S})3M}}k+I|Mz<w6_6|wlm{v&t-GY@oAH;-4CG)Y_q
zdC+9ggSLL#TgRoUaKiIxoXxWQfkLCKK8}t7D)Ujy#8`pApT(ziN*z*4AJG<K9oc!y
ztHMb+9D8Z_j~^KLv{AabCt-BYDuDe<#ZnJ%jW`V)y1{%{b$4OLvrKY~*eb_!n~Wpn
zc2;IHjOu=|yoJ|xaqmcgFGL$T`<p|)#vRl}5oD8<OZ#vtcFt<vTP>->Yf7vsMD*0F
z%v@bQzK&-4*0$V|ZkNwzfvU6i>m$l{(8U7ZYNh2FWkv2aK^WZ83BUG_pP2vk@pu21
ztt|f$w*Ln^(v`-fOrnuI7oVGytYJ}2gOnrdNDSC0E*()ae@w{uJL<nywx2KfnyfFA
zsc#cp-XTvX)4KMbn~t%Ds=LnP)yojLc{A@Pt!isf1h)H~zz2dk`KK5K{8&N`A0X#|
z1-+*F1mz*5$?AsH-0_|B>_TKh6xJhjUF?$bkK_OIVgCQ$|9=Ai&!51r^LwuuKq_lx
Wz5izpeyhiE<WSJh4L+y;`M&^Tpq}Lb

literal 0
HcmV?d00001


From 1379a7ca309e438a6c501e064a8383fe45bb8e0f Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Mon, 11 Oct 2021 20:50:51 -0700
Subject: [PATCH 047/105] Update healthattestation-csp.md

---
 windows/client-management/mdm/healthattestation-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index dd83b691f5..5893a45e9a 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -51,7 +51,7 @@ The attestation report provides a health assessment of the boot-time properties
 
 ### Attestation Flow with Microsoft Azure Attestation Service
 
-#add image
+![Attestation Flow with Microsoft Azure Attestation Service](./media/maa-attestation-flow.png)
 <p>Attestation flow can be broadly in three main steps:
 <ul>
     <li>An instancne of the Azure Attestation service is setup with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>

From d37e40168e91c6923ea297c6b0712d60e9b51299 Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Mon, 11 Oct 2021 21:50:17 -0700
Subject: [PATCH 048/105] Update healthattestation-csp.md

---
 .../mdm/healthattestation-csp.md              | 31 +++++++++++++++++--
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 5893a45e9a..f84f0fae96 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -49,9 +49,17 @@ The attestation report provides a health assessment of the boot-time properties
 <li>Receives a signed report from the Azure Attestation Service instance and stores it in a local cache on the device.</li>
 </ul>
 
+**MAA endpoint**
+Microsoft Azure attestation service is an azure resource, and every intance of the service gets admin configured URL. The URI generated is unique in nature and for the puposes of device health attestation is known as the MAA endpoint.
+
+**JWT (JSON Web Token)**
+JSON Web Token (JWT) is an open standard RFC7519 method for securely transmitting information between parties as a JavaScript Object Notation (JSON) object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.
+
 ### Attestation Flow with Microsoft Azure Attestation Service
 
-![Attestation Flow with Microsoft Azure Attestation Service](./media/maa-attestation-flow.png)
+![Attestation Flow with Microsoft Azure Attestation Service](./images/maa-attestation-flow.png)
+
+<br>
 <p>Attestation flow can be broadly in three main steps:
 <ul>
     <li>An instancne of the Azure Attestation service is setup with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>
@@ -67,12 +75,24 @@ Windows 11 introduces additions to the HealthAttestation CSP node to integrate w
 ./Vendor/MSFT
 HealthAttestation
 ----...
-----TriggerAttestation
+----TriggerAttestation                    |
+----AttestStatus                          | Added in Windows 11
+----GetAttestReport                       |
+----GetServiceCorrelationIDs              |
+----VerifyHealth
+----Status
+----ForceRetrieve
+----Certificate
+----Nonce
+----CorrelationID
+----HASEndpoint
+----TpmReadyStatus
 ----CurrentProtocolVersion
 ----PreferredMaxProtocolVersion
 ----MaxSupportedProtocolVersion
 ```
 
+
 <a href="" id="healthattestation"></a>**./Vendor/MSFT/HealthAttestation**  
 <p>The root node for the device HealthAttestation configuration service provider.</p>
 
@@ -360,7 +380,7 @@ c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo"
 <br><li>Call TriggerAttestation with your rpid, AAD token and the attestURI:<br>
 Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Azure Attestation) | Microsoft Docs</li>
 <br><li>Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties:<br>
-The decoded JWT token contains information per the attestation policy.
+GetAttestReport return the signed attestation token as a JWT.The JWT can be decoded to parse the information per the attestation policy.
 <br>
 
     
@@ -422,6 +442,11 @@ The decoded JWT token contains information per the attestation policy.
 </li>
 </ol>
 
+### Learn More 
+<p>
+More information about TPM attestation can be found here. <a href="https://docs.microsoft.com/en-us/azure/attestation/" > Microsoft Azure Attestation </a>
+</p>
+
 ## Windhows 10 Device HealthAttestation
 
 ### Terms

From f6321598c11184393b90ee8f57c0551ef1d4e8dc Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Mon, 11 Oct 2021 21:52:09 -0700
Subject: [PATCH 049/105] Update healthattestation-ddf.md

---
 .../mdm/healthattestation-ddf.md              | 571 +++++++++++++-----
 1 file changed, 404 insertions(+), 167 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index d7209b1cf2..651900e2d8 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -22,193 +22,430 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
 The XML below is the current version for this CSP.
 
 ```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
-    "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-    [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
-<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
-    <VerDTD>1.2</VerDTD>
-    <Node>
+<?xml version='1.0' encoding='utf-8' standalone='yes'?>
+<identity
+  xmlns="urn:Microsoft.CompPlat/ManifestSchema.v1.00"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  owner="Microsoft"
+  namespace="Windows-DeviceManagement-CspDefinition"
+  name="HealthAttestation">
+  <cspDefinition>
+    <MgmtTree>
+      <VerDTD>1.2</VerDTD>
+      <BinaryPath>$(runtime.windows)\system32\hascsp.dll</BinaryPath>
+      <Diagnostics></Diagnostics>
+      <ComClsid>{9DCCCE22-C057-424E-B8D1-67935988B174}</ComClsid>
+      <Node>
         <NodeName>HealthAttestation</NodeName>
         <Path>./Vendor/MSFT</Path>
         <DFProperties>
-            <AccessType>
-                <Get />
-            </AccessType>
-            <DFFormat>
-                <node />
-            </DFFormat>
-            <Occurrence>
-                <One />
-            </Occurrence>
-            <Scope>
-                <Permanent />
-            </Scope>
-            <DFType>
-                <MIME>com.microsoft/1.2/MDM/HealthAttestation</MIME>
-            </DFType>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>The root node for the device HealthAttestation configuration service provider.</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.4/MDM/HealthAttestation</MIME>
+          </DFType>
+          <Applicability>
+            <OsBuildVersion>10.0.10586</OsBuildVersion>
+            <CspVersion>1.0</CspVersion>
+          </Applicability>
+          <ExposedTo>
+            <Wmi />
+            <Mdm />
+          </ExposedTo>
         </DFProperties>
         <Node>
-            <NodeName>VerifyHealth</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Exec />
-                </AccessType>
-                <DFFormat>
-                    <null />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-            </DFProperties>
+          <NodeName>VerifyHealth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Exec />
+            </AccessType>
+            <Description>Notifies the device to prepare a device health verification request.</Description>
+            <DFFormat>
+              <null />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <OneTimeExecution />
+          </DFProperties>
         </Node>
         <Node>
-            <NodeName>Status</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <int />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>Status</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Provides the current status of the device health request.  For the complete list of status see https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
         </Node>
         <Node>
-            <NodeName>ForceRetrieve</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                    <Replace />
-                </AccessType>
-                <DefaultValue>False</DefaultValue>
-                <DFFormat>
-                    <bool />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>ForceRetrieve</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Replace />
+            </AccessType>
+            <DefaultValue>False</DefaultValue>
+            <Description>Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.</Description>
+            <DFFormat>
+              <bool />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <AllowedValues ValueType="ENUM">
+              <Enum>
+                <Value>false</Value>
+                <ValueDescription>False</ValueDescription>
+              </Enum>
+              <Enum>
+                <Value>true</Value>
+                <ValueDescription>True</ValueDescription>
+              </Enum>
+            </AllowedValues>
+          </DFProperties>
         </Node>
         <Node>
-            <NodeName>Certificate</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <b64 />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
-            </DFProperties>
+          <NodeName>Certificate</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Instructs the DHA-CSP to forward DHA-Data to the MDM server.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
         </Node>
         <Node>
-            <NodeName>Nonce</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                    <Replace />
-                </AccessType>
-                <DefaultValue>\0</DefaultValue>
-                <DFFormat>
-                    <chr />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>Nonce</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Replace />
+            </AccessType>
+            <DefaultValue>\0</DefaultValue>
+            <Description>Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server. The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <AllowedValues ValueType="None">
+            </AllowedValues>
+          </DFProperties>
         </Node>
         <Node>
-            <NodeName>CorrelationID</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <chr />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>CorrelationID</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <AllowedValues ValueType="None">
+            </AllowedValues>
+          </DFProperties>
         </Node>
         <Node>
-            <NodeName>HASEndpoint</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                    <Replace />
-                </AccessType>
-                <DFFormat>
-                    <chr />
-                </DFFormat>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>HASEndpoint</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Replace />
+            </AccessType>
+            <DefaultValue>has.spserv.microsoft.com.</DefaultValue>
+            <Description>Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <AllowedValues ValueType="None">
+            </AllowedValues>
+          </DFProperties>
         </Node>
         <Node>
-            <NodeName>TpmReadyStatus</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <int />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>TpmReadyStatus</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description> Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state.</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>10.0.14393</OsBuildVersion>
+              <CspVersion>1.1</CspVersion>
+            </Applicability>
+          </DFProperties>
         </Node>
-    </Node>
-</MgmtTree>
+        <Node>
+          <NodeName>CurrentProtocolVersion</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Provides the current protocol version that the client is using to communicate with the Health Attestation Service.</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>10.0.16299</OsBuildVersion>
+              <CspVersion>1.3</CspVersion>
+            </Applicability>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreferredMaxProtocolVersion</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Replace />
+            </AccessType>
+            <DefaultValue>3</DefaultValue>
+            <Description>Provides the maximum preferred protocol version that the client is configured to communicate over. If this is higher than the protocol versions supported by the client it will use the highest protocol version available to it.</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>10.0.16299</OsBuildVersion>
+              <CspVersion>1.3</CspVersion>
+            </Applicability>
+            <AllowedValues ValueType="None">
+            </AllowedValues>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MaxSupportedProtocolVersion</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Returns the maximum protocol version that this client can support.</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>10.0.16299</OsBuildVersion>
+              <CspVersion>1.3</CspVersion>
+            </Applicability>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TriggerAttestation</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Exec />
+            </AccessType>
+            <Description>Notifies the device to trigger an attestation session asynchronously.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>99.9.99999</OsBuildVersion>
+              <CspVersion>1.4</CspVersion>
+            </Applicability>
+            <AsynchronousTracking ResourceSuccessURI="AttestStatus" />
+            <OneTimeExecution />
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>GetAttestReport</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Retrieve attestation session report if exists.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>99.9.99999</OsBuildVersion>
+              <CspVersion>1.4</CspVersion>
+            </Applicability>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AttestStatus</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>AttestStatus maintains the success or failure status code for the last attestation session.</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>99.9.99999</OsBuildVersion>
+              <CspVersion>1.4</CspVersion>
+            </Applicability>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>GetServiceCorrelationIDs</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Retrieve service correlation IDs if exist.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+            <Applicability>
+              <OsBuildVersion>99.9.99999</OsBuildVersion>
+              <CspVersion>1.4</CspVersion>
+            </Applicability>
+          </DFProperties>
+        </Node>
+      </Node>
+    </MgmtTree>
+  </cspDefinition>
+</identity>
+
 
 ```
 

From 99fe9c6f5e2856d84c52a0925a5522df3146ad49 Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Mon, 11 Oct 2021 22:06:23 -0700
Subject: [PATCH 050/105] Update healthattestation-csp.md

---
 windows/client-management/mdm/healthattestation-csp.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index f84f0fae96..d8b7e7ed5a 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -233,6 +233,9 @@ This node will retrieve the service generated correlation IDs for the given MDM
     If Trigger Attestation call failed and no previous data is present. The field remains empty.
     Otherwise, the last service correlation id will be returned.
 
+> **_Note:_** MAA CSP nodes are available on arm64 but is not currently supported.
+
+
 ### MAA CSP Intergation Steps
 <ol>
 <li>Setup a MAA provider instance:<br>

From 4988c8cf4f59a11fac5eca1f9e698ff78d5eb486 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 12 Oct 2021 11:30:07 +0530
Subject: [PATCH 051/105] 5488965- EICC Updates-Reimplement

Re-implemented EICC CSP updates as per task : 5488965 (Need to go through and re-implement these text changes if they are not already present:
CSP changes - https://github.com/MicrosoftDocs/windows-itpro-docs/pull/9138

DDF changes - https://github.com/MicrosoftDocs/windows-itpro-docs/pull/9137)
---
 windows/client-management/mdm/euiccs-csp.md   |  30 +++
 .../client-management/mdm/euiccs-ddf-file.md  | 206 +++++++++++++++++-
 2 files changed, 233 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 97ae6b939f..c9219f4340 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -62,6 +62,36 @@ Required. Indicates whether this eUICC is physically present and active. Updated
 
 Supported operation is Get. Value type is boolean.
 
+<a href="" id="euicc-ppr1allowed"></a>**_eUICC_/PPR1Allowed**  
+Profile Policy Rule 1 (PPR1) is required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 is not allowed.
+
+Supported operation is Get. Value type is boolean.
+
+<a href="" id="euicc-ppr1alreadyset"></a>**_eUICC_/PPR1AlreadySet**  
+Required. Indicates whether the eUICC already has a profile with PPR1.
+
+Supported operation is Get. Value type is boolean.
+
+<a href="" id="euicc-downloadservers"></a>**_eUICC_/DownloadServers**  
+Interior node. Represents default SM-DP+ discovery requests.
+
+Supported operation is Get.
+
+<a href="" id="euicc-downloadservers-servername"></a>**_eUICC_/DownloadServers/_ServerName_**  
+Interior node. Optional. Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
+
+Supported operations are Add, Get, and Delete.
+
+<a href="" id="euicc-downloadservers-servername-discoverystate"></a>**_eUICC_/DownloadServers/_ServerName_/DiscoveryState**  
+Required. Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
+
+Supported operation is Get. Value type is integer. Default value is 1.
+
+<a href="" id="euicc-downloadservers-servername-autoenable"></a>**_eUICC_/DownloadServers/_ServerName_/AutoEnable**  
+Required. Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created.
+
+Supported operations are Add, Get, and Replace. Value type is bool.
+
 <a href="" id="euicc-profiles"></a>**_eUICC_/Profiles**  
 Interior node. Required. Represents all enterprise-owned profiles.
 
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 38bb8e5f6f..f7d0851746 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -49,7 +49,7 @@ The XML below if for Windows 10, version 1803.
                 <CIS />
             </CaseSense>
             <DFType>
-                <MIME>com.microsoft/1.1/MDM/eUICCs</MIME>
+                <MIME>com.microsoft/1.2/MDM/eUICCs</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -58,7 +58,7 @@ The XML below if for Windows 10, version 1803.
                 <AccessType>
                     <Get />
                 </AccessType>
-                <Description>Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.</Description>
+                <Description>Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen.  The node name is the eUICC ID (EID). The node name "Default" represents the currently active eUICC.</Description>
                 <DFFormat>
                     <node />
                 </DFFormat>
@@ -79,7 +79,7 @@ The XML below if for Windows 10, version 1803.
                     <AccessType>
                         <Get />
                     </AccessType>
-                    <Description>Identifies an eUICC in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID.</Description>
+                    <Description>The EID.</Description>
                     <DFFormat>
                         <chr />
                     </DFFormat>
@@ -118,6 +118,139 @@ The XML below if for Windows 10, version 1803.
                     </DFType>
                 </DFProperties>
             </Node>
+            <Node>
+                <NodeName>PPR1Allowed</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 is not allowed.</Description>
+                    <DFFormat>
+                        <bool />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
+            <Node>
+                <NodeName>PPR1AlreadySet</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Indicates whether the eUICC already has a profile with PPR1.</Description>
+                    <DFFormat>
+                        <bool />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
+            <Node>
+                <NodeName>DownloadServers</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Represents default SM-DP+ discovery requests.</Description>
+                    <DFFormat>
+                        <node />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <DDFName></DDFName>
+                    </DFType>
+                </DFProperties>
+                <Node>
+                    <NodeName></NodeName>
+                    <DFProperties>
+                        <AccessType>
+                            <Add />
+                            <Delete />
+                            <Get />
+                            <Replace />
+                        </AccessType>
+                        <Description>Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.</Description>
+                        <DFFormat>
+                            <node />
+                        </DFFormat>
+                        <Occurrence>
+                            <ZeroOrMore />
+                        </Occurrence>
+                        <Scope>
+                            <Dynamic />
+                        </Scope>
+                        <DFTitle>ServerName</DFTitle>
+                        <DFType>
+                            <DDFName></DDFName>
+                        </DFType>
+                    </DFProperties>
+                    <Node>
+                        <NodeName>DiscoveryState</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                            </AccessType>
+                            <DefaultValue>1</DefaultValue>
+                            <Description>Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.</Description>
+                            <DFFormat>
+                                <int />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                    <Node>
+                        <NodeName>AutoEnable</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Add />
+                                <Get />
+                                <Replace />
+                            </AccessType>
+                            <Description>Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created.</Description>
+                            <DFFormat>
+                                <bool />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                </Node>
+            </Node>
             <Node>
                 <NodeName>Profiles</NodeName>
                 <DFProperties>
@@ -145,6 +278,7 @@ The XML below if for Windows 10, version 1803.
                             <Add />
                             <Delete />
                             <Get />
+                            <Replace />
                         </AccessType>
                         <Description>Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
                         <DFFormat>
@@ -167,6 +301,7 @@ The XML below if for Windows 10, version 1803.
                             <AccessType>
                                 <Add />
                                 <Get />
+                                <Replace />
                             </AccessType>
                             <Description>Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.</Description>
                             <DFFormat>
@@ -192,6 +327,7 @@ The XML below if for Windows 10, version 1803.
                             <AccessType>
                                 <Add />
                                 <Get />
+                                <Replace />
                             </AccessType>
                             <Description>Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
                             <DFFormat>
@@ -256,6 +392,70 @@ The XML below if for Windows 10, version 1803.
                             </DFType>
                         </DFProperties>
                     </Node>
+                    <Node>
+                        <NodeName>PPR1Set</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                            </AccessType>
+                            <Description>This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
+                            <DFFormat>
+                                <bool />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                    <Node>
+                        <NodeName>PPR2Set</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                            </AccessType>
+                            <Description>This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
+                            <DFFormat>
+                                <bool />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                    <Node>
+                        <NodeName>ErrorDetail</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                            </AccessType>
+                            <DefaultValue>0</DefaultValue>
+                            <Description>Detailed error if the profile download and install procedure failed (None = 0, CardGeneralFailure = 1, ConfirmationCodeMissing = 3, ForbiddenByPolicy = 5, InvalidMatchingId = 6, NoEligibleProfileForThisDevice = 7, NotEnoughSpaceOnCard = 8, ProfileEidMismatch = 10, ProfileNotAvailableForNewBinding = 11, ProfileNotReleasedByOperator = 12, RemoteServerGeneralFailure = 13, RemoteServerUnreachable = 14).</Description>
+                            <DFFormat>
+                                <int />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
                 </Node>
             </Node>
             <Node>

From e3c58d28aa8dac13e3b74da19a1f991ba988d269 Mon Sep 17 00:00:00 2001
From: Alice-at-Microsoft
 <79878795+Alice-at-Microsoft@users.noreply.github.com>
Date: Tue, 12 Oct 2021 16:50:09 -0700
Subject: [PATCH 052/105] Diagnostic data requirement (safeguard hold queries)

---
 .../update/update-compliance-feature-update-status.md       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 9b3662595f..f1909128aa 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -45,9 +45,11 @@ Refer to the following list for what each state means:
 
 Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release. 
 
-## Queries for safeguard holds
+### Queries for safeguard holds
 
-Update Compliance reporting offers two queries to help you retrieve data related to safeguard holds. The first query shows the device data for all devices that are affected by safeguard holds. The second query shows data specific to devices running the target build.
+Update Compliance reporting offers two queries to help you retrieve data related to safeguard holds. These queries show data for devices that are configured to send diagnostic data at *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
+
+The first query shows the device data for all devices that are affected by safeguard holds. The second query shows data specific to devices running the target build.
 
 ![Left pane showing Need Attention, Security update status, feature update status, and Windows Defender AV status, with Need Attention selected. Right pane shows the list of queries relevant to the Need Attention status, with "Devices with a safeguard hold" and "Target build distribution of devices with a safeguard hold" queries highlighted](images/UC_workspace_safeguard_queries.png)
 

From ad7c23fb423ad6dd25f8a3a9b3c5ebbad27df06c Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Tue, 12 Oct 2021 18:01:36 -0700
Subject: [PATCH 053/105] adding new message around WHFB cloud trust

---
 .../hello-for-business/hello-deployment-guide.md             | 5 ++++-
 .../identity-protection/hello-for-business/hello-faq.yml     | 4 ++++
 .../hello-for-business/hello-identity-verification.md        | 5 ++++-
 .../identity-protection/hello-for-business/hello-overview.md | 3 +++
 .../hello-for-business/hello-planning-guide.md               | 3 +++
 5 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 80a1ca91b3..4e7d1f7942 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -50,7 +50,10 @@ Do not begin your deployment until the hosting servers and infrastructure (not r
 
 ## Deployment and trust models
 
-Windows Hello for Business has three deployment models: Cloud, hybrid, and on-premises. Hybrid and on-premises deployment models have two trust models: *Key trust* and *certificate trust*.
+Windows Hello for Business has three deployment models: Azure AD cloud only, hybrid, and on-premises. Hybrid and on-premises deployment models have two trust models: *Key trust* and *certificate trust*.
+
+> [!NOTE]
+> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available.
 
 Hybrid deployments are for enterprises that use Azure Active Directory. On-premises deployments are for enterprises who exclusively use on-premises Active Directory. Remember that the environments that use Azure Active Directory must use the hybrid deployment model for all domains in that forest.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 735e563fb8..a11d68959d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -25,6 +25,10 @@ summary: |
 sections:
   - name: Ignored
     questions:
+      - question: What is Windows Hello for Business cloud trust?
+        answer: |
+          Windows Hello for Business cloud trust is a new trust model that is planned to be introduced in early 2022. This trust model will enable Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available.
+      
       - question: What about virtual smart cards?
         answer: |
           Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using Windows 10 and virtual smart cards should move to Windows Hello for Business.  Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends that new Windows 10 deployments use Windows Hello for Business. Virtual smart card remain supported for Windows 7 and Windows 8.
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 3660d85201..26a25c7342 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -22,7 +22,7 @@ ms.date: 1/22/2021
 
 This article lists the infrastructure requirements for the different deployment models for Windows Hello for Business.
 
-## Cloud Only Deployment
+## Azure AD Cloud Only Deployment
 
 * Windows 10, version 1511 or later, or Windows 11
 * Microsoft Azure Account
@@ -35,6 +35,9 @@ This article lists the infrastructure requirements for the different deployment
 
 The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process.
 
+> [!NOTE]
+> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available.
+
 | Key trust</br>Group Policy managed | Certificate trust</br>Mixed managed | Key trust</br>Modern managed | Certificate trust</br>Modern managed | 
 | --- | --- | --- | --- |
 | Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**<br>  *Minimum:* Windows 10, version 1703<br>  *Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).</br>**Azure AD Joined:**<br>  Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later |
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index cd38c11105..b191dbc916 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -97,6 +97,9 @@ Windows Hello for Business can use either keys (hardware or software) or certifi
 
 Windows Hello for Business with a key does not support supplied credentials for RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments as a supplied credential. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md).
 
+> [!NOTE]
+> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available.
+
 ## Learn more
 
 [Implementing strong user authentication with Windows Hello for Business](https://www.microsoft.com/en-us/itshowcase/implementing-strong-user-authentication-with-windows-hello-for-business)
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 617be85699..d0de57c65c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -95,6 +95,9 @@ It's fundamentally important to understand which deployment model to use for a s
 
 A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trust types: key trust and certificate trust.
 
+> [!NOTE]
+> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available.
+
 The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
 The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 or later Active Directory schema](./hello-hybrid-cert-trust-prereqs.md#directories)).  Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.

From 983e42ac90688abaa1d375d0122da7796af33557 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Tue, 12 Oct 2021 18:21:44 -0700
Subject: [PATCH 054/105] fixing reference to Azure AD cloud only deployment

---
 .../hello-for-business/hello-aad-join-cloud-only-deploy.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
index aa4d0faa2f..8e5fd2f049 100644
--- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
@@ -31,7 +31,7 @@ You may wish to disable the automatic Windows Hello for Business enrollment prom
 
 Cloud only deployments will use Azure AD multi-factor authentication (MFA) during Windows Hello for Business (WHfB) enrollment and there's no additional MFA configuration needed. If you aren't already registered in Azure AD MFA, you will be guided though the MFA registration as part of the Windows Hello for Business enrollment process.
 
-The necessary Windows Hello for Business prerequisites are located at [Cloud Only Deployment](hello-identity-verification.md#cloud-only-deployment).
+The necessary Windows Hello for Business prerequisites are located at [Cloud Only Deployment](hello-identity-verification.md#azure-ad-cloud-only-deployment).
 
 Also note that it's possible for federated domains to enable the “Supports MFA” flag in your federated domain settings. This flag tells Azure AD that the federated IDP will perform the MFA challenge.
 

From 51e312687b8637ba77be08971b6afbe83159201c Mon Sep 17 00:00:00 2001
From: Alice-at-Microsoft
 <79878795+Alice-at-Microsoft@users.noreply.github.com>
Date: Wed, 13 Oct 2021 14:17:33 -0700
Subject: [PATCH 055/105] Add more detailed diagnostic data info

---
 windows/deployment/update/update-compliance-get-started.md | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index c01d76b407..2adebe9449 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -23,9 +23,7 @@ ms.topic: article
 - Windows 11
 
 > [!IMPORTANT]
-> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM.
->
-> Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date.
+> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. 
 
 This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
 
@@ -44,7 +42,7 @@ Before you begin the process to add Update Compliance to your Azure subscription
 
 - **Compatible operating systems and editions**: Update Compliance works only with Windows 10 or Windows 11 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 or Windows 11 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows client version and is not currently compatible with Windows Server, Surface Hub, IoT, or other versions.
 - **Compatible Windows client servicing channels**: Update Compliance supports Windows client devices on the General Availability Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview devices, but does not currently provide detailed deployment insights for them.
-- **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
+- **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). Select queries within Update Compliance require devices to be configured to send diagnostic data at *Optional* level (previously *Full*) for Windows 11 devices or *Enhanced* level for Windows 10 devices. To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
 - **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
 - **Showing device names in Update Compliance**: For Windows 10, version 1803 or later, device names will not appear in Update Compliance unless you individually opt-in devices by using policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
 

From 455141abcdb791cb9b8de9777488d74048ebe958 Mon Sep 17 00:00:00 2001
From: Alice-at-Microsoft
 <79878795+Alice-at-Microsoft@users.noreply.github.com>
Date: Wed, 13 Oct 2021 14:18:51 -0700
Subject: [PATCH 056/105] revert changes

---
 windows/deployment/update/update-compliance-get-started.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 2adebe9449..ac348a38ed 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -23,7 +23,9 @@ ms.topic: article
 - Windows 11
 
 > [!IMPORTANT]
-> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. 
+> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM.
+>
+> Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date.
 
 This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
 

From 8c301bbc8d1fbfd469239a6b9abb43605641d82b Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 13 Oct 2021 15:43:14 -0700
Subject: [PATCH 057/105] Update index.md

---
 windows/client-management/mdm/index.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index a7236eea80..792bdcb30c 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -1,6 +1,6 @@
 ---
 title: Mobile device management
-description: Windows 10 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
+description: Windows 10 and Windows 11 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
 MS-HAID:
 - 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
 - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
@@ -15,9 +15,9 @@ author: dansimp
 # Mobile device management
 
 
-Windows 10 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. A built-in management component can communicate with the management server.
+Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. A built-in management component can communicate with the management server.
 
-There are two parts to the Windows 10 management component:
+There are two parts to the Windows management component:
 
 -   The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
 -   The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.

From 5d111d7f0f0de24bfa1b9eb66668c46e5bb168b4 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 14 Oct 2021 11:35:22 +0100
Subject: [PATCH 058/105] final_updates

---
 windows/privacy/toc.yml                              | 2 +-
 windows/privacy/windows-10-and-privacy-compliance.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml
index af35fd6f4f..25fc676681 100644
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@@ -37,7 +37,7 @@
           href: windows-diagnostic-data-1703.md
     - name: Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy
       href: enhanced-diagnostic-data-windows-analytics-events-and-fields.md
-    - name: Manage Windows connection endpoints
+    - name: Manage Windows connected experiences
       items: 
         - name: Manage connections from Windows operating system components to Microsoft services
           href: manage-connections-from-windows-operating-system-components-to-microsoft-services.md
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index a9a8a0ecca..0930e7356b 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -46,7 +46,7 @@ The following table provides an overview of the Windows 10 and Windows 11 privac
 > [!NOTE]
 > This table is limited to the privacy settings that are most commonly available when setting up a current version of Windows 10 or newer. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
-| Feature/Setting | Description | Supporting Content | Privacy Statement |
+| Feature/Setting | Description | Supporting content | Privacy statement |
 | --- | --- | --- | --- |
 | Diagnostic Data | <p>Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.</p><p>Diagnostic data is categorized into the following:<ul><li>**Required diagnostic data**<br />Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).</li><li>**Optional diagnostic data**<br />Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).</li></ul></p> | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)<br /><br />[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Inking & typing | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
@@ -82,7 +82,7 @@ The following table provides an overview of the privacy settings discussed earli
 > [!NOTE]
 > This is not a complete list of settings that involve managing data collection or connecting to connected experiences in Windows. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
-| Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
+| Connected experience /setting | GP/MDM documentation | Default state if the setup experience is suppressed | State to stop/minimize data collection |
 |---|---|---|---|
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later and Windows 11) | Off |

From b9601479b32f556843bc249f70b074af20fd3444 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 14 Oct 2021 16:30:06 +0500
Subject: [PATCH 059/105] Update
 enroll-a-windows-10-device-automatically-using-group-policy.md

---
 ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index c9f13235e0..8c53bccf46 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -214,7 +214,7 @@ Requirements:
 
    If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
 
-6. Wait for the SYSVOL DFSR replication to be completed and then restart the Domain Controller for the policy to be available.
+6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.
 
 This procedure will work for any future version as well.
 

From 3a1a328871814a1eba09911934a532369292e7c3 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 14 Oct 2021 08:51:26 -0700
Subject: [PATCH 060/105] Update deployment-service-overview.md

Small updates for style; corrected article cross-link.
---
 windows/deployment/update/deployment-service-overview.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 28854e1093..6064c7ae15 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -29,7 +29,7 @@ The deployment service is designed for IT Pros who are looking for more control
 - You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021).
 - You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise.
 - You can benefit from deployments with automatic piloting tailored to your unique device population to ensure coverage of hardware and software in your organization.
-- You can leverage safeguards against likely update issues, as identified by Microsoft machine learning algorithms, and automatically put the deployment on hold for any affected devices.
+- You can use safeguards against likely update issues that have been identified by Microsoft machine-learning algorithms and automatically hold the deployment for any affected devices.
 
 The service is privacy focused and backed by leading industry compliance certifications.
 
@@ -113,7 +113,7 @@ You should continue to use deployment rings as part of the servicing strategy fo
 
 ### Safeguard holds against likely and known issues
 
-[Safeguard holds](https://docs.microsoft.com/windows/deployment/update/safeguard-holds) are a key technology Microsoft uses to protect devices from encountering known quality or compatibility issues, by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing post-update issues (such as OS rollbacks, app crashes, or graphics issues) and temporarily puts the deployment on hold for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you may opt out if desired.
+Microsoft uses [safeguard holds](/windows/deployment/update/safeguard-holds) to protect devices from encountering known quality or compatibility issues by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing problems after an update (such as operating system rollbacks, app crashes, or graphics issues). The service temporarily holds the deployment for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you can opt out.
 
 ### Monitoring deployments to detect rollback issues
 

From 96aeda368ae8bee88a87da963fbe2db7f5995cf0 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 14 Oct 2021 08:53:46 -0700
Subject: [PATCH 061/105] Update update-compliance-feature-update-status.md

---
 .../update/update-compliance-feature-update-status.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index f1909128aa..8fa81c9860 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -47,7 +47,7 @@ Microsoft uses diagnostic data to determine whether devices that use Windows Upd
 
 ### Queries for safeguard holds
 
-Update Compliance reporting offers two queries to help you retrieve data related to safeguard holds. These queries show data for devices that are configured to send diagnostic data at *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
+Update Compliance reporting offers two queries to help you retrieve data related to safeguard holds. These queries show data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
 
 The first query shows the device data for all devices that are affected by safeguard holds. The second query shows data specific to devices running the target build.
 

From e8f82db2d96784d46d0ca4f27f199b9880c51086 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 14 Oct 2021 08:54:56 -0700
Subject: [PATCH 062/105] Update update-compliance-get-started.md

Small adjustments.
---
 windows/deployment/update/update-compliance-get-started.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index ac348a38ed..db61a26720 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -44,7 +44,7 @@ Before you begin the process to add Update Compliance to your Azure subscription
 
 - **Compatible operating systems and editions**: Update Compliance works only with Windows 10 or Windows 11 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 or Windows 11 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows client version and is not currently compatible with Windows Server, Surface Hub, IoT, or other versions.
 - **Compatible Windows client servicing channels**: Update Compliance supports Windows client devices on the General Availability Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview devices, but does not currently provide detailed deployment insights for them.
-- **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). Select queries within Update Compliance require devices to be configured to send diagnostic data at *Optional* level (previously *Full*) for Windows 11 devices or *Enhanced* level for Windows 10 devices. To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
+- **Diagnostic data requirements**: Update Compliance requires devices to send diagnostic data at *Required* level (previously *Basic*). Some queries in Update Compliance require devices to send diagnostic data at *Optional* level (previously *Full*) for Windows 11 devices or *Enhanced* level for Windows 10 devices. To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
 - **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
 - **Showing device names in Update Compliance**: For Windows 10, version 1803 or later, device names will not appear in Update Compliance unless you individually opt-in devices by using policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
 

From 63609d921a0b0c0092ea8863049c7e23270b9faa Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 14 Oct 2021 09:19:34 -0700
Subject: [PATCH 063/105] Revert "Add content on safeguards"

---
 .../deployment/update/deployment-service-overview.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 6064c7ae15..546749d1dd 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -29,7 +29,6 @@ The deployment service is designed for IT Pros who are looking for more control
 - You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021).
 - You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise.
 - You can benefit from deployments with automatic piloting tailored to your unique device population to ensure coverage of hardware and software in your organization.
-- You can use safeguards against likely update issues that have been identified by Microsoft machine-learning algorithms and automatically hold the deployment for any affected devices.
 
 The service is privacy focused and backed by leading industry compliance certifications.
 
@@ -53,6 +52,7 @@ Using the deployment service typically follows a common pattern:
 2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service.
 3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates.
 
+
 The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager.
 
 ## Prerequisites
@@ -74,6 +74,7 @@ Additionally, your organization must have one of the following subscriptions:
 - Windows Virtual Desktop Access E3 or E5
 - Microsoft 365 Business Premium
 
+
 ## Getting started
 
 To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application.
@@ -86,6 +87,7 @@ Microsoft Endpoint Manager integrates with the deployment service to provide Win
 
 The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/graph/powershell/get-started).
 
+
 ### Building your own application
 
 Microsoft Graph makes deployment service APIs available through. Get started with these learning paths:
@@ -111,17 +113,14 @@ This built-in piloting capability complements your existing ring structure and p
 
 You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring.
 
-### Safeguard holds against likely and known issues
-
-Microsoft uses [safeguard holds](/windows/deployment/update/safeguard-holds) to protect devices from encountering known quality or compatibility issues by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing problems after an update (such as operating system rollbacks, app crashes, or graphics issues). The service temporarily holds the deployment for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you can opt out.
-
 ### Monitoring deployments to detect rollback issues
 
 During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
 
+
 ### How to enable deployment protections
 
-Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your population, devices must share diagnostic data with Microsoft.
+Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your organization, devices must share diagnostic data with Microsoft.
 
 #### Device prerequisites
 
@@ -175,6 +174,7 @@ Follow these suggestions for the best results with the service.
 
 Avoid using different channels to manage the same resources. If you use Microsoft Endpoint Manager along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
 
+
 ## Next steps
 
 To learn more about the deployment service, try the following:

From 2515c5784a919ec7fdca66ebd90c4687ffd9bdf8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Oct 2021 09:36:36 -0700
Subject: [PATCH 064/105] Update
 enroll-a-windows-10-device-automatically-using-group-policy.md

---
 ...ll-a-windows-10-device-automatically-using-group-policy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 8c53bccf46..58d590e4b2 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -5,8 +5,8 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 06/02/2021
+author: dansimp
+ms.date: 10/14/2021
 ms.reviewer:
 manager: dansimp
 ---

From b1619045ffbec8088992768de3d22a1f2ebb2b4a Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 11:48:52 -0700
Subject: [PATCH 065/105] Applied valid slugs for labeling code blocks

The complete list is here: https://review.docs.microsoft.com/en-us/help/contribute/metadata-taxonomies?branch=master#dev-lang
---
 .../troubleshoot-tcpip-port-exhaust.md                 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index d3a3ceb2db..10fbfe6f45 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -39,7 +39,7 @@ You can view the dynamic port range on a computer by using the following netsh c
 
 The range is set separately for each transport (TCP or UDP). The port range is now a range that has a starting point and an ending point. Microsoft customers who deploy servers that are running Windows Server may have problems that affect RPC communication between servers if firewalls are used on the internal network. In these situations, we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of **49152** through **65535**. This range is in addition to well-known ports that are used by services and applications. Or, the port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows. The above command sets the dynamic port range for TCP. 
  
-```cmd
+```console
 netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range
 ```
  
@@ -107,7 +107,7 @@ You may also see CLOSE_WAIT state connections in the same output, however CLOSE_
  
 4. Open a command prompt in admin mode and run the below command
 
-   ```cmd
+   ```console
    Netsh trace start scenario=netconnection capture=yes tracefile=c:\Server.etl
    ```
 
@@ -121,7 +121,7 @@ The key is to identify which process or application is using all the ports. Belo
 
 Start by looking at the netstat output. If you are using Windows 10 or Windows Server 2016, then you can run the command `netstat -anobq` and check for the process ID which has maximum entries as BOUND. Alternately, you can also run the below Powershell command to identify the process:
 
-```Powershell
+```powershell
 Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -Descending 
 ```
 
@@ -165,7 +165,7 @@ Finally, if the above methods did not help you isolate the process, we suggest y
  
 As a workaround, rebooting the computer will get the it back in normal state and would help you resolve the issue for the time being. However, when a reboot is impractical, you can also consider increasing the number of ports on the machine using the below commands:
 
-```cmd
+```console
 netsh int ipv4 set dynamicport tcp start=10000 num=1000
 ```
 
@@ -176,7 +176,7 @@ This will set the dynamic port range to start at port 10000 and to end at port 1
 
 For Windows 7 and Windows Server 2008 R2, you can use the below script to collect the netstat output at defined frequency. From the outputs, you can see the port usage trend.
 
-```
+```console
 @ECHO ON
 set v=%1
 :loop

From 05d50c14123517ecb7105d86d7fdd53b3ed691a9 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 11:52:51 -0700
Subject: [PATCH 066/105] Corrected indentation of images & second-level list
 items

These images should have been indented as part of their respective second-level list items. For this to work correctly, though, the second-level list items also needed to be laid out correctly, and that often doesn't happen unless the list items rely on automatic numbering (1, 1, 1) instead of specifying the enumeration (a, b, c).
---
 .../client-management/troubleshoot-tcpip-port-exhaust.md  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 10fbfe6f45..a09a0c7ea4 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -82,13 +82,13 @@ If you suspect that the machine is in a state of port exhaustion:
 
 2. Open event viewer and under the system logs, look for the events which clearly indicate the current state: 
 
-    a.	**Event ID 4227**
+    1. **Event ID 4227**
 
-    ![Screenshot of event id 4227 in Event Viewer.](images/tcp-ts-18.png)
+       ![Screenshot of event id 4227 in Event Viewer.](images/tcp-ts-18.png)
 
-    b.	**Event ID 4231**
+    1. **Event ID 4231**
 
-    ![Screenshot of event id 4231 in Event Viewer.](images/tcp-ts-19.png)
+       ![Screenshot of event id 4231 in Event Viewer.](images/tcp-ts-19.png)
 
 3. Collect a `netstat -anob` output from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID.
 

From 2503158cabfdfc6ba9ee37c1d035161ecde678ce Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 11:59:13 -0700
Subject: [PATCH 067/105] Added lightbox functionality to some images

These images aren't easy to read. Lightbox allows the images to be viewed in an expanded window.
---
 .../client-management/troubleshoot-tcpip-port-exhaust.md  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index a09a0c7ea4..b7b25c7d2d 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -58,7 +58,7 @@ Since outbound connections start to fail, you will see a lot of the below behavi
  
 - Unable to sign in to the machine with domain credentials, however sign-in with local account works. Domain sign-in will require you to contact the DC for authentication which is again an outbound connection. If you have cache credentials set, then domain sign-in might still work.
 
-    ![Screenshot of error for NETLOGON in Event Viewer.](images/tcp-ts-14.png)
+    :::image type="content" alt-text="Screenshot of error for NETLOGON in Event Viewer." source="images/tcp-ts-14.png" lightbox="images/tcp-ts-14.png":::
 
 - Group Policy update failures:
 
@@ -84,11 +84,11 @@ If you suspect that the machine is in a state of port exhaustion:
 
     1. **Event ID 4227**
 
-       ![Screenshot of event id 4227 in Event Viewer.](images/tcp-ts-18.png)
+       :::image type="content" alt-text="Screenshot of event ID 4227 in Event Viewer." source="images/tcp-ts-18.png" lightbox="images/tcp-ts-18.png":::
 
     1. **Event ID 4231**
 
-       ![Screenshot of event id 4231 in Event Viewer.](images/tcp-ts-19.png)
+       :::image type="content" alt-text="Screenshot of event ID 4231 in Event Viewer." source="images/tcp-ts-19.png" lightbox="images/tcp-ts-19.png":::
 
 3. Collect a `netstat -anob` output from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID.
 
@@ -157,7 +157,7 @@ Steps to use Process explorer:
     
     File   \Device\AFD
 
-    ![Screenshot of Process Explorer.](images/tcp-ts-22.png)
+    :::image type="content" alt-text="Screenshot of Process Explorer." source="images/tcp-ts-22.png" lightbox="images/tcp-ts-22.png":::
 
 10. Some are normal, but large numbers of them are not (hundreds to thousands). Close the process in question. If that restores outbound connectivity, then you have further proven that the app is the cause. Contact the vendor of that app.
  

From eacfe32e51fd32f391a9f3f6945be9871c4af381 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 12:02:03 -0700
Subject: [PATCH 068/105] Updated code block label to a valid value

The complete list is here: https://review.docs.microsoft.com/en-us/help/contribute/metadata-taxonomies?branch=master#dev-lang
---
 windows/client-management/mandatory-user-profile.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 8b2e2bc3e9..5a566f1410 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -68,7 +68,7 @@ First, you create a default user profile with the customizations that you want,
 
 1. At a command prompt, type the following command and press **ENTER**.
 
-   ```dos
+   ```console
    sysprep /oobe /reboot /generalize /unattend:unattend.xml
    ```
 

From e89a0f19ffc81e4d9846b4d3c3a80fbbbfaccddf Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 12:04:21 -0700
Subject: [PATCH 069/105] Indented images in second-level list items

---
 windows/client-management/mandatory-user-profile.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 5a566f1410..25245fa812 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -100,11 +100,11 @@ First, you create a default user profile with the customizations that you want,
 
    - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
 
-   ![Example of Copy profile to.](images/copy-to-path.png)
+     ![Example of Copy profile to.](images/copy-to-path.png)
 
    - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.
 
-   ![Example of Copy To UI with UNC path.](images/copy-to-path.png)
+     ![Example of Copy To UI with UNC path.](images/copy-to-path.png)
 
 1. Click **OK** to copy the default user profile.
 

From 8ffec9b20f1f0249aa9b83b7f6f4370163cb069d Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 12:19:57 -0700
Subject: [PATCH 070/105] Indented note in a list item

---
 .../manage-device-installation-with-group-policy.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index cadcf9664a..8e177ae184 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -342,8 +342,8 @@ Getting the right device identifier to prevent it from being installed:
     > ClassGuid = {4d36e979-e325-11ce-bfc1-08002be10318}\
     > This class includes printers.
 
-> [!NOTE]
-> As mentioned before, preventing an entire Class could block you from using your system completely. Please make sure you understand which devices are going to be blocked when specifying a Class. For our scenario, there are other classes that relate to printers but before you apply them, make sure they are not blocking any other existing device that is crucial to your system.
+    > [!NOTE]
+    > As mentioned before, preventing an entire Class could block you from using your system completely. Please make sure you understand which devices are going to be blocked when specifying a Class. For our scenario, there are other classes that relate to printers but before you apply them, make sure they are not blocking any other existing device that is crucial to your system.
 
 Creating the policy to prevent all printers from being installed:
 

From 746eb537749f49d492fbbc48a267a8f355fb26fc Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:01:19 -0700
Subject: [PATCH 071/105] Applied ordered list to sequential steps

---
 .../manage-device-installation-with-group-policy.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 8e177ae184..4088d331ab 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -376,9 +376,9 @@ Creating the policy to prevent all printers from being installed:
 
 1. If you have not completed step #9 – follow these steps:
 
-    - Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click “Uninstall device”.
-    - For USB printer – unplug and plug back the cable; for network device – make a search for the printer in the Windows Settings app.
-    - You should not be able to reinstall the printer.
+   1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click “Uninstall device”.
+   1. For USB printer – unplug and plug back the cable; for network device – make a search for the printer in the Windows Settings app.
+   1. You should not be able to reinstall the printer.
 
 2. If you completed step #9 above and restarted the machine, simply look for your printer under Device Manager or the Windows Settings app and see that it is no-longer available for you to use.
 

From 3658e39021c2595afe94caf999f887a732128632 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:07:36 -0700
Subject: [PATCH 072/105] Correct slash location in self-closing BR tags

---
 .../hello-identity-verification.md            | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 26a25c7342..1a9e16072a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -38,37 +38,37 @@ The table shows the minimum requirements for each deployment. For key trust in a
 > [!NOTE]
 > Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available.
 
-| Key trust</br>Group Policy managed | Certificate trust</br>Mixed managed | Key trust</br>Modern managed | Certificate trust</br>Modern managed | 
+| Key trust<br/>Group Policy managed | Certificate trust<br/>Mixed managed | Key trust<br/>Modern managed | Certificate trust<br/>Modern managed | 
 | --- | --- | --- | --- |
-| Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**<br>  *Minimum:* Windows 10, version 1703<br>  *Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).</br>**Azure AD Joined:**<br>  Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later |
+| Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**<br>  *Minimum:* Windows 10, version 1703<br>  *Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).<br/>**Azure AD Joined:**<br>  Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later |
 | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema |
 | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level| Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
 | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | 
 | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
-| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),<br> and</br>Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
-| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter |
+| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),<br> and<br/>Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
+| Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter |
 | Azure Account | Azure Account | Azure Account | Azure Account |
 | Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory |
 | Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect | 
 | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment |
 
 > [!Important]
-> 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. </br> 
-> **Requirements:**</br>
-> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
+> 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. <br/> 
+> **Requirements:**<br/>
+> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903<br/>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 >
-> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
-> **Requirements:**</br>
-> Reset from settings - Windows 10, version 1703, Professional</br>
-> Reset above lock screen - Windows 10, version 1709, Professional</br>
+> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.<br/>
+> **Requirements:**<br/>
+> Reset from settings - Windows 10, version 1703, Professional<br/>
+> Reset above lock screen - Windows 10, version 1709, Professional<br/>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 ## On-premises Deployments
 
 The table shows the minimum requirements for each deployment.
 
-| Key trust </br> Group Policy managed | Certificate trust </br> Group Policy managed|
+| Key trust <br/> Group Policy managed | Certificate trust <br/> Group Policy managed|
 | --- | --- |
 | Windows 10, version 1703 or later | Windows 10, version 1703 or later |
 | Windows Server 2016 Schema | Windows Server 2016 Schema|

From f57263c1a54e3e1826d6b43db7f435bd36d4eb63 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:09:31 -0700
Subject: [PATCH 073/105] Add bullets to vertical lists

---
 .../hello-identity-verification.md                 | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 1a9e16072a..065df8dd49 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -54,15 +54,15 @@ The table shows the minimum requirements for each deployment. For key trust in a
 
 > [!Important]
 > 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. <br/> 
-> **Requirements:**<br/>
-> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903<br/>
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+> **Requirements:**
+> - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
+> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 >
 > 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.<br/>
-> **Requirements:**<br/>
-> Reset from settings - Windows 10, version 1703, Professional<br/>
-> Reset above lock screen - Windows 10, version 1709, Professional<br/>
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+> **Requirements:**
+> - Reset from settings - Windows 10, version 1703, Professional
+> - Reset above lock screen - Windows 10, version 1709, Professional
+> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 ## On-premises Deployments
 

From 2a14c0b54de61760c79f38009ff9e24409be42d1 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:11:41 -0700
Subject: [PATCH 074/105] Replace numbers with bullets in unordered list

---
 .../hello-identity-verification.md            | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 065df8dd49..641d92045a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -53,16 +53,18 @@ The table shows the minimum requirements for each deployment. For key trust in a
 | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment |
 
 > [!Important]
-> 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. <br/> 
-> **Requirements:**
-> - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
-> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+> - Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.
 >
-> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.<br/>
-> **Requirements:**
-> - Reset from settings - Windows 10, version 1703, Professional
-> - Reset above lock screen - Windows 10, version 1709, Professional
-> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+>   **Requirements:**
+>   - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
+>   - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+>
+> - On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.
+
+>   **Requirements:**
+>   - Reset from settings - Windows 10, version 1703, Professional
+>   - Reset above lock screen - Windows 10, version 1709, Professional
+>   - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 ## On-premises Deployments
 

From 86f28739efab1a49050d1e284e437c25fae93787 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:14:09 -0700
Subject: [PATCH 075/105] Add lightbox functionality for legibility

---
 .../identity-protection/hello-for-business/hello-overview.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index b191dbc916..72fda09ca8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -70,7 +70,7 @@ In Windows 10, Windows Hello replaces passwords. When the identity provider sup
 >[!NOTE]
 >Windows Hello as a convenience sign-in uses regular user name and password authentication, without the user entering the password.
 
-![How authentication works in Windows Hello.](images/authflow.png)
+:::image type="content" alt-text="How authentication works in Windows Hello." source="images/authflow.png" lightbox="images/authflow.png":::
 
 Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device.
 

From cae6cc2ccd6124169492945c64cfa242e890eaea Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:15:05 -0700
Subject: [PATCH 076/105] Add blank lines for readability

---
 .../hello-for-business/hello-overview.md                   | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 72fda09ca8..33d820a1a7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -81,12 +81,19 @@ Windows Hello helps protect user identities and user credentials. Because the us
 ## How Windows Hello for Business works: key points
 
 -   Windows Hello credentials are based on certificate or asymmetrical key pair. Windows Hello credentials can be bound to the device, and the token that is obtained using the credential is also bound to the device.
+
 -   Identity provider (such as Active Directory, Azure AD, or a Microsoft account) validates user identity and maps the Windows Hello public key to a user account during the registration step.
+
 -   Keys can be generated in hardware (TPM 1.2 or 2.0 for enterprises, and TPM 2.0 for consumers) or software, based on the policy.
+
 -   Authentication is the two-factor authentication with the combination of a key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (biometrics). The Windows Hello gesture does not roam between devices and is not shared with the server. Biometrics templates are stored locally on a device.  The PIN is never stored or shared.
+
 -   The private key never leaves a device when using TPM. The authenticating server has a public key that is mapped to the user account during the registration process.
+
 -   PIN entry and biometric gesture both trigger Windows 10 to use the private key to cryptographically sign data that is sent to the identity provider.  The identity provider verifies the user's identity and authenticates the user.
+
 -   Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. All keys are separated by identity providers' domains to help ensure user privacy.
+
 -   Certificate private keys can be protected by the Windows Hello container and the Windows Hello gesture.
 
 For details, see [How Windows Hello for Business works](hello-how-it-works.md).

From c58fe7af5e8cb4d4d6e79e8517d7a00f4fa76404 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:16:27 -0700
Subject: [PATCH 077/105] Correct slash location in self-closing BR tags

---
 .../hello-for-business/hello-planning-guide.md     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index d0de57c65c..611f55ea0d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -74,19 +74,19 @@ The hybrid deployment model is for organizations that:
 - Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
 
 > [!Important]
-> Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.</br>
-> **Requirements:**</br>
-> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
+> Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.<br/>
+> **Requirements:**<br/>
+> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903<br/>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 ##### On-premises
 The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.
 
 > [!Important]
-> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
-> **Requirements:**</br>
-> Reset from settings - Windows 10, version 1703, Professional</br>
-> Reset above lock screen - Windows 10, version 1709, Professional</br>
+> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.<br/>
+> **Requirements:**<br/>
+> Reset from settings - Windows 10, version 1703, Professional<br/>
+> Reset above lock screen - Windows 10, version 1709, Professional<br/>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 It's fundamentally important to understand which deployment model to use for a successful deployment.  Some aspects of the deployment may have already been decided for you based on your current infrastructure.

From ab5f819050520acff45c400cab109a4e06695328 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:17:54 -0700
Subject: [PATCH 078/105] Add bullets to vertical lists

---
 .../hello-for-business/hello-planning-guide.md     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 611f55ea0d..c8d18101d8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -75,19 +75,19 @@ The hybrid deployment model is for organizations that:
 
 > [!Important]
 > Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.<br/>
-> **Requirements:**<br/>
-> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903<br/>
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+> **Requirements:**
+> - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
+> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 ##### On-premises
 The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.
 
 > [!Important]
 > On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.<br/>
-> **Requirements:**<br/>
-> Reset from settings - Windows 10, version 1703, Professional<br/>
-> Reset above lock screen - Windows 10, version 1709, Professional<br/>
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+> **Requirements:**
+> - Reset from settings - Windows 10, version 1703, Professional
+> - Reset above lock screen - Windows 10, version 1709, Professional
+> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 It's fundamentally important to understand which deployment model to use for a successful deployment.  Some aspects of the deployment may have already been decided for you based on your current infrastructure.
 

From 15e39694808a7d8ac40737f67c7129d36419e696 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:19:13 -0700
Subject: [PATCH 079/105] Removed unnecessary BR tags

---
 .../hello-for-business/hello-planning-guide.md              | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index c8d18101d8..8aada054b6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -74,7 +74,8 @@ The hybrid deployment model is for organizations that:
 - Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
 
 > [!Important]
-> Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.<br/>
+> Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.
+>
 > **Requirements:**
 > - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
 > - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
@@ -83,7 +84,8 @@ The hybrid deployment model is for organizations that:
 The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.
 
 > [!Important]
-> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.<br/>
+> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.
+>
 > **Requirements:**
 > - Reset from settings - Windows 10, version 1703, Professional
 > - Reset above lock screen - Windows 10, version 1709, Professional

From 88129581d474fce062c5e20061069da4b290f681 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 14:26:24 -0700
Subject: [PATCH 080/105] Added missing angle bracket

---
 .../hello-for-business/hello-identity-verification.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 641d92045a..92c2b72d61 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -60,7 +60,7 @@ The table shows the minimum requirements for each deployment. For key trust in a
 >   - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 >
 > - On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.
-
+>
 >   **Requirements:**
 >   - Reset from settings - Windows 10, version 1703, Professional
 >   - Reset above lock screen - Windows 10, version 1709, Professional

From 438a77ac54ba0fe6b72d1a469d1922f092089035 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 18:15:28 -0700
Subject: [PATCH 081/105] Corrected labels on code blocks to valid type

Here's the list of valid types: https://review.docs.microsoft.com/en-us/help/contribute/metadata-taxonomies?branch=master#dev-lang
---
 ...tion-based-protection-of-code-integrity.md | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index 5d7ffa6cd9..d4507b1ee4 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -78,7 +78,7 @@ Set the following registry keys to enable HVCI. This provides exactly the same s
 
 Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock):
 
-``` commands
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
 
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
@@ -94,49 +94,49 @@ If you want to customize the preceding recommended settings, use the following s
 
 **To enable VBS**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
 ```
 
 **To enable VBS and require Secure boot only (value 1)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
 ```
 
 **To enable VBS with Secure Boot and DMA (value 3)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f
 ```
 
 **To enable VBS without UEFI lock (value 0)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f
 ```
 
 **To enable VBS with UEFI lock (value 1)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 1 /f
 ```
 
 **To enable virtualization-based protection of Code Integrity policies**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f
 ```
 
 **To enable virtualization-based protection of Code Integrity policies without UEFI lock (value 0)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f
 ```
 
 **To enable virtualization-based protection of Code Integrity policies with UEFI lock (value 1)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f
 ```
 
@@ -144,7 +144,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorE
 
 Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock):
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
 
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
@@ -158,31 +158,31 @@ If you want to customize the preceding recommended settings, use the following s
 
 **To enable VBS (it is always locked to UEFI)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
 ```
 
 **To enable VBS and require Secure boot only (value 1)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
 ```
 
 **To enable VBS with Secure Boot and DMA (value 3)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f
 ```
 
 **To enable virtualization-based protection of Code Integrity policies (with the default, UEFI lock)**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f
 ```
 
 **To enable virtualization-based protection of Code Integrity policies without UEFI lock**
 
-``` command
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG_DWORD /d 1 /f
 ```
 

From 170846294085a37742491866ef21020c73bffa8b Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 18:21:44 -0700
Subject: [PATCH 082/105] Replace single BR tags with proper paragraph breaks

---
 ...able-virtualization-based-protection-of-code-integrity.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index d4507b1ee4..3bedae6d12 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -71,7 +71,10 @@ Set the following registry keys to enable HVCI. This provides exactly the same s
 <!--This comment ensures that the Important above and the Warning below don't merge together. -->
 
 > [!IMPORTANT]
-> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled.<br>In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled.<br>
+> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled.
+>
+>   In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled.
+>
 > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers.
 
 #### For Windows 10 version 1607 and later

From 0a7cdbac239f968c21cc84aa97b33cfd7a30c374 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 18:22:37 -0700
Subject: [PATCH 083/105] Corrected type label on code block

---
 ...irtualization-based-protection-of-code-integrity.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index 3bedae6d12..d75271bcad 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -294,12 +294,14 @@ C. If you experience a critical error during boot or your system is unstable aft
 
 ## How to turn off HVCI
 
-1. Run the following command from an elevated prompt to set the HVCI registry key to off
-```ini
+1. Run the following command from an elevated prompt to set the HVCI registry key to off:
+
+```console
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f
 ```
-2. Restart the device.
-3. To confirm HVCI has been successfully disabled, open System Information and check **Virtualization-based security Services Running**, which should now have no value displayed.
+
+1. Restart the device.
+1. To confirm HVCI has been successfully disabled, open System Information and check **Virtualization-based security Services Running**, which should now have no value displayed.
 
 ## HVCI deployment in virtual machines
 

From dc63e23408a55038ee5a223fc6fd5ba9db6d2eb2 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 18:24:39 -0700
Subject: [PATCH 084/105] Add blank lines for consistent layout

---
 ...nable-virtualization-based-protection-of-code-integrity.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index d75271bcad..a19ca85753 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -54,8 +54,11 @@ Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP]
 ### Enable HVCI using Group Policy
 
 1. Use Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one.
+
 2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**.
+
 3. Double-click **Turn on Virtualization Based Security**.
+
 4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be disabled remotely or select **Enabled without UEFI lock**.
 
    ![Enable HVCI using Group Policy.](../images/enable-hvci-gp.png)
@@ -301,6 +304,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorE
 ```
 
 1. Restart the device.
+
 1. To confirm HVCI has been successfully disabled, open System Information and check **Virtualization-based security Services Running**, which should now have no value displayed.
 
 ## HVCI deployment in virtual machines

From 7577992ae124c1ce3b7bc258382affcb04639a0b Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 18:25:18 -0700
Subject: [PATCH 085/105] Indent a code block in a list item

---
 ...ble-virtualization-based-protection-of-code-integrity.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index a19ca85753..e331616635 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -299,9 +299,9 @@ C. If you experience a critical error during boot or your system is unstable aft
 
 1. Run the following command from an elevated prompt to set the HVCI registry key to off:
 
-```console
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f
-```
+    ```console
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f
+    ```
 
 1. Restart the device.
 

From 5416ecd0192eb107b0ea6d06951c74b771daaf5a Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 18:33:44 -0700
Subject: [PATCH 086/105] Add lightbox functionality to image

---
 .../enable-virtualization-based-protection-of-code-integrity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index e331616635..a4fc2cfbe2 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -285,7 +285,7 @@ This field lists the computer name. All valid values for computer name.
 
 Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section.
 
-![Windows Defender Device Guard properties in the System Summary.](../images/dg-fig11-dgproperties.png)
+:::image type="content" alt-text="Windows Defender Device Guard properties in the System Summary." source="../images/dg-fig11-dgproperties.png" lightbox="../images/dg-fig11-dgproperties.png":::
 
 ## Troubleshooting
 

From ef9db012f5d9aa8d6e4699c39d8388f625e1ec35 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 19:29:41 -0700
Subject: [PATCH 087/105] Replaced single backticks with tripe to create
 labeled code block

---
 ...nable-virtualization-based-protection-of-code-integrity.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index a4fc2cfbe2..a7cdb8f8e9 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -196,7 +196,9 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG
 
 Windows 10 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command:
 
-`Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard`
+```powershell
+Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard
+```
 
 > [!NOTE]
 > The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10.

From a8c5f1480a6c6d5cb67bcc4525172b56b03897b3 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 20:23:08 -0700
Subject: [PATCH 088/105] Acrolinx: "Powershell"

---
 windows/client-management/troubleshoot-tcpip-port-exhaust.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index b7b25c7d2d..772f2ec791 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -119,7 +119,7 @@ The key is to identify which process or application is using all the ports. Belo
  
 ### Method 1
 
-Start by looking at the netstat output. If you are using Windows 10 or Windows Server 2016, then you can run the command `netstat -anobq` and check for the process ID which has maximum entries as BOUND. Alternately, you can also run the below Powershell command to identify the process:
+Start by looking at the netstat output. If you are using Windows 10 or Windows Server 2016, then you can run the command `netstat -anobq` and check for the process ID which has maximum entries as BOUND. Alternately, you can also run the below PowerShell command to identify the process:
 
 ```powershell
 Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -Descending 
@@ -127,7 +127,7 @@ Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Pro
 
 Most port leaks are caused by user-mode processes not correctly closing the ports when an error was encountered. At the user-mode level ports (actually sockets) are handles. Both **TaskManager** and **ProcessExplorer** are able to display handle counts which allows you to identify which process is consuming all of the ports.
  
-For Windows 7 and Windows Server 2008 R2, you can update your Powershell version to include the above cmdlet. 
+For Windows 7 and Windows Server 2008 R2, you can update your PowerShell version to include the above cmdlet. 
  
 ### Method 2
 

From d97fae2a49c0fe1a2453a7011c6c85107f96e991 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 14 Oct 2021 20:31:37 -0700
Subject: [PATCH 089/105] Indent multiple types of content in Step 3

---
 .../troubleshoot-tcpip-port-exhaust.md        | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 772f2ec791..1267dad41f 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -94,16 +94,16 @@ If you suspect that the machine is in a state of port exhaustion:
 
     ![Screenshot of netstate command output.](images/tcp-ts-20.png)
 
-After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process will not be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.
- 
-You may also see CLOSE_WAIT state connections in the same output, however CLOSE_WAIT state is a state when one side of the TCP peer has no more data to send (FIN sent) but is able to receive data from the other end. This state does not necessarily indicate port exhaustion.
- 
->[!Note]
->Having huge connections in TIME_WAIT state does not always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion.
->
->Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state.  An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports.
->
->Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See [Windows Server 2012 R2: Ephemeral ports hotfixes](https://support.microsoft.com/help/3123245/update-improves-port-exhaustion-identification-in-windows-server-2012) to learn more.
+    After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process will not be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.
+     
+    You may also see CLOSE_WAIT state connections in the same output, however CLOSE_WAIT state is a state when one side of the TCP peer has no more data to send (FIN sent) but is able to receive data from the other end. This state does not necessarily indicate port exhaustion.
+     
+    >[!Note]
+    >Having huge connections in TIME_WAIT state does not always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion.
+    >
+    >Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state.  An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports.
+    >
+    >Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See [Windows Server 2012 R2: Ephemeral ports hotfixes](https://support.microsoft.com/help/3123245/update-improves-port-exhaustion-identification-in-windows-server-2012) to learn more.
  
 4. Open a command prompt in admin mode and run the below command
 

From ec0d5181e1a8589794f96e4241ee725923e6ab6d Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Fri, 15 Oct 2021 09:52:51 -0700
Subject: [PATCH 090/105] remove reference to whfb feedback

---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index a11d68959d..3c1cb2a112 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -212,7 +212,7 @@ sections:
           
       - question: Does Windows Hello for Business work with third-party federation servers?
         answer: |
-          Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience.  Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).<br><br>
+          Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience.<br><br>
           
           | Protocol | Description |
           | :---: | :--- |

From dbf11b4c9e094fb11be7f5363df7682dea3b631d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Oct 2021 09:56:19 -0700
Subject: [PATCH 091/105] Update hello-faq.yml

---
 .../identity-protection/hello-for-business/hello-faq.yml      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 3c1cb2a112..34170a5423 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -14,7 +14,7 @@ metadata:
   ms.collection: M365-identity-device-management
   ms.topic: article
   localizationpriority: medium
-  ms.date: 01/14/2021
+  ms.date: 10/15/2021
   ms.reviewer: 
     
 title: Windows Hello for Business Frequently Asked Questions (FAQ)
@@ -224,4 +224,4 @@ sections:
       - question: Does Windows Hello for Business work with Mac and Linux clients?
         answer: |
           Windows Hello for Business is a feature of the Windows platform. At this time, Microsoft is not developing clients for other platforms. 
-          
\ No newline at end of file
+          

From f1ddfcf9944b9df9045b1d0491c5916ca0a3e5ea Mon Sep 17 00:00:00 2001
From: Gitprakhar13 <45089022+Gitprakhar13@users.noreply.github.com>
Date: Sun, 17 Oct 2021 11:25:32 -0700
Subject: [PATCH 092/105] Update healthattestation-csp.md

Addressed comments.
Ready for Signoff
---
 .../mdm/healthattestation-csp.md                | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index d8b7e7ed5a..5f1347d92d 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -14,7 +14,7 @@ ms.date:
 
 # Device HealthAttestation CSP
 
-The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT admins to assess if a device is booted to a trusted and compliant state, and to take enterprise policy actions.
+The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT adminstrators to assess if a device is booted to a trusted and compliant state, and to take enterprise policy actions.
 
 The following is a list of functions performed by the Device HealthAttestation CSP:
 
@@ -39,7 +39,7 @@ The attestation report provides a health assessment of the boot-time properties
 **MAA-Session (Microsoft Azure Attestaiton service based device HealthAttestation session)**
 <p>The Microsoft Azure Attestaiton service based device HealthAttestation session (MAA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.</p>
 
-**MAA-CSP (Microsoft Azure Attestaiton based Configuration Service Provider)**
+**MAA-CSP Nodes (Microsoft Azure Attestaiton based Configuration Service Provider)**
 <p>The Configuration Service Provider nodes added to Windhows 11 to integrate with Microsoft Azure Attestation Service.</p>
 <p>The following list of operations is performed by MAA-CSP:</p>
 <ul>
@@ -50,7 +50,7 @@ The attestation report provides a health assessment of the boot-time properties
 </ul>
 
 **MAA endpoint**
-Microsoft Azure attestation service is an azure resource, and every intance of the service gets admin configured URL. The URI generated is unique in nature and for the puposes of device health attestation is known as the MAA endpoint.
+Microsoft Azure attestation service is an azure resource, and every intance of the service gets adminintrator configured URL. The URI generated is unique in nature and for the puposes of device health attestation is known as the MAA endpoint.
 
 **JWT (JSON Web Token)**
 JSON Web Token (JWT) is an open standard RFC7519 method for securely transmitting information between parties as a JavaScript Object Notation (JSON) object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.
@@ -62,8 +62,8 @@ JSON Web Token (JWT) is an open standard RFC7519 method for securely transmittin
 <br>
 <p>Attestation flow can be broadly in three main steps:
 <ul>
-    <li>An instancne of the Azure Attestation service is setup with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>
-    <li>The MDM provider triggers a call to the attestation service, the device then performs an attestation check keeping the report ready to be retrived.</li>
+    <li>An instance of the Azure Attestation service is setup with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>
+    <li>The MDM provider triggers a call to the attestation service, the device then performs an attestation check keeping the report ready to be retrieved.</li>
     <li>The MDM provider after verifying the token is coming from the attestation service it can parse the attestation token to reflect on the attested state of the device.</li>
 </ul>
 The protocol implemented can be found here:<a href="https://docs.microsoft.com/en-us/azure/attestation/virtualization-based-security-protocol" id="attestationprotocol"> Attestation Protocol</a>
@@ -98,7 +98,7 @@ HealthAttestation
 
 <a href="" id="triggerAttestation"></a>**TriggerAttestation** (Required)  
 <p>Node type: EXECUTE
-This node will trigger attestation flow by launching an attestation process. If a process is already running, this node will return code 202 indicating the request is received and being processed. Otherwise, an error will be returned.
+This node will trigger attestation flow by launching an attestation process. If the attestation process is launched successfully, this node will return code 202 indicating the request is received and being processed. Otherwise, an error will be returned.
 </p>
 
 <p>Templated SyncML Call:</p>
@@ -231,7 +231,8 @@ This node will retrieve the service generated correlation IDs for the given MDM
     If success:
     GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM
     If Trigger Attestation call failed and no previous data is present. The field remains empty.
-    Otherwise, the last service correlation id will be returned.
+    Otherwise, the last service correlation id will be returned. In a successful attestation there are two 
+    calls between client and MAA and for each call the GUID is separated by semicolon.
 
 > **_Note:_** MAA CSP nodes are available on arm64 but is not currently supported.
 
@@ -450,7 +451,7 @@ GetAttestReport return the signed attestation token as a JWT.The JWT can be deco
 More information about TPM attestation can be found here. <a href="https://docs.microsoft.com/en-us/azure/attestation/" > Microsoft Azure Attestation </a>
 </p>
 
-## Windhows 10 Device HealthAttestation
+## Windows 10 Device HealthAttestation
 
 ### Terms
 

From 0ba9b970c011f571fe4ad8172301bc9f21a17b5f Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Tue, 19 Oct 2021 10:44:51 -0400
Subject: [PATCH 093/105] ADO 5506051: Added ConfigureChatIcon CSP to supported
 list

https://office.visualstudio.com/MAX/_workitems/edit/5506051
---
 windows/configuration/supported-csp-taskbar-windows.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 2d7577e32a..61d963827c 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -35,6 +35,10 @@ For more general information, see [Configuration service provider (CSP) referenc
   - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar`
   - Local setting: None
 
+- [Experience/ConfigureChatIcon](/windows/client-management/mdm/policy-csp-experience#experience-configurechaticonvisibilityonthetaskbar)
+  - Group policy: `Computer Configuration\Administrative Templates\Windows Components\Chat`
+  - Local setting: Settings > Personalization > Tasbkar
+
 ## Existing CSP policies that Windows 11 doesn't support
 
 The following list includes some of the CSP policies that aren't supported on Windows 11:

From a3ffb5dc202aafdd1a4486d1c4d206960a3935c3 Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Tue, 19 Oct 2021 11:04:44 -0400
Subject: [PATCH 094/105] Typo

---
 windows/configuration/supported-csp-taskbar-windows.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 61d963827c..1605544834 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -37,7 +37,7 @@ For more general information, see [Configuration service provider (CSP) referenc
 
 - [Experience/ConfigureChatIcon](/windows/client-management/mdm/policy-csp-experience#experience-configurechaticonvisibilityonthetaskbar)
   - Group policy: `Computer Configuration\Administrative Templates\Windows Components\Chat`
-  - Local setting: Settings > Personalization > Tasbkar
+  - Local setting: Settings > Personalization > Taskbar > Chat
 
 ## Existing CSP policies that Windows 11 doesn't support
 

From ef4e99945651c2c8655952b9f7bcc1294eeaf89c Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 19 Oct 2021 21:56:18 +0500
Subject: [PATCH 095/105] Update
 configure-authorized-apps-deployed-with-a-managed-installer.md

---
 ...-apps-deployed-with-a-managed-installer.md | 42 ++-----------------
 1 file changed, 3 insertions(+), 39 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index 26506a422a..ccdc08e421 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -177,45 +177,9 @@ An example of a valid Managed Installer rule collection, using Microsoft Endpoin
   </RuleCollection>
 </AppLockerPolicy>
 ```
-### Enable service enforcement in AppLocker policy
 
-Since many installation processes rely on services, it is typically necessary to enable tracking of services.
-Correct tracking of services requires the presence of at least one rule in the rule collection. So, a simple audit-only rule will suffice. The audit rule can be added to the policy created above, which specifies the rule collection of your managed installer.
-
-For example:
-
-```xml
-<RuleCollection Type="Dll" EnforcementMode="AuditOnly" >
-    <FilePathRule Id="86f235ad-3f7b-4121-bc95-ea8bde3a5db5" Name="Dummy Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
-      <Conditions>
-        <FilePathCondition Path="%OSDRIVE%\ThisWillBeBlocked.dll" />
-      </Conditions>
-    </FilePathRule>
-    <RuleCollectionExtensions>
-      <ThresholdExtensions>
-        <Services EnforcementMode="Enabled" />
-      </ThresholdExtensions>
-      <RedstoneExtensions>
-        <SystemApps Allow="Enabled"/>
-      </RedstoneExtensions>
-    </RuleCollectionExtensions>
-  </RuleCollection>
-  <RuleCollection Type="Exe" EnforcementMode="AuditOnly">
-    <FilePathRule Id="9420c496-046d-45ab-bd0e-455b2649e41e" Name="Dummy Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
-      <Conditions>
-        <FilePathCondition Path="%OSDRIVE%\ThisWillBeBlocked.exe" />
-      </Conditions>
-    </FilePathRule>
-    <RuleCollectionExtensions>
-      <ThresholdExtensions>
-        <Services EnforcementMode="Enabled" />
-      </ThresholdExtensions>
-      <RedstoneExtensions>
-        <SystemApps Allow="Enabled"/>
-      </RedstoneExtensions>
-    </RuleCollectionExtensions>
-  </RuleCollection>
-```
+>[!NOTE]
+>Since many installation processes rely on services, it is typically necessary to enable tracking of services. Correct tracking of services requires the presence of at least one rule in the rule collection. So, a simple audit-only rule will suffice. 
 
 ## Enable the managed installer option in WDAC policy
 
@@ -305,4 +269,4 @@ Once you've completed configuring your chosen Managed Installer, by specifying w
    ```powershell
    Get-AppLockerPolicy -Effective -Xml -ErrorVariable ev -ErrorAction SilentlyContinue
    ```
-   This command will show the raw XML to verify the individual rules that were set.
\ No newline at end of file
+   This command will show the raw XML to verify the individual rules that were set.

From 8b1ab25bec847805cf2ff3922905b8c02dcc5a4c Mon Sep 17 00:00:00 2001
From: Thomas Raya <v-thraya@microsoft.com>
Date: Tue, 19 Oct 2021 11:13:13 -0700
Subject: [PATCH 096/105] add new line

---
 .../identity-protection/hello-for-business/hello-faq.yml         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 48601dc7d6..3a019e09e4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -228,3 +228,4 @@ sections:
           
       - question: Does Windows Hello for Business work with Azure Active Directory Domain Services (Azure AD DS) clients?
         answer: | No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD is not available for it via Azure AD Connect. Hence, Windows Hello for Business does not work with Azure AD.
+

From ddb95ff7aa85393337d60e634fc4382885c56e7e Mon Sep 17 00:00:00 2001
From: Thomas Raya <v-thraya@microsoft.com>
Date: Tue, 19 Oct 2021 11:22:44 -0700
Subject: [PATCH 097/105] Update hello-faq.yml

---
 .../identity-protection/hello-for-business/hello-faq.yml       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 3a019e09e4..213b9c9999 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -227,5 +227,6 @@ sections:
           Windows Hello for Business is a feature of the Windows platform. At this time, Microsoft is not developing clients for other platforms.
           
       - question: Does Windows Hello for Business work with Azure Active Directory Domain Services (Azure AD DS) clients?
-        answer: | No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD is not available for it via Azure AD Connect. Hence, Windows Hello for Business does not work with Azure AD.
+        answer: | 
+          No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD is not available for it via Azure AD Connect. Hence, Windows Hello for Business does not work with Azure AD.
 

From 54632cda8321740c86d6ae8abe64bbfb8f18ddff Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 19 Oct 2021 11:50:01 -0700
Subject: [PATCH 098/105] Added white background for dark mode

There are other possible solutions to make this figure usable in dark mode, but changing the background from transparent to white was expedient. I also adjusted the border sizes around the figure.
---
 .../mdm/images/maa-attestation-flow.png       | Bin 81911 -> 82960 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/client-management/mdm/images/maa-attestation-flow.png b/windows/client-management/mdm/images/maa-attestation-flow.png
index 5bd288d0aeb9a5ae32344d19f58903e61da0db4f..ac91ff242ad81299da2ed826dafd4d2e29728109 100644
GIT binary patch
literal 82960
zcmeFZXH-*Lw?7>9D93`RC?H5tL{O>}ksceMbU}KRCS6MC&EpXZQUvK;q(cypme3S1
zAP7<;gn;xC2+}3AckLbJJZIc{|KINY^k(Qtva|MDbIvvAZ??60uCA&;dx-fE0)e2t
zt$6b;0zp%WKpf!v^8mQwIwx@oyd8X~sOO462-iXX_wZQg6Tn3px7#YWXvPoGpAcfw
zXg*CrAUF`WZ(h^#Oq?Z}yfj?#690jlrLe0LZmJB^qV4UKwc?o$k0M{{s1C1SH9PWh
zxe9Jtc7J}$GxH_ED(P^1@UsNsp`5$-jw8MIpLn6Ae{W|09GcJIE0JkG;~z?qWzJQl
z_jom~D}8AEzEbNYIAw1YHo225GMO0Hu26i!eOqQpYO)nQ;gdX>pR1kM11N-EfhQ^i
z=J!%RBT_Z5JO283=SCAP^&`^e&&oa2k36(z#ee;tadr$60C=T}{yjkbgm@hk&O-ed
z*m=xlAN8X;^Z!37RTBR@GBp<k`-ed}58pKO9PfMftiqQPl9>1CJ`)imC0{ncdi=P!
z^iR(=>V_lTweRKi*bd%8xQz_#NS*HvI$A&sQ2Yk(bsh4A%f2Tb+f!XdKWALMV)kU5
zpM^Ks^lQZharFm#9d+Xxby9+t6jIu-M_`^5L&8~j`1Xjuz44Vg1;=qP#rf|+ZU-^2
z(lDJwH`AVMYkWe#FuY_k{c}6rz{6UX_9S7v%gGJ3!@}-&q1T=esUZeW7hc^_br_+D
zS$5j_wkivT;xK|T7xEwPI794F$^-1B_6&dIZI`5~DUVpv05a`8X@tS?hFy~K^{-!G
zB9L*FfLxwAOvV0zul?~3J|mwLQf$0Z4i`!jvTWgnIQ*_VrmE|Q=o@2q!UI_(-&qlo
zb+J3@gO>2m$P0fDAZ-SId>{3SL1c8ycvb?T%4$>XWEzqZL{Jw&zMM=p=MrMlXB969
zrJ4qh@L6&7L!1WWHtZkpT!=$RU`qQwH=l*S9y#~FY(tmhJ@z1OJwz?|8eUz%JCD!G
zHAd}RWpy5Rc{$+g^K!sNAs@Te;!LE_-ngewuYd0T7-RXTCToAL-nsRHnqDf8>YQT-
zf(D<gPyh6sXn#W)k~3Ic%G>d}Ah7lQfuZM|l=D{Mj&nX?MLiS6x7{MwpdhFwzw$U`
zOkbfz-{1WbG>oriHK}4dt-fg0l}5O5Kg@h;aySc<EqlOx#?PPgndfqK3<jnj|D1B#
zKA$@|6uh#wV|)Q+=(*%HnjVvNPQWkGjy0+GuFQ^c;!d7ZL(kIADbl>()e?QGTq6u4
zS(x-08I8jl@g}yc5Ak}NgC?IE1Cms#LtA#X+qhBh4^?caE8t7D@``>^l)#p)DBDt@
z?7__@+9L%@+_fw^Lq=0Sw{?bgoDC^vl;Ooj_G$(l|IPMFe1|6gyg<WvBu*sf7xl-_
ziVM9*Z!aqt$xSS(`N#UR&NHNkJ{z>HT<nTGtwj~x*I2-#eoR|c&x$!ZF{wQ@l$;_G
zEP2j5FCzv;Rf(x6Xh?eP<~o{P#Dz53SvcA&by!2;rc>#1aVV9$YM^B|?8YWo{k)V3
zlU3uP*Sn8v<o{xw8Ccm3yOlYUmn6sjfrTxdt&dseUs%_&OmINkF(&=VKCCi5E?pD4
zejAMcCck&~8;jk%U&ZJ~;nv6cqKP(|yM^W}4p?)dUoDF>Q4x(=zS~0Cs5xWjKKtb@
z158Yyy!?^?f<uk8CVS#C=8CNB;^gsQ_A51AGb=@8JX<hnjkPsD6t%W#)iBlnb85WV
zkTjJUy+X6i(@R{Fiu<Kg;pZWpq6luf=daJ|8pis`3Z(dPqpN%*M`p&ED%V$;D#uHT
z{CC(JnpDcIjBywvy2crT`=qf#7o??K2Ik8m9-lBp3LDyoVX}}iXT^~>U)oo3IsOcB
z8Z(kNn|a2g%}<q|7{DFsr~eBFrhZ7Ltt!srAa%u)fxr(QcpZ5I{>pR{V2uz!xvu51
zmaL(v{|+#C0M?0D&uw;OZRj3+ZICyb(c?_@ueZ3z4%{(c=$RZD`S`r5CGaD*;^8?4
z6F>Cy8~_=z`7huU0I0)5s#(@;A;|e|^GagUo&+D}9;u(K?Oc?F96(Agtoeb<ArnRj
zWVIM!wPC84$Y021IFyE=l=&DM#HQ&aJbXADWlb=y^`G0mvBg7WN4O+czd(CQU~j51
zcTzUeNp__`d`W<6N7@Y)E~yUzZ}j4_6y-t7y1I_WUyc9-08idq5!fD`dHVp&hW>RO
z30+6kKMuoz<sly<jzN_N!eK+;BM?*^A^{<cE>4Rt3hcWx58g+>_ay;pFmV?eFbyt1
z0s#XKd>YAX|Ltl1%**Yu6`MbYm@zWEdYoN$Cn|K_>8(UPI^j7DL|uMg8F&3J_%}%R
zVnl?yO%H7s&H43`<xb`~VHI>~P?B+hkOWw%SpGU*6?ln$lyjIPkrfCxHvDLO1rWbL
z)uMe1*^x+%dtS%c0hT(^!9Ml#a@>iJ86a`MTd@IoWZ8RE+NbHEQMTQS{aa5dV3YB`
z98>czSK9P9aHSzEY`)U-CsIZARiqz?eLe##&<oWj+LNDv3srGqA!4v$QFW#dPy_EJ
z2jO2+n}Dyn_|m>oYW@UO{df?-#T?<`ehPmTdiK8@pM82TxF2!yLr>$9^KgR+E~;eb
zq|WxJTSHXKWtXM7%PuXfMdU$29Ev1<<Q^-n-ScO!Oa_=aQ`Vz&%O}ez`oC-$1QJZ%
zj1yU-qj7S<GXXpHeeH$YlW`TxkJFupOXnL_YPWGkj`$mKy+uC-caE`FOP}tc^N+A&
z<+oe!%YlX!{p|M`p*%f`>u+ams``ao-q#&Xv;8)!V@5`66JBH+J2+?2jilGEM`kAn
z2=)%`_{4QP4}Yl*2{TT9QL*fdM!D%Lt!(-@Zx_}a*J<C;$*)}-ZvEvn6kSvtO&=H;
zdde`E1mvLVjI0-Y0!}mTpsuV)3hZo1rF3^(`cA&VYJ|UA@M(l3*x2|4|8MXWNZNEX
z^z%p?-7xXn!8uPqoqpQF7_h8wxV|6<a89kX3VSR@jjeqbcmE!!`--7-v7@$PTjbWw
zD5xrfmyjzN|E#8FrB1a^q&eX6fsy2rHa@J<#a;HXBqpGZZ|2!lL9}u2ajK5!Ktn>d
z7bmg)txW|fO0}T|^L#g1k5~6}wn$R_*76<5CB91VSRTLZkg^mlbqF}5qJR0zp7Map
zXsnGZZp~!na7w6{$3TidYx&%BlD~})8MUm{qLN?^oKow*$k#71cgn9`8xEbXT|G>P
zi<e?otPbrdp9B74%dr8)S=rm6#7~;vaLMm05|8}t;7)(RA_AoghBg!-m-4eIMS;)%
z+fUUzJPu>x!-pR75Gs-EB`zf#PqzcX0=H{HdV+p0`_FV;kD+;s-#Qfm=@hB<2cc-9
z#N63zb-ltD#3YO4>1TN{=3^5C^RejmPn4~IW1Ql|crR9xy9~eqLXr=w3Z$iKP9Yub
z1E)!!*yap=Ih7S)O2;o3FGN=ii`TsJIQ=At^NnsP)#|!Ij7<H6_&-RFkQWUlmaGQ3
zs4J=?K#s+vu6h(kWz%B^D<6H-EpbrmA_%1Tr~h|=k@nJ&NL(%hp*#p+)g22$W3+Ln
z;mJ-W0UUb$iXZqRhhJ_-R(s#L+pn}h#mNbk2rq-|0Lxt0^CQUcJMH{fFPxeRV(8yL
zK+QM)XLrN?y`W}}4bNaT)pOwt1dwI;LK6^r%iV$XFt8O)Ppg6vir(`HpDx~D_%Hq@
z+|hSAu1YEJQF<`dZ(QR5Zo%eDnao}Z#SQ?khQF>qg07Q-XxPI#3b4S3+;MUvIqsqE
z(ms&jp6p#uSHpo!WX$Nm>p}3|0KQKeQ62Bw>tH}9GywRRaiarAUV_|*-VFwGp<}<(
zsBY4Q?^oK+yvh3?e9YJ2(hVq#As_F(mZYkBtn$a_l2B@rd`E>F%2KXl0CDET7&iLO
zYlkPdhti^nL<}|K<`KaI=Wj`MD_5>;`foV?N_==BcVB?1z?0>=ad%P&s1kwqFHrf<
z%150Q!yj<KN#9BDX?U!i-U@G6>J;!4W`>4WJC@79njq3R5~Ph&$s45xN-va~XkUM9
ziUyLRI`_c6z*pA=y14uaPyAT%f4L;^5{gWY8yZQoGpcT)3?(+yoX6!<6$~rSaEcGH
zah4ApCy}>Y49orN)q6VLML%O&Z!EaH7-#Yv<>Q}M_}dHt_h}wx{*toE>m}LSYwgin
zn==8)&z0n^GBX-)s2c8&0?q(Se{I7Wyt7ER(9sg9vGtuBpipsiO418xSa2Z-O9Q4J
z=5Gx=YPF-vA{&HZLH)QPpNq2F*qmoGJq#Wc4p~Zq-1C|BwfkFJwK2C@83#8BAo|UD
zro=v}uaH%$)n3auxiiD!ys{b4NbzBB%m3w+&Vy|Y>IL4xd|@R<pJo8XP`ei6ykKIj
zSva~_Tf20dwO}t<wz~tx-($;HvwhbPxSU;NghGE(XY>509uG#znw_4tfHN^56{+xD
zP$+DSV&8Fvkr;c}d3|i*-|0@C+?ED#5u1_hnI<@FV>aiTa((pXvc-WYDvF3+fXK=a
zaRT0k*LqSUJAGra^$nEYOk1*2#o)~a4Ve-Qs3GBA4p1tWNfj$?AT#MO;IGc-gr`9k
zLQadh(o4aFt!q`nsWSZ->gLJ3-<bsTqdv$=MllIjJbZWV)&7{)b;WH><DCh~737#Q
z*bNT6m(U*CZu~d-Vp6N0`hD2RKez2_e>}{uTzb?^()A;dA;_0E6bGR|b$9W0jUX<b
z)o0i3zJdx0O<k1gu$wQ@Az@*gUJWBpL+0Om`{i$x;zlTbG$MKCM48&tP+sHhC5)HE
z<XCP!l6wKXlWOKKojMPIF0Fj~a4oBytP}&IRZ3Wk_0V(P`Q*?FZwYzF8X0-Vb^H9G
z9h%E7T?KJ?C`>7$lo3G+`5w~J<zA+()}$iG*^Zi?U+J}46Ya6%oGebyS^P&?ykazB
zCC|OM_d5~-;UslK{x3>ruRlhKI87K)=|b!mf~p6|EBZ-iia|*Plstr(1|`?G#pHZ8
zx@lUrH_&q|=J-&RtxHhsVafwJng^#aMzUM-?7WXYe6QFu#TT0_he8jVPcky^RI$Rv
z4rCbs9@yiE#!3Y&Peb6eVR-y?7eH6wW!y+)uuymyV`h6putMAFiWs}ZJBg#(Wy>pK
zklF>kf&%PfvQn7X|KO6?`&>NO^Y%31K75Y;R_SnqTE+?A15ol3ln6w#<_gV1zRB#|
zULnzB%FN^jvm0py0{W@2dp)+L@gBz!E0PDN&z<{~3}n%rx+X#OPQy@*2t*Q>oRWOy
zYPRR*t+yrRqo6HX4g;?8?OKgZqOirV=8(4th`=dm_G@devdHbr>k#cfB}P9#x{g`s
zuwE3{bD#}4C-Ba}h;_Grp>Wi`ZFarH7lw2+Fs$D$?A7J*x_45#eGz(04$2Z>5@Y}*
zXAF?qeq#9EJ>qrTKsXI;4lH;5RE^*yWDCI4p*hIYfr^^^H(D8}`UjlC={@4eq^ugs
zdiP^^8H(M#QvHGnqd$<`ZR~!M=tM6O5Fv2R-%b4rYFVKu6K_7K9OrQn@npHTd2N(5
zwC#VX9W|D-q3Oj2C_zX<=_r(e#cc0Dilf{7&=&RP1IXq4^8bzpQ3DS6y64Z1Iqq}g
zC`jFSwJ*Ua5^{H`?I3h=o2zyj1W|{YU(0P8#OwOQUDhLwoYtCN=>F2m{ct+d#{vRB
zP?nbN-aBpl7a7PX6kF!>vRuvYm>`=3cKOUwR$F7+9LwKCh?>)#&9q3oo69~S#hO*d
z`G(Dpm1wreDh7{q^h2uCD+U>3svU@q4ycG<^T_)_c`_|>Ibdd>crq8|H{V}$F-jj+
zu_Whl1fuTiM)l58%fgCNKtN-==HXhCSXuhxMWUZK0hLDO5FZ>|l9hX=KwgMA&|$zm
z<iz4OKTviS(kQIAF?GpKlo3dX5FjN&vnE7i3KIG%{chmfeclywg-WA#iYNUSn)<H(
zD4iET`9fOsRU!$91_T3$$N3tQs4qZy)W+92@Aug;SssOd2S#KBvPYq*-%MJ{wcKy0
z(3k+fB8cFZuVP?GJ;!Octd2(F%XhHAT>;Y=fas=7Rj9?SpOo@i_TyWJ6GMb)z)cUF
zpsFzf@!|n6=7p?)pLr0|a^(J+BEdqv!^QLcHJ1lvSFTlgj?Id(4t|7`$MoAYBul_Q
z(*?*B+~>Z%CXiTQ8s8;`vjn0KR_;mNq3%oy2pwRm#&9SskZ_<GP#kz8cn%Puy{i)f
z1ul5R$zYgZrVGCa4!kc6C%#MveqR_-a`%A5?Cv<k0av8&0Q^Mafkvsb$;Ux5d@TR_
zf~=r&%JX&2$@~7p1D)+`07w8+mmylsEx|wp5%^Dd+1D{7cj#8j--Iz8q0VIq>QpeL
zOnflksmhS*s(|3<aWfBS^B_`>>|RjwfTBrtt>2UmpM~jr@tYhW-<PnwU)-n4o2N!U
z+z-DRvap&%2dRF{-g$`D$yHkFQi4F2zk;eZ0{J(*yGU8E)V?WD`cY2Vfr>fHWl+hy
z3vUdf`^<Jagxfq-p$%IF6AdVRoHSQ(Mg;LsK=WMkp%Oh*d<xvto!f<(b$hW7>0Idu
z5&V@7x(fJ2ELy#W5GMT8S@Ajq*b&4nDhHiFbC{5Tt<(op4m!{MzR=|60m+RQSQd4}
z5qQgyf)J_M_nNBRchY3FI}<>-Z0DT-Rl>rkyof_p#K3I`$Cd=r3bcXF3VB9cTLqYJ
z+%?P(OU@Qd0!-&Rf0L|kU$N-tDhBsj&#`>!1UGLQ#sK#O$aVW=Or75rpQ-&t-e<Bw
z?(~HA#`G#sQm{qu07CMi+!Z!`UwajlVBOiF-#p<?7LPP+r-96)pTS%_r{Hg<6$MaN
z45S?g+TkSNqq>3bN@Zrb-;9CNYEi^s)!G+q!eAN9+x1RbI@x4U?RywP(U=f})u!${
zkY3z_Q+Fc@i=PgR<sI3eL)4QBBIj|0ELmL!_y5%2z&-a3A*t^(1J;LsDV$<*)f(Q0
zBTTTr+?ORgI|$s^O}<*kHGnehmDj=OR2`^j1zvhNAr}j49X;k!U=2n}0J{S_?ODpP
zVQQ&VCFEyyaVqp#Mx6oN))_a2*Sf*wMI=9aNQ5kz=hZKtSNFXVl(Xhf1ob~{56GBy
zNTKv5_~pM9pZ8lLXO<IxPKf|ie+z1bV<13yi}ru*6$0;sx*@Dpm(C0LG#Ld^_5?2G
zh6oo@c{mviK`G*g9IQ8iBUC^~@Welk;&*;mY}v=N)Gr6ioWlg@7r>%73>HJBe&$tv
zGmkS;rOw^o?yme+>Gv2$1xjm$3p54_I{s5qV^C8CfiTLZ!+JOpjva3)By0hP<%&KA
zt{x!d+Lr2n!TyQpTp1Lfcl0K}{^_lFj9M+oeboF&U!Z2rSK}=d*3J;d^<vQQU_usL
zCl>=aMci8bxEyC`=F!0Ys2nDv6aE>H8|Zrwf-?@O-v-2UfXWMKC{ZnnhYiNJ@T0#i
z>SPQ&g*Lzhp+HEz8}at9*MC{*;w32RI|T3yyh*sg+cOmkj0Rl%2&2sd>TmlwA^QlN
zfbBzFovL%C)Ngw+5KZ6dVR7;tH-k*P9uy718<z#FSoNT|1ASYCocf$5JKtegY*OV;
z#~=_C3Wp~W;(+(elnJ&I(>kC^7bet_g4dt8D#`hb)lF2`ZG8GxYOWa?1=g$k4C|dK
zl8Pz6(!(2dFx3a1z&r#!gLn^wg^H*<1_OIwF@!USy6`R{pa~fVFBbR=CPe)x%!BD^
zSg24h4N(2{E3knu5CXv9pQ;YiiZp;lpnej*A=Ug}unz;$awJT`R6J}Y;f(NH@6N%u
zeN}^R<2dyZ(m={JSUPV%!=x8OxClD=k+WpT2xkXsu0e)`gd!O5HUZ0sgP*#tlQ9Sp
zpqK=N9vLYzE~c&nK$T}fV1fG#M)Mq|a^Qg`KvRI!2vIK0Z}R&r0JwyPr%Pp_PInBZ
z+zpf-z|ALLz{d9e+?Z9Ws3eIU@q*kZH+ZUitB?iMz7dCR!_Mb6e%uHQMj%CKcnwCH
zG}i=CE(*S#!+ziGhKy!@0#-~broaqSz^lCk?gcqX-DIjmLP*~Gx3|ChT_#}0@Hf*!
z-(T`V@xmSJf7@T(F(LFBaGmMTf64v7xZAh4VNQ;m#LodjnCxLLO--u-M(KTHUAX-n
zMtvSZSV}@aVD2ANj~*PMg>~RFRsD}}!B#a+-J76zNUc&0;T=JkK`M^agUSbx9FCuV
zJj)oCSe;o917NruaHrs<0!LHo(l7~uSKy@@fe!;eO@+fMGDcnM>ppm?br8XT-|_?D
zrD~~5T@->slT^81-@Hj<8;~oHenONgcX*aW5dRah#JiyG1a5752JatK_y^xCX8)g_
zI@Omtr{4$$3Xga}RDww5jk?2SWo32l+<jkP>CCJwSM)RgoT1f{l9D2)p_)YAy*%Qu
zki1>tkn^!wPwqXXol8-72FJtG^qZQ0czu6F6TQ9j?VE0B6yit_1i>JdkCCk8l%4(|
zyBmW(<cC6zOWFncrL(nL&o9T$NO^JEPnwB{i<k2aBqt`meE$6T8Q#52e6aPnS(!>!
z@<x3wK3eP!t){G^(l{_+IG8bM>*y$ODeA?F;)60d%Tn18V>QO}M+$Rta$@7-ZGZNC
zFTw2C65gz0UB30u42+JBI?T(7i{qD_iugo*s#QZ1til{t)-3clZt3-2lt|wEF<c+l
zO(T>KoVj5aacksN35;|n4rE43^~v-Wn9W_k?QVW+s_DgpYPk%*t!8-wM;?Cf3kN_(
zvhQMZsKPbIIS)LCy9+l~oAX6Ec}rAGtdy^N)`CAGEGK4lrHaL&(9t;WUO^HQJ9`*+
zvgezuA)=)*cR(S+q6H3I(PBbL1H7o8KZcd1P{E(Y#IP|FE8JO`nfCiQ&iS)RqL$(w
z{`_I4$u8`^`E#L4iRZOBE|h;`J}PKSL_{RV9XIJ0G8GpW$Hc;-v{k{^FUeKD5ve9y
z`DSuoYAL0SOd*r?t;@*(hD@12YYwUX35OefM8o#LlTc)iix2wK+}u3JqeaMbVq)U%
zwC<gt{YdBK63rq#9n16~%VyPfFn70X<bf!3*Rq>bZWTQ)lvOE1L^hB96gM|F%XZbO
zR8_~&Yd}kpZBMS&TIrjDuCcMPPUmsgKU3vwlL#ITLrhL76jPg*UN;*yb6ksDH{b}p
z?km%`aBNR@Q$OS1Up{?oYi+%marg9#R3CSDcfEJQQc?-#VvYB9ZaFq^C;8d<z9R7O
zeeI)deBJ9jq?j(yWHtP)p`k%6t->@%ifG>g^v9AL2MREBE7^<QUsNyHbFWK@6%6?_
zqc_G#%WryC(K}ux8l!+)85*Lcepdeyg>Uavn32?#Mi9)7m|C`U@+<*Ibh-ASfU&eo
zF9g-5JV#b47X3C>8<&^e>P^dgUkOjG&Jh@UY*EuGg4`?wtjB!uj_PR3_xB(7rVcP0
zm8BZ-Xm89q_L|+n0CS4*S36pN@Zp!Y61mcS`;$NMkjLgH#^%X<D$2??OZ6ST5o;ne
z25%W>@oit(o9eTY-b#%%6yj<@N|ne9y7^6?)SnKBZLH4OF}a0>gwWpls^Sy!F*AzH
z(k%G+X{pFDT}NNvsyu;FP-Aeu_2apyLKL^!tp4=4RK&28F?XP{nwm+;mC}RPs(BVA
zEf>m<BdS5>e?rY~WeIOsz5(*@8W@}Q-EP{Fi{DRdeieG8aBRC{ic*<$>2u5iayud|
zD(C1)js7l$3l}a#KluQ5ns?@|K<9JwFMpAZPx>WoZtYc<2EHL0<)P5fS&FrT;q5W9
z$;f)B#t-j%(PsIan2kGMhQ#72L~-<Hb<`)GAMY`*BWr_$k5$PoG|=NW^YITcO{CWY
zbctsUsq;0zlR5|CXI<Sf7j99?-QoleS733OnVE0y<}~Eq%ZuL1)4IeO@IgXc+~bQm
zRty;3tORp)m@2so-6lU@p0L(G?TTLZ>I&byUV#^M?K-oruW3*sPwFN0bFGD06~_4%
z0MJNQLp&(mvYSu8o0I?GyzQJAvrGUsAj!5=#@i@m%=NvGT2lVKl2XM{-IftuvO6ut
zt6*%>aq)as{Zl&e0d8%KYBM6wgj=UnvQ69Nh{vVML1L9LcF4%asU>P#7TuG$>TT^M
zeV$9|l@x2v(4ECU3XQQzfb9)0ezFyF($zk@t45h97Z)Dn<({X+6(X_poxykDnP1;U
zA#XMm2LK$-k-?9RStx`hBqml(6n)tS8eZ;;?(6G2RhzZ2uuwM7sppzCk8*ckjh~!f
zsV>XqE|{FtUM#g`c8GB-?H6b!^gAp$mfaBCxa;E6&4z!#%DhE#3$R_**PGo}jn;`K
zyiFLzbok6KuP_(f<F*?lIY;*t4a_<xp|9nwkS*C~S6owxBzM<YxAYkERJ`ANBIf+i
z+8uwL^LXAlhd$COdD1(}Px@`?fgW4ZTu<}RrGodA>cpyoNI!e74NL6g%xWx9y&i*R
z*&|5*<eiPKo}I0L$>=Sg?Rn4(0cBex&do(Ue74sCA0;d<&KPwkBaa*fP$xRcE=2Mz
zW{z3ao$^-fgb&bwPoF+XlF!G-#n}+nqZ^s6&W5}iw{eW&PVp_y3Pl$c6(wWUfKS8W
zIputRKE$!UuXYRQS$(AHh8<eHZ)=-N!ULEjRf@b%SbHsfR7z%0Qo=t{Y-LFojhc1G
z94J^N8e^GtBtz0VtdUtbRdH{b1KP!56I_K3dV*mqs!N{PF$0WUhFMXeBdXgDT7PSd
zi-m;FRmn#)dL<#6o<i;z*#}Uzj^n{H*8+gSV!^&Jb~!eHnb?WoNkCw>b{=hthl`7g
zp1K>r{Lp<J`8DBaKbs-NEym2|HAxW>dQDAD6;it`ZAtim0I|y71)IODG%=?CGAvBc
z?|8ByR({lbjZ7r;H1)|7a<;`-_9rA&sixCkwYBSNmQ~Nuy6^3cA@!5iimcjYWMyk+
zg%5lg#C3Ofi_O=TU70Jpg&j?Q1;iV4P1}LUTpiO-675$_l14{TC|-PP#RramS&M-n
zZ+3RJSdxUlR4Ldk=a><Z!h1aBjMP&)_E1>)<V)Jg{qsQ-L_x>4hE!h~(OLVXmt)H_
z-(IP?(KHhXDhjTZr#x+5Q6l|a^XB5BB+y(zLU|~=TylTWAIMdx!U(FV8KxUhnPR(V
z?+*|>ctwL&&{y4>kg@6KCl$EdMJ`E8$QDN~q=c}QbV~MD%a;^I6GM5`db`k>6v_DN
zc0T+&o#r)N!7p>2<W=`}DG3QZR(AIJ2lh7U7=jGCr)kJ>m7qG4M=XpiwHJK>fT6=S
zVA^tHburn;E6IxRrq5jJH1E)t(f(;%(ZHOK%`$V+_6%vo<!H67_<an1$nHy-b>1Xt
z{Bn=2^QWl7<?Y+VszPbJRNkmrMtU)!AfT|eE0PrLJ6MH_(#a!MmkSqYilg?a3$*WS
zP20)G;r&6RrhXpWS~oB-AZDb|)z#&I)rnx${PO7q+QPzX%QZACEUUAq>%r@X*rWB+
z)6*FO#beoD`dzImgY>?YI}M4keoL~C8S_y|$NJyDe-8K+ss5VgwolJi(|;z!B_`VU
zuj3#1NqPa?Vy363XGI05K%nnmAYXUEq*jB*S|y#50)mz3mGe$1U^rIAn-~@W!hm%B
zf-8pQV6RID+T&SkLsp~Q7p0?dIGlk$gIK>#7u){iAo&ecHBejKQrmm@Qt|$PggFth
zFTkR326QD=c<f8ujlz_D&81|NvY*~-%OnhI#!+NZw<MON5Qmq<!o|QBH=C;WHY0Nr
z)U&$+(J|`6>xLm8$Boa|+5>84dBPK8W1j(?3Np!EH3v%XD+qBL(`w@o<DZa}<iPU%
z3Z^;*uj-UV^e4>SK3kov)!E{&<pkW`T<ow_dAZcJ3=QPq3{wk97hP}->ku!UmYRLG
z6}W6dsT6<#9lVg*0kb5>1gj5ruR_PqeRi!bkz|XQzZe|;p3weCp1b!*{WE*gA4oYk
z(Nwp%PCli0;4abE=9^7j-;@NwZ#ZeQSTc{K>Au9ZR^zw9TodD;Z^q!=C!pts_pr+_
zu@4IiW1MJNP%RH|!7g`R8_G3s<l>IXcjGrey)BRUB$gbxC>iZz^!Oa1+{r{MugC7M
zrne9nXkFr;j~tN0$^_{MYgjOiR}WgsvPGoqoBL}mDp6O{>Xu>FwfR&UQ?GAELqwy)
zSg3}LWCLZc)O_as)<ic0uG(YL?z6gGUtJ+c33LM?Vx~#Fnu<z>><Oti&Vks@@cb0J
z*e7G|r&(BnZA<%q)aaq`YX;&dK(Zi#(O|Az?=wX#a!>tWwGWnDm2Z+&Sy>rsM_%@C
z#!q$cqm%yHF$$DI%INW!-SW~2n(BD4TOinqO-QhlEc3Rqx&Y$yuF$Qq?Y<UkwZ#(j
zP)ey~#F}@^x@T-`tnO-!wUrfwywg4=&CkUwwS!QXK5qYkyaJWaw&p>BKKfIvg6|1$
zITzEVPCt;C6kix4t78TCgZqRx?iO|^j#`;mWiIUZ;cQk-egARETMuo<z>E?QJIu4u
zV>FbVd@X!pV~Xp&175?RT`ai8gOAY&6y)^25id=Zu~J&R3zZlDPPE#yb4NCPDf-ip
zW&Jx<#7UF6e&B4SMkeuO2B<)>#WCiX8rhM$bq3#WFY2D2!d+`B=u&Rfr!d%y)*C<@
zNaT?zZ$ZeAAynOZtpy|_XXN~)Ls_Mw`!^IFv$T^6L;h;ePS<Uz>b1GJQDn$a`p(DJ
zb|#+O3XnE56R|9;UGdDQ*3zsRyVO9h#^+P}Wza`FrNgV`{s!%c<Q{e76;KUoe@xc@
zW`v~!o7`_0iG5^&chF9=sCLJ9D7z1d9*SZ%I_wrZ=FHzYW_RIn*0Wg*$qq#AP)syj
z|5Rz{nv|H>DG=Z)&2#ZLBeA{flHj|mtE<wEZJ|kF3jVBMr&#-v)&%L$T75&q&3e*|
zWM5!$UXrx7;Ci_VLyTJUopk-KKjVYTRJUSR_aPU0K9c3O>P?K?iDZ!Qh7@i!O2Ku8
zx2jFVN2=GGK>z~$namEUY(pSSNX$;J(2OA-)rVJdch2fFG9gI{xV|&eJUmkpvDxVd
zROKkU>=}r@9p-BP@<*iES^M^lhb832;)|n2hF3y*dGbaT0((sAYX+NZjUoaF=kZw`
z2ib2$_f8U03+WN#rFOW?s~~z+NX7(QoJ}^l$_RQkEHpK%MrNRn6V80r<0IIav-|2D
z>${)b54*&EzFA-c1P3nDJKR!voze@beJfrdYcY3mDYgmJy%}|9Jbudqq`nupxf6mu
z5e*GQC4_6}LEd;-N{aVk#ydlk82{S`=JZr)6}RW^vNW1RO2?%)rF5(W(7kmC?>!j!
z;T}6&c|CVu@7r#DkVoXK$Mtl<^DIvqy$nT4dYTsf!!D_fZXNxMQedeL>u3DZEEv}%
zy}(gf*o(2|zHs3V>aQE=^h#FN*5=;clE8OrZ#HfMcTqg2e)tQNWwCLWn)(5^o{lG5
z|J2la?7~O)*m$+w;^_nZpkYegE&X}n+y3ZY{~@lO-iwRR*+TrwGmM-x@HzI8e<PX(
zfuHr9$x8_X-7e!RpEseV8z{ZWL*<>X^k+Si9BaZ`(>XH%p<^*4HYQzHg1@?{V_txO
zdK4FC?LTtO#e|;}^Eu>ts_0tC*b+Y3hw6t4r;p8F(G?_NvTW2t$BS?Klf|WM(v1Z<
zzih1NiTuf}@Y<#t+cD1^QK(}OIp)o<e)GAiTD;-&H~EqDB8VxiISdixJa+iGD^S&A
zDmr{4K$K-`VCHbMMJfnn?iS`5=e-(lCdsaGy3I^%wSD<wBw{S{X2&izO8$d<FE`uy
zQ|m3;j<4q^B_XP^Ht!4RFxMoaTk<uI^-Z~^C2Wa!6{|MvSkJeOreo%Pc52(>Zi)22
z(rpOk5;A>Uw{hS~+2dQYZyiTO!^)h^xhrja5=7U^a^@7gmnu+{maWorC?}`+LKT8S
zSA)2cQ+#6||4R>~=Z6Cp=KG4z|8b(fyyFT<qE_zRvt!p=6<tLMq;=0Jv&*e<OK~D1
z)<3Eym)0e*C*`F}Rg&7mRfXp~+oQYECfwG%W+W_YwhKg9y7)f~-xNn>vU4MljtR`}
zO6TAnMfkDnjz*H-2Z8T@Nl?LG8+EG?E6ptQU&#waZ%Frb(>)liuBFF$V9=RbXKrvS
zuU&J!RO9(jqVI%s8`oHWsh!T<6!R__v?{tj9$h?MDoxM*R}T>jlKhu8^<UzY8Q-XQ
zu*J75xnl5o!nJ?9<XmKm$+N+%k#0(yipW}8NDg+>ePcNzo3uUh&0b}#KR+kOdA8-y
z^uxpv3C2B$hZiI3$<0I}y_xtUsC*iz)I1&Tv$MSgR>r?)kHyj7k)=$fGx{N_L2Oa+
zc<A{<&R5@^ZB=|$XDhSQKj+XfW?_kO<auSB$D%{q+GV%T%0~LCz6;;)+BqA4c4M!~
zdK}j)nxgvVEWUekE?LIsz2AoW=^*D1?Pw#cz|X#FACG|#quqijvwbDp<jFBI5errp
zI34t=Bkkdp>S*o;LR7*_+*}ckO^V&!guE(n>W$H7x3k~IYi5gl*2p#{)+iK8q&GTy
zI@8oJ7u`~w(rO{g-r^=ZSR&SS{&bchc}RHrM`Ka*g*LOU>UPP~qFI!ymWvw<2##vF
zK!-rS8ORZ+ySTEl5;Oa!&-VJH^^px*TicOs)AbgU?ZsQ=rGVs~?(RgoE8GDU#wI3m
zlShmD`}+?&n%m;uMP`x>Fh95Nbg_>r?XS+c8l)O)V^~3NA|2~JusYkvSudnzVBk{|
zO`%X)WQQ~z2xShrIXRW7pPIvV#x{frI6shB$I#+3+0vWs5_)@k+kP^sdaz%RW9w{e
zA9f2cwBj@{ZlTXS{Itwz$bb8C($Bv-fEX<Z?sr!u);*PJl>}E3D+hdf)5B!FJIcVm
zNbF2DZ^ZegWMT%~BKu;=RT2yONxq3$hgaymwpu66<JxdiU4}Ex?)R71l&vTqyT;qh
zKvBX~`hn`Wb3Daq&Mi(B6f5lMAFV~A3Mg%ZS8mrHtzsXjyiPZ#pEPm^6fF^NALr9n
zTGJ<jRAdSW$>ln`yd&VOAK|b_(;pN0AZA|KELSuAGf?Q^>XSoT)mlVIG!@-TpK|DY
zvkq%#w8*W|(>|T3cN?A>XWO|+#$|-wtGdvun{rVxKQAw#tp3U?R}Bp6!i7tK{YaIy
z#$<~FOCm|_qkU>sCZ93gOCp0?S5I|A^6WR4)-<AD>l1qU_v-kvxr82uZN4(rdvk_F
zVl7-iW6ANWOl`}U+hsS~Od^fQEgH?QKaYx{;?*%p^?ML;4ldvLw<M>M|HN{mq2eot
z`1o?g;z3Y|$So+iXJkaomwlJ?r@Ixs6`4>jI81lVI@eiNR=prEPbpg}yR1yR%%NR(
z&6oW~ma>Oo;u%eS9UaEC%Xv9DuN(+A>wA_PM%fF2@o<TL^057;rKy<?z8L+`1X{6e
zjWNeqw<ouR3aTxaUam~GK<&-aFRO~?Ru&KP%dPZ%WjW&cWx`8jq2^R!pR^oza)N45
zT$n87!2pWOJ0**ZYsR_cy2$`l2bIULi$}VW=tlHZFGShe*-dU4Myuj365ECmfwMx#
z-2>+63Tqy`UT54H=7$Tjh|14xCrV38%idP_19hK`k7ve~mGu_sgD(P=^Zot$K0q^F
z`*9#j&a9rR98`USvlyvSt*&*gPFZq3Vl7M<m0a<>K#5fzl<nA3U1N^*w7<ZfcXRb}
z%p|VcVbrfmVC9?IT6~gkwGwf=do-d66e2=Bjb<*#wMaa$l_?<#4C3yWg$-LY`}4Q2
zGAR??uM~cnZgVY>m^XHm6RAEBu`+niz(8tr$+c`FmUOwM+shu~J>lYbXSpb`WvQ)f
za?-OMM=~p$tj}5V6DVB2*?wc8N=^9+amhS0#bP_*d}L_X-<6vQG>E{;pS@jKvvix&
z+lT#YR+e+LVxVIerfjFnlDOs`BZL~aw>AWslai(`I?X6rsKy~&dH@s&PJLI!70txT
zX{OLENxWf21RhlDEzM24m>M)ux89-)w*#AK^|0VLud-OetFMSa*UV79lrU7~tC~zS
zPNj|(q4?yvPy+Q_!$5uf0HRpi&u=TSY^XLMAmY-Vz*cdwugUOufEKRXYZhp0Iz*kl
zaz3GY?Kwd}zuae%k?tMbi4T7Q+FxTYacn+(<nP`XjY+q^_BEk2+aLR$<`JJ8tls!b
zZU}`px|sV1A~0Bm7Rz-UKD40sOssN`MQM(mt<t1q+XdP16vs`n8}T`$;CXqjnTm*}
zW16*yhRVz0bN!{Hzf>K!J@z8P+b)C&r%)So982IJM3Ze7%7QyLGgBUbVvL>-1Hug*
z?6Da02vkvV>zAJ@`<WCJ6j;hQB9Navi_t58y)%$x^rVMLh<gh9yv6-x4utoh7ok_k
zsBd79hrvkhJ%jKZa-$atm#U%k6dM1q-V5%&0QYDR;WD5L6|U(%KUgrC5?~x5z*H(}
zcK`KyLHXdFceIEYp~{4qSL2nIi^3dk&ifF;#0>d3r<_Y2y{L>FxKWBc19uC-Hiwt|
z+9_#j-vs!%Ul&gPzEF1_Zt@_#LGu>e0bZFO;0_;$4B(x5CFUC3L<^VwJ#XMus)TbC
z;La5ob)MSBLC#PcLf}e?+goRKg@ho1Ke2hd!S{^rDZ`!itKbO^>a2=;sph!!c=yU1
zZjye_*OTfuT)%Hx(vc0*`0sJ`W6+{cpjIlP@6qpp4-s&^7tu!TA%Wk{e4-NVwM(Mc
zb$Gp2>ghT#M5vv5RH&5=Zlr-L;n%6BG@esCT;NJ40t&(r$JpTp82H2yLiLrgr+04(
z3Kcy%^PuY(JW^=??)3@k^qb7PSI)wXF6h`f{Nfm;s<X>KbA6a11F0j?y95+d32^ym
z+FS6nf%dziw#dmL5__T=bJ3SBK%o{=es}AN&%m9oaFtytoLR6i%43e-Yy046V(sjQ
zB;NNKxi<~)QJL?AA@2Nts{u093~sAi2=7w+^fG+HC~o(8Wh!aH2Y&MxxI`t*ZI?7t
zeORCzth=fcOKr4w9^AdDf-2By=<zT3g}hD`=-2&b9w^JA+`Jd?>4EQ8e^Y`ep>A%g
z`0f?g)&Cb;7Su*DH2dv(xKsFWcT*4w)b&+&Rp&d;M`(l2)9;e#MYVwQ`~JD209$}n
z@GjAx;Z{6{#%}>4?uNpR%x5uDJrKe|uexrI4JjXjz|0SLqXKV&<7@CMP_z+NSLLU>
z^XbD!7wRl_=M&xw>o^h|DWcvK{s>l<CZm6bFqnY}k>p+N315JBBwXtE{v#|xI71#w
z_KUh*`(|XMmp_wxA7VC;kJ`)!6Lavw+sq-gyJbzb{|WVMAp9}Nz4IPrWOIlY;6a`J
zu7x)p%!eBG;jFu>jh%r_+CpG=qa@&SYaC1e+~fs!)|<}kav^jO?zK#VhnuL3A~NB#
z1mVflc}btE!T_D{-vs~zOb@^lC_*QxsIOyB|63ltz~igGMjX5kcfbDur#e0vJ$!CZ
zW*~F?zDYr!hm(gKs0exyIuOR;vn!0cGewXKs@vR^ao~A)vcQsEuIu)|5c&@oA!w*F
zt=t`An*5bWYg$IxXBP5O;Z%s;i%<5A_si}_7bvzyTlT&9G`Le_??ntc<m-6qr{Sd^
zDH~2{L!9-BE7gd=v0X(C^a6)gO^YA2-VNZ$uR-c=J$eQvOq!#cRt``!+IMz^?x|&5
z=BENzeAu_33m=ozm5XU_2c3M`S8Unz-XY5Kh!?E^+il}fLmuPs$-6b}T4_V+w{AH)
z=xSuYD3<0onCdEasjXrYxut+WoY?)-28fF;IT{ncR3P{B-tX_)wo~;b<yXjY8mtZn
zvkSy|2;-gVtzRoFv&HT0gf2ZfqG?vIrC58k)Ve*I5Is;lUgqFs(c)yFA7O1%gnvC0
zYOC>F?Vi$B|2saD76wY`dp<Q@hDq*WwtYyKUBM$?0Ktb>ztK?QPcpZamCD5r9?o8$
z%|37=8k3$WdHrsfrESB*42<&ah@rCa^7O@)PTSfvm%_0U2Zx$Bii9iCw)MH^`1#ks
z5X3(sbOYywIF?XrG^n4|XXhk3v$~Q-ncvZt(qs&-?VAgKC1L(Srud#c?tRlUTZfu7
zt|yMfs+yYyyuqdZ_g=kNB<2VlM;_fZ$w1MY-)JqO$sbaWiXXLUAC^rbAIz1pnjv1k
zv8O)iZ;jFEdMATR8p<q(9Zu;-=SKf5HSgL>eCPitn*VJJOWo!_bcq6p<M2bR(x8^B
z&-SpAd!`4&+iKYD=}uR65e@BeTDG@PDn;)db4=ET-s$3<c%s@9*f_uKvEbe{wWebL
zd~>YzI)fE3pfT!$$`s6A%~qNZy_ogaoRXgDt<nxByQ0$?UwWTlsxgK-1s7FOdWhm<
zzd;UR!SvD5bbE#7djFDqq5pzyx&B{eg9kBxmI;2~G#J;uY4GCh3*Q@b1MhE&+Z(37
z5dIXmPmy{Q2{N-Lbzql?9=WbsK0{MIg@aStO5FvKX62t~MS3hPU+$I4eB!QUaL9pJ
znxo8K?eJV%piK>|FMQ^o^(+3X9h*io#|JHsQdC)OSbGSgnfm6Aw`e)RgnXK1m-3&X
z1>e6Po!L)mDo}c#`G%v%a!(WW<P$_uIOIB8zigL#uhj1|vSoXgZPuWk7nRJ}OnX~^
z5Ph*Z!*wUhUQhU>$Pv9Vi_<~*ueH4{-?)2=FP|mY!C^@EP1wNQw9l5nxc|c%^ro6I
z+G3*nyT6{f8qoJxO6P&nz2{|UUKKM-q_^z@=1%bx2RzC8u_S|wjnFNULqdda8CMG5
zy1fCHm9nLy!G6bPbHy@0fr02F>s6VC0yk=;V>XjrFRyv>WX5tm`FQzBdbE9uc7xE#
z_bN~9Z&>5_pIBb9S2T-b7BPCkBgQ&&N?TW)QK>wiw^PB<=nabZ#ofC!fvx|TtKLf#
z_EB7^d+79rU`h|K3a7W%SM?N$fMNF<hn%KRn@2V|1DvPgqc=0Pv?H>_f_-xhN4jPj
z{rLq}a;^^X7vi*%!9P4#Id6?=e=%RkQwN|C%uJyV9-e>mX!xD#%HQ4HGMTH%sn?@L
zkBM|My#8ci+bSexRdJ?ft+uS;#Z>ft141w3bR@fO&aDiur7|Z(-1A*%cljf|^^pn7
znWH2ejpRxR-ltoLd^dQ`**C>s?^4-){i)*j19mnxMFu*BmwHu5FG{n!^BOa}E(yl%
z1eQDTye%7aPMV{gP7>kt#yV*2t3NIlddII!X-`+i!WzvRDH|`o{Dk29lr1A(R6DKG
znIZPT)?2%7KqBZJOC@<-9J|u4meM<{5fkqacK>JyY4vmOUfwrPG7HANq8S(}O2=QE
zb0DbaqIeIz&+eXV@{de&;>nM6sQ2FJes(mGNqt^XnSV4$l3#OQrh@7dC4WMvnAdR!
zgK2!dRE*u|%>AdUe{e+pgJhw=VYsOHv{!7ePm6eOwN@CjT^5@_dK6#GX$5C;hC0v1
zWHdfulc{oj(u?M4ow__A^Z0BvK{B7cwl}>uR3j-g)|NKqa1}qzYWdd}4-ASjhA=j-
z$U|jX`)j)MUmg9ANF6anmhbhk4S2de*LQ_A*t7dSSAeKj&Z!<@k<3de86<pE_C&mk
zk%wi@fWRcqx4nFLAv?52{H;k%N1lhlQ`809+>5il;c)|~DiuPnB<C9vqhi3%4^jPP
zUS@Zl*pU;v(1%D=_!eT{)p<EL;ODpvtNr1bFR2FCIK9$bYgoJPaORFXD(Ubq<xTWI
z!T4#$y*Qj`G9+d6@<6)x9C6RqcVtZ4kz331$Qd!27w4V-@O^cvi@`)|&5@@&VEZd`
z6oXf!I{_iQ8<8QtpL;2+aOK;McHuUey8z@Wy*avzpNts$E*A*D>DRhHm0r%*v8r<T
z{riCw&=1q%Zhx6g{^D5O{k2fjOq2T@TgZh4rTr}h@5qKcGONgpEBB($&$;ihVB1B{
zIxbe5Gu<7TXFobxB+kp?Gv{kN3nrgNGQN-2y<D(#^F6vDW2nzKZNt&<T$i#j&ZUg$
zuzcxGfvn$XpSxJ-X>aj}s-u+s+FIp|jmtFbx|wu?hOb@|{s@ONlBJ0S96KJgTHb?$
zPg*h52Z^j6X-qWzVg4aI`KNQRu{~Rl5~pM1%gU!;Edfw2@)z*9P1Bd_WKU2UZ)b~c
z0BDeL%{EYz#iMW3XG$s;e!T4|T~+K>EuOzoD9|zKZys{Ux0%#Q6Mh;BJE$uv30A*l
zH1<5(lK}xDB2a>3RvshSBazANKaelua9ph4)ui0(5o?cFO>7z8(zJ)8NiNG3KE>-%
zmDU#0xfmVn^8AM6GUZuLiB<Cb+ZDv9qHx>j%9Skk%IhpTj9kMEdn^tC8P-*KZZ6<f
zq6&R)MJ#_jEcpA6%rKY|9p6Uk49(&3{@?O%oDI{Ttk^DVFVnL8yR>wmKya{DAD_>w
zayP27z*^{SN^NHbJKJn$N2-CfO4!><lzU8{25};6YH1DKEhEl%TQv>Q31x4l#>z)4
zJ!ZdM6Q>5$dO>8zx19l1p4vl$Lpd?>1I$+pT`>ivRyTXRG`8A8Eh*pTS|YU0Ua*@#
zjo<M~GolHloBo=eBjD<2v?fdFMR}RYxS3bV`mj%);b4Sf)idG}-;<HQrtf?Hj%Dd0
zbID4(oKuJ3;OSo1Ju&B8b?3bvo$Apx(eiNO>9Drbe&8G@_&n;qq{<v8g&fS9>%^?R
z6{}SLX+ZKvA?oRJN8X*~A^)sPw@>X=)PZ7GoC>2$*RMau<8J<1BC)quB(rcUTTd`4
zWa@#%YEs>#e58Wgm+R%*%i`LX<E8f>Wg~U%Y~Id0dgQjXkr!Z)_R!2IOYm~W5IUk=
zsvPZ)n1&LR@7dFP$p_tB;p{z}CDYwQM~5K~lN<YvrKI<(=-a~Wp$n|c9yyjrNlt?A
zIWdjwJvTfAy7s-ipq4{^l)634n6;8eU+>L3bFWFr+Rs3T*^F2&skXC4uao=!p(Ak^
z(HThs`WztLa|`r3@xg*M*)hi6HvP4B4h}u_baK+Q`=NXt5$IKpa>$X@E4fqVke4Qr
zihdLh;%&;Rh_wZwtPGvu%CI2i@2$JDCB?lm@Ju0Tb#`Ctio7Db?ntMJY=tU8JchgI
zdaL}Sp#rJ$*LJsRavt^WS$UdKq=zmX<c?`ue$wrnYl27fYow*5vNT-*=XMciL^K)K
z{`mE1aFfh`m&rtFbi`g$!ez5<l#hA~eAlj(z<w7V3Z2$hyGdt=MFuRVi7k3t4P8EB
zEm{^bH6PHMTb=b-(&ncqI5zq55GnaqCfiPfzERP8jvTSQiu~YFA4F(ePO#5jA~hiy
zOD?cey5~B2qOYs~<Xd8*0J_)MW<XI?k}`OVNUTuwnXlL;>`3HLj+aY{VFP`NPIX)f
z(A`<7iK2|rXn!6TjxgkkNUQpmXN2d!dyOyGbnP96Gw5RplZov83O9Gr+)NLjQk#2^
z7^2!7s+|zikHM2xft(}LBfA<Ki*YP>Lt{bt?d<L98)yBd6L2erg=x{cBb@oPw@D$X
zWW(ev1zGR?M%AasdORpA<#IMX+t;S^Tcq*`JSA^1S)!S>ly2{WobN?6#e1N`!3qss
zjWUmZJzFh=B0Am%+28HXCQq%M_BG~}Wj!T+?Ge@iHa$!qYj>8@CA^NmQ#HfMF9JNb
zZ1Z);@JT(EFK9zAp7?X7m9J(@$T4<?xx5=?izJ{0BITUi?fmvBvO_x<A@E9IS9=4S
zlk@GO-X6wap)!2L-F~9qTjy|8{iFuZiLTKh*&KGUC*2RcP7DqTDwTWIQyxq4E-$dQ
zux1}ynl?$1EpV#t%%Z&W&?dPFmVBgmS|;1dRT~@AT@w#)21Pc+d82bi1N2i9)C@b)
z!N|Z{!(**M?GhHdRyD}gclTDM)8JZC@b)4$gfiUhEY|<r!-SD=nK(>GI?QgE6J~EP
zgG9wT;nBRWq?qq{5W*$z3+Tz;x67qt5m=#nBGxUE%i1%3^xi>JSqN1kY_Av%M7Yg#
zU!40^bi=MU|F*vdWGD!Z^o%Z^C50M)Wgl?%6H^?UN-)C){7Ck9^VP!Le@-(1Ttd0m
z4N6HEx<dxf@1838_H%UZi6|dhR5IILpY9CZzpi<t7|xK{qQuX1pp-2U!VCZ>IdZK2
zbJHT5L51bs!mT8t!Vrs#=nsETt@Ldg>|wwAB}C~AK?l7-Q8QSctKY*KdV%esVA;8T
z<C8rma#hCS`GT%s$^M{wxAY^NatpkWNgA3Re>^6$RrU-?<O`P<(B=i7$vqJmsS6%t
z3>Ph#8%cgy3O#TG$`e(;%R3}@Dh_>ng~EFHFVyW1K%@D3=~D=a%Ufd@Cuu+ZomJbE
znHzxJdsa6IpEGKGf7~h1Pn<`h6uAY@kUQw*qzV{u)y!h8f0v<}ds)5Aw$`8OOgUn<
z9=*H)YAYNz6P^F)=&`~VE<?A{Td@bOhl0n41{!73>^NQ*mwqVe34ZFcEGUSYZd_>C
zN9KL`%$?79+DW$Lno`T=QLU$Lu8p003yfp4M7Vu=PG3Hy$}v@DnaydNTTp3|5It#k
zv4swC8hUgi{ABagNVIMOwQkYcHulb-^Ojk;{TCbBIk1=Z{Vgo<`~D!_?(CL*v$M9L
z;_cX)_v{3VTy@inDfE+06FJ`uhL{uD6A|}<mr83s7HZ;rdRQ-?Qs$TnWe)OA&)jQ$
z;C(tqS+=m{!<{{FeTw5^M8`iI3K<ySqjM)daWNKvqPco|K7KA4{Dqz3pozd--r&iT
zZzeIOS2Jrjjnj>pM0@PG8APLjKaFPBoXhI9<Kq16+FAU>-$DOgYP1KYhgIyvA<T`S
zoL8pGAGR+OHH^rnQHTgAau>30p7{@G$pi2v$ZRRQ5IM!Ols-@Ug~>&!bMS`DA4Jz5
zwE_Ka*b|v_O2%(Lz}}b2bnr6kk@d~!E#Py>mbCbb%Tg9BmpzK}cDrDEDIWQiC>SH}
zt$@1q+~8izp)>g>ki`u<hiE{1f=fgcdZYq@sGLhP$}0sOf#vUQrzQnAKv!;Vb7T)F
z-$;&@DKOKlBvm^&&rK5A6XP_KDra)GSiL8RW=Zep4W44_LT#SPy(#p)UvLF|(H#&F
zp%TSKiKHv+EZELIk?2`iZtg`Hs=ZpU)~}Fw@hI|c2l#VXv5^)Y&T6T@HuXGVtc~29
z-pVbB&0?{vnOs4)xI3#&G5<L|<#Qvq()l_4xOGN!sD|Ghj^Eq8JMY2XoVV>|ZaUX)
z2KWx$aUfKE{cz}&&83)AJPa?h3mk5;YHy~`rw64ydM4T{mQOeM?%Rh$d*DK&scJ+e
z!<tq;H6lPHhBv{0z?ViKGylmYdPoL8w|y-#d9IY+`00j~nxe_KQp2^yCwrAg<4d_D
zT`#0gpi_gs{7f-04^p~u<Jzf)HyA62=Z{bAjpeN`bC7~uwQ!`S(LiMNkB^7@i_D*<
zZ@>aZKs}2$MPs0%><k!R0b=%kfS<8=9bM}Gb5U<=w1wzxCR&855a)TTW@3`7z?SWn
zEo||48>tw!NpjwLYcL}|;Ou1G)SEPzx;<0QiyHkTOvC$!5Mw@&rlQ?%h9>IAP+0C>
za<W4mf0Dt{hT^Dc@#hxFEJ@sQb&RBzT)ZyL+I`+PQaYY1)_)9CyeuA(mRT&iLmZ>!
z9V#0cY>Q62akg-KB1d!P@ZV?hkJTAMfNEtai>b(P9sO$JyKoD)M(tN{Bpt@G_m}De
zj$CUB6t<_CuB~xxwsd8ou8wK*Jc@l&7djnO^^DCYRrpa4_EpQ3{7aqY>_+Jce#hfp
z1iW*udpP~$S=xNHXYYp@MC+~1rPByRti=`12JY(%wLkwqs;)XNs;z5}C~^gn7o}4L
z1nEu*MY=nN6p-$c1{GAKyF;3xV_*h`@ru&jjWi4~0s}}4e8+pQ;CFrk|2VVvUT4L#
zp0)PgACdBI0{=>GV*^k-pzc!EFFqN4m^sSkxFkxt--d{Mu+i51{`_Yvq#pio9<~_c
zxibNmCpx$x5SXKfCk-59l;!{sEV4*1<0kn{T@q3K2f>qOD!*VfPlWq?^-B4_x}RUW
zF}9ZV5!LlVd>7WM(1cJPqyKC3=tA#Jph#L#4sj6qk!&dDc)IIAj{ZfadrzM!_EZ78
z6su96x{EjavFyD>(_qoX?vI;zY}dJ|e+AcnpYK2wFBk}{qtZ=(*#y-gr3sfR-s0>q
z=|1-^?_~Jimf?SX&Neb~5EVE<JQ_o3`ee+)x9$j`F?*_8=``KUy&-_x$|GX|eYTMD
zMMEjJxZGt#Q+V&Z|1??VQxZNF;4qC@yN-$n)-=sq<ebRgoW?d?GNGUp##G}OEoZ*u
zH#<jDvUO|n*=bwNjSah#NfrGc*OlnOXfvx0T$y9KfWxdryW@q&;*xYhPrM$Y1|`w9
z!yM^kT^Uw|GxUE!Ad<y>Au)zc?V~fK+5n`QYHCZ+`<}SLOIq(J;~-58uCZbxiMLFn
zik_+=>~x-D-A!?uhO)Cgs${I3W<vIlyvB)E+%q;bSsjM292>%fO(Eo`D_-pvR(J0Y
zU-H$UA1y#pineJRz2!KZR2r9IoOgQ4<-H!slU#NK3hTNzSR_$p)J=X&3n73l6+*f&
zA#A6Zz6D~>HWBC(vqq0%uF`CJVaRC%N7L2;SX9>Y3{z#;)aLogLU|kUG}KY66`Fhg
zzPvAn-zf#ZOS^+TsqJ3l^<09B^*9c-&q-h&7-`Ztl~yW5&wfwE$3mmrAg&UkM`|})
z<6myLHQx2@c+dB*mRQ<fk(b-~*Y96Xep9CDlkYzzS`Odotr-nqQDWGWefq4S{iR)R
z*JQ9pfJ10W(22zupWI%?2Hh|{c8N#)9)``~>v&qGHF#=;0F~WRWk71xLU8T`B!U)2
zIHG5BF(zV^>dxGS@eG<sE1MZ%p)|?TV|q3x`K|^I(g~i#RGxB9?v;<<>fCbG8p^l^
zlj@n^zAC%T<G73j|L!mQHMNdO&YjK{Y)@(i0Svk8&@@Nk&Nf%pALEfJS=v9}Fg6H}
z@dL=gar9h^_BPkyx(j2A(@u;zYM>E3@0V*FbRw0QHYIl;yOd)hB9fm};pz$I^n8BX
z^SKIc<WXJ&iIDPioGhVMURa5f4*;Ly9*|~KWAesKbdW<ucZY}Ypb4982TW5nf(?BN
z9sa+pVwLc}+1=0Vl_NiT`>(;xtgFwB4?vJVZPQIC_P-)}MH$NaO~9YzBy=|b71c>%
z!k*6yt-s40idhKvYw|P7Gt^(!HJwo3Zyd3Lk;t2!dc-p;5tJ1}$*5W53dDrC1|m1f
zZMvskz>FgV<b3n~dsP5YxxWhe==V(8T?)uoP(Zv}^F)^Xm`xTvSS_aXCil*z9bUyz
z3i|PPVjo#phE>`Sdb~`1{|JnE#&RBW;xYosecJHlp4#eh_OmSQ2dOB2L@9M_GqgPU
z&g~6Uo-`};6MVZ=Ghn@qX{r&<GHQi0d`07YzBZajUg-@sP6XS3r+YG16o1{EkaD;3
z8-j_eR1IyEyZHL27&7GfY-6>u0QIToSue3?%C7jhZ^TxBY8avPY?$1vMclO4=J#A;
zaqlNN_Ik^kzsQ&aYO;Lz^Y1v9Rhr<8BOp}AEfN$qXeSzZWEz1j#7yP`tEJz`8M{`h
zH3OI^DN$n9d-$$3!F5LQSL1H9!T=m@o5iQ5oJ-1lK6rE;Ep9Qi$^6=PrRQ<^W6|<=
zXv2!>26kmnpJ2u@0L}L>{QCWmiqXD{B3iG$5H472N4Pp`EfH-v)0GVsb^*>CB)o9Z
zGEgzg<+0(ycy4<gRy+}97vHaG6_PtYYmy6mp>{~NiDCX7NZW6J8JvGQ*G((ROBLk3
z^-SzjZ}-`anG`)_z?z$}-l}E^t&-<sTMn~E9r`^~djKc)xUvs*uPJ&Rj|*yV`6LZB
z6qENe{C7<dBwreDEsIgLmdCz4GoBfhP$JsVN15q-#z?sLD<V#@TB85+DzLoZRG^y{
zJ+hE5bnF&n?2K{9Je^H)m<*>3d&o;Fc>5dw1;beTZ7sQnKE6T@8$X6;eNl-{*abX2
z-Zq;3f44^eBMHXQkAw)j+u!IvCr)cP8t)7z)t5O&9eeNVSiwDIiso#??LNCaT0iX2
z4WZR)v9eVO(cVhhde2d5-nk~I{oNY^WTCjYCNQHoj!vk<WSpf^Qoznp%ffq{JYvEq
zS<)y&e5yi+;Q_O+>U#220xFSIoHDd`J_9&%I7|=wh9@%+Rk!nGs7P(wsG`d%G-`)D
z<=;)||I9A#B|F7v<(&gm#L7p%bdK{B3D<U3JP6Lq!`*EqouEPkyoc^YFck$RUF{W4
zrH=^B*cYrnDB!+Uv145Q<B8n_+Pcdct|4;YaGh3sUN-a(?z)>FeRp{-ok#46!95t-
zeOm8{Ct#-_PApAJ{L3Slzx#4Z+*)w`K{8czWJ&J9TL~YzP=HBQb{aqPPGxAga{Iyg
zBCpC!XQAL&VKD`AeGNyWj3WC=qwg+Op9_qU<{{AXzVY3*s*{MXOSMl7SnFRHZZ>FF
zq(F5O*Gm&a;cls>Y-FeP#r)@70be1X(HbH1c`F21pw{?3Y9%iJ5TLPlsPyc|Qx3B!
zhBmTtrWl4cs+8Uo%5|D3G)=FJR<`BGduE<YZi=7G1VB8OWKD)$qRgkEnW%>VCjOhd
z4;xMBEdGxWL6e)37eUUO^V95v-zG(TlO@ZL=RfUct8#l5x`I<_ooGg~gOD<wdAsFI
zrZ(VG?mWYldL2}(Q)A6@F-W(^0V&g-kIFlUO3#42zH`Iv%?*YC(LmOmzT%R?oRX)l
z1v#-ZhDuw-f_@KATn=!sbH?2O%^GwZ8GPdxUjFZiTl~6VUXOVvV7dIw6AM6pw(ci4
zX5<L~dT+EBf)&MhsUr%lr#6?TlaeSk$}w$qFGKXaolWwo$CK@5!!afw;rRoQX~E=8
zXzxmR8#`k5?m%u^aF*Cq(UB~>fSeHu`87awBxYgkycpd34##)<XE5Edeu2|ehdoW_
z6~_;XdvQ@6C=j-Y#y5WX+@pWY>W=OW#?_GNB$Sy_{9(k!32!z#hmeKgcD;72GiuJB
z90i4R)xETRio(yl-q1ZVR$nj$hiYGJyn%T9(9aI^r~<c(wRyan(2njdf4@368!(1J
zrN$QDJVz)5)v)Cg&BFO_jb2~-Q*|bS9Hgu*IKS1>G(51)>>t}6U5OgU{c5je^#NMR
zp(zb))tDa8!G)6f<kO~idsus>j#aWMdVWyw?jBu%ub|xOJt9iaw<W|66dMe`aArm{
z3h=gTthN?{Prq>D9(k-=wx_iGNKbTYS`>Z?O1>=SgFvfWuQsbh+qN6Wk2o40!hJn+
zyFM;~FDO#De%0KfvMC1(yB^MZ&pvZ3WmoW2*k24Uz=glC4Uwn`NJT{-Y?>ZHA+FlK
zLW_fqJf~)&FDOch)=JQk!G?ZO8-sYP_5K=xciH4Pc^#&qTE;hkmO%>ih4lM|e~vu@
z`tA06#fuIkO?LF+N$24$4L+^Diw%0Ux?DqXRtCJiu;{Hm%OoqvPCaM9KFkXtVOiX|
zq9dHeL&&H9LdL_dx_~R7S@R!4xS&G@hDH5%I5^P8;re~{NG`FR>M2*;?_Pih{m{Az
z+Tlp*zZzq++{C{pF%I*4pnFMA#>g8`A5N3jTX7$hzYkp{;q*$S6X)9+(rcM7gX@XK
z>$15K{d26zKdSpVBjX8Q8Pr^9N!Gtw8b&%e3nsU_b1&vvPdrYx646Yx(KMv{p!SXN
zNhdWzRCrMnNjX0fRuXo*0VS(^aK2Xt@Q|2EKRssHi)Eb4asr5(xiX7FTZ{YrtFL=*
zox45k4e2#`=r;oY6Sbp?v0iHO^$$gc7)3Sp$i2scAE)st3-3JNBPl~CcJpI4j3IF*
zTs73S|DFd2O!IRF%@c|I3LF1e=@8oCG|lJ=BZFlZ9Z*KqM)-?>C8X0>@{UoN@p(?y
z)_R%qW@L)myzm6Xd0Qm&D}F4&FRJUmr&f?EqQv5UzWFfu_`%2W6sR_bOCu{tl~+Y8
zyV<&+qN!%tNYC3_o!NSFG=O_6USl5e<w>#x)WT=TUdHRwC1e5hOm*_L;=_$xO)v0~
z<>{5|o>dP)`zt7cZzm0slb^U|5&8{&?K)=6bneqNp4=HlNWT^>wQaFYsl*Q1OHcqZ
z8>2GBv7?FH?+Vi{OaWH4ZleNP9Y+V46}0SqrkYJ9*M-q4yz)~T0=DjDO-$!z)2_=0
zhIEMj`4zu#V1>Sa=FB%;WeD4z&UXs|o%_=cl_tf=;~rn^%h24FYV|ME?TiSj-3|0%
z)+iT|*CV8qCFvipi>=i{!;|o>z>BZsLL^{~S!jsHiWJlkSt@UO+9NCO@7Ypu@Ro_8
zdOI)f@ZBEfxp5Q9glWC4;IhmI3O2Capcs9Hv*}vN76a8K6VoRS)&{FDkLuA+<@C=Q
zR*3CCbDQ>hHZ5maEU`6uab}f1=S1gLtY|6v=R6$6mqe-8v|l7ULcYGY#dhIXf5eF)
zlR(%fo_EiZ!o?*sTn1?4O2%91u-jT3R1|l_v>)(Zc9a2`YNGeFtfwHwyyr*K;k1HK
zUX@R`?(5AU9aDkNE7i}EC&_)loxL6g?)R8JF_jcqQFiUHX^#J`AiyfND8^GL=NtEc
zl0A4VQP_w$*khl%fnzj#rdE4;|I1#7qRq6|FeE#hVodEQ+Y{hbSiMXCJ(us-x1=&t
z)sFH}jHH~o8V4oL52P_kyo2DxL`nE>YNm!gXsR&A`{IM&{oZdn%qFYl+@UCmYj5-9
zfB>L>Qr`kh_J2=I6*P+{^3nhJNMH^+3Bd6XFjNbe6=O|rRN>g-^6Z+`2)76K`q;e0
z=%>DO;c+>svCB3%;Ia|1X=-gX;d3Wt=N`>(uYsN2I59gr2%wXDwnkm(^vf+ra&9Bv
z>iL2B3rqrE=!2y{y!TsAqPHWI)*aim92_ir9h)DVu}(mYjXx?I!cu>%XC+g#X}XiF
zCn*k8(XvIh)vY=huaxn=ImhhNZ_^()8XOaoU(uH1Nv;0;;tZ4x$6wWd4QH&IRhWic
z6r**4`h#@h1Fb)YJs^}L5nS9_)>WoXS`!1LuDr0H=DXEU>M@R^RG`bhv;8S7SEz0F
zWOdF94<h~OvUvnpu05LQF^zSP`a-?u=pN2HV6_Urq*@)VgVGIpE-?+{C!E81Yt-*N
zfspoQ^uezKzW$SQ@Y~1;8DQX#lw^$s;cnTjq}Mw5!DC4%0-)&T>9gzYt~3NDjy~Vm
z5Cl?wVAB8Zv$vyVEIZYk5y{7e<#9OCc>>oulm&!12P@bJw9P}8<{p_fVhn?nCB+67
z%&g?C{}9xJHw?s)ZIZ_NoC?Ph4HgGL<9#;Vy1=O`npHBSdPM~)cX2XfkhwwUUd5Zw
zc4Z+kF@t8xVQlB`ACT22tntv4{U!AX+|p4gc|Krgy!7!aLgjhk9X#Wc9fIvUx?vuF
zAcMPiqxA9HVI&ogJC_7kRPU4E#rW;CI92a}O^dB=MR1_`5de1>Y$7S~9hj?JbKY-N
z41W7IFR3kWw_t{IlC^^&3gqIGJy~zqK+>jd*1kAb=-M+Nl%1C@HvXgH-^woV!Mk@q
zOyRdJ62NAm91Y_uE;68+zZY?RPTmkzjNDY?-*KEW^6`c6<%bnMz+;n!U$&P4FY{KY
zMNRL|hc}ZQ*|KA(r82xskk7|CF~y7_PCNI^wUDAC+h#iQLVwC~p}0Uec{!=ON+$+r
z#=IX$G>=eDZ;oxOoVW0;zj!WH)YL{(hQIMO6LmSkVE5PNN`F@sxbT<mnknZNmz%K^
zsxua<PiXp?s()14U-qQ#+HYJwNZD(?@B>;x465bMn+cZQy7Y|MF!l++9Krl<*X6&K
zr+0Zyvl)xdQRrrGe6UYv$SVvyv`dz_pw<&Mq8$QGm;5b7N=}*&CHD98cmA$|pS%&B
z6|cBQYau#KugPfF&3pSBBf#01cPB0Il13<4@F*=2ccOVL<@cHhS12{J9#4+JT&75C
zwZ9AKm@JO&?L9HB9w-8M*T{B~@n(H#&6aFo9H|$9-tBGz9{eSoeXCoXt$7INL)6iZ
zNp9ThpRZjlIp=hKPo;yq9B3+YpdJjlCoKwWGWvV)J$tf}@dL29Irt5a*3;IJ#^!LU
zwiRb?-W8<Qt2PH8ycb>elsZ|m+6&bloGmv&)(!^XPun`7zWW`;aO1gd6G=M?QDV1^
zl|01Bk8-88+-LcBua<6Gfv`4Wo|g4kM?65xik6+nj8F@BxXlctDB}{&hf;qXG|znh
z{<h5RWZC)tda=c=#hXCme))9rhS|OX_62{-W_I=LNi;U|?TpA}-z+GYALF$jbBLU+
z9H+XDqKq!-_bPE6(f#~`<;kFo3ZFnQJJd-gR}jdQLhd~vq)3hyXuq8tg?U$xwyA_V
z8weATKGeD5<>c=biOSVqYzJ;j3g&3FCaFd!&?bR%Ke)V8r<RI39w7XPQ67GbApXcT
zMpLIOj(zmN8+zq&?}q}dh_s?SIi`p~$nbS@1Zhm)lv5;Smb>2liJLL4PP5t-2QuZp
z)&oPYXf_$^V0#{Qp3mPfm?x5%1adfA{yNw2zlRa`HI|BEN4wu8z3t1j$j~qWGJN^C
zHU{K*K+Re6i(_$_wV?ifwzz(+oKTr=9bNU@q1WG%XH2zD-)99P<oc1LMXE4QhY{`1
zuOwq0Oxz6K-$4Y%-Vq;%#C!SYdfImkOmnnOL18lsT`{beMiiVeBs7#8Py23UCP16^
zO)rXmLmTaq{%mkJAKmTf+mAaJN@{3mSWx;6yj&w_)1S^s>qt8oODtXFfOPm^Mh)Uz
z*s&+uz&n@~6?w^)6>pWiqKR#~{&vP70w|&U`^1dilxsSW?XDFa+)bO?6fJ9st=)&B
zi%E6Y)IW;8GsLK#J{9-g5{t`MFVn`hKoW`|EA&VM3ys$lpvHu7-fS-ib{%Z4`GGR~
z3iq39!{y_uw^?cGmpx4bzl!h@UFzHYP0Y<Hk1~Ww`xMHv%n>OoExmTZNlR52Q1P_9
zvvNG`%-7f=K#%rs4iv?FX>BeCRg`u<{0T^2%-iAdxOepJQf9B?7_mpvk$FSaNx>Bc
zdZI+5<}Ft-qegb^`(rGs1GzqW6u8jw)0O#EFHd=&Wbx=R9%(JYjt(J>z9EtScZZ#|
zmyNs=*ljw=2xtRknvP*tNCHgVAnbwC+UtiPdAxKsr8-eHQC>SXyRSSoGhX)dVpu?C
z;a4)-opbQfb*_7oC!{70+5O>C+MOzpOgskvf`C7~u*#%E8WgoVjcrt?Te6+IHUYuJ
zOBra$!Wka=@}y+IN}fl_hx0L6wf1+umBU8uIJ9o;e7PAT&}tVM`YGH%lZ8Z!<;7zM
zg(YaNRFAr|K0amGvoNJ4UJ`zaYq!nL8;!%DrU)r61eLlo4MR5`VFPNOc8Gi@``scp
z`pR}FH@D2<TWZm4zC~EGQY8h}21-q<zm-baUnyk%tpa%9+F>s*KP$-RsK@g)b#N)x
zI1Z$_ZSP%V5(oQ;ryhx|txwk8{!G^qEFpVMGeq*-#_Sb)>G?txU{nXVU+mBXsPzq=
zUwwE~w^+?msUj#*_>@#a=Rt=%Ped#BCHBwu=fG@U!S~5<Zjk@)hLi#cImd|X2Sa&<
zxn(9VOR=bxx@6($&J0X`k#(H1>QH8%f;V&OPE@?`$9PIGG+sZ-QZAgKdx~B06JvNn
zBbxfJnEO&?_48su!3pHoLUGg^oOBjWMT(SDJvEM=j*7F~Qp3)Tv%FLx{r;_*<w>xc
zyR=@psF&%OneU;+y|#5XLs1W3<yqR%xp&e}H7=osV&CTu1%%5Fu<!1G<i_4IE^_Hr
zDbpU*tL`i*Dr!E@V#%8=(N61QqJ~_D27<%5;gja9W1?Yg*)zvTQo}Kd&S@Bg4X3o?
zFB=*6Z%sQ&`MfA3iQa|!Gpw{L!uN$y0J#Mfor;}uk}R+6b%nf~&1DXv;BVVgz(I}#
za9@UZap1T)x_B?z7UfRkFqVJI(|~0%Ssis+V~+YSpkd5-XHlBm#P-_bV^0dRx~xfh
z{B^w#p5#!EkJ-+4QO)y)zJco20nNBd1&kZl8`Q7?qD#u8^T~@S`n0sO3PQd~LbC-s
z$g`>DQcbSr%mFL=!!-99{V6}+PoPe9n}pvj>%nmYLC0?ctI!(awHF!%yt}V6hHLU6
z)8^C`mXngK_L&iE<DNz5(e}%hM*aIYwun2=(VF>cqoYJhdzH&s3ZJ1PE&Qd21sV!N
ze$EFX{|l~hv(U>-yOS}#LKC>$X1R$8O*zU{cextyQ^V$j7SPtB=b3|EX_j!hZ`pZA
z(d%;@EpH8utd|)|jW2q^VmvXU4x&7j81I#+s)9{b5b0txhWV`jZ7g!~_j%<8=KHnT
zfZkSk`RN;iAaxK6F~pE<gf8~Z+JG^0<e*E>;DC)Lp}+%lYp&UqbY<*c`AhY0U8Dt8
zT>#<w9XUq7O+KWm!0amv1(ftQHKmwRym<7pDfya8k`=VCu$&?jO~Jhi&D{viTXF=G
z6(<v+v!Z++QbiRBvmBm~)eAF_`a@l)cIi;>vj3U-l+L_aL|jvk`lXhI56untZ=?p8
z4yPAor5;)6Cuwlokwi@3%WzCSy*LaLOd<(4#Ft^}Op13)R2EiLd6^K=v~RfcBsFT&
z&ly|Zcbj%(c9U)_GLvXoTnI!GZ!@7g9rvEKUo?$-tgJm64(&6F*q9ov$CZEgEcY_C
zCQ0;oRF2-pf&=Wwvstzo*A6I>97)P+Nh|8CtkcI1V@dhLZ#c@7I*3FiP;}e4F^X5#
zoPLI7ijEwGM;TA#MbBWU@h8qs=%tRQW(>;P`|j93t4*Gfrp&`yKf-+O#r-Sn^@8!8
z|3Zm6|D43Bw0IL*1L3u3x^{2?AUXBW0+&Sb?YM<+T{ZbO<>l&$1<P;qzCM>N`8hMj
z>un^bwtZ}WKuA9doqJdBIx0?AfC~!pY|ts?5Y7+5Y_+RWDLH3R9Z8VjhsXU6S>KyN
zRh_9BbVhJV%j>Nai>3p~rv<~uCc?F+6(g+qB@&W0dmL;0&>L%*!&GuiNH6l!k;55|
z)-0&2FMJiB<D;T;L~r0$ezkz0V2Q_+#(nP7Wg*4uXovsS0W#edJ<QLN{Hf-<+2ihh
zZpiT1$dL{BN0G(Kwc0Y_P0Xt`pG?cE7$FuOT?A~{t(tbF6+fKHMybz3;E1(WxaT%r
zb2mN+7n=WwF}`cr-+$)LdQWJIE(Zj|O^W~FY9$}L?~!97lP}c8qMt}qRyH{1b+zR@
zBV7?oCI1VI|CS?^l_SzvxvSIMc8<OQ>0ESpv^|nu6qpk|yO(aLIf_yNG(M-xMrza?
z9FhX@xYO-@JNl7lAd70JvFw$)<9hBbPEUDmJ>C{QPvDHmN*lL$4sn#RbC`SzQI>6}
zB?#jf6?{iZuf!&pc8XclsiZrth$3t*0q$6<q!vYwr>zpw<=+VYQc`}0)qhgQ5KsYz
zkeo;N+%G0SEXrK+tt{`C$PZEVOKKaV7HW1bTU*U^4F7|Yl%!47`c_xJkxe9gI{83p
zcQ9h8Q>4t4b7SbIh<N=`<v~|98r3#>wAt2&H!@n&nO6t;UOs0<il0q6{Pv}3uf+@x
z6;=9@CIyS#rRxBx(QeO|)6=}tuB5?M45_-IxUA`${gUMq%UwpJ59dtE9_m1G9^_5v
z%YN8}sXe-*b_m!}kjyWe2QKnKLJ!X(e5awWVn{&ETBfwx6R!C*68j0UBubiY$@dh0
z<36dm17nFoL{Zl89ACff1uU5ia1<0e0yju14E=|v`EI>s*Ws!r!3R^(D|UOXwY>D3
zQm|VaY_H#6Uqaa;48}R;OAlzl_5KRccpt9aM@~^aEWIVa=KgaxId<?kHUV&l+?Q(#
zZl;JN+9)6Hx9{JuK4|+8bUHY4i1VDaQrTIK><DwH{6z;^mZRbCAE-5}NBiU={7zPo
zOf=%K2<~*OYdr6oELb*C2=6L<QivOTb_<t7XClsxVnCHTZ<(gym6U7VrB~=tdPqAw
zcrN5o7t|1SyE)h5dK0Nq<l0JgBokm$B;~8)6ScR(IB;7D(orp}+l=+6Bg0bxDBDnz
za2u8GN1pW#n%2Xzzy9!RC$=wxxPumA3T!?vYr9!n@{?s>;DxCB|7`f3%YQE8RW-DJ
z7gg;1v-l*e==_P0zc!YEdC%`5U;Ua#{*bO&EE*xMx4;Va>R^%BVd2Rd!+|>~X!710
zKX>Os)Xw;8_2P3tO!E%II5{BTJgWoy5nZJ0-%`Rv8`sR7USG>IntwFJOO>Vn6ZMdV
z?n<2A`Fys7QJJIPe~J)BWsQbb4~q(U=(pdT8+o-@Q?v%XE}N+I8sFHFgG_&jQ#K^0
zpww3>7GG&e`f-8QvEN;;h^(Q|K`r0?k)!$JCYvflNLqzXdz>e5<c_+9XF8Sr)TsVw
zq5A!}2KVcq)d=t$Q)z;}T1D_vTEsPFTzdY`4_#d`5sM`XK$H>S_0fp$<RMhMt(-Vz
zvBod#rP~^R9k-wKHW*)L0$<OthF$B&esZ4Fgr=jr{O&Ee&Q2iSI3IqBENH8{m{Hx9
zY}hwG8huV(q=-fxmPkUTNbcws=hn!O=2Gdrh1A!*gfYWF2}qX#&4J~^T8<^E0zQAY
z(hLgk2kF3}i`;l^%2+wp|0*=EECBylw}z<|^*<L-c_b&0N}<Iru<Bh#so_K(7VnxE
zVU>{L@`SBv{{dB*u1upLFo>t1^8g$Q_S9Ot9@vhfp5I5<hWQxeDy0^&2DSQvC?Osl
z3!6JQYU2$D>>})XX~a}%)D3MgrMA7J)PcZ*dco%-L;us&5{GD!{IW5rzyA}{_sCan
z&w`G=INJlZgN@>4v!D$9l=PYyoLkJ)3Z2GXvdq_hlBeCH!MoGp8Ghl-Ppvltk=r>@
zEB(O#lNMJhc7r-%lOU*CaxKoUFj~_f&H+}l!us9lSgXQ;A(U2b6UC0p8--Jm7gboS
zE2vZKXP|ALtY@nN)|qRe?;-5|=S~Q~`AdB`J?Rco$KW>5a^vew<Lgb-I21y$W|NwY
zL%NMaN%5|v^!<Q>#%g_4`ne-<Q1^*TXJgp=EbH0RLY8Yi^U9JNym7p|aXs2g*d>Pz
zOd_s^gI;(>4~y@M=cMqmIo6UkFVF2RyV*f-(ay@K;aEq1$yKxtzI%AGi{6;LKL10k
zt%<_kPGs+MBAC0U!;7cdAuoI?_>%y1=$78b+dS<dokt5Dk85tBlcW5>o5{|jNfk%O
zw78!iCh-itbx@%I$9ec_;&+Ym`8_&V2j`*6_zmw?AI$YCc}S}vbnA6bG8&sNA+Xe~
z>7X5^R7!Glj{AH9<+OiM;^rm2*4WG}?^bV);K7%TculONq2kDwoaT`jZk?bC@5-M|
zZKo$#FX!vma=XqV`k2zV1_z!Wd`DG&&{eMgiKm88i@ydf;RD1`SOL7cNwr=FJx4%8
zAblAsn6@TD#X}`am?jUkb7}ulQLzK|X^3tQSx0CT53y*A2>77kaR3xjg())A7Tk-<
z7}2IQk#FbP;#fZhnMu588#1^zG^tVI#aO=9pQV!?U<j@(8NQyLi~=xFpd35(r5jNH
z(zev<6Y#_$B4WF%hJ(`HPIUSX1*IQKjV&jYx$dLcBKffu<K$BYF&mPKpM!Dx6`NfO
zN~!?fOilag#aodPv1~~Lql_Pa=x^!9?Hr8@3gv!*GnIMAMr~@8tuk^m^-bPXO$|We
z4gseis(W#fF#Tqi*l_?*`5pk3n)hwyHu5-5yI!olL}iB<QCL{w72*GI$mkhyTiY28
z8q;>o`n6IcCJRalnrk^_BD`=L+=G$)I(t(iuIwij>3Z7h*Bkil0X#jwt4MY^LV}2x
zjdnewu>FG%^tNT|12t)M<;6{^iMhU`vS~V$rCR*@c^{Um;x-frzn$>M(u~P3zV3^p
z)4rI{P+{B`GcZL3p1rx}^<D0Q<}W3nkEpJ^TIsP>96x}R=9%{MYEBdRm_01~wCNFf
ziB>&pA(z0VOaH#5wt?E;;^`=tyfJ~<62kH$d!KEA@S70pC(s9Q<+u@%-T;daPig7=
z4c^@hDsDK<)_BObp|QAUhFd5R%)^tQE4uKL77v8K7)LswwKN35yE_%I+BnxxZ9?A!
zQK?USip)#AeHn>aEEW{OUhiM~i4L08JDHrD8&5Z@Ku|&}D?E_a$f=n_6Gtb%%As*4
z56loJV(`d#d&f^RD!sE?q$`q^J6zj<s%ZIURmbhr;1<3GyZ(J?-^20;0Z#31v-Pee
z^VNztS2E=hvplBFUFX-W7&zdV_6*qcsvpI?^2!P()$Jde9<9ZA%}$)h%x(E8I%fqb
z?qV9P*VuJJa+oY4jFPRouPyg|)tn+Wp0Hq~eZ0{a4wH?ywf*9nm{jn#nxx4szDP1H
zqEFvkJWwQWcwQo}>CkA%8p<_}vPv|`s#~T^_P!003ZdXTC~=+h{RfYBWY7OZ8N>PK
zgti0P;!x9Ha8<RNzj%f27-DT_tM}p!k{OPMV1sW?=3==vwnMD_MS^&!ca*w%l`s7A
zfUp&Gm^x07@s||OCUpec61zX{dylqJ%ZGWLuMFdF$yGm>O>T=59UvcuedHmGF5pMW
zGeiwaeHkjYvhSJj`FW>sd^z94-pUYp(n31brhOEV@*774^IF}e7etok?T9*pvF|IK
zXLszQplNjCHOFcPGar!SL{UL9dAkHHtB)TgF<I#k(n>`o3CQBRWqGs#36k>KyG2pI
z2ZcrRRJ!x(Mr)d~)^SO)k>!n@^QDi;%W}>IUT!X06dkx*Gh+ydyjaX?S-aIPK}@jb
z%Zizoa3aI;I-P0VAlXbMrypWnVmn3$k9FQ9uj941d~(kN5@#)%#-wW`xxtPjgGRYg
ztN61sYym&}1PP;=Jbz$P4r!=I-A}pf@9)@{_KY#H<tWnyntij}cvteCbDL(Yg>UKP
zfT&`qR5yw1!u8Un1lM?4oJzx+_K5}bJWps>j0HLTqD!TfFk8FG;gFA9ztlP=?*tX&
z1bg}6*H6ojKwES*vG^`ZW?K}nhb7qnCn<)P3j$kDh4Ph(G)1w=c$iJ1@{!DOq16Wg
zJ~_Wd3`!`7?4}!NAG@evCpuC!F0N?fKox^4FJSvxqC&m{XklPKi~hU;<RG)2D!SmH
z>-+(BxQ{?oB4fmUNjACc`)j(>PoyKmJW3YPnL`(XsbhXlww+q2A=yh$%p$f4-Wh!}
zi_{&#J<?f_3Z0ujr9L@4mmE2+W(aJ*2I|q$;m`3C6xzt@RhbG{t~p0qpVn1MR)4SY
z`!eDC!2I#<vdFhM%7EoQ=#xTDl|Q6(mr!@Jb^P44^iFbLO@(nJ*yCc#bZoxm+&)n5
z8ff|NwhB?lt<ok<uk7*k09OQYt*1{GeT!nJjWsX3xck%ACEI{QakjmT#yb7Lf16JM
zgSel)W4wPH$J$s4uUMg*Z9bC@YzKjs2Z1lcHuN8&h=RNdBnFmC<y>)>`!=g-EHJH>
z@<Hc&Kx16qN52)KN53hSoQz)d(K-{vZ=)QZyB!eNp3;y$C0V?bY%>1sgVsMY93-4Q
zIDrV%`)-9w1gyZWZKu_Fx@IY*AY<>?zd)z(_7P+InBjXFb^P4_$@B4XQONIJ0N@e<
zY9Wq`oYGdMvnU>C2$djeD#`KJY+v0s1D~WeO&u^J2g*&?@7UMU>bYcP%ZlY!wHzO&
zoG*TeKPEJIc$L6e<s!T?$Jk+mXbJ*o#W82-*86!L5QuKWu5yUpzfcc}{meT{t57<o
z(!c3?$X0f7bYPBMa$noasQP&s=RsXx;HzRvZd^OrW0Nj#e3RyO0A~~2J{JUroDcU`
zj73q&m8UK@(^*(QEanmy%3(I$=y!)N{-G-b=}F@2-fx=?nlQRZ2H>U(Gk5RIa|{9E
z#KT!T9mkyuPD_aprW^{w?udvZtq0z`{dSe?s_&(h>Xt~rd(ad<!<w@j-ZubGSI7Sx
zlTE(?>|mS90ZZR9aGxm>vyCuOy?J1Y4A7M8kMc{XX}m<!Qk3rGo#o|Fy{BRsl|{YY
zjsgg~GNXmleZvlF5WCmKP6+AAnPVheAVK?c=CoRyf`$E>C9r#{{GMVFZS-9-qRV(9
z)wx;R)QA4dhxCqiafw~QFLB}?mTc3W98H5g<%BD$#2RXR2k=p_^Sbl#d(4Pide1N4
zM^47EcorC#FC~XgppKGGGP<8_3Aoef6&hKtgFK#Ffpa9N%e%9|iC_=J&&RC9n@&H;
zZG=mIM*n6QK<wHUR`2GC_bO<Rzs{)hnwel9kHu(bXGQjxqXK<+b0m+~;tdBib9KrS
zO=K{n@mDOJF1hX45HI`N?p;3|(DKfCdiueBgP@%fi%3yrIzQAT9QQyH={}Wbd4A<B
z@4kEq<GATLNQPThHP5r>q_E<KWFR3K=LI!S7wv#6qMgfhqVKw&z(4A$_h+Y#@Hrd(
zU`a(@t{B8r&N;Q{eM4<TCQXOl@j&b*=(9BvGhi3cSfsh#Hxs^deIw@lth1IXRo*9|
zNAk)G#OYGo?uos&W_=CdGT>^Akolhjth3XWkTI3DGl6?;L+STqgN`r;MDfROF5!hD
zrTr7gqvjFxUs)xU`p@HMjJiSGd2m!r;7R~3TqG@N8!i$wt09yhG%22sWtJ0H)_Zk1
zq<Y`X9x`#i&YfR<>2x1lMGd+SQL*1VaBmQ>4d71QA8(8^`G|{IK_`y$3tfi&oP3?I
z&9kWQso`dk^TZ&K%yRq@=QwnQSU?Pht_|qKw;7*I@uH>K<2EqAG$|>{eLvxb{|Qas
z*gy0qrJlw=K0o6HwswD88JBES6p|Un?=_#?yWSa07f><ZsvY_VS7Q4>4CQ^J|HgLJ
zKcf`}*lJ5Q)yr%?gK>c+EODkhIV*&sjSjgD7B00Pq&Q`1_Z5)Iha%>)D8Riuqo0H;
zr=uK38&flot7cz@B+sj!6v7_=c5xskM_z$nqkQf9>31E}W6EN-!FN<|8z7vyKYrWr
zDZ=Ze=BZlJxgWtFVn}o+ev-;Qk0u0FaW@!`7jN4`Mwav4&eLX>lFohBg5Q<kU%jZV
zRPcF2?uV8$aZ{O>E{k>Oe&@e|eSadSKO8yWFu|iGE?|^bHbC<u483L?@rOQbFaMw`
z$ao7V<IYw`pfQc)$}i+Y3~s2A9f!(}d|!n+z}PlkeOa%UZk@ZiPw~eLGhxkY<ZY@y
zX&KOcCK5SyT2t{}AP_oWJ?Z5^nA?1MQ$OK4y_d-k?%1P021I|mXL=;|%p~$F*LtM8
z+A-~QkUEajddavz<b%;w;a+h&92C9EhULZE_Ri+3Oohd#G8-Fpm=!byxUJgF9?8ug
z-!gwW@r3u$&W?j=QjgY_h*agdngy24A39%Z21wBaATX4eFP>s8<gigSX3htadC9>2
zd1wky@LjiV0YXDcS5lYRj3~*Xob#2)r_owI@2>PeHFX90o~HSSw0QMJG&ZXGe%^<t
z;)i4Ob}ow%^BVZk_LQJi4wAb1?I~Z5PS?)86n4UP<4n2~jBu*Z<(hLMU=>ZpPR`ju
zy7QA4%z={I`@H;<Mb6t;E;zsI*wNZxG&RV~+zC<ml-6Cp=FHMa)Zc5S_4(W-fgF6d
z?Z;+Qz(vRWI-cA`ADY5FuIDSJXAn8K<F0l>`%MV2%PMZ_Ce(<I<70N_q9r_9a3wA6
zu5jYjEI?M@T={(c=Yxg^|27Vk>zv$gZz&~@l0^M_-yfPzPnhgn+`u*dBQ*zYgBsEI
ze6F-h-HS#jkNNPTT9pueAl6mpmF=h5Pj~8vv;cv+J{JlI7?O5661-1{kfqJbTT^uI
zbi4BJ2BIQ$a?$8hwA;+g5i>^}kOsA259w{$T|3b%pkUsr!g58WvY8~d<otM^JO-vl
zu0MQ%11;@L!5i|xb?*quZPER=ob5NyqOO5h?v0XOtLOMo+|{{#-GrQ0sY%i0k1<(1
zUxraLmJ}zmONyT*%@c>WE06Px^MQIgRg48nHJzBeXY@tgBz9ason3lnP(r<yj3Hw*
zbC^fXdxBRWDO-49o?<tS2yjLXzhEpzSmXRsr=&#OVVUqcJ@R%njx$(KtyZfuz@Zw<
zXJ>x`EPn5kyFq~{s~aSQR)J@{IH<VpPfuV4cml%&r6h8TM<A&UuqJg<x|bX0>vuy#
zpexIAndlHEXMPu6sV<@OHudaV{cX_kkP*G6zN%__lt|LeuzPgOU0hc(o)i;k)^j2*
z{}5n)_Iz-M^bUw6fGzz~xG)TXCbW*YbExtvgXJoS<h<oMO-mncbtWHO#+2kD!VB8Y
zqBJ}JfPP;xN#HH1?xP}$;kNa?S5r&Rk4b-s{SKC9*J=cUWo7uAwve?9c=a_4zDNuC
zxF{3fH{+{CjhbVCF~l@QwH2crN+jP2rAI`xEx|Y(P1r9p6%aeVbr?X9EYM!J0Qe=q
zb6SuRgAW#FqI%`i-t%2yVX_DUWM0r#$~-Zn!o5y&!icQz^~bhP=s__;xj9VnOS}}6
z25HL6&^n)LvrA*GV!0gw-2dP|fTp0L5X%J=?H8D^VyCDgfx4Yy)Z65D880a&kh;es
ztvs1(<)5D?ZvBE#T}Hw-3aU{|4H0)AUrH7fuF1o0pbAXvhv9%Az5$F=Z>OuX`hQ$x
zTbGk9=rMxzde8?x<56}qWqEyD<^v#yy+^>PJ+3p8UXjXCp|Ad&r48oPh+E7__WF`C
zP?l;YRkBRzauuHDjrtNYR2rH3JLL#=TQPwFf?{X~IN`@sWru5L7R(;5TXkG(H$m)l
z@gE{IML6G>H)%2&88Ug>0_B>2AG2$+i{u_6W9aE)E|rY^?HN$;H-@ARmZZ+@c&DU%
zn~p<4^(>yt*)us6ig4V76$x>BX_gBZw`80y{(Ni_PidJh#9p5H;@an+d%JZnQfH#-
zS6J0wbSEb3{&&GV2t;PXF0nohlUpPY5Ce`~*nQ7L6ItXgHWmlza<Nr$0~o3QrbL!F
z_%?{?hy_sa9MDbKII8Yt=p9)pP0#!~G7vxq{P*A3SuJ*zS~Amt7pneO`-w&PTH~bj
zSJx5XIx)afS<4mwZ6pS6#*2@532cshuL3LLK`pth<W)a4iBIkE;<yfS^Fn>efAJ_~
zxVo3P#M_{t{lnfzh2K?#&z}~@8NH_zYJly)pWPXj6e5{vm{gpy|5sX1BOvtriE5(h
zC3p#z`Btg0GdLjwP_q6azm~U7ugGFPDMD}R*ko5~0sD2S-mgb$(9CfwTQG@2n_ZyL
zrV5_3mYKG=dXN%rQ(RR^3QDNiPhO;wUp@@H=V2^^lT^y)2A*ox|DC4*1!i`d;vZtq
zIu)$$Qtg|kP4^={D}`+K8FdId6$UGSa_X=@zQ6Bdbccj6xYgBhZULgOxKw#X{f;aj
z9}SD!?yY<&@{wd`8Py{cm2zZl@_Yv~Pn$6K6rdm7bNBM71YjJJCL1qDrcIXq^m@T}
z$^LrF#5auKgjn={eYeK6o&QR_#>I+}4||WKXV3f&=yNoUm{3J*gofK{kjT$l5QYjT
z6e}VwedX8HkH4Orw^r#cnQ7q#I+;;Rg#>|p5%H`)MU)hvo_K)W2hY%m@>QIBIN>%h
z3f!deyiz=teD(Xh-DSEv$aNEC-Y9w|?}dH?&6(6nUBLP}di$gqL=(A15Li7JW&K#F
zj-HNhBF`oGR{!!P1Ru$ez$jT*icO*8B9Fa4E&}RV9kS6pRgJd&x~yxc*F@>4ue0sS
z>U@dYq;A<4JM{V@H>-?}J$PH#^;A2>?~V5cW^$I;ajD-0u^2Z2o1!eI`h4=@bci>A
zOjeE0rvUS^|G%Yz(8ZC0R)~2|#@6r^^y0MJivOyaq0^&NZ2e$C=q(%&)7EsQ$;e=1
z;&e)FY?3~uXT6?pRyV;fJOAgAx&?uBn7CQ^o+r$Nnm$BW_Gq5FXI_``de<MZvAmMd
zRyOl8BU#wC9IR20)|CU`pT8M@lb8urQ|m)zc~enrJRMl4z=RoF=HB~9w`uaq#(&8r
zX7=N0m?wYIsaT-*#2}s%%WQV}r8293p@P(+b+$xt@ikv~Wn=XKn5Q$~o<$Ydl(WY6
zxYnphWt29w^BRZ=aQd1TXM4eY!m$|=lVk~y0$thkrcDIV8u6u5WHA>QWU?zWtoVDE
zkB?>{++fFh+I{DA3it_Z|E$y3!?&Zea8pN?3ZLR8NU_`7ly2ZLb54GzV-e~ma{&k9
z03TP$+j?_I<<7rS0jYn+FRAxBh&XDBT86X7MLt}GcX@q)j#cP-=6e(oUi+-HR9$zz
zTX2n5d9|hCFfAqzPe{l&rOWS1upjKpw@1KhS?Rlh<FRfuJ2?1#o(Z0ndt>mv*H+hp
zHTS>v1!gKwE2hloI+m!*a%kiMObs3LKG}ugZ!g7EQQ(zyH|D7mN%iDmq;pBCPXP`{
zzo+ey*2(HetY}JCKzNh%W9-&82VEiS?JN4?D+gq=r)3k`-7>@Sq9XkO<&e28O#`Zu
z2M+&{*p8kIU;9Z%9}Aho*CU!6S$5?`U)cbY)4>oSKJF(i@k4$g=&~%2djVyou?0I&
z-@)+Ef=G%2m}P-Wlaf82=Vl;ZhAM0@GzdT*YM!_cT)o<x6^>07ZKp<hZnkiZw?^%~
zCl4a##=s=Ew8=RC2Y_Sb**KrCc~75@TwD&#!COAxAB8W~+)42-(MCcDDdD)KWN;L<
zj19EA#sa!Y1tQB0@?B`2qf*|8>kN44SD>(YPMrjtDSFh2exZ9(yZ+yc19`H;1UIox
zvJTympO!=?(WZkbSoqE0Z>wLAZv|{mx=)D^_Z<g_v*?Kv%hAK@pA<GST?vl8%%NE|
zQm5OxIU5jqo<sM#UMO{4%`bAhLeZKAyKBLW@qJR<*oj!()_z9cRIZ?MKuk1DN_OQ2
zZn8cTuq!pm1vGJ({=4dSfJ6AJG%>1DU74yjG=-G~uRy838^Ck$xn*wABWx-RO2SI5
za22nEzM(5GR_aXF)ix61Pve&Aoea~da84$S9qAsiJ-O2Kdz;e@win0bMTq`H%kZ+5
zJ5%Pf)vFdLhnf7t6BCYd)DJPuNtkdTP*){dpZHGgyRa^l(8YKbg|Uc8u!{2wIECW8
zycWE8*h5W@naDCnq^3=0O{M2W1s)*SNUFN+L!AE@3{ei&23Kn{RDT?vL&FPgperpc
zSi0G{V-4eB_$Zpi%F$NmU6QV+&C(t%+-Xt}@oFpG7mJAxY>#6Usdzb~CP-7Pt=66N
zdi7fHi+c3e_br%ZN^wb^hSyEs6i|hvq;MbOH*%e4S4oxCrvj+fY_HJfX#9NYVIa^}
z6z-IrzSGnsSwQ6YbKZ(_dj9@LW$%45Pl4Iuwk|L1W(e0Qbz8t%P~qsTf32>diC&d3
zNWDxoBYOZHxSi4>Nv7^_=hWrhGOEo+*3{nx_HN@$%fx--KZU94@a*TsqFx%%!T(ob
zJ6q}pr_cR<_`%9yc6y)E(Wqs1oF;0<fmTRs26TVptRN+D4I+o>$}czPYnWWI-+n9M
zI?l`CT>670^A9u|fvI!Qu&_#x;NMn>D(sS>cN$$_f+P0xN-J%4F(Oi4i3_5?gve21
zv%h8-W0|p0sm4&ks;$;ZXf{ZlD!&ok;-k!UN2w?iMmm$Jt9az4i?Z<M*k{SS_#=hm
z*R5aU?%h^vm>hOXuW&{(2hFpumN%>jmfIs*lQ%!R7FPV7`fDa&>{N3g5~QveCVTJX
zO(p&4J?ml7g&S*_`g$kXaXG$|BYLA14fvweB?hx9)Gsni9zQyvy(an6r&ScmpbTkR
zAp=lpuydbL%7`;|mKeLVn;+Fz{T;f3T9sG4*v-qdD<kkrs1m-4Zm9;-{<UfLy8W+^
zn?Gy0yzL!}xYoX54DJ1W#cLv5$7R4Hv;JDwT0v5~!moUlk-K_$2VB=FY15bPuEcpD
zGDnJbY=&0rJ?Zk<IIsN6OB8EbVIj<V3N!ID-oAIJ_dJ7Q*l_e!z=E1@{e0E}e9LzB
z)9O@WXg@AU!Vf!Oh0Qh<$uE*)&+O?zd^fR(g9rFL&u+Aa;cbKyT{)fH`d%Sx$<L3^
z+GZA{WayC6><Ly5GH*t45jSVN4R<!mt-`54Kg1kZpJGlgT#VGz!uTzF9Y44!7+Pt<
zy$#fn7w*QuL{;4{D1JMmoOMV2!01v2C4Mp_|2DS5pL)IRMWR)zn*vY`^K1>rBOtj6
zIujC(8@Sltjz2m7ps=lYBazoVTg}O17!K<jMf>|lma?sy#3Zv`d8ylzx>836=g-D0
zUT)BYG^cI5H8q`T;p0BU?Zg2E`fU$X1#T;y9@I<oAQJw1ED${f?NixIvQb1{baK}7
zvsYwiUqz|ZsgY{qCe=VWAPeeuxv@XP5;2LtQ-~s+s(T^#v<4KM9o8Oq(pI~MK{Rk~
zrfMiLybSboOpG6-)x+QEgO)xiVg~~M@2FWw1(~WZv5-rO0|R@F+tfW;!EL=J9?nKB
z#*Uu$1W9<HvmZZ|u)Y|W1VYfxLp#?esIP2H#ok^<5qWY>YB+C@J|DyM`VvfbO|(UA
zPkExmP}Cy4*lV>3(JVo@KG@zK>ynRx_N{xT_^~)3|7!Ht;&YUr^#SVm?OX&NzwMTf
zr0$#avGUmbz@sJOsR^Cr_Jo4at8dj;>Sc8_Y%yN5W`*^R@C$V(acNfI54bgTLG?cu
zM$sCMHqLGS52WtmOou3|l$b7BdZU04bn+18yV!74uyfOdBc=v}&b6cAVx{}!bvLfk
z@YLxl|0b`@lM2p=%#6eHlKF-vx5w~>5C>dut6~%C)Ww_XF9D`-EU!O%{5+)5B)!U`
z^9K1@3Z%Tw$<z+xm%Xkl=Wa!(nIw4Sgx$9fW~T;PjOWFEtZWc*zvy*))oN+VWVW=o
zjk1GRyZC@UGgxz}qCy+OFlR01v{b70{ci_jNc*~<Jr;jd;@JKAWLC|?*4Fsd0+IgB
zOaEa;Jkk8(or&0iF`>$#iXYP6h>{YPFxwGd(y!Vxv-9>k>DD*GoP5H_M|Eox#aR=c
z8qA!J>YSgU+;P&lA9Nc2T#{R{(c%UUl`0<R3NlN?5oD_{x?(XuO3AefOf~v9wFIrR
z4bM4OB*oG>^=Ec5lGLS2v5`fk4_dnQ#J9KjQd%`72(ly9#@U-@<M*!zlLPQZ)XnRe
zpIQX!z#>mHNTj5tuHgDT+2rzpk*7YsM2;Ss@Pdcs{j>AAM{_d?*?1fbml{|lKQn$x
zDek>&uPD|@8O_tyl-QjuxkorVy#F|wj@JEPsJi`$pMz3b{W`2E-Ts=Ct0E&G+(jh!
zJooJhP;_())GXrs>fy^>@sSd|rX_ow5`1s93$J01yB@m)S9#U|y@{ch9Lf{e);SLN
z!E0`m{LLB!3N`N;37Y&d_783g4x*bsE%J4n&+hjRhLkXMi=Uv6(rg%pXJqatD%kJ~
zu1_vecUyA6AfCuH9OUxk@wNMU7CdqmyLFEiDZj-<Ep|r4ZA2`#jp?@yg}%+}jw(p0
z<~Mgxs~v&aI)>*T%pDw@Ec)rO(Ci)h7erj9lKRh~W&ZN-PD}@Pm70nqzbguDj9QN%
z*mX5%A_~fIk8GM%)Usj5(((6jyKjK_I_0}MSS%uVYbs{~QSbD#nCpWK)hotWawC--
zuqUT_n_)Y?&T9WpUu;VaaycOMX|Uy%E(%?X)(lGbgP@ntpr1~(kq57!M`ECaxR=ZY
zy@PcUuzDHErt$zNeQx8GHIt=+btUs#uUD?u4_^T0EO}1g1)MSUjeVtOV^Bqu-(T<P
zCy*2m#Cv#3ePR7Dk@Un{ED4ea`+}Bdy0Tuf)L_z~Bpu*D#8AC|+$v9-yj!G^q0@2)
zMW-d@Q)RISwD4w?Y7fV2TEP3Ybs2_Bq-i)?$kW3RD$^Ct7%@$SProz#V43waD{q_b
zE~52~H$i;+Pm|b$j2o3%jAdop`Xo96UcE|>GHxj_O9kbm@QXe!j~1O8ARA-`j`|16
z24_*)Ls#Y$J5_^vBl_e=sVWgtd>bn(o5Un?XLzQgPrpJrDcnzZu#a~IM3(t}vv{_z
zm?35mxR(UO*U(@Szzi{1zJ3{o*fqORV>aEWcOEB^8%j<JTEnomj$U;S3*WXR_HIk#
ziSvOU##AX=ton~YKRz<)DP`1ElzV79!{E*qc{|fp&odo$0_E7)u1w;+qX9PNj_E5I
z=PYc)FPlh=SRQg;Dgs(f*sVAk)uJ6O!>OeV2s(8l<Ht1F@&t(Wggi#q|L#@tl=eo<
z4|ZKOm9W2vl`5dqKf>J>ISqih6^ge}Fc`#bHcn0}vx~NMwGcHhB6xm0P$``7Ba=F=
zS}ASoEbjCgA@k57_o%O~m8BN5_c(?7j_QV<Md=^@Av^F~l`0x`n2gD6xM+`Pr%>Xp
zi0u{@s;Js3*?gETbW<XK{~jXr)(w!)%chD?ZX~Y2>B<#JVfl9UDD+rm>0sFCC~#JY
zEE|{&8wFp#1R$Wg`pqR#Nnh>C>_E3R3wE%ZQD<u4cfY?Se3veA{rrOF((z2+nmpMf
zIyucmu5?;}$3{GY{*Sshfrk2v|A#;F)k4xDOTxEkLs8k+R#GHMwlETseI2{`R#JpY
zBzp;E-^XrBs4Qd2Zitbwjx-n<%X2^TnNt0K|K~Z+dCv2k^L$R{G-f{czVCf6ulI8A
z=X0f(g=B6zI>z+G-aWtzp<ax~7F>Rd5$n`Fi#vE--RuG@uX<?u>#w)Y>Rf4Lk1%Z8
z-I5l`S}1u2>~SAQ&z=qY<!BPq9OJ;6Y;jZAZry<ok9ot6N8Z@&aP{y&@sbILfZGi4
zv4IEnVUOmE>j)GY&Q(gOB&lVU?Vl!X!1x5+vpst%a<AUX!+UmTPZhm1Gh&w#Q!vT+
z#Wd*2tE?10FhMil<+*`24XL8skcYxDjd@>#BQ`ZuYW%p<>3^Q;T2&<hmYsu}#2ijD
zyfmif#zb_W8!0-_;uWt$(cy0QA~}<%qV>{whr{O<i{07-3)~v3l~ewKo+|wELO89i
z(h)Pa!xe`njz%i!dR(8$$#~PL6cfQdQRvoKx3i!+U=s_Z|8#A5DlZD%LyEFI^>qjD
zJ?A*46Oj5mdG?H_MC1*YlzC#jdRJC+hm@e68Z*ri)Ew6whsQHbeyY}Cxi|~sTjrXF
zjqG2&Ib6=|QD6N0o$sCC6Jm0a&pK;9e8>xVXpv{aVN@p2(U`7$>4U>Ikl+4t#88Uc
zYN_~5i|WM;piFtpdY|wt@^T9u?*#vumPP+KXChF?3V7scWQP?fA9+S`1}7<5t|cK+
zk#;PzgY2s(Mfs!;_HNAH#AEPZ0JhK9Q^exvK0$oyT$7Cg1uQnJ3HE;z<YYa=<pbI~
zpZpa*N41RChLmDyZE0aemP$>Pm+u|9VKI4!WZLok#T^r0(fhBRRDSLS2>w))d%S0W
z+IriB!yLad7%=X5hdkzYhR|qKzIYYv2;lxDgcDc!o=rDbD208HE_&GVP)0$b5KZyn
zFIz~7S6G@;+;3WLBKw^~-qDX#Ue%wMe4_b7o~2(!$Yb)@N`bw}j}^uJ;9Yg@OjSSY
z3sBI2v2nuZbCb7MrkYI~Js#%1I`QG)PV{goMFH;;C=fxk1p1X^*zG}3Y&&8?IwIJ@
z7FhL$J8UT_Wh9r>#B*qCfrTY+c$rJ%fx^s*Hj4ZP2x2q4hOS&qV}fvfV6T$8J!7xZ
zK}}Ff^|Hkaj<vUiSt&JrEIxn0xTI;xf5WAnZ#p&8`;+Du1*F<DqNqeMuIe4j@@`{x
zQ}Q#$A@A3dmSt<7tUGDbVev@@oH-dNy_B*`Bv0I&1Hy2_`o_W#+=(#-1)mcGJv23W
zpTVygbr!8zu}?*<n9j<u*7GEtxH<1ztS4pL47a~}xTNyLM+jO_U#psbF!1)xhB@CT
zmA)^D*TKE{!xrA>KO9;@)*VyLJFR-P`G&7CpGdE(7FCE7guJF}+BPyA9jV}o?@<Fa
z4hy9wR-W!XHfjH!ojLY|Kkvqd{HjYuo5te{6FTnA(^xsd#)`4unof4;3U(;j2tJ=H
ze)GWIZ>MpC^P%E>W8^}WY=usrm(T<73aTSt&_7d(6V^Tb6oY+j;a-d1Os$lT@JK!}
ze|j-b1)aO;Zo}t^<H4D63C*GXc<z6}N_9Sw2zK|<FN|kyCZ>q$bJ0k_DuK)n_Hdud
zFf!3t$8_QCw@InDkr9F&q5a|qx4#xUAp&fn?pKu$)&KIvExYOE*eB1UOqAy`GwRmA
z)7dApgRqi+TJ^t2mIQHM7uucDDk>%If!LvQM}Q%$l?YKMZwXx}Od`4Td|p9y5W$ww
zyP4=u_6tH=kFnl6%qvQpa5SDE^t4b|4!^M#zXT3>abB}R{hZpgEmNaEVzX=rk#n-<
zXIiF`PJFohukFW%@3UwbLK?qPf}YJ(^t*qUA=H*N<nheSaL)u&HL-bS|IsV9r9Cg=
zW!a<2N80~p7_gDs+4;bLD26SL#%8yfAPKeKG=L6gNmR;t%OQEWrICkqyh(5N<$o2~
ziDr#*bYi_5a=WFQ)Zb&{U6@2=8#nYaXSxh}P^on@?wsBVRyE#U`w=C<*hT%cYNf?|
zQBd5+(EP!Le1VuCx%2xLeE-vfA7j4%eAf&7-WzIj!Pw<wc|IBL{UBweym$WkQ&{CT
zZ^k~?NiPlD%ASgw>q33LEb%Toy<+QTK9;0>?!LzM^to>-14&=jLr?#S6a`jCzdWw{
z_9`8#ZPnSZs$q3x8t*mPu1>ts_n2qgL{=!^UF14BACJUjuMmOJ<(JY$(+5vTfF+aA
zU+(J5^NC2i@T00){7X+Rn))eB<i5SXkN40{^jCRF0>vUD{lZhci6gedb?m=*)7E=M
zG}cEzmzPjl@P6$a#$hqRos|^)#GBKmt#1Y^z_c%xp0C{<MD~=JkJv>1HpxQGi?&y4
zrkypen(SXE%nbeO|GNp}hTKtK0=>TDR$D&~Dk05lcFXblg*^feid7Y8ZN4q;@SBPv
zJ&su)?asqxWe_mq5Ae$4uRY_K)7&Pl;Tu*o4%~Ccd)e-v5|JA_7(RmDl%Km!b@25*
z1zGR673J=6<mu&o#=Tz8sBggn4!qWx`13h1j4*%YLSDS$H!FGNS>Qq}TXl92#)PZ1
zq8{)|vVPTfM1M9;r+HVtwlO4&od8-}4rBj89tKi7>aLDDEzhM_y<{UEuu|!YxNgpC
zaXFM!a-P27bi)nHf!ju)BDDCmxAJ9VbbJ2>W(ap0L~NMbKiAh)$ivMhO1=yAUg@jP
z4Z_@v5ACc!$eT1;DZ-h{`OxrK$K;Mar3(&i^JM&+{F!?&Cvir9_K@j68?`d^?b%#U
z_W@^lWnP!3(G54XSH0dI(_ujeBzI5PjV)Rz6!=bAwVQNKcuImjTX3QC*JCFr`RefH
zMXZo%2ZxrQQYujgJawS1cF}8QIrMEFczO#wml`<taUa-ccc&B$I=NE#j(7uX<Js~%
zCvh4>Z;tv-e={AYsjco$CAO)ny@^V4b)H#@f4gN@fQT5&DNy1v((}Dc&0Nm7wKqiI
z05g=B^M_8X;`=LV&P5JT%~o~s;E41i`yO-g>uh(}d$ya)Ry2?0<2AIE*0zUbJ9wmR
zPggeQ{L5Q3uzPqPL7XktpUFm;a86+97W3niOvf~sv~87&`L2${>gwHlY<m(T{z54H
z>4(C7h6UTt51Uw`EiVd0r*`?4mX@WJj>nezD4)0!`#j6Vk91kLYq4XRN|M(iS}(m@
zrBI0pt34|B(eagTlxdYWLoE|p#5lEys*BX)c>9_P5_YJG5VPSa^(A-0QrAG}>LP8`
zy|2u>DqtK+GzQO(8w$}gko_~`+<x+Yg9EE~78a8RN`5>`zps|9@<7cY%c0qKdgW@L
ze`j3O4JI-TJ+Kq*DM-t2b>Nzh8PvQDJU*SdjlPT%z9>_r`##nGtN(p$Lb+Vabk*`m
zn+Gj(&M>tM+a7F{Fc9R8*OZQ5>W?E0Wv?_3ga|Ii6Ik@tLxk<l%+1JIQxYNmw1{It
z;!D*FOVdli5ByeVdbNmCGV!%Uwe;2Q>NqQ}nMpSE5IKKGfrHxnzyZpgmeo<M_Z)uI
z1e2S_P|jxXY<htz{qPEniNfsVUXO1-5`s*Z8~vqQrd51*&&=~_4NdJ7FkNX_&c}G$
z+@8Y<?OhqADf2Fet(@^0R`9?1!i@=+w{>ku!Pyl*A`Vu5;~=(+ugspQGCliV!9g(u
z=FqKxJhF-S&~wuC`+RZRvkrMa3M-!jSI^I?d=H=LM_2gg)-d6=1OEJ+UV3VKIDJGz
z6qTLXRg}U90+iu6k^Ut@-OTLA+rcq+`mers8SpzmR#xa<?8Wzc?opocRe=Y014z#Q
zZ95YVKJJInpQBOLQjf|5xHHoqwWI@!%Ll>|YLjG|I>t?|;`;`IXyUdtaaQ};iU(**
zfiG8mRkn%yjn;8p<AuZytci~DEh5|h=t`&m%s`Ev>1xOWLCWadftk^eR4}OTK1W)5
z$7_~>HuY1`FJ%lW`KLX}WkiRiZv(;9DjJ7)ku0QteNCN4zRLJhJBPUams7!BRayz?
zt;tBYe0hZELCPen#1y+^b5j$lcHk9d%u4yU`44%oXq3-B77XJkr)}WU2SZc&ZD_M2
z3Z`LtRSRuENmckAlvZlbguO|-kF8u07O3baoFd@+rfVqEl?sa)!~4<R)S=|C6_4`S
z3V)@_sTK5*VtGj4Z*6Q`gYbwv=7JMK2NoBr5*Cg+RLy{nOlrc>Jx1xYCW1+yx1T7v
zV&b9(mxJ2U3Q2`i+;_N+sO7sLE?yuF>F@ikv#*_%i~cp~rc16%1E$M0V4@2^mVV3X
z<;%50cgR-p3P#?v=T-+outJrq6@p>UDyi9Z983SL-uf?s2{&HS>xL|#IvNeE(pGPj
zlS-z8(Ec-JLxay&XU>F`&@{x!esyuh6b<qI#oD&l@eQlNKPocsTLJD-O}c_I6~Z_4
zseE5i5$sm;Q>>imRgtDfL#Xz#;q{49@GJHqjPz5}1=pn|(hBMI_3vAz4oqK}shw61
zt#iOny96ts@g4n@-VWa#%eakZ2A1Ad?SRcY+K3;@v0pQ!g0H5_9pdl5U06M+ysA(o
zIb$BLjDQUcIAe!POTE#1$twN_;(g6Ti^vxR9Q~)gS3GR}7j$M$4^+rdDw$9_HkL5m
zL=G#v*``;y62P-ki`P)BET3P<Or05lflDUUG@bUGW&{k}$Z5JH^Nj#iXnK{BOBt-<
z8ldp|-yHW{hf7&g{^p`ot%TZd7gTms4=g-iz&rSO4%O-EzE5&c43+VpR@eBht(wg}
zGl?ZUAXQG;&+d2V4@D37o7(!1>f|mDR_&sam1TY~GokKm`Zc!EPgS%jvsk||t09-F
z<zO8p@=TJ5Kn1L8GsB+-JV#10i&vN8JS;zvr^0+m2@m5q{6$ti(3Fq16CqUFZymKN
zX!QsAFP5zCTfvJjC%qA*!N}7%;JsZ-z<<IeB(rQA-nW-fOkIk5QwlK1Z<g7A&q^Q1
z?)S@O;u^+mkgfch71V#xTOs1>s>OZx`w?xb<mb!<t8~uJ6$E9Ph!@3=Y4Y3qe^FRD
z=d;AD!lknKwn}!ck_mHsO;aOl9G3gDYpTWl_bb!B`tQ~)pcvGI`F#<u4HjIgpIMn+
z`0wic2592^2lf*-^tXH9@_tM{^OshpCF9@wFD;U|io#UBWlaZjt1LVls^M6U=o;6=
zf<xXMpFiTmbO7N3U9*_=cJP%_resqV`t<yr$h|8crfGu<pE*{vX5vZxGE_TeT*?~O
z=VZhy`tD8uo}ZX+x}xFpl`o-cZoZ$kw1G$zT(~eZ!?B{T=uQ10cV#2=c}*L|%1l@N
z{iT#?J^0$}r4c;7JY@B|uQ&a6p8@pBhuz@By<2N@zgi<+HSaQ`wL;J?pIhMDp)%6n
z;W9I@@^)3(U3uvZ%hmPJnr`avGhOMa3NrPY@((s$;ZWh$Rjimt`!AHO+Ae+AuyV?0
zn7aHRGL0G2xDU25Kn0wwx6_x5)gt<@_O0?%QATW@txWYMEQ=4}mtQO|yq)fuN<0R2
zY5X>z_VCm&;=oess!-*()#dtyDTgJma%uoat=a&kdZw<Qno4ZyAY|1uV?w|yXBku=
z=u1&iDadP(Yd@fmd_q~!xex!L&r2T={PF6q11K>Ozh0B{|L(1*2ke2>qjO%|e)IG5
zrALAzOE_-!wzOzZPEFPH_nYkI=XW!1Ixi<Lzbme4gfc%mdhlMgS?9j2*g;2+K|j|m
z|C#9O>UN%ma(KNeOwOF~m;gEz)dyO}#>QS-q_wrRb@lg?6Ze*WQBKsX9+Yr*cR#X3
z7#uX4oSsHsX}QI-C2;1GX!b+jtWaX?Mf*ORL_CjKKEOi24$MAxUH$Lh2CE}QUtAzF
z_Y7A?n=IF0)S1cm@87w@yn}bYWTPjGG~-a!$j@#<w>h?KG0eDo<nVW8S$X+ViSwS3
z+i;Yw+BAazbCZBwoi)Wx)cf}d1cI!hV)?f=S7+y;9;kuwn$`>BZ|`hKTCFN8^Bx;u
z5sG=yNJ9zmm&bIml(W_;YKG8gG;VSsfnaQ2m<^Bl+F}`)o~*KR=<@P1n~JV(&Dhvj
zz(C<Jt}&XF@xuy5L1c{D1X#>QG*Fp&pmlA0-L(KzNUxJ%a|Dq{e4QqemKFp)WYrrO
zs;Q|xQ?*Wrk2m4F=HTF<rmJhNP{y0BY&91qzMgTks{X0QCLAE=F;l}Wz7+TP>jd5x
zO1D6x(L+!Xd2&6<3sENhQzQjukc1I$?+~i*jG;l1y+6MGv$rYbFqGrLxaAli$i3pD
zENLBzC3JUNC-3hefm#%g7IKQ%g_LgI;;Jf@#nndb_HAu$GvukMv)P?7i>bWD(p3Ky
zbm|+@=;+O~Iukt|7b9<P?;V}Tc5fkquO@$V_x6^}FK}CIqn@M~N~y&O?%v(!u}sPh
ziMe&{b7AqVUT}M-y|;Fq4<R=`8yvIXZIT~qa1Ct>hNPqQ?@i^p1B3xFTJ)8Cm$Hzr
z%;Ut^&Ri3;NnrJ0^71vRmqdNVv5z!d!SqheP9>_9uckpQmA&iWPN+b5FY+X^O!_MA
z(B3p4X`5B0y=m3e)eo>0uwZAxmma1kxqEoX&P?~ucEyBR^!Z)X(y~gUrR}m*;-D1W
zr=g<F?N%CG_$aR(dTfq17HMf|k^K7Y%PL|*(fv{vy{B%arl#stHA&*Buj=$w$fcba
z>ja^;UFd%9+=R5~mA?M@auaO!MAPysTBa2BIC)8vW}+Q45=$7VurcXn*`JEMTQc&4
zn^2k!U~Zf1maJZ{-0DHc5p9B7;E*I~dU*Io%8_^0hsTw9I+>Iocqx7Jv`eyX>Ac=!
zSM~jqDEEpY-dtcy;BhxvN1b=X*=x_N+wpZ2n~z%8t*op@>}M(}Djt|JZ`rbCq~F-v
z@7=q-R2NrQ$+?n>DbKhYroFwr&sNBT)qy%w=_LtHBv-Ds{;&fF4#>o3TlfuNG+nS0
z^p~e$97^oZxJ{*Lw-evpa|*M&m!#Kz)b3JyfF*bXbg%GS7+dWY4i53yfj|zyP(nvj
z)5R;gQa0T(hM#?NDk}H^o03#id=|c)($6m|;}fr1`rcL7=)$KNT+UTJ_^s94zQ>(H
zC3!Xw*Wnf`<Ayz`^YcRs3m%h|BfiEdPVL+m$G0voaZA;*+;zjrlDo2;+gHYYLwfOV
z-<~XA7z%b#Am7iQkg-=>0$;?&$M<`g!ZuW7DriNCw_fT0_)#6;m*&phbe56JVw$We
z3jiVZ_nT7cA<ANFjhiV(epR5$CzRk?8TrGPS^8pK+%RPOD9X8fCwLX<{-8~2v8v{~
z#}(^{p?oUdaapwyGE}+7`+Xw|J?a7~<fFl@9ljD18^3tko40fhrD->G+R;+Xi>Hou
zhCLsS=a;$Vxt;Rbsnyp+>c~<lG3M*h&XD_+;{rU`gtHHKR9Oqp7YLQx<bPI~+Bh@O
zG$BkHmlmo&z^kjARcp{Mnw380!>>oUP`^^i6jNJF-=nF&J^bP8EP~~YADYog(Fews
z$UQSNGw%sci1OYCJbm)3UA5!L_0EC?FG6fu6c2>kdYcfRWM9_R1$e9FiWd+RG#$5(
zqaK{>y;W&>CYGNlsl#$BUrfc(!^6X3!@~T$yC^=~sdKD64jhy|=cQv>=9FD0Lr5To
zdiHD^3MZ%co3_28*|<N%6H8?5#TGRA=j!U}l3b+8Qt0jh8PpCCO#$desY|L|F~!!B
zb(7K@CIBYvc~QMLgzZyS+h)@gPai%r;<3IBb_Vk{Z*N4uCA{jKNlWyO_FkBsovrPB
z?X+5XpY#z-E2PfP(NUs(u_3=wK*p3Wg?&ENcgjJ4Dol$RVN+`3!9J`JHa*xqFc1cS
zI5#`pBpvmGfw}4rjW#TZV8>$1J~_&kb80*^szyI=$m^dfh^rtqiry``*hxJZ(^JgV
zh_Q~S{O6Jlu`;H;SSlj5Botc`m`c#&E5c%v($e@2pg`H+eSd#{VU<hF)&*%247O>7
zE!jN-n)t#IZZEF6fV7FqgP#j3DwO8+BbR{|wGgt9mxR`CI4dIuyPCJOw{PEOp1M7v
z-)FJ;QFKaXHgD-9nS61lmvr@$4IBauQc(u?Xo-jIjDxj&hIVjQ%I4(fAD`i|wC~s~
zVzp^Dn)>Y(KHYl05MbD#vd6-=!BeIK^Hi$2zrV`8>cI%1F0G3fuRAzQe>&mWcO}p|
zUZ@eqhaLQsj2E^Pc@uPKohCatqMbx4>hy%=q{EQYriSgD;4uQPNRHV$mMv}W-!or^
zhleK{3KdS!5-$XoasjXRtW*M6&Cr)Gs6*9c-3dw46cYYennGDNYncOUDL%%c;=6PR
z-($aaij9D2C{L;!3(92hhiCmfP}@(4+K%cUM}<b&+D??K>Shl`eK!CblBTn!?-Ugp
z5P{e1%1Jj7^mK5@4tH}7tTqEy3kM&wUKKzEbMy0E#;khgo|Z{A-W*LA$PZ;2ax-rL
z^R4wOF>7zCmK3VD^30t0BvKy#ZhtGXkiu`{UZ8oLwNNh9JyN?pT{gwXpaIyt@xX?3
za;Z%&04JceP5=_6C9)Kb3o3eS1?c1~N?p}0%;^VwCDw48mVb_@7@ZljtH{zimgf^`
z!Q1h%)bGLOp8ZI05-O$8W3RyK7OmYLBcD=Uq*2%V)i-A|P^mfjj{t{ezP!C7ivRJ_
z1~@~bk|Tt(x6I$q9^<8!#|{S{0?>G2H8%dnjUO*nBd`|F`(;q!yn6I4r2K~O?+;sd
z*b$x{{aT+jK|{3x)2*ACaRS&XeW~J>&#dA@wql@!#Bbjufa?NEdO?M#dM&@FV=nq4
z7-@uR1atib#EJ9YaxZAC7iJ;=1rAWb%Qv}4N_mv!W!S8`dkVT*7-ZD|GwYHni!om!
znaS=pk#AZHX_BW~<KBx+aEp(xn7TE3JL`7bvtPeJny~l2@<Y)?FY;?4Yw@|CWc>8~
zfKM$7r<5ju9xn7&9NKI!9QEB|3lu4JW^!D4wDp*A@YK}Q1)a@YPJ&@&0`;x}mMxnl
ztqiQnJ+t)eeCEWW->wwrpmp)p#gD%hjyU1Hy*}(MeW$l9#|o!7aD2?qEAtX)>S(s%
zz?^)rfR3{Ih8aiM*h5>(GA*M%Pu_GedPY6j898R?y6r}0bx#{{znsSLlPDAFY8oH+
z%`mp$XP)w>r%E4xZ4}oloGFhPakG%!9ja7UKWoSm3vyII;)L4%vEi7{#dF5ltfxn$
zQp%;txiW5BIRdMjIv(2JQxCr8@44NWuz}bh#F=2pSMPq<vhaiWj)sZ)e}mJU`Y8Ub
z+S9~PyNKJXNl8gSd(H1GPCPVv=6fy2KgOlEaOB1VJrmEbt)7NgQoSf{j;);$i@w%<
zawg9@Mf4d59FLwmK3v>b{LP8!V{u}MT*^`rEi;7Az{mJQzb=m7$vrFjWKUC5)B8Q=
z_-z~0!?S~FiPF~GWH-`?bg%wwA&97V1U_oCdq{hC!mh(y09!QeR_7HXey4%hbMe--
z*Tq;Yda5WaG_+Qrw>(nwW*b1JQRT8RpHQ~qY_|CrGbdmB1Hd#mL5$WiF=xneBZg`D
z<HwK5;<I9D=Kg)|+1|#yTLNV&#Siz=)^BxU#0sb#Qm3(=uHpg$0w$wDin6lBvu3Ns
zS%d0jTeI1OYgul&p)PGeaR?~#@R40}?@{Z;t9-1h6ciM4%gPkSyA=F2I0TiiojYKw
zM?GnGEp-&kFu;b(iR+TCZs8+4vG0bTnO1?D-@SYH!y>tl^R<MwLW3|*Z*N+wlK+bS
zgl`kkFQ%?A?(@pZN-~KG#yg59o&H9l+3mt+Es4naH%7l*E$*zkpHEtH1B&K7GCVBo
zRndP_u#xs7&9^Y~hvDbly8R=SLPx5y&OEF-qURPRUQb*9P4l;?(#jo;R$GnZ+}1ug
zIGBm`^z!mDi`k|f2SWCRxREL?ii=K2U|^t*odX(8y{suSl~fYqnUL)nAExf=CKxL-
z=2q5Zhs}L$b972c?&FWrsiS!3jQsus*pegpik;DJM;2qXC_dH`CDK!FafK_^{#h<D
z6tB36CVT-cD!JAG-|a>nI#%ugSv{mL++en7<Oxg^SQ_wo#{<yH=AZHD2dNdw`~en=
zCC<*eri8u&)>v{a-=dhKHe}GQbZo$(Eaa?lusS%ButL4#b;4ZKgn3*_yg`B}rML)A
zX5ts5zAUYzr$vv(ipMM(Ui5C*)>gH?$=P10(#@~TksxLK`So{7ijozWs7!xw{kKY{
zpQckEZR62&{Kl<&R>azH{CMe1V<AXYL{BGxFkJh-#KeYWihxrYg1y?hy1Rj<lq{Fd
z!y{yIHtye`2{76GP7Ju4ukH}uh7Wk3M!V2naz>|nhdBVS%6VD5ir%<a(`vskzNWWB
zc48S$P~?l!*VR($WHg%<8l7Y+mcG}!^mcfH7&pm0%aoQ?nu7IZw<TM}j`;1DtD?wr
z6Cct})rnC%GNj_G1nZPm@m28}UYeyo15jnMp4;3`0Z95{c4zSY(aGK<7<C}rc-znA
zdE6&ZW2S!z<s75eT;M-4HiN1Ua*6&rp8EfTTa!~?QGV_P_`fk2vb!-d*o>EXVrr|j
z@$_ufGw;Cxx}1lS$wBKd?9J(EY2&3EA?edFA2!lgC2=CW+?JjGox?61kiH`06rrtc
z0o}x5&q_=hgxL?iD^R5`<uw;lUd*8+if7T-!Q&jz%|OPx&O4gy%JNc^gZZEya3m0>
z19@A2&lP{Jmh}l}=!EyLS_#*SgF#p4li)j(f4ejC@~+H^ii64%5XK#;5kM%r<fnV<
z^8)Nlxn-aNEkHjLIjh6<g;@P4mB!XxgqMR7ed(1|P;Id>04LHD4Z+Q>@Ii_{Z+<f{
zt!5DE(tS0a^!RdgeGyn_XPhN~65>4D;<gFG?Pip0x_BrXOWmB9Phc55w|#gv6VDD6
zfcH_;`MRUEh8-eIfWn9yI5;BaMd!rXGk56+M<lXY7}TO9?&pbF_20uwL5bc!hvjWy
zpjtH`$kKOKTSKX+FUked-vWNS8A4}WBHN*4p3UpGITh_kYjY;~D+u}wytmo~<?MDv
z)G;S=oIEA}rHQh13dg_g*^19j<31=y5&YV`i!Q4ZM$v>`&v>;+3v++$mg;OGWizBN
z@RPbIu@sxlS}at#^S0?(z#1{`HDTtQYYd%?c{i1k-a(o-08i_|zrj~V`P0^eUz+m7
z($b<uzJ&4&<YoeSMTQ|Sw8cc|q8()F!tvMpy1qYcwY%^SG@^kp2zNfM3|pV~P^|vt
z!62i+)<enK8;XzEL;4rNsYZ!X$k9e4UzZlUJ>&5e#L|IjeBZV$kXYne)v`COF1$17
zWt7*H9fT@mL{7N#uj|6qVlxwrbt5o*kn|(QNRqFj9XQtCxi8D7W&czbvdt<p=BCd8
z(o;Va@@`73elOmI&<o`ZG6X7?>{lfS1oGa1>VE!Bn-_%n%6J7m>dj~3N1L<Sqy6h4
z)eHm`aINPKg{&ik*`$duf#T|a46;q_gx<MDnCaS_{CX^qm=NPAj?pXUtvT(j47fbw
zCqO@0!bnvx@%XZz%BQ@C_w&h9PcNs=K~O!T6mw!?d}g@t<v~{mW@tz5egtbW&m&a-
z>4R`r7;4ZQlqY5`!Na4q1?pqGSQry<;ZO}wIk;Cvyc_7@I1=eVIhU6GOsUe4gbbqq
z$@Nk$zOSbj!YSIiF%V+n0C;x~kg*1i9cn;y5uCh|(p_PvC<o49V>BGuo6LFV?Z12X
z=7|L(G+YiKbNbRT-ZH%H=q@mzoQ;e#t5B8}1|}PeDT>@+_ZAy4Z&((X=kTCi8Rxs;
zt^hu~MLE9kR!IJAtqI{q7_cjG6v*jBCqqseuXr7ey!oKfcUL=+Cq{GnKtsPO6;?*~
zaR?SbxQK@bHb9ZcS_Xu<K<|F*nuwzzXfLBvNg!b%nA7zPd&Zq}Q7kFMGGQ$8+Zk&=
zuG!@NEM~GIo&_-fG9%~683ZO)8x9&W^gQRq|3Jo`aUfaOi8+t&hT5E^pyLSmL`0Yg
z?BSPpvGf^4p4HV|XAk|V{7Ro8R2XMh#gRM#6gh!+ySE+9+6^~AF~54MI_Ms0@t9OX
z29~f7$?BkvYgGebd169C8FU6JK@gTvPuAD@jjR=etkly#$R1_@UB|h<$WqL&$-!iC
z(Lm$Z>;~7v(5Q_6{<0g0i*YDH&bu`YwrPw;07O(IS(3FlUo1E+4OZeFaPkG*dqz~L
zcbSR50-ka(=p``?f_lstWLf_(SDflkviJWcTgot3edo2=hFCCWyAODg-<X`l;92CQ
zzh+A~&S3J#KbVYh0IMPJIK>|SP4=gLp*F3d1Wz?%w)_`<*(=o9j6g^8<6rhF!GgpP
zCpKI@f0SqQURZQ=RDyOebiW{DU>e4YsK*GvB<^dR8Sa3;=>Mtywzr?QzP_VSe+=Ld
z?jZvd#4hD~_j))(m|h0I#Lk^RwEoV?GiPr6grMSm2yxuH&q;{#H-t;k3pvopYq1M(
zZ|fNTHfjeEJX*=cKqkivbcfbl!45UAWAt$t2FIJvkU^qUNuB+`M+ChbE&3NIc+O7~
zN>351XJbOglYpXQA{o9m>h{bqMBiEfGgu>0tR8qh?ozDI`M8dMpqvK`6P1B+9;PxH
zjZpcri@}P~j-RX$O9EQ7g#iO%^mDyIm+XyXJ9zw&fsBSR|AUGC%xbp|?9wt34LSud
z61P1Mf!&;$%jc6Y3iWxf)6N4-%z1?j30DhT+Qb}|q8Rq_pnMi9gqh$$(s|ogz)SW4
z4t!Va1YF8t921DE9i!5;BQ4Ivx;dmil?TV5Vm=~@hzZdSJCMEe><a*Fs2av8mt7ly
zlf=bY7+lfa2X=1hpG1%smHC&C!DS$s0n~Bz4<DoN#AtAMj<$TT{@C6ogsEWbj}Kz)
zn8M3zWJ4Ha_4)oJ3$IRs3-$GHvU?e`%_#VDwzUlQd>a3IwlxfE7fluT#pHWA3?^Ux
zlgTF;y_|pj7n6$^o?oouPqHr<4K7doP1c^l<m4;AW((OM_FNBq9Slc1fLoGaod2Z1
zi>}`i@w*|6=+CB)E(g6uZQW)C2UM^@eqo${(OlwJl?|kZdB9+4(^CsMLvMw>89?y3
zke|VAmj=Sr=O9MGJYZ<Pp>Cwb=Jm|5Zbm&obn~VrVx~YtNS;}6zi$}*UY(`+5_%!1
zkD>nhuSYzbZGg*i<TGM~HW}G#NC06|5GNZ|W=SoAEvz9JArY1S^zvp98QuTzQ$KNi
z3>qbG)WX%?-vn+R`iTV?BhmWrr*Ltk5_seR3=HcFf_p4bM`F8%SAW_pZjm8popgrH
z(l;@|N+iOt*+k7>gTD8h%{I#;aV9Q=;Z~b>A^_u<Ob5*~29evGIx6BWj~DERAn6!n
zMm*`i)Cr2qN7Ttt9oT{+h_`fgHx)BM`m78seg&L(=Rgxh5r7jo84OzBLIO0*ec6fr
ztm<EJAtc6+P_`}pA1D_y0xfBMrTFrzoB_ZOLy^%4dZJDzKUHNyM_OppBT`H<5*A_D
zb<hr-6F{s2XSH3gfu#lwMtQ&MU!WVsz|MyeiANyO0*1Y1nwlh54-f3(AvZ$~Ae2)G
z!)>zGCM;Ty_?n#BKkNs09+3fV*Iyt7+2a|j3djE>TZlvp7^&9(g)D>59Vgai+wp`k
z+nPUTTZk-oV|Ic};E&mgMLN;9tLEGW<8%aI`hju{fGotv2>(P==-Jp$@q#yH+zdy=
zd-cp3S?N#)Sr*`*VJ5Ew;3OT1<eK`|e;F=R$<WOUB1o7Du#Z9qV_YqRG1~z=fj|sG
zF%o$(;Fr~G9MtZDun$T!OJ^*H!CV3$3>z*~%TRxQ(fVWS@B9bbfCS?RAlHL`(SbS<
z7k)x*ak&!KkEkcebPPLoYuSSo1}vE~{1$FMh;if@D1>{8xbPEf3=_cFBEXh|Lh`|F
zkAG?kWQk-E7?!kOb}ONPARBJoQwz^MAUV7SJQn1Vh=9RJ1BeMA{oROaH>ev#g0SO=
zE8QDyf}jpYtUPi8mP`SotbzT!xi}M`85I087S2igGvdbGW-Q+G!T~)*KxU5P{2%-*
zDjdNY)Tv)l8kA^(WC@r}451>H1IZ&19meMKpGg%IQ;(={@u@!?9wrn)>qJlm05QaG
zo)*ka7TH3HaajvWaoZVrm5<IJV1fFGjIqnZjp|;p;vP@Z<~&=c3)Z-Zh|9yNg1Bxi
z7KU=(BO<cR_&Ykp#DF11sh>Y&;yc&=T)-&XLFSM#Cy1uY+vz#w!ZhHQ{<ey=w6v^X
z2sJ0Evei)70Yv*aMX9=QIM0Eu*28L&6P+h!lU%<CPYIX?k!aWExo2(@7!WNofy^-D
zUjUm886o!e4mxmC$ujKW;C~<}{Q{_V95-^6!GcU1LJ8EmIj{jRM7aTReYwij-8gla
z6@rRGM*Ook!j_-}925Ayy%A38!S}y%{q4X#;-Z1}<1!DwjOp#&0Te%Y4HxHGdO-3j
z1sFtuD>p_lXa+?tz(9jYps<{0_ka)vBlQaWToPp^gT(^;Mj5&l^TQzz)DZ_Pc;vbX
zp|2E-4`cn*g15rNfzuK8w3s=tc8)1|t_B+I1C1^-%peIiKincH)8YF1ieijF2?LUN
zu*g>A#_(2<^nJM3acM$d{}YgC#Q?TY6cg%O)j_*)crw=-dl*ywSWLEqIcX~ZbCMti
znuLNT>5{8_r;CB=$7ljhy2#ie^ZFw48z{gXUDs%9oXXq?FiQkRhLd3Y+pJ7OH34h`
zR?#aqIa|ZsT_%RW9+zlPwgFH>=!LN>5x8kg!1Gstsaqk)(S+Zg9^^u`@VwsjeMZLj
zy500iCbK>4|8cqiA95~ry196>fd%`$O|{|lItMM!HlDQOus;yHEnJop`>f00=Hi81
zm?a>Ogk=C_!6FLa>uj8w0uKU6$H3Txx{5A40ywRQcImX47z3lkG`jmu0dEMZHTE!_
zt3d$13x<4hfbY!$BTYO$_cWDairEP?18M`=@Cngzd-5|AuQwBy0pqsNfuJE6p!H2n
zgGlA~>p&i$1BW|z*a*ET3P4pD*(qudoOeUPC?wx=LDR{?(G%3r$N<P3<xhF#TOCQB
zN8kyJoCmT1mx~!3s5Gxfzzlo&XYYrSFWP_+cOcma<~gu5dTtL*A-E(F&WM~KyRPw4
zxF_i91&{}B=<|$+&Esc{5_O%CIADqpTq)M3<K@dWp9~B4Ib!?QehWgHc@YqHO#Z`y
zpg1IpbX5N<>x63Q?~QMMba_`mFQ^2>lVHb$Nk%*}>eb(#5wjneGcW;0g$TOv5eWnM
zj{KfqL%3Fir0wg!@@pu|iq3G{dQejO4a#um5hmG2{S9SM3NoCot!v1Qi7=-p*cf&&
z^tJr@S5cxv|L>XRBMCN26NC+GMGTN#AS~{<^mh>hq9EarzR+)E3$G(&r5^uDb_xOR
ztJnS}8;q0_aIAj<H_i|V1~Oj%FSG4IoR9v|-^hlTA!K(xLCC_9B_;$p=^n)bjQ-AB
z9PD6GL}WIR*Zzv;p)P%T9E#Zoo(@<A=UXYMc9fNKEF91GZZhbt>l(DY&mZ*G{pbUo
zt@ke7DxH?p)ZVCl<b=?xt$U<64>=313r%|+)Q>)8y-9OX?ex>vhcCDCwEW|o%qq+@
zLinO8c}*kdXpvmeQ63^KR}QP>?LIOkNNUKls&MIzdyejZj#tb3$I8+wzM>&sjuJOb
zX#@BQbs@X(CGLDz9FPZ@ODt@Aju$H?;Y}TotZAf$5fl1}FpO3hJ4t$l!17Eysl`@0
z6V%tBQ6x-|U<QRi%Y1-)y}j1aw_ux|M8efed8$b-;65dUt>{_TQ(?qy;qD{7okuAF
zL&o(Z!b>@br`(i|0X0bo@<sxjsO@mPgjq&}rSWz?9~&<G;A*-q`2@IWr>?j+_z%3l
zI+FCmlL;N2LLaJcGrb%cwRHmIS5PfdypXU2rP=&$#q0_YZ@)PXerRB$+Y*k)tutKh
zCOmA7+w?#UrQx1+06h-^A>2ZHJ%~pE=#7_7P1)n(Qr^JPAnFt{{CP7g?_Mt;cFae_
z*d|ZXxg&(9+?VYIg^-NT&p~4@q(+Q7Lzo*j&b)d7_Is%FvGk&l#BH(qqIG0p^_K@(
zVK;>1L=@;=Ggwx{4_s`MG|asEQ3niHOkjfk-m>){@@z%>E<O=%m28KFco0b-69X0T
zN!_-p@g%Tr@N14@@D63r>ygrlk7b6Lk@QJzcBE%YxGe_Y>D4~<Cug)d>3riw%v?6L
zx1Ste6_;XNV3_$N6#yzq0U<qP>s`iYe?WaZL(C2T(tFSOwkt$+*i!&j0E5T~d62I_
z74&If0@{tW`rB_6764R(EMt$;Hz5Z+wdlTzixXC7_@&nn(#<8nWAYE6L#pZRBAy^c
zgYH=v1N{K62h9`fWrZa#sR_sEkO-o<Vs}-OwgIue@16%$(c~r|LWVA3N;-ZcEYk2C
zu0i5Jx!6|p3t(N)%dN2Yx)Mv5ca#EQ-krKMC8?Rzek(!|Bxn#3MJFtw_ZQ)j`$!AE
z5LKb?iedNjVNZEJ4j2Pw2GP-o&ff@+JVj=Fz8)cb1`f$3NObMNoc}~ojBZSs1HlZ$
zhD_+n#YhWaT|$7-3Yt1})n`G3B9h#4ldhv;5_D!=+T<DU5Ldy!tqIlv{Y!IsU<_b8
zr*M5<CPqPhI}@x+>)PmsU<sDFe%dSwsRcxV1mJ9bH&}g`0@J4R6hZ&|R0f?KQ92!o
z<3DWyQefD^zeAH=-|g=(h(KknbRy>q^DFFNYlfET){JQd^~Ofa<9qi$`6aedWS`2@
zmu1n4dy6_i@f^ba+eB}kB7&z-){!MOL5&@PHfz$emZ)8H3+@s}hT`<M1z*ynV=C$;
zUA=hV$7KL}k18<RTfyd>W6I#lh!$YLO-W#9jQ$@6&@DjXDt!zR>PR=BXcq=>>^Fr1
zAr)>3siV?<SE#6s2%gcN{He*P>-3NS7w_8JOQ2xeBtrmHeZK-m)qt1~21LX~JAX4F
z3FNG9)J^)_9xCGLvaip(Yz5n0E?^~q4Q_Yrs{iX~VfE{7Zc<N#pO1CK)%AWW9ca71
zRhnr>8=`QQi__piUT8!o6BN=X_dtoPMcKo5J&)TQRt&=~#}rN<y5y_S8Lj}M4<--p
z7!xNdXBHnp_(1XCtIDfNJuznhCvmupZO-_|c>fj349S0m<Wzqc`<|IYaVv-7w-XuJ
z+0T@?t~7o6bpD!C%}(%7?>)Or-_~qz!o<)$KKp~-;HX8-PkTi~%fETV?Ea54M^6Fv
z3SPv`U~I`dob~!fMlAb$D2+4y)JmDq-Ex=bWhJm##X~{o+9dnui?B7{zdLsmCHAe8
z;p#3ptsRE_xWkn>>6YX!x?5-v-h&Px_|c|jI<S>em9xp>5lXCL57V<sMU<BYIqK#*
zO-<(yYUtDD{YilNyi}%Cr+`D7xtpBC!?>zv%VaPN6nGdybo`Fs5^8D0Va3vCF5UF7
zH>bX=xK~T?5MkO6z4T6e=~Q=;#K}U#%*kzut^gv_+oKnjJ<2ul1(m5M+@`K+k<q~J
zp#0Y+^Uy;w+*hA#o8~(EgC8rX{e072on=GJf(s`=Cwr<hh9)aVjW`2Vm-Ifawn~Ob
zYSLC>NuHI3DejjQ`%_kx3hjBiG_e%~_Tn~4dRQ%yFIgfwLKIx}fO~bS<3~RQ(<~Rw
zE<ff+l<^bt`}|4$)6cyCi>dylliED_Co?ZwT|TCDPmay|i59m~e{J?8khv0_|AutI
zY5@L!0Q@ii9+AC!aWgq0BEqAe5-&6O2DPF%+k85=vQqi8TXyMq+QPVA)vo&b`W^8>
z*1WFLIk*r{$%CA6pA9ku9Kv-vsGP6kRg-cH3#+H$rNgvSB076y27D+u3@t$1$E=)2
zm=4veT5O+TR{6%9o0oSic?{)eYj0mWg&h#U_Bmfzns)%tIeL=fl(M~tKRjN*ZBX7i
z?L$&XmE9Bm*+D9w+wZxaL1ax&k0Cx`)iPf$_fZ))(BeZA-mF*Znq+o)Qs6C@x<eXd
zR?lhgfnG}9*RNlTXKML~MZNaHd=BMDv#M6Sm}DkffI5{=T8PuXv#*%zC>~3RS(GmH
zU+(l*l9rKy2^JI;U7g=}Dd?n?oYw8S-Ww4!N-Sx65FmYWFz6Hv+9#6r^-Q+Gt@vSG
z_cB?juYw=Tp;q|^?Ra~gw_tuQY;_?lu2Jd0VjRb0w#JBYcET!f>+QERr&jhV_SahU
z4CtVWzIqBYTDHM410<pqUbff1<ZER7vwiB@9sFs%sj}>1@z|>6shP#js!Gz=Wq~9}
zx6>h0Ha}DEcpH_IOAA{ONBYshXZ#P0l2;-gmF-ogJjc(LPlh=7m|p{x2A$aTT==ig
zOa&Y~>y5lj`lpY6^2vD@epW(Mg_M761Frn0<Srwl2d$EBD<HmsB06c03@ksjB&m6u
z%(p(PbPWo}4V8{W+jyDGFA&4DoVEj>B8I1A=3|9U!RauruX#A@ei_(S*{Nb`VDO-`
zd_+noemz%Py2)Hx@oeh_bj4&PjU4kGJSE(0gjVu=-_6c@R(m6em!T-W=)Rpm$H1x2
z*%=w{KYjZ2H1)q4x3T1Bwc%RIB@-4}%0F)4x5n07PH+Dtz|^F}dA3^!lGwKfjgwx^
zbYz!spyRB>2H>7S;Hv)QT-y~ou9eWkMof?m124po65o|8@gyTF2emT=hKFIV3XQ}+
z@_s9OfXkg!4&DizR!bKMR|MU;iwM)hP`Yc#$)OXvw2h8FAThwaQGX%~Lb7giiPYWd
z>m*iph1`RKD(Eh~tz}Qs+%O}=!vtJK!c!C)1X@zXWkzOnv5CoR+824exa-+zR|!cZ
zjCfjjYjawJK^omn^F{P%;2U`Ickes7T(NsoRy^wfAb-jei*5uPxR<ep(JB2;VJz*X
zds&pKt-pDSj1cTe$w)-Gub#40jsf8V90EYIiS#gYUmjS~fFM<RDGak61Z$0!lyW3$
z0!|LnrRO}DL-e!&QvruE65K&A4|@NDd10#pIJ}+CcijDP3pl!ig8%*9UFU3|r=SvM
zh)Z8UhIWeXPCZS$LCKfy&M;{^oU8A;n!X2tPe(^b{5+}G&cQJwE6aZQxg`i+uIK@M
z(MxatzFQEGs09z|n77*9bX}#s7A&LqJD6H@u~$lgXI2t-{fbE*g8e7+W~A}A>V&%a
zFAAE#BYJ>>l^8PJ{n-GWFG&$1?i3mx-W5`NhM7!|jA;ZphIV>;xjq2!<8Zv>F9h6m
zd_K&>g-s=9=Ln8v4^d^$rp%}r4S+epDKv)wve$P>&A2LH0niTN;d@M$NBjEUfN(ph
zrFlC@1rJTEc)y@Iu+Wt&N^y_OY_2Z>wNu|5_|vwwW$LLjXPyXaa|X~=MFZpm?zt`m
zRQtv<P<wOsqGwZ3ih0Q-6RP8eK~bt>S#MWVatE49+3F6a<6*l>J@rKRampK{{qy}Y
zvH6|z?oWhUZWV%<!0jay8q5DAW$c__r&2cX?_CLm9(s`pic;Pq^B&DiHak6TpJU8<
z7KHR4C_Y2!jWLauKnp+=sLd%9KmaC|c{S!uq#X3n2z=;W#W+v-C=+fK+Fk&02xj}H
z5(5u|$dJ#j{oP$W?iD{0FL^~Zmv-CQS40&(%PDKQ>2Y)mgej4Fz^>Z6TJZ=D?dgdh
zv~P!VezU5ae;Ms|$NVFYt}wxrvBwtO%_phzs`IbSsPl<HFGtRTOfx2|){Nw&N{}f7
z6rr!6U5@IeVx!ECEb*J{iwk5!idhU8FZ<lPZhQ6!v(w)<o&*X`Nu~AqkYY|zUxIv#
z;xi#vLBfOP5(;<w#9o;(ll>+(Zm9SmbqlA|;A`J0Ix0}qt`y3>3W5NxNgsRV$ruB4
zz7dkdK~aZK*>hctC!J1sK}gqC(l}Q+pnLDm?Qy?!o<KV{bnhVux@4h{5QEkW3EPXO
zyl%f`gb$;~&M0@lAld5ju80(CJa@spO&{x=u9{*u^=nm07bSw_v$M_9p0u1jZZIHz
zi-`au#C+daVsMbgUMzGS^>1v-SeMDx3r}vKE)m2X1*J#(@$za=)XuZo4O9Ln9G2tj
zx5&Rt?Oo_Ep__4(9T=!;q{V5L&&%t`Cv84$@Le+5%$i0~oThoQ?{E!kbp|?VaJ0dt
z%LG4AHU+i<VT%rWUW9R@{oi5BJ)2$b%}X%NCH6*r4!&*>IcFEhalBI^#L=dn33?r5
z7Ee^0T)Ec-bck-yC)~hLHxf4%Z!lJFF#NX6^La$Ta%DL~87yO`jaR-nj_|^P{29(g
zFt@flAE(~iluFGXaeUg_6(+1c-#!w`)3*^@1lCnWc#3K&jFVdKgVb%CRe}*WLs53_
z8@9~)>Zu&LlSs4k46B#0vf*gGRk&zkZwHbJN=6xd=C6<Jk#VuRq^~d;G;{JW*_u}^
zM&Wuf;4oy_Vqyq8MV!wz=i}J*6$?_}76WT1G`oC^cNEurVvbK&FW`!GuLI7`1&)-j
zBs_`<kP3D5iaty}Vh3s*T;OevsPU2`@NY4XVoId4b`tX!)^*AD^byPXf&aSaq$Go<
z_>A+xSv_V35PDWyc-^PtY6P17mJ5eyeO_+CJ7CeRwab0IJ+P0bkJtLzVRB(%VQycO
zFaW#xa@(hlr2|tQE#S3821g&rprm(&<PPiycT0GlvL9)Z?d@DX)t}eNH*bRq+kTN_
zQSl!FI4Z>M3BG~_e1I+~0qK7_I5puX{wl;=cfpU{&_MaTtepkmQ@-sJym}nio(Kdj
zG;B$p^=7iYHt1Tlb0GivQ|@)NfK?c&pIYx?Dxko*c%tFmzJ`dC;+T-_&QygkZ?5RR
zZA1lbpV&-C;P_Lm?YQ#Zg5ov=UK$Uu$xxO3E{&xuf4j4mXq3Hl%yEhwGn6B{pD;vL
zt}`|^p7Y@b_llhP(0Gkkk5<acgw}f^tVC+0_>6kCNw#;bhfpaG(~T>PqLgg#@Ux?s
z!A&L4MTxAbG{VK5O~igSxXuu@&l`v>q0N3^NVox3s2^Y^_E+BcDqT!ZPdB%AR(qHY
zj){P1?ddg{5%5$umOSTcyJd>+VY{jRWY&i%XJB!jFw52eL;=o2-C+rk9Z~|w&Yg6x
zn)1>Vl?8kvu3*wa7fx4mWMQ91Y!#0Zu##1<IXPW0V(|G3?12F3?!CZT9`5=FU;l}$
ztrBLy_6>|0T&M#RpA0q@8rto5NdJUI9{+(Xn!z|5F3`NL{#b-D3<#8s9zMVyudF@o
zySA(N(%RF&BBwtz_MLn3YI561bhbF$0!R}DbA4CPOP;YsK+6`ZTi82=HbQ>9B&})B
zbt;}DWbAKZSfAu4kmMJK{DSHMLJeteZ-3K=&tQ2=j7=S|)0~)Kj1r{h&-s=O>+`uZ
zw1QE)=uI%5fW><<GBZP5m;DC6Ww4CEjXJGOt`@_*13Cu~XQWm(rf=Ea<}<GR{GxB%
z&zUuVoj@)Y+w>yC(tQtq0rCP@A}fI3hahgBbxY@r3=@qdqZOLwk>5~P!2m?9qeG{P
z(zd!<8FWzcw0k>~%E3w<{rUu0p0$}ZrEcd%y**n6l6{p%CtAfd=;aMyz5ra%i!6ks
zyKO|<0Ig5O@8<pXpm$aReSj~qEnqOIrUw<yhkF}lepBa7_B9T$lt+F%0|=kK)AUkc
z-%{LHmy$X+0cv7)pe}uJ8f55TUx&*Z(+_1uMbfiVvo--?&I;kp*}h7jJi)B%(qMB2
zmt_b*2FaTiKV*A8T4ad{>d_40B{Ohg(qKS%B0SbRA~3&s+=<X68PZzW0WbW3EAbW(
zO6JKuc1bN=)TyWKBLZs0S;?^Wg5+W+Fax7IhF#U`Kj(Lh2-F45h}EwzDh~KU{~2o7
z3!|PuZy!<rsPe(6Y3^}EDks1SL_?vldhK>s4p!e((5GH-S%Rcy01SlSY7hhM#Ow3^
zv#Af<6j*QX!jXU7rwZFr!QfVd$Q~IsvrAB)t#sfm^=F>aRKMymvvp*%&Nv1E10ct{
zW*w0nJ6t(#xoD-aR3wy?3aV(}GQp;2_`+oXM=h~lDpzRz27>yN&9*LK3I_!&H9f0n
zyZ3`q8@=KM?mMv$c6ZeoL;=n#9Bmr~JAZ&RmuVZ#9}-OHGa$R(<pvT4_&OK>Q2B}Q
z$4md&S0#E!wUa_r%?D0`onxSYvuKh!up2H_!q>=SaN}`}bNnqTqXO=8Kl~<1o2OKh
zj(%QFwU+-zL2kkrzy@q#Ann?0oZjxv9=<^;u}pJPn-7V2_!gYX8YL&|R5vTvBSM5M
z;cmgp-}qa~+Lg#)1UtW0kg+W{H_zp6`$;<O!iUCFd{U$R-Q$3=XHp9fkBF6l^p$fJ
zE;Sy&En~4|g5p0-Aq}vw9Eejo58KP@9+tQ0qw-8GR`3$qXdo$e8H8B$qyP-}3fSK>
zWGhs5Fo?3N^^Pq^S)iTkv>Ns;;ilxvtLY&H>y^}>+$=N{^7TXJCJ}tMFGmxwPA&sr
zv5-ufT7<AVY{Q(k=wxdV27Q#h*fS-lA(|{dt$wcqoTkwgx<K|Ed}oJrGV)-*%p}-R
ze=z9!km!d4XW=XgTo})N!}pXycGbp8$#cc`lZ#pyz}K&@w}n|)-PuIQE3zXBZJ>$h
z67FU5@I9E(E;bEijdtm9<sDr5oTu!&?tn<TfO#5@KLZ>Y{RfyE%T1o9PEOd@E9|{)
zXLtC!qF}GD>uKAG4@gTm`fp<|DFaIrtYw`Y9ZfV!Tv1>r@Bl`urmqp@gGg{fA*{al
z)%vDzlIQ1Jg?V*!vY7KO$Yvn$*V?-k64##L_`gJB*xx~@e$KPn^RWK|P>w}v{@~+l
z#=a5oF~ZDPZrirUBu~j*A$fJEdtW_G823Z}4v&=Gje;tE@PFL<&4tdTEC0EDg>p23
zPZZw)<-J~1Is*3$rD%f9JtuC!NC-fCjGgW~BrqVMEK+YPAXxwl0BO0aR7_)@8odDz
zya`G5-%(3}IU6Sq7ubtII7v`(N5u%MuaB=kJZfp;>K{)lET-APNg%MQYUgfd3FEWc
zPnFi;8ZNX+epj6K^aR@*(%XyPRr$S;ZFmWuF}JhJoW^@TOK^ajz*RCPR3PB4X4`*O
zoM>@$<WY)<CMfj4ze>1dh;G0b-!RzUXZ~WJ`j8miDpC8vAQA(wrtcfI+yjalnOD;%
z!8u0YatFJEFv^CR9Ua}hIUE1!TlO8hU>bz2oXd0~xOLVPcAD@x_)%hr`3cLm-R7_g
z;7)<UD-JS<+*E3?(K?#7n6^L|SSEOU6*c7rwI-K7Pz7`%#i47}R2Ex2rff|4Kp}|s
zNr0Z8a>3sA-XnPX!8Yq?L$ju9AZ-Vwx0eTF-xBIfSH7CodV|VWS6`n`k3~#O3|z=j
zQC@5bi<IDnhbtEU6%^DlBHaS(SpV@hGBN@?-O&|d>QD5Ijrk{*fhgjiSr1NU(Ja{=
zdU%=wRh9-lzP;VxZQ?gO+Op6bsLbi$)fST?3$G<WV(_Bv<l{$WSdcDK@|>`PAW-LZ
zKA=8Cd#~T;f>&bBb^%4OLmG6!1N(v?=2$rw%hwYHy;FxY=ujLC>j=br&3mfww6T@7
zwKZ!S+%@hxoT}p>m3ea&F1$zWaW50UFS!2}9waP0ICK%t?4e+K(Vcmz0l%cNG$g)q
z9bZ2%6N-M{3#zSS?DSjM=v&xNd*HqMcL>tD>flQ5{pvuDI=Ia1zdSedILt@bZvyL=
zJ~;z-i86yRrTP%4GjGG(FP^RhY-hr3uNY)^xGz&a$Ziovw_!G<iVqrK{&yh{!;Vj^
zy&&ax<3g4`K>PoV<?0{t#u!|Ji$(vj{w&L!IdcXi7mE0Lfjg}90m1`@p!u`NKB)im
zvABR$2*k!PxiDid1qrLWFT1=IgS%+P0~=~6H4(2owz^n>GYQ}xSe`tRC9>qRZu1jT
zNmc#)q58b|XFqyiF<!DbMP`EQL_(LI7-kktB#=B!9&ByFlZVFV^4Tu!YqZqas&EpZ
z87Ta~m$#*{-0YVCHz+DYQq$WclH@tC|Jbqxyo8cZ`WjDy?}7UqUEOQCb5~i8PE|AJ
zho#ivOZ)EliA%+3o}>zF29NYC(L=x!g_}w?@XW5;LrMR1GWP_Aps&f+@baYpfcqVL
ze=Ixb9Kh9oc+>Qy-Sn_(@7`OW3}C^bT|{QPU9qtJaF$v0rTqPxIwx`KCeQ-dgpis`
z0mr)!wEUa-Ze%C^fEOsQMJxz3v8e>Z<GK>}h_?If)`~0pM(N9vg?_I8u`e3TP52$X
zvS--jiol%;cCYF^#I{?7ih6K^#P4_eNSkkM-Bdc}w+gWR6aNkFcXsPp`uqY9Z`nhg
z{Qfk(Dy{rY#-}A?_;y_RR_BD{8h1Xh-NA|N+RyVn-Op)biPf{ZLDX&X#~DQ~a1X}w
zvN%wN$HE_R`)%{PXNUfk(7CtiZmVQmt0Y7Vw=e*OkG#4lQF<x=`)+!Zl9wMVs&m+j
z$zC@_U;bxZ4==}A4hV4-QEdEjZ#v_Tgw?d%bem3~7hNFA`41J<5;pZ{p~?08?Yb^`
zD=^g!ft8XYS|#%-GzD8bJ3Fna4cs;Jq?ZI4b65v(<=dU7Pq}Q2+Q0}LPy%w{-rNR}
za@Aa~CF$ik0HoQG^#Z7?Zq<82>=SQ+C0eOMc+Q~E+B!@Yf*tdzbiUWX$uSm)!A}z4
ziI~%%Fq9AQ2m}P62J}gQh297?#1NzuL3hN)#s)a1H~CO-YVYTZZC7j%*Q+l}U+seL
z7pX2~M70n|KmMQDBC>o4I{h=J`TupN55EqqzF&5t3@Bcj2W2WKd0|?nLM+Q?<t&15
zxJUnEOz=O#mMUXe4(2;RP@eyTy!Q%gGW+62XJn93L}U;PRYgR)fb^;&C{=185KxMA
zkP>>rpwgRwfG7kZ^bjH)LbFh$hL!|ElTL{AgpyFc*O~c$x954zbMDT*$^|6vyZ2se
z{nl@_f0K5AkN=NQ<p1X<^9zZ+gRI?{i$E45W5DCcpO1|%R@z`XoGwdseOcUS%|$}A
zRH-?MV`B*=<~yeGV2L?~q|z0r_phvpUwi%K&qgviZ^NTq3{II=tQ$%SVIKL>Z`jT%
zsdgcJmvFfqinAN1@8~3XwkMw)A8oPEsPnO8mhA;|ark`kl}I|=mfI?iSAG5O*IA1H
zB@-eV7i0S2p+~!~R<Y@>A`&IlMSsqblRxHjPr|TXP`NkSz6DnFc4)WIA|4#Ny!?-q
z1x)e1?*?|YG1abnBQNL9-j185e2<^=5W>dgg0!H(XvAOZZ<ufXfA0VPOX&Ll;eF}-
z#r9XPkA<ipRPpPfIr%Y`wsAoNvrIluOXUl@|9Rl2TmQt8KX}7r;A<nvohB0b1i`lH
zpBH^PgjnYGX2KpeQ>)U+=l_M#tXkjMp8WpMSgXmjeLL0kR?p@r*-*6xel33_DaL+J
z49~9BG98;3klg$1Jh1)Gt2sOB1Q?5pA^PrFUpfh}%N)k>g&}GgnMHmxzkXgb7~mmf
z%OF~ZZ49G!fl0bq*g>ADk1sMt&ti4U$nM3n=0&H>c6RlXmsL78S7<RY1J6(1r~n2}
zOQKxVS$guMUHfoVSRm254Jwnd>KwkVKzevMtP%RW`6wD8H^hK1j6FXrJ{;PostM2i
zgk1J1;@mQwIZ4=0K3T1bo&E<5KLJSgJE>_rIr}*{b$*I-9K!uWlf25q=KU;|c>^Nk
zujupobrFYKDnRqb69WD7?$hF!2FF7F6FQ4jY_FvHofIolPK-v&QE9_`3eB=&PhdsA
zDMp}`p5HJV8I5D?%onR{iRA_<9(OG#b&?e?7{~jKyQvUbgT>W1$A#xWJh&vFAD&<K
z$vJ)e^Cr%4U@&z%=9nhvv#~{QoH1CQKCJY=!>?MWRLStV{4i|Qy=xw%zV#?<Yv{%R
z>Wvg%LMGo-LjLW1`4y?#zjpQG@axIXk4QO&hqG&4^M1+VIi7X9rglkUQtDSRVP7JB
z`m5OuJc?+tYx{fQG|R~V|KLsi+7R9Z*{wNez64^Mqs;ZaZ(Z_p8Z+Bwz^{a8g(7j{
zwJ{|fJ5sjFQVY{#Kik_F@htOut<C&Hu`zSxdY|U%izl;bIu50_$$=+3&dDcfzm0XM
zCFdmBF-DPFDJq8TrTsB0*>DmxgL2t$p;bT)e(Tup*fMOB)u<zIU{sLg9AJZtDI}%-
zO3?z?T)=_4(%m7}yM+YVUCd?dR>t(xjzJapIZ85g?pRp<7Ps%r&b~HpFx5<}H~@~q
zL?<pj@L3k**`jCaKSyAI@Ao<(RL0nUR;4Wl9Y=Ct_FH#Al<6=^+7^qQGJMw|6c#p=
z)Nd~WN7I6CO10j$^=ZT}eqK=Zv6nq2qK!Jk4<@?izL@qpgDfuQluqu&j;!q?Ct5i-
zdIb`ja?5i<cW?v$KCI=<v?+meeTCuM%?~PTf<^P?e}EntYgIP?RS##74cdI@eMF<q
z(g5^~akt9SsupE>-ls_ICriT8x(=HeedB+*07hNfYd?N`ZfU(pRNs4Q6F43?^V=tQ
z5hoBp3#y^?zG5mcRB5elym-P8KyZH>{mqEDesL>h0uh(H|H`|)N&PrTHAwY_ypfT_
zk7H`e{MHgXOcs7@)XEnqATi+8b(>_`=>2PRp9Z-4G6{y__aGOD>VZOD;mv+^{Y0Z;
zzFh2b&?J@QtOL96jXGE$8fu9PsPZ(QLyjcj)IRa+7<qO23BQosn}N+Qya0)lwzfCa
zcv&*r7?Hu${pVo^6BLe|>r4gtoZ%WjkA6Q#ZYLX-PX($TPt2%s<f{70kn~t?D6d^P
zp3(}fuN;rHZiUOhm#dSz>?VV6$h$4Wjo6iw{&l0S-1mCw2(ket^n@+>P9C>kh<IS!
z4&nzV&-1JWb@mL8IR|f+CMs_4lk*5~y>rPaoNIvejX1D30yDMdPT)ri7bLpC;!x7o
zHxR^sI@c>8PBFMh_Up1~yLJ<2j-mcfgFimcDb@}pX|&8+hOH2a=S=qy2_qeiGZP<p
zINLV*1B8!P*XOqw_3Bpz+8AcMGv&D|QTE$=|6n3BAQ5XUO`vi0McB^@o#=+=!u%>6
zTaDg`I6&?<$Cme_y)j*oWKS)B?Z-j!F(ltZ{8ZPC;H@BMdS@EX)?j6S^|BB9=4AZp
zR+-p<h8|-xFT@7E<*VxN7LyUCr8PR&7|s4?LxkD{AZsuqkM^#0)k|%Akw_on{MuN#
zgiejaoU>h^GRK}qu(CRILF*9LrommW?!Vp;9Uz=PIQfq`3IIx&b{Fhypo-`50!bsU
zlC&jm$md_mJ)p;Szn)}AcaaqpeMc}Q#CbjTiewl9Hyti&m`&Dd|9iBt^&+O>@MXio
z-~lldFd0B|V4DkeLH=qtqF6JhH&eI5ArS|GR7VwHlN`1(1Nq{Oru<}DVO8(|p<qBK
zbOXI(frCi1Q@NDezz7OEtl;!H*&;PEByZS%M+*PCg?~o^titX>&xX<!qAKI*<nH&S
zzwwg~FVdK{(xbZsz}e~}Nk#%n938d;F%oh6q<QB#_hdv8D%a1&Ll!+1sv1}LfMf0V
z-;L3iG(!3#E1M6gcMfNc2W96S0%5YPK0h_Jnv4cp{O{P(nnMm3_B0%FO_|~ss96Dr
z!zaOt>OOmwL7SGs@^ir7aX!><RcdJ*kF`4ig#LkDm`v-jnF=AEi6h7GV#mio{eRFy
zSSEA*XM|1ACw@#5{e>3n-CobdExe9AppQBy&V}t;s;Dy((>QX}{*Zkr+<GvYwZHwK
zxKkdtMGFW!DwTcUA&Tjkr9Tfl*|7*{p|a$L-#a7{?Ji|PE^q*X;YQn0mv^JZ6h82o
zs&?OM(xA0$Wq+Gj1M$A|?lQW(6>X<<)lS1AJ~4pfA;bTobl=vWjKEcW;p5FZ2cP9M
zn&pgY;LN|i%2O>sd~mkG9g$4n$z^|%&jx4l{P+2JPrvZ3FQz_WNX7c;0Ii3@1Ec3V
zK>Yl6n{eDbkIzD-tTTJoT5&7yFRfrZTzv1ilOh?b5l-RSN;}zqViWQy<`wXKx90{;
zI5HuY@wwp#%v;VHdoP0y7B5qq+5Voo$YETA(;9N!@Z{`N-)OS%&%Z5S4FAX0e?I(F
z!8=x+3ER-Mfx1d0@j~KOi0xv^mHaI8Nzq1K>~^rNvGo(F^?k#OdMvwyg`}7p%0t*?
zt!75;TEoiVaO-j-AmLl+`J69#q3BCeC)4Q-Kj)6wehP$qiQE#_U?c<gBPVG>08kQu
z#qDFwoaf5KwC_j_O`k3*ut<KOSF2dvcs1urLz#WwDu;2qiGRKtjq#79JWs!+@X1*!
zWGSLy$%^I1>MN$X8*wgEfxb_>gDr&(>*sf)6>hjO{!~+5Ygn5#-D>aND(`8bRE`*r
zX5Khm!|A@3*l@f(1xnXg!`8;QBm8c|=~%tF<%$zT&^JA)OD~v4jIHBJ1Y$B(-9_Mx
zu3R3RS~IU{=&B`3N1QKaBUD>$`ULCT6^{tM^Ix%GHjwSH>k(Yaj|rZAcw{{Z$q5Ks
z=MkP8BX9lDQxB(@O$PcqG(gEM7juH_TlnkM8(KGl<>ggUX8e3hF754=kIw5<s5fsg
z{&<%FZXb?l`1ut)Nqz6!PEx5z$b}sg8e=++r!DW6(<2(FPb7}}dnM!AU|s2314MP<
z^WymbK{SB+kANLyN~!aT4JCbHYr4U&K9m&N=`Xo=xwV!*Ik$pc@g(HMHIq@dEd?FJ
zpP`7Zr26?@_8jgT{+O=#T<D#OhJ_!k8#^cUfittdQ?!;1jkemN4ch_;9wnqFnYws(
z>~x^%{oa<FZ?pe6rKGT2G&%Xk&s0*W@eJ>u!fL#ye!u_y@t+cZf4Rsr(O@lK=hT~l
zudOebV*GS<N6#EN)OmE1s-Fj>$?Y;|s*Krt@3UyuvhMwadE5r$=+x&qk<$~tH{1-b
zz=CuV*AI=vXtCC$+GcrCsZUbs9*-3}9E$U`H>MDyd(&<A!%zHjz*D@Y6?b-8{_A4~
zSj*Eu8nF2H$Tc76T`g!(A3Mgr&H~{>`^Mx7A?1JvrH?d8Qy<dhv<tznc&zZ91^V~4
zzs8{whth;)st7&e*EGjf-i~NVJ{fO$kc9f6fETUW<oNO1rx%?m*(LTp?$%An33)vE
zNag)=(yO-ivM^*^qhG-zvy_h?6D5Wdc~+^p0rIZaI@`Rw|8fAoY03e2<I^=cACN*h
zX2@9}SJb-0gAZiHZx`ggnOFL9T}f4lxzIHEodcEivchT;&ZsPKIK%cst@2&)U^Pq$
zGG;uU{d4?qK@%Ji`__AEec8XiEHd)&bFYCD%;{`|jgFhX_TpgiV)GKig7ZMrVT5^6
zRfI#%%@A9r*T72hkQJ8g8prkxu~FRpr$~#~5OWiW+94s0nj8@pyNQ*RL<%R?=bH?q
zR<v*+s!-!shSe{H4`Knx3)bBzIT6@yY!4W&q43UhM(f@hZHHZU_xyr?n9NOm`HBpp
zGJSKgKcrk3H7z1_b72>+z~K_;{rukbz4<QLswBaKSqhlA;9_99-^g<BV;U!78^N|V
zz+;IjGBYzM-FBKC5Bu2KeSf^`u?fhbT=68}67$UJn2T*F%XY|uB^bxPh*z-~bm<(?
znihRt;6yWqj$*M5f_Y+~B7b9N69`5#NKO%G51dzySnnm5rd{RZ*%?(Jch_4Gz#W1~
zU{emXdn`FWsUg5$sJ2MSc8C#NVI@X0y5#S87o!I2@Ke6?c4W)P=-ap^Lg4nNj!Buh
zEBH=cD88$vPN-~c%?Cot8YC?>D6cLH{O!EmN*8X4BY=4nz!vqJ8HZV6A0xW&$HLj9
z_@p?Xqm`fC%Tq(!b#))|)%MRa#6X+Spn{LNIp0?!97affGN^CJV5hSd@TX2fN}b>3
zObjN6NJa1DYucfYK{l7`I%=^ZMZ5G88|SUB8;*S|^9oYLfq~cZHJxT3V#KX3Z)e6o
z<ULyF0ss0t)(OtCcqI=YH}#)&#~JX>F8%yk_d27CiOn&4({24TahAgfM_s&h(f1_i
z<ZU@;%FDkZK1lx>j`lF;v8Q`7c`M@0k8$w$qx(3vfwr%Q`<C}w=DGg(?xm&DWDh3(
z#b1=XTn;~Q@1lKu(dsxR{&*x(^JKB?($N4<M!FgmsWw7S_s)KEaXMp4m%h%haGT$j
zC9VWVz#GDKPY$c4r^4?dr>Xj)POnDje_lSRcP_hj)hLkn_M?FNAKn)#cvs*tw$u4g
z^j4KSq(nHRn1(S*q^!SkRhzPV<9wq-4gvK%ovKQHVk<MEtNe;Ies#oJvScJw%5`*`
z*#-#=+WXTVmsfM_u<@E-`TbD!tKi^U^x;NJRJHZ4wFuwJXBUe-elf%ccNp5+*S~-D
z?KHL!UgUH<nc8vmAo!?9!O+E##L8ylhrrV)Zq%$?ikW!TC+fBe&R~Tde)k$`82Pb9
z6HMgAw;gYYjoQebgcHJ!vd+MMuK(Vh!GDy!Q$Af+Xm~O&k>m8>8IG0O-;zcrA$*P&
zo@hT%3S5Gpq0Tw)&gp<uSDwfZ4sB(_eQT~Ad4MY<TpX%V5HWXZgdPty3R=6P-Zp}7
zw}H8UcJiAEHbVJH@Y&Q((8Ab%XKSkl`2FI*w3CK_0AX6otKe>2Cj2AYT`n!?)0-HD
z{vAt#ZXjQ_XwLn|snR4o<eaPbgiW!Ox)Rs%`?LNVv#yB+Ey0nFq4X+c)zr+FG7+{v
z$io#;Rp#-C%PT(~+3FP8bhDRcCl=nl3mN}NDh>O{<PdPnjCDNbX+qU>R(M;JGdO(z
z8-UYaXe)7M9%>RYN>|i8tr*%iYoRW>C%e?w$3N&!^hJn7p1@34%bhnP!W%rJ#N4dW
zcM6;yED`1RD;|?OF6~^kqq|}-jL;}rmX0=6$J=eBsh%jMSdx>huRa)<n>$<_u3S=V
zxb#*|T4b~EbB0FlNPqSRDI^Rz+*(<Fe9(OcLdY5PhK!VbP$1mqK$ZK#9-8XMmY^P(
zYH!~s{LuEFNy$FXwp`ojc|65&lid1kgrvcd-fTl=xvKMOBv=iuisX?e^fN5?_z}Yq
zKA>$qPfO`khfxdb*42aQSElr_WEQHXks<TLn=_f_jiF05AC@|B1|eQ!D~*o<-^{KC
z2zLFu%J|rB{4Q=Oy5wSQ?Zky8Tu}@20N=Zy-q!SXnNhvUw}(6T+E#KC%2+!6cz8GI
zwTV}j12Y1#hI73JY317S06vL0I5<5|<-zNikE?n)EGTQsZ#sE?H~P_=k@X5r(u-;%
zxM~!;JwMW<e_)A*&MzmE2fiVETOC_GI=WOlPPdkClscQx2kYrHhK8buh9iP*6KwlY
zYJ-1>?IcJmH{2KO5Zp}<9>3PyPqU(omM$|ZD@q=1E6}MQX2@w~9>TB+Ro}bldKkH6
zdI!%LvhcdNT*^vHm?y|jId{ZrJPUWdI9qCJ#&mGvq)|s;f6sP}f+>%`XF7}@7zpy=
zdq#YdOB@<1NASFRa780NqWk5#nkwW_|NaJ(k!diw64BS3oZih6^6ZWj>Lb<XVu|`3
zWyzrM71iVVVD2OyQy<m{+T-0Z+k7=gUq0xz>YuE)H9S^r`&BabYyH3jH9(*98=g6!
zO^QAa8$>$)(aNtZkKUR*yr0XGWJqZ**t0L3A5TzrPn55@WNi>g(19-Yyj^&0=3<Si
z*;p;*^z*jj|6>?&T<+0$Zd7r#%+KGI_*K*z7ik*29^SH30H=g9araIzGeaNNT_IdW
z8XfxUhab)#55mr-_bkDVj@eIBQ8WBzxPo*VtKa!qXRA_=AEiGSbjDN~9len~>fhSe
z8Tarhnp)3(o`SYpA4*ON*@lJR8nd08M<{E!C$wS}imh9N%w|I2`T5JX^%dIE)<tq{
zwc7?}IJPJ=JJ65KNB3~-j`3VSXIb7tdDqCevLCpO7LvldkuMyWpa+?bHD%KI5<>D+
z{bi;jLZHzq`v&)r<Mcpq+CwY7(1ZUrOVb=6!#~{)2q+$X@B3{cM$hEJ%HRvzuC67}
z;z4_Ng2!E3<rn^fSbHa3iBkI#2u~pNAg;jitF?@^gMZh~tY^QotnwNlGUV-h+0s~#
zhbFNuPUt*4X+lrWN-}&5W2AQHmek<O2lKLa8c&|0kEzqfN4+@h%TyC`HfCnuF!z}8
zYQE=ET>4skspUhSmFgy8YU32rw;WTb%RQoG*XGyt_=p~O`tBVyQ{&c~I?52~7&RGJ
zDk5Ah52vAQvU?R{ZHi37#yEaGIe41rKQmjiJ$;DDX*yrDsA6nRMOfRh3-qq+?;o~;
zcG;Hv?PUb2g0)k9{70gcJDgqZHduzeXNHP#KMgN;wMi|h{hL<<6juVphkrjDdh^16
zJkD`^Q?F{<Kr2u{A9rx&fhmH2tv`yzSO)9nbbo6_kJ3;goA>CAc~E*Iegu}ad4Ir)
zmq)6^c~Weo%qCSDd-Rgt*s?En&AvctogZH;a0OEJX#gx{mvsCSah=VeAM>#J=23mq
zX<B2K@N@8EDdU?SOa{wpG{e(XdS=}@V*B(K6$X{e(&d<#<9aoG-LmatY&PC|O8R4X
zc!(;sGVw7;rAf2_$7E-e^WDuc<apVa7*XR<=sD;4(ZPY4?`qZzjr#S8A%SgNRq*k>
zd&CM<77cT}{^k17H-~xIT)zJzT|glG*EEj!rT)vK>6itJN;mqk!-yaJi0Ofn+R%rT
z!(ns}W%8w@haO_97*wwBYG7*Sd%vs%ZH{|g+?9-z2n%mk5VTABiZV!ik8G`zjPEDc
z+MR(vrCnxEx}C$Gwda{_&)757*x5I?XR-^84uc(6ZsWgIA9U#e^T%?}i`~Ap<ri8d
z-O&RVR^H(>9y=Xl|F9md`XUFZ(dhmteCNBPbV+XDoAtiKKJP?}h+AsNlX(rpl?cJv
zz0cP58HmS6!>nL7!_W{oLZX*FaiP}xHVD4+-L<RQ%Zz<*;3!n+!yYZ|6?rr9uTFet
z#=AOk4F><TpUf`-){4-Nq~tUnPrkbttC#Y6p)>wurs4gD^S`wCZ@*!Lu0L@5{i#=7
zz3^LK)pUvJyV@+Lcis=M=yr&*KMEAU^<a%fZX2V?4dAJZLj&uw57yHYrO_S<?%|eV
z4m>XYq}3FMtB^YTUAO-6!~M^1%YD9nlTgTyS3$12sh&JoPrX;cnd0%06jM{7R0frh
z#&`0u83rrgT_tZmG7RPtFtr*4ol9&x{#l^@3HjKQHWWu}Sa#GFXmWo<&~o&QOmFH;
zNkEpU*5Vt$Gu)=uXjF^?fN3d_dCkBeriBkH`ji8pBQ9gZD4Ala!IzO<s`^7dX`w*|
zeviY!oKx2Ak)n)t&!zHCzt-*61u>I8J-sO@DF-H_SK~3q7!^8oZ4W(Kg&o&Olkhwv
zrwvP7OwjdS|8!PgYmZl-LW0(&=MY`jl@v<>V9uO#-B2T+`U;jtU#aa~@-H9q__%y}
z$K=BHu}X!cUCLk&Fo@nK+-L8dp?+!A*)UGyVHy<Q(-44uREkp1*BTvi=>*{{ZE@6P
zYWo)ONEU=dE=-4?%{UP6_-Ek(_V{zY)x=*!uBpdUu$pVkk;CjY5lM+GfTuP@AzJX?
z4qtBU-qiJR@PB5lFCpg~UfbdW0}xMlRC#xg_8e&h6ud|_BS=|%$Utq%X%ov0ORxJN
zaPyKK4J6X)3M{j3Wx1Y+s#d>6ylABI3Bcbpk8q2V{jqn)i{vwjj#E7^8$T1*r<)O~
zS$G4ks7U}8wN1&DAVdV+A5>J1C>cWw%BMr_p{JXW#+RWtF9s&^3SOPR{mEp2wT2O-
zZ3nm4pPBqXctI#t<V9ePURfP|Nj{yPCT7k}P~nj4DkP%g$QcF_SU2-Tf_&G)yUbIh
zSywxwy+!}!*2hOHPr;0+$vEqe6Q4%}g%ghtBc8zymv*fLs!QdH#4K(>m#-Ub>v{85
zb`H%8%K&H7`*Xct<i&g*Mx&Pl`a%)Y8vBy8{K?h+<f-8+SGzo}QTV+ki@UwSR!i#H
zyVP3eTcRGB-qc;zzvyFZo+J|D9nIz5H8w*of8v*#*4@5>b&XWQQ^}&j_sswIOn|hf
z*#tqQBuCUISlPU8k=C83yxpZWwLgP9uXHPEFeOL5My~OlnSzz;e|*lA=$L>I=rQN@
z-7{LCO+J-B1lL4V*rvayVJaZjg2GpB*Ikqp8C;(qk9$zX^evcXM0eU2Mm9*eScm5S
zq~v7s>a;aT6l%0ILd2ezY6T{yP_96R(}(Q>3;iie%CLQFn6iA{*_U2olujss_`OJG
z_gFn12lDAtcyRg`QOjcBa4l~eK74pvAtbZ4{Od`f-y0KY9gLkRl87lC3YC06th4cx
zh=gfxi=7)@o|WRiGQ=tv;ZgVu>jS0GU#o|BqAI}YsgyprL|~T<RH5_N@6r;us9Dib
zv`qFy(Y35Nc>znFm7V0I)n%!2qR^D{j8Ux*DAWIz|8icp3?==1@<snJagAch(=bkE
zwaK(BMmE%4?yhHTlLB(0-i+UOCe#reac2D8GhPWjT_R2<nK6WLr4_&0Hs8OMKcR4w
z+7SpvNjg@?&p+~{8MiE_YPYzDzCtKx;V%ayuLuYTn0~<w10zlUU6w$<yW1jjSJ1A$
z>5_l=E)B};hRrg!VpoxIIs-OM?gd;l4ueJCI4nNU*23h*+;<U<7cIjTRyo5n8Z!CW
z_rX^u?8T<LLS=?4dTjS1kXPA?UJbrcA^(AOo&SkWQK;+0<1d)w8tg(K5ydS`%(Mja
zOTHSzvglU-3+nfY0F+V)nOYtHwzrcdt=;D1^y-+}DKBK7Zk{(&)o2(_ThiQMte!Dg
z;7j*rc>X%HLru{@6?z2qGW$8Pn08Ut+(Z<+jScd|$GVBzH2nnI<OM^o?`z%%VCFp5
zp{?!ahiCj6h#?SyHx2E=lwvGCx1vztF)GmFdXNo1#JD7^o-`FgKoz=V!4n^omNYK2
zahBGo9b?#frSZ|4`1SgmkopSXL4K4B!@tA$_myS1SIDhDv+u7nJqT7)iB38zRTWVs
zpP$SBn6fKD<I-5$nkHwZFcseSLPGnEJ;CsR?}wJ&76+P63Rta0vLNVg^yx{d%g{u?
z39GGc(%Wb$Fvd}F-mU*61p=qi%+2A8EFf@$PPUHCtI`Kz)o_;9=gugv4m9^!yCLb(
zf&QY)<5iF%9H{e(+)W&gKm=9jm!b#ol|GTtt_0$Pt|Ga+i>0-7hoB)Qo#J#;vnnCd
zWgZ<KFw#wI3vAFGQ(<R~lv0y}VAHX+Jt9TIM$e(+J==Ly)(4Su37elXdOBT3sv1bT
zeG2N{jnXZCdM4o^rcHkhHF};7rVviIz$gW+`)1g&aHY3+fb=kJ)MV@4oSzJI(FLHD
z*`;$T#*jAUB8^;!&oEtgPp#Zgo#N?(bbhr#YfCC&F*np-i_=!CtY8uAL;V0!SWTX(
zv8nuiD8H0_7B;iv-6faB{-F@!h{p3VhUrpAR-SGuDw9*SH%bSTK@1&FGGh{Kz{0V%
zh9hV6r(<Y&2v;usn_&z0N})VDjMF<kOGk0?&(9eIE32+XdYh#T8SqdR2Dabjm44ON
z<oAVL(OH9PPbKc02ot$bZvGu*Jvu7?iNj|U&`M4>t|5sa53+@UBy5mY6Os--{_<M2
zjdFPooQ<2j{q&G$-$y>1<#~KpOWCR^mg1R~n-Pf`D-;#t)4`UjluD`bsSA$vtg<kQ
zsb6|O^j46!=0`+T#E4g>8sNLD+dCOPHD!{3=km#8;P*X|wg9K<W8w&>sCB3ty3;Qr
zq-)3RQB=J{>rSLdVkn2mZQ0^+MKGd<UJaO~V1D2~)@a5sdY$~#c83FZ_gnTTF<Mx-
zg~nuVg$Gj#=Mb8bMt?<F5_pm8%g6{h(jY#k4GEmj2!HW|Jm#piCt!f%_EorP18J2h
zJaQPh?j4^lmjoEBbb+zdH9RgTD!r9)=oo9UsO`=zxP1zR=zh9;Hk4<@85lGx10Gze
z+rGYMDqO9soRRr*cmvIO(SMCJZaozmVHQyTHsx$<I%wR||G(YTWG=&iWdGiowyqn^
zWQUiV+j6M++_2uIolm?-{a)z`umu@ZR&13%jkcTA@IF6sPJcI*a+W$8n;_G;sa59P
zGlDa8?6ug}e)STt08Z$h#37bIdDr=>{boCRckBBTq`6d)%Xh(xs;F1rX1~xj-xhDI
zeRzv5fHwG0kM&k-Q7_#NeFM<tLoAY>Z?iin*_(rvu6+EgJ)meFo!-BOH|&V{@Au~p
zvB&9<eiEK9GkbfsEq#c%tN-?pp<wr<xavzAjW$@B5H*r+{#AgdpB(w+@F&Kdx8>j^
zxWx-<K&FUp;$_!eXP#yyUXVoye0RO!tXp58P$6I2SzFrP^2EleaRaM)<Z8!=a#8pv
zrx@6r_{d*arKwp(WImlet6Z8sdt6$TJTa1qFA!j3%g3(Tc)Fay49*ZT20JrkzMyJX
zKb!>+LePF|_-#862Cqe;yNxH9-xTzK3wr)e1=c-rx~|sio>W?#QpiZu`?#;O_n*qW
zIqz)%d#YHxO!qT+Qp6ij6vt@El<#+H%$p8%MZUL>=!weW`b1b|kt&FnsOXih@EW&7
zih-nTKdffFkC_g4HI4M^WKx646i0NAYkctZJX70=zCV+B?FlaEURS56yV`NugAs0h
zoH~n|TUbl5UQ2*~*8}bAmR1V+T_N98<g=@arNk)OW-{f0HZ5=iT|Qd%%s1$n;=@o^
zbh!_W$bQcKg|E-V^nV`KXLqi(9^+I2OFll4w=O)P$0~AZP1V<nR$P@n2w3J^kuuxU
z_qvMqO8V|IfP;y;zZWD8<qWQK+V0zUJqGy6#o&k=*U|67Yr@O)QNAGS3?1k*=b$D^
zr<vA=%r4p^yGOr0M-L;0j&z1YrbxrHbFk=QCqCh@r5etmT6Yt$#h1RVohYAQ;Lv))
z*&C;N+5LlqlSa5zcMpEhEa(Xk(lm_VL6^{jbwD-~%3m>&jbqK?74AgB$_Iw;><&@v
zj`AAi3zEFq&mnt59&@smpTx}PE$`j<(H5Y+erI#;t$A8+A$S#~1`BTS$;jG9y|>2(
z^WQoCUoL>Jx$ew(E_<+D`B?(qq2=nDjd5$$aUOEy?Bv)u#yKIQ&}QwYzFV+?mPp`}
z5!+Il^%V3DI+;0@XPZkYRdQt(K^}ZV3Q~d)rcAasKnfkAABbKswXpm2LW}@W*vo5#
zu-nn3{y$ozwj?g~a<)6*zE0DPy6&d$Et);!{>f|sp&1{|tEki-)MQl&x*7=_cKWRG
zeHR0NNf_HnOn)15MQuMt&P_ij_j;h7ff-<XTmxrn7NTEg%Rkw0{8&u)BMr%gmMEvw
zXd{9nvw0tDNd$h(%1-mM2k2I6_0}65ODo|rXT~>c)|tTDkXE6l+!3Li+3FUYN~aq|
zT=v~EQf_g;%r-i@l<=+!_HbQI#yreMsdHtwpA~gKyb<sP=ouwu@UKBuE%VH5&Z6#(
z(^EfI<ILk{R^h>DfDtvNA4kZn?V`;MwUhabD2Y4+)0-)AO4zW6x--Gon<)`;+JOR(
zD1xAj^YKEZ-uWMe4S~7cmQKHvVrl1FREZecCBbdxlLBM!C7b^X#p3D8Yzw(euSShG
zyU-UmF{vspKm!Y9^7}Wsba#tlGfwDRNy~KiDK93wnb7M<;beiKXi4v3sSOVx7{LV%
z{!bnLz4IqvTtxRH&L;=I-xYJ|3Q_mHvArm^oO@L@C<5@AG1KIj1rXu>UbB6|Ulryr
z5SPa`R`h#<1ZTe#u-(1uL>sFlr~adUx%ER+C30S32_tMgZen1fIV!a*QP(u`%?~_y
zO&u|mm)A_FL-5_FC2{%N53}NG5>NwR)9vN~Yl52&aqjh`!DA3q8rl7_C&}x4+TJNX
z{<89y%G?XkgByKw@Wv$4BPXsVCsn8nO8@$wxvWx;JBNgF&dA-m<b7#hq%sDH0^On=
zy;__$6?4C_$|nJv2BG!Ku3vIdr92XqGyJ>~IosSR+sd6<h;#N1w=l}>b0hGvcdif&
zIzpRot*?@5<wy$3LI>4+BW`!a)Lz`><o4A76iv-?#=88|1bK;M*ZJ*XOl7HD1?z-;
z$bwd0m>BFafv%hqKs%XME5fPEl<h%CC4rt8;%-vGr0Asozv;AqSN?XV`rO537KfWW
z-@$Ee;m_G1w#>^;OdHMKH^T9&Z!PX>^$fJtr8L<7dFD=djRx9vMgr39nE*D`RuMaw
zrb5XlRjG3D%Ycodb<QdSvs$t6099ljd3^bFTTO*MZ6gv-$QT3H7F-gxL?<eh#VUbU
z#3|k7nAmK)){c5<H{C|J^Jh$!Q6h^y=1*Ef+7g`UzEy_b&#jmy0NS-E!=vD9TxZEe
zvrpY!R}vj{qbF6G(!lr&DPOgP$25g+sj4Ylusw6q9$S9)mVEEB$LNKv+O?WcGMl?e
zp$@a9*i1vn{+R#D*1Ec7tIB7ZyZe32bkOLK)SAnnO~uySUPCdbsf9rJ)BE*dvnB9j
zu`cS=@~yYspxG#y|E^&WGm!af`4<m(9z5}vlwD<+Ci|Y_T~%nn8;eaeLQz_R(ja>E
zEH@}KKnQR4><&+|GS<m7XW@192D5Mx!0Jp#9i$*!ojhvvqnS{>76oOWlt;=uQ=Z4@
zK#(y=W|nV)S(;?s_mWpYC>{s57^!27eDxz&zZ0{(m!bDlY4IPlG9H=sm}}J?Iy)p3
zZAUa)i4_%MUjuS$GK+CwVsk#FMzB`)-(^B=sB0*NqI?zdA!4c6A2o5StQlRSwhp?j
znS?8VMsgEX35C`QSgMU=vO)sQn5P=@!YGVDpx&_-WuK~2PnfreD7PE@TtiKSDYejY
zL;Pto0;9_Ud_#{yW+DIM^?u+J0Arlm=mkmau_!;?x_jOcuK^9X0(DUYWhX+4?CG6s
zwSH&Q>TA1t>JWAEgUP!_Ip$`o2NCC!7J6~f=fkGzN~<odE`R7qUc9^;cSL?!w9_hD
z3Sak%88A!E%`IZ(`lDCI_molT%CP5~l4KQt9}0y@Jy{8QJ)uC1s$Z=GxQx|<H@fR-
zfXAosM#=}n<LMq>dR#+T;{nfMO9UmAgyc_+X@=5$NuYea_Mys`A-B$6=euF!>6Pg2
z=~uJx-pI8yc7;=+zO=ei*Xy7wx7N)1TobxLm;r<BPrSmevFgy!&YfIu%PjsW9{}RA
z#D*P(Grv8ddD+-m!;>o6?#@1}3H<T1jI0Jz;^VKs{`-65;fwx5yw)$h-Hlux_!a2O
z1%6Z$mgNq&LM?I5+g5&6@jtFG2IU|nu2+ZIv6k0@6TYkFur64ck5&Lvxo*!Pa`8I^
z-C)eidraDKirS_7bM+7np;_(@2y#0&86QL-I>yGiJO<t`ug<KISQYX!$ncwKb>_ma
zC}Y%cwWs49-P;%nF{kla0iZMH2HM4wb2<Lt?z2?W=-rFEsRqOxS|4Mmr@6cEY&`CG
z8&fN}ql$D9*eoC4YDLOIpV~@BoU=VzN@Ei+{vQKRdVN|>P+fRg@ME6;9e$AKFSgqe
z2#wYhN$308$yp4u+rCq#-~`sPGUSqUPg^CS*wE5w?;Pt7KWh7>fenwuv1a0*+!{ox
zWyu~>zgya}MD5I8ujd)6;1ZFO_~Nlb%#Y1Ri}Pj}KbTbVwr&q?HLuf}*ci`Ft1kJ-
z)+Bwa1`?_RF#};L&S31%s{&q3Szy@i=iOqR;i{CCah|IQ#@3!%nV3g8v}_cp=wfE^
z_>71cMN2n{H|W`I%uC&5-WP}2l56@I>bX{v4V8v7Vczu>EB^85UNKia4OVw_d2XgN
zx^-LMaN|%n8KH_0Innx`=(GLvy6;Un09mo{?KOJ<Ms*oE4t%fojnte8zb+xtY<?ib
zcLwc}ZT+3khYvD&mEHT57aD*gQ!FFShg;P!D=USvO~Sagw@s#r_*c+R`|qI<ho9i%
z#a9HKV^4VrrekhmemqQ&UcTLO-r2LT*ujiPHc#Tmys-|kTvu1V+3BEW!(~HUqL(3j
zHe}V&FrZGMQ;{^3ZblLJo5O(9&8*SZ$|dy?aQ~;eBL}h@J2uyE^J7MLvSSFf?a;-t
z>Q^*hAUN?4_qbteT1+TNnLG&e`;=OqJK`YB8p6m-Cdb;o{HM4Lcx%PTKTdy6mDa}A
zs9fd0rI%VB(xt}74Hx-MMKOD1c2;Jm;pn9#IolewZR$1lq_|*SOx&j?3AKFM&-rzP
z##pYT>CtM*^*Qp(#U1O*0~ra*aSdFD*eVN$tKpBAt}LIuw_>xZt7Ri{RoY1>9*C7Z
z8b2KFcQCws%HZ<LxYYHa_7uwNwi6ZXUv5caH6i2N$Xs58It8~!U8GJv_1Yaet&R2E
z`B}YY?Uql%s&a7q3h>ZIRRW&Vf@TVe0a&6Nz1`_z>aOqpVYx1N>8%sg7~u2*rnZjL
zLpF9_yV)0uHZ2p!znn%S=_}D`Kp^S!A84Q@#6L?D=*Ib}U6P_(R^1uJqAEZ5y{4F9
z$ohF*`5l4kAsAxkXm&Zh!VV;hfqJ^@l_-&4vk>G5Wsj8Bc*N^e4VS~zrZU;sr};oU
z;CyVut2d#QqaAz?#d=tn5}$`H_9jH+CZ{AwQM5$Qmgq^##95fQdI`-az6XDO6RJuP
z1M&LX?p8vjby8$DP6pQB%GYW2)UCjq6_7TweJ>8W)2=$b90y19;FaJj+8Ndg#0>SK
z^jkZv{E8vZKTXS~fHs0!8`7Q<mYGB5Rog&@_3lo(x#7<B>jyt{kG4CCTUl~8>(+&U
z*hh2-D;>oWeYsikf7e_NXpZx#psubXo-5^9`bUE3i+R$>$?)N1D0`vP)H~g%7o9Fp
zQ~k^0xppc)0KkU=6@Go7M4^0lv1L35i)(1SBf1pn(@@eRLdp|AgRDzyC6<s$K&a23
z;=9`IE^~QUJ`@o(eB4)C^~rY~t0mMH5WiCps@sRLJqK972%p~Eq*^!K^tKFBX&u0h
z_WCP*QkI@2e_zpCPTxBP^PU;~+56%K37|A;B?>pT^i()?OGYbB1H`2N-j`B9uWU`1
zpHiqW5zh4woBH%@cXg{VP8lfR&JA_0=RdB6(%Tc!B>Zg86_D@JHs3QRp`(#BPLf7Y
zKyTpx_5l4$)C=r6begbfP7^n*9jFVj<-=BXN1V)jydt;nM)=u48b!^mcqo4XcfhnL
zb)pCBqlO2an-Ne=B?L+SX$N{T$U_h})Qrj>h<fC6%ira1(eBf$Ih%JgAd_cZaIA3=
zevR{>rv|3tVF9%Ga(?B20QZfKs_@%DC`c;Pmjz)VZ$Ws@kg#4AlDhe>KH~HUf?t_F
z>_Ki7F*3^O8#qQ>LGnQ!%iYu!2>0{@oG#8nCI^RKc)OCE`EoOtSDd3vFV&~ERwB>b
zzz<U==?p~aPxfkisYmSP!<VOrisC1DxmapJ`+S#zR&#3T-Luqu%zyPuzm>58@j9Wv
zi6!O6I(_r94Ob&Oi!Na`;7;SGBeE~Pj*PHS@O&iU0s)x#w`TY9{2Dz!Hl5c;{jgSp
z$_P?AADjwBM!lnULRkU9AAR@2Tp;(%AK%6_k>i>=+B@+fhe%{F091+$V37cmw`lQ~
zFG~bM5it@Ju!R~f-icUOzXSPla7AcJ6I4-F4&8gWb_R;qG28a5vWVc6iXzFbtK5a;
ztGxVWX7N3aE7B7bB(_<Ff4FLr$oh?0ZNjb`j_3i%rrUOOe)%N8IY*K950{)l`Hi>o
z_cmOHj|6OslV`@t7Uhx_%mP$_5HYQ<Jr(_b-yaxQ1HAt;Ya0OT=Up$P$z=oN@&Z6u
zp<c#DzJ8Gewr?fKbzQ2d076TEqBmg{eJnrd$E3t}rH4G|lC|nPzw*+_r*^n3%os0h
zBUhMRb+!Jcm2keddQ-#oA2`G3(4fh*myzs@=`n6o&%Tnw?mv{3$mB1`c)Na><4w#m
zi{GMHPolA24?5_krh6iah&GIzHX=L<W$}Ce{>;XP@*NS%fQhjekR_!fdUmWn@TODq
zUlPr)GzG1I!>SAk+t4(GnZmo@Ot5X|$$q|UYS1^dVOwu=LRoIADVt8wXTDbtq_?Gl
zLe7A<|Fh_ta=)(q0@ytt`wZqeezk_6NMGM^g@w<&^{`AY<r#7kGXc*iw*^lYi=z_V
zfWU!A?{;_CM=1?y0Q|ABD)WI9yvxmR^nfV#P30<uaVB0sfZ!eB^TJ$Tb)5x$(!rrB
z{f{?XD<#Qp5A+@_Zn?4yh~<Zq)GR7SPO@PKvC@UG`k#OPepN@MDb=m?>8<*k4{daa
zXiUmQ-;L7<#7d6EM$o-9E4$Fs+toASoi3rF_j@Tl0t{@eoEs|fZIBVVeBNzu%bvE6
zY{|+B*sU%fignSmwoz&NhU&UJL8G|SVn1Z|mVQcvbyn+{%>Lg{%j=tfq4VP<ubP)`
z%O*0}*}+2e_XHkiqTjbP2$sHo=pqtk75Ip&<Yu?%1~dI963Lyt{lHqa>E3ZRiz9}M
zSb;7rhcwV?!*623LqmMZ8ru%~-mNQTSG-6H2#zfQ@)d~|qX-g76R?T|2&4GY;#g`;
z_#Kq@&z!etm$tw06ZHffnFcg|uTi}!<4gjxITs?fUj8EATi;avQSVjZQFnyRct^O~
zr5oNhrnx83?IJVpdh!%Nzy181Jji~u58B1XGCJm<A=orWlB{cH*1yIQ(fn|F|397f
z8y+YU|E%QW3cBBKjL~OC;eXVaOa7_%Bf(xC!xuklvJW_xZfKteL?@v{N3@6KqYbT^
zR-vMPuDXEENt-dmVAX3gxMY30T*dKr#Iv;=S7SB1=xAU1eADUl`jl;RoZpKhEEun&
znyzu#&Vd=J(cu0F#>tA&XFo+w+hcP-ae2~8!}`=#b`RlEOLeaEa|5sIB$Fdw?|1a9
zGLrQvThj@{a7RKvt6WlXFIH5gj&h|1?pa1v<NafmPYNJt5_YN4&B^e43LYgM$NM6$
z(wGmve8nVU-=Wq#W8<9tK!ks)#DBf8Z3~dDmCbosJf8A$a1-^tC(58DBVlNp6f^xv
zzV<c+NWe37hTW{`ndCOLF?ZQr2f|=B6!4#onO}RN-g#Nt2{sOGv)8qrPqc<n8B9A~
z6xAGd>ck9XWaO1a0LOEm-1VyU*A-Uj<tsKGKgcQ5+3F$AZMQCu<<l_&yoBYz<Q@x?
z^mWCMUS=qGLb<;GCU6S?OO=PDI5ELOHwxCr6yz9F>smEPl|u9WbdXt_D-6AmNzX3#
zZN-D&@<q!mRYIrWNcuZ~Bkn2dGCJsG(Wcq~5j2;gmy%4^%gfKgvo_vcjg3KaYv1^v
z-AbHqOFgA1%x%g60S@e?`-McLMDIM<!usBr)$c@UY_RFnS0dLww!y)ttk<V5Mhu{0
zl{-A{rH5I_Z&Ig@td3TR$&`itNnm8T&JO)ED3peVjXz{>5E8lSN6Uls$B}vnPE2+u
z)P=Y3S-a4h@M|i|^M!t`#|vFY^p%{Wj`2AsXP+jpu>&oy_rp?{_+#waOXY`LzFzW!
zBQUF}(2{n`Qw~(D9ALRb1#~{;2^FQ&3RPtGBk*mia(Tx!3ZWCB^Dfpp_fg9i%Jqf^
zYl@B3vkCa{P|e&>N6QDMJ59Eyi&fQv?n)di%3r%8fk`ZDEUHo>|F;91Zop8sAK8tr
z4rm(<k7Fov!VryesW^`DmWT$gP_7C=!f%OpnKZ)uasvE2Z`N1+jRPCm!6Z?+jBV+u
zgTvQ{G97jBYe!wO^C3H#NvrNSC*XBwg}QeDV+fvVF0HHT@wc*~P?{J!*v0rR>Q)mA
z)c>a4t`(3ntAb0S@SRK|HJU@sl-d-Ro5UTcDPr$ypCy@37Tb*SgPb8*>wl*HEdRij
z@Rz8I&hjLw;8(g7zU=KnAKcT@VPX7@(TF0}$ss3yeNw(jvGe=s2!z0yU)fKiiMbkO
z8cm^3a5T`dTBg_^^aa=hWmSH&yNn~!!&UqLVC!%A1e0sOE%$MWrMl^3xd%wWIK_a&
z><Vjz`i!rO9&U*!K_{rpTA%HrRgyG#{K8O%lOO6-$K>cOo1-O424yx}>5{s@(OrVn
z%21lc#=dTH092S(vBn1Qe~IAKq<juRsZZSff6&Q!BCw<JGiszXa{^Y+<O>WNLs{9g
zoype;Npk=Al`?RenU6b=#t3AiU<9}cg*lHQl`^FUy>o8p*xPg5z?Df#<f59{X=|uu
z6ONx5jbAgdiuZl&n~#M<%>)|rgQu4XZ{t=-P&xXr=}4+Z=)=Hn9L}c}J2b>4wsgrC
z;7j<X&Kyyy$*IXA@cBOe@-DMMrzt;`B{IeXEoDXS{vBDo&OKDTAuw83_u6aRtk|6}
zT7tTs|Jr@wil9S5wzFIoEA{h`2<+M3JO1_lUW?6~D`~|a6eQR8{%wZ^6e|k?89dAS
zfJ+JRO!O}i<psfgm*p$u>)J=n+Zya3Q;8gq${VHLt#2|9x4EjS(UdZCIo(cCZ%o2L
z@B~4*#lgCzb=Rh14%c%UArmpw(sdTQH}=Mn#hi1?Tp;jn7VF(bC8^rR^EXlB&hk<L
z=6mTVcWN|Ij&joMpxKK4N%Q<6_GYLXP!i`Ip<Mtk+so7)ReN3|htoLF^P|xesiJe?
z5aZ;KFx^n0ZATv;4MUXo_vWv<ykkVA{DOy_1(lP$3MfSmPs)oLw3_;|17bi|c8!=A
zC9A#1E4G4g5KQH>c+gjdl*|v(sv@`qkw!F0WiQI|44-@nnR@3%x-c@}CHhY@d_cth
z4p{tc;3_a&exA<V-6yN*Cy4bmH_4&JTTAD}U`eD)?4B5#0RtXjxb?%^LaW?I-9WO#
zu*c2f?Z%%LfQpIJAb_yfa<Ws4&URdymO7pizvrhqS0*Qt6&xV&=gzDcnCjldtvis4
zNX#kah5PhB(?~zPlZ5JQpelHi2ZbOzXcu^Qq^A#b)NOqa%jVz9Oxsaja+-RK_7Ydi
zY`W>-Zyb7`FP_?B@8ral?bDLDT#gXfrJ1#1idj_oa%)8Qi(yet#FY~1IkE!A%UHBi
z<5!cpU+eD^le0gvN#i+YHq8Cg@(t(OKE_XQvUca|g&e)-#w!K)2SYlCs<b{D^j@-H
zj_UzpNJP7~LW3N+)a(P#cee*#pYMr|_tM`O1Ebj2-LgW1z<|mHB99X^F%>sw+we1z
z>%Q4B@9iy4cF=1f6hhR);BFxK2S{#zx3g?Ie>!BU?7&=<*a`9UHW~=7j^kN?u8|6-
z3byAuUz=*274>SAdMu;ewnM)JsYh7+*T?I(Ye3%^#V&b?cuM|2!$M!>VuR0U_8pSa
zMq}fwBw4=<EibcoZ6tPOZlHl62eLI!h-`wxa@2R~0-!h13z9?P{t9IZ<u7QN_4Ozr
za*w3(pAgPK8hJvQY7LV64(&Ts;p>a$G}n<C%$%7*2inyr{$76*$m*9|f7FNeY=~XS
z-+gUyci_YpFfMDn$*!Z>FQ|06Wmn<T^WU!^?b@1c+jgRyFjTjHcloy;&A=e6AK7lG
z_|>nAJ1%TqylAh4)haGM+2p!f`Fz%ljwO6mm<~u68rzY>nY2CKTxe?-x*-aw=@a)F
z^o*0m&eW@whKJ(L))KTYS~h(Q*j*eIvVm<A43ECyYTZ54n*6^UiO4SRXBhY#?Z0yO
zpJ0Z@!(*)F@gn4l&Ss#xTSx^o#@sXP`1%QOapbg?hb^Xu04Cf*PGXCpCU7g?Op887
zL(@mmYjIeNX1d0IPo7=;3sd-kFoxY*etw}qnm2*pZusLeq2G^<o?zcYsakJOEoWK$
zRmI`m5*T^BGr--!_t?uHkv>?oZzG(aPSXzeW5~dkJagPoVisId$9LDOm6E7>Djxt!
zCV&E)FpX2$?U0ig=CBQGkz-3b2GkM_x3Nyhs4HxQORYXCL8*ghmwrROJBuxGc;<OB
z;Rb<>rj#72$!gboBEnf;IGAO#ZD`jjnjcF+q9-zWU<Z&K`jLVpNc^h?@qZ`a|Caxh
z;&O$xHL??1puNo@vMCmt>H}pk)AX<vy%v2n_mc~6THh-tYmM^uuh4-pE$-;_;+Tu^
zy6`+IlS6mb3$!YZy}-ry7Me{-!Qm3xUg^*BQ^L0%LPR!o`JTumot-{(SitxD9Q98q
z)8aGluE-`QtgJJ+()1fsc|`aX{`B8f!etlx2ocTErh`QmI^N?p81^+cv(Tfg^cLos
zOEYbsa~Er$D{_oKdQwie{TsdZ7`8P9q2oaE6mJ3EVOaEtvdrwIWowq{Ns>?R#oT2r
zv*k<vvofHKF$)a)PZtxt{^4WJkMirQSSVEaQ&;9;*#4`j5`qGqRBQii{?FCFI9lLP
zlRetQUV#zCxbbF5Yw43WC$E~`FE9&+{CISaMJJ)^mio@sgLGJQb3?`)jXSeg0zDim
z={m$B<!$lcP?fb_@QjGt*S31W%DJPe@7siw{K`#-Ch3D+)ll4jTP=R(mjRjVDSCIj
zUT2ZGd>A+J_=*Fy2&y+ycK8+m?XUyB-gJ?%INxbalTZUBcWS)KgGR~q6`YsHkc<4`
zk;uM<ifFbm+{f7@w*{Xm;%83)Ly1xYm?-mpY1nGfErX?3gFBy610=qd)5I+BD{<y>
zA@FOc=%nY=_E-QgJ3;+xK1S3OyJCXYeY(m-Tt|&B4@D7PORmSc>o}Wa0x5!}?al{F
ztgAKUl7EHpM-*V+Ro_Nq5(|L10qLMZ67Xm#$H=Py;z9!H-sI13gpFh=ceR}@F5q6r
z6LhQGl6cl^IEdzAY1j~hL;x+A=PCxuwuLj^-&$MI?}dKdfM|RIk6$qd&3~O~vTH6d
zM!hc*iWHE2GkPJgrUiCPobJeZe1xkHEDf*vIMs4hEm#KC6(S4po7!ESXU{Gm>RcV`
za3W8>R+6eF@f2baHL6w)``kPc?2c;-M*ylw9qNEAIy<{pEilIHZ4vY<$l2xXfp;OW
zqciuIQ2o8+^8esb^Q9~9mo0sxK<MepX8DtY-wR=~T|HlRUUM3Q(EeQv&}#lb=J6{=
zckIh)YU4MOO8%zk_)faCuA)UtTfJ+ym~@1jLJs@e9rRiFweThPK53J7>9|Ji*b-B@
z>Li#L0Bbs{ELfuBXOA{(iiZ-U+~XSqAYYA5W%7ZfYJh~r+fvHpz23$knw~OhB{!Jg
zOIjvAS6vh6K?Rn7%uB$;dR%iyCseu_JjAE^{wgu5?KhUYX@hT{D&%GSF9QN2deado
z4nv#uWtA?YkKYjGOkiKlVfVq~iYH3LmS7;pXsHFjKk!KNr>pb-UB$o0r5pa2xb}Yr
z6bdi}7G_W>AQjpS-&8R~CE4}o0J}lV=AJH&pc^P4AXNF2mp;RD>*8DfTREdQuY6$m
ze05fgF-#hG8Y;)mz)2IQba^y>eLCY6ci7$o!IyeZRNlPQyCmg^hSU?0?vVSHk&&v(
zCW&xO2eKz`yml+RO3=bS(sO3b2QU3($DTEh1jEl|&fKsSxE@s`<mc4+JyJ8Z?$p3F
zG3c;Bj*^3jEXca>Spp$B>|z7%wV|J|MuJ!V)i<nm*ZA>BADm!4UHx3vIVCg!01kTL
AApigX

literal 81911
zcmc$`2UL^W)-D{&wqZft0)l|pP^uzLs=(eBkYb^ih#(LkM1;_rTLBdTw@8r)$dO(W
zY9NFJ1OzDoqy<BXfPfGJQbG%Xy8?*1&v(D^ojdOT-;Cjqyh+wtvpw^fbFKG%qNj6t
z&o16w5C~+?)hmD8fIzlmAdqbrc5DMzc3m=k0sh<Ma^tc(1l@RK1iaa5tER06f#imB
zELr{r-tWA3#n=S`kt%2Z+jQF6qzeLBNxu4r+AR-@v7VhT%?y2o{kZZmHZqDvQ%-NA
zHg&x)iOO<1tR8dX{J{gKHhsES;iOgQTEvrdy4L#DiAw9Ctta>n#5@m#yt=5au73Mi
z7Fwjxt@cjEBS<y#SnVkex5g9G82_GG(NrHs#;86LycokSjT6O;(O%{_enP*?4@$_W
zfr!Zps}$T}rPD>-h4u9{Ngd-9?*UtllZZoL)!=no<<UKfU9^`sv^5{^S-YgnrCwZc
zPv=ZK@log6mF6vfIV2BRY<66G8?)tI;SGZ5CfT*Ou4?zPZ%t?gtpA)}elqb8t@W=W
zu0qrFlV-4qCn<+|p|z&#AKRTAxJkwb-us5BU<%Q^g-158jUs(;bMecZ?A%8k&FVpO
z&r>m*R<FN_bJGpm)$@k1dlPo!TI9>;^uKq#b8Fdc_m%|Ry5C~U>US@So)PLg9x1&^
zO4D1gT@<!Hauvm=Em!!@M2$Y*gM@H_GlK8-txc(2unXgBE$@n+?cEq6^%1$*w9hwU
z)^FFzQnvLWkbqO{YZVS_Kl=LDH(oC-k9BFxIW060JHM}$qr%~<c%RJL7hTmn_7FD4
zkl2AqEP6y<`>6T1KAD-QZ@g>oN{*HW^&a>x1NSeJRj3D%=f;b_jR<4Ie|KOmcGuEH
z!xJd7Q=wmm;rqsnCdZOKmGZsx+&XDyGklYY!@?cPhSl9SCJGGPg_-EWPKl>tvrCoX
zWr;dYd>5SWbk!A|A`O##yCi&DYvH1Zt0;{$KhkkKx#*i+m&Vbg;mZ+2yH9UOVkuNX
zJ1EHOiGVNpKba#ZO<gUDSH!{J7lKijf?xWkw3m{Oe^813+kYo5+SLm3Lm{la7+puG
zb30geSv<C^4Xm7QLO3_ld)~i@)l#nu7rgMiq^Te_)pKiH<H;<jQB9KKmP;Gj{p#-F
zd!P9MlS0qbre7<WYp8`E@47kLiuO_oe}lqxm%+anz8K%lv$4`dY9E8ub$M9{4$U6@
zf{h$Z@@{&)_$o3%yUQ>$Hr#V-Ps7P9tCqM;$G;m_Vn(ra{Ig<;p#Igl_;k|1Yyqnv
zGs#;QDHBamIMs9b?1tghsg*P!#({}cINbC?gzLmBN^ycJT$OGwFtop|dfZ2%5P7ZS
z{Oupg_X{Qq7lr!BuP;VWt7PsPygOx+RX%$ug}L~c`VYYo|6G4MJ({@OhW)!ty9*jo
zGVlN{>URPtY|h_qFjBZEy!&-tnT?F(^bUo%`r1zn{0!r&`?hBr&eS~dO+g;#`#!3G
zmD~>0C3vlb(aj!`);9b13JOat9&!;-6L!I^*j|zq?%}z(Azy|1Bl5c^bWy6y{jR$0
zEwhTIT?WgQPw2<rCoPm-$b}D@ZnqRri^9F`CQfa+>ay+S#+*5NeaL(FYfefk7s9{D
z=>Vg0{`HB{v@bA0*9p2Xx!o<x<8F&%@18oPzgmZHWKx>u5PYB7CveUD8-}wKs&wGF
zw6T`|UxVzwn=HG6W<uAA-E{bePlF)O{ziP#dpUeV1148EK8^kx@FZPmU%Yyq>b>W1
z;o^sHCJQIlU<zV)@{#@Z53^}g*K3+BP~o5FxIrpmzW~@Jnx1~gCmlVg{8E~oSHR2U
zLi^ANO;4y?r!JyX%(Kt;`J;|ky^2@m);@j{dE$}Qp5B)?Tr$7F*8mG*EmUrhF*lh0
z9kSGSP+B(2C*K-AS-cKu7vv-R6n!FZz#ZJDqSkRzVX)RA*~>6~BQkcNBS(FA=Bxwp
z7Iq@>HTl-@uZqhdqJ=L->AruP^sypK+t(HnV34PT<frWD`}{Gl)ZKoN`5hJGIIpBW
zf`=BG+U+5ooJfq)wesG#Hs(b>di)XX*iGWr3tC67-dr2!sJ7;Z*(-s!6=B;7KAtM)
z`VNf$8*o=Tvx{)3SMDS8>)*R3ijoem4bq&Z??FFandnkD7xvvv6;1-2-8F$Kn7g?F
zZPG&jd+h!1+~WTR&~r(Z65VS8byahHlZ?8^!#Yk-&m|D|h!d&^@7py`ZG}lgJ#QM0
zKOUA+OrSIs!cCdV+$BGNOYD}1FBKb!xKIcmq{EndkoUVjJUQ59K$L;0AjZ4gMo>CV
zrk+}qBkBwX0X01CHAVKmJ6uIIR@(OB4{zq!Z;>$H{K4B{U`4C6>{O&KfD4ck&>)lt
zRg=cfXAi*z)Mjzdmb8q@lK8e<`30NrFrQ|EWiK!Q*mQuElSe}ViZ0;k(H4I8%nuLR
zKx$AT9slYoVacla2bz{u(jvMp`^mteaC_Spf-T5QpW^cp+}fwvC_T6gKVJ62)wX=c
zcQ@hyxnzQ>GBpfi+UpA!Ws3>-cn`HTWi2^Uh$ihm4adLQNLcd!6HSrZspnW}nrz?|
zC`zTLnxE|P&d9{Ib(|Y%4A{u}+=~Jh2<Sqjhbr8mtL_y@8g13AB^VQCIDIz!jjY?S
zOM3RdWepV^{7dEfVwQ}61oi{6dw5XnrKE-Syf?d~^7^0a*M*nOFjBFhOK{3^Y#aYR
zN7KpUKw-EQ4N;5|&iBjEOO{Ng=c~)jBW5~{XlgP>_n-OX9mu5EB)ViaP}jokmh532
zFr;}ZHhhU%z^ax>0BPY>Jxld`-i48B$PZG%b*yx+jw5s-KBCJ&<vEu6iGrOH)NvF%
z!=?dG;G$H89n(AV8V0}2MhaeuJ^$uM4g&<@VT7WD=SVs*h%?)$oDCg*ey5jw?lbGc
zRdcM~i$>T?JLwJWf2|U2((Xs}@A`oDYYH6yVK|P%7L{jztmPMi^Z#{_{Wp`@9kL+X
zySMEA@WZFsY%Xw4dq%}8X+s0*CLatiNjslkr!dnjt{z+mDN=fe?$gCyhYxA(mxIW4
z!t1zmQ53#eP7t~Ku(gNaLdel|Fw)$S+FF6FK2WOWLjQ}V_Z{ipMBWrvQ7E+#dZV=t
z?VK62y&q<Jua>OgBZQt5=%ksBGo0dDPaSzz;*V+Xp}xG)6Pb!$2WAc-J1vgSFK@&}
ze_m&lL!WO2O?=bWEX?kyHDwny;Pv&TFeY-;+;eJ!bryphak6|pA?$VKF$)eqWN4pm
zNbx>iXg`5r{6yKcJl23+YWe*>s{cCorCaZyx^ZMD7JgHC(kmA(G9k1!ligc$k2vWq
zlq=pV(l7rj&VF3UJZ@G+Q}a8NWG6jx48PT~^}}hp?=7I}wP84?lTObVcu@bCczd~S
z?t2zEm|fu@czADICgBIkJp<S@_+k<vL45<)cK%Np_Wykc%z56&ASg=sEV8K+g{a~V
z0%ZUMz0dIl&#o<s21<%B*@<m;1=N(HKP|NRq2XPWU#U=H1&xW#_Nh+?%v`q%krvT)
zN#}JZb}IYow5JOdt3`DM1kJQ%h%*B^y@Ns;1UUomFum|G>B5!`othgx{<c^Ze5u!z
zZw1=Vl1cYrV}+BcGaZb&B6K$aCW8PG-*op2v|{n(&oodS0Q12vLo*~;HYSxWSqN5+
zH$br2Hx*#b)XlETdy~dNUVsUxrMm2-asLxa`7IK<Ri-ilGTu~-7*_^t^26*)K&s=L
z*boh<-$LZSk^Gg}zg2YsMOVPV?_L08H`UK((6)89J!8m9Kur$J67x?eRh$nSxvbAd
z-RWXwK*B{vdT*MOlCfdGvf;UJUO<d0CJd0-#uGi>DYE0kx?Q^X*kCpRS4_}?|69sn
zuvxRt+F}N4UW_Z><ST-ecV@Ad0w0qYlA7xKxAogIlQF7*{32Rs$w}iLx4WJSUIhwc
z37U8g*3ys5rH)~YN%cy9=?ve$@5Ykw_5EiFvKOS$+>>yB7(0t^k8o0U2SZLM6#9Ny
zNukT37hYd(t~DE9dG$Bxs@%5c-ziN=4kuvVcbIi^ue-5R4+>a~9oWbfaN){1zyWj|
zO&2=UVlF?wD<NEjS-RNrdee`36tD;W*WJ#wTDow)g;2IpAKk{zPHXfHM|2tbEj{2D
zwRk0sa(^fl{&@!1mN7fc>bm5{@Ro4B{5@>VjXr$i4f=ayE&oj!`+q;k{+r3vGryG>
z;3I4<{#s6mmLmQ&_mSNmc(cU{l}b)9z>OsM-fG95B&`CeQA3M5*6XBpz_XU#%M8s}
z$ZkSw#gN|h&r0#4be(LUbP6nR@`d>-5a-0i*-s|f&F}b<bh!CaX83MQq^=YssMqmy
z+yRLu+nsCB9CQU0zIRTU@LUb`nF8IqDe9S1Li{*(J+o*enS1bSe%nSW<Unhj)ZP^J
z$ZuO`t;FhDc({x!iu4lAci<y$>@%eMew?wIqv<;gOZr2!H0Q%;1#fWVb$TBl6v<U`
z26Sg?O?ThEI&wK6Zfq6t11uwy{*2`%o=Gkd)ivLuW$YoPAnrQ;r|0Nu0=WGl@Qt{5
zz)el0#a|8q3miESeQPt@Y<2{LfouLUY`Hn!;Kjku*^n$I#I67coTlk$dv}kO6Nr<L
z1BBf<fon|-ExiM`C&DT&B)5&6EZAme={P;JSa7rir5Uu9{o~u|yVTqW>Uyb*7O)2}
zLJK9+6a9t7sgiurZqIWy%w|X3HH0tUtPm++(qz!G6|&7@M||t%5hsynCqJxasQ?u%
zj%*q*V8EY=T@Y{CtX?I;a=|jL#Yt$b6*Y6!#Lk?ZK*V^3?)lw<#3jB!hhO1%7r55P
zI@{EuP6HN(+`c|?qTK0_W>Zk-M<Yv94^74OUeS!^_W?wN%$#<=Hr0<3&amA=<Fvla
z%9~j$$fPvCFGBccKpap}tSwh?XX1LVta%G85lMJ)3X*d=`8QIiOmwsHdS6XBipzw|
zZc2q1WI_~SQo@!?9)b+`I-@umQqWw&rWZzS6*Uj#g6bIo7d&yc{hZ#!*|prSaYnoV
zZ3y(jMUXGok!|8w7ur>5<9aTsmB!>h5zMMmbMrL?UuD12zAG(JZ(mNOYJ|4${#oIw
zHHFH4SBTw=VsY4eAvfg@Iu>gmC5x^P`}N%VM1QP*Il%M4W}5s5G(szOb%OGi=j)Qq
zs2#aOemM5!?&@_Or*&0a6x^A+7Gf{H5Ahr4uS0yhvZhoBm(h_s;lrBvb(8ImTvyBO
zi?6xvkk@;Z<$B-0zOBLWF|a|H#u!`nh*PT*=M*OecCaHDvc+CDCoI1D$5Q*hFI8-_
z^JDXUc@fd83%i|@y#9-j$DDlZK?45#u5P18>bLo~f7-AV&yjVp%8zjecQTGDdaiLl
zE{k>FIeTK=7j|cTU;Kwh<qCWAXkEZB*so^j_aUD1b}125_U6{OB=@MVwO1D<))jBG
zS%)Ln;pCdBKJQ=c<N6q|Cn=aEWPRb>6tGE(?+(z_0H>l-a-8&<Bxf`^B7>7(Xn^=>
zcD&869BNLD`u@>X4&U{U%zidh)L#Y7?nWXP{(#*6oAb_EtXskoCvtAxe+(%<cJLQd
zopo$cr&^}7r~gxIZ!S&EZAxlYsLEsFGyGASd-p?lHm`{iAQa8D*g>lbHdq>aV@N5b
zMIJc@Is3=2>g0M`&|GA3HR3^(>;yYD1B6bjNz5Y!OGJQ3+9D3`T{WhL#Lv@(sF{2<
z#U#~U)Izzl<E{LF(Aw{es=xxlNZU-<GXl}0VmOUzegs5-S_D{?C`_ukWoQ*FavuHc
z__y_v0*PS0-30}ntKoWdZCHvTXltuxa-mm8PqllKOu}2hYBCoMYtL*Bc<^gTXz81L
zP22YN#Z752NjCeBt&lA+HYCbd2{c8zajeF}?VVa2gtpta?muO(wVnM3<o4&dAAYW-
zXYw`qAH#%HfA{!rFWuHcoW};17|r`kQ|BX4MiKju{SYyQ{0GPx=?xg*x%6Lr$Nr}n
z2(Wy?<(2*}?aS|bfaIC%KQ@)?t+_+_fqVTLq8*umnFY<c7PV)1?O@YrL&{{vvOass
zX}@~6>v8d!Y{M4oRSf||3-H|kQ=A0o{6oKIG3()?{QOtDT!j8QuJk|bb`cs1kGBvE
z?i|?202ev_;WJ_}t?FYY>+o~qA2a8Cw$T_fgSj8M6P#MGjvZR2CSSYs@Z4(2ByTJ`
zig<W_Rpf1$=JzP#x$=|#AW>1@qbT6PsWqQT+Xy(L-+%G?fWAns#l2c5gLgo3zE=GN
zyF4o2;|>xMwT47SQr`m(AV1raXUDKVunvHUpti=C35cAv*Bk$SPP~A%u;g0SfLvVJ
zu?D^nAc{~<*u$|!?DrB2GNb!54uB$2a2@LbbROT@;rx69JOCmt^ZXlDK_FaJFd?_>
z?;AxBvB#e{6%8r;!JU0)=s%{Z`4x%SgFVq0^Lidvx_f=utmA7c15DxeuVx1ls{X8J
z&?fcYm~Z#9Ut${!wrB;y%<CsHeg+K)WTt5~e7M$N4g$&f3=E_C10??smZl7N(vR_u
z{sh`U7`29=PF%}42z$2jzHdoESm*eRF6&y6i~e)FmER6QIGs*@c_SndO_B1wK82Bj
z9DOmn;<*aCw?FU1MBdO8uLk{=i{5LOuJ5-HO@3+e43PhTv5J+s_bU^I>q)`Lqr!nb
zR4yQ;%{X=r)n)pZo56}!eUE3yk5A9a!B!+sZy0GquD!Z2;SJwYwb?@Z3j06zu>Zs<
z1lRK=*r(O}PrUd)nuA>^)CkRbpbJdDZ;zJ$B`;ouj$8{);4Z(N`?n;_cA}U)S#MKw
zH&Xt^Oa9k0?QitiMuk<osPf7}nhEk%=<T0s>sJH7HC@1Nr*v?F3&B;pBV%%DOY@fX
z9NKHYyWo*YW#(k9>9FU>PF+*E_!Ul@EzQS&j^&U)e2y2I2hR4{blq4fuDrKoDV|mH
zRt6tG<lx&f%Z=Tnb#vbLhzQ-i^5_aWY*;~Tbokh<dCznQr5fX9^FwHIwMyI!{Zc;b
zt|wKR)|KVuX)cz6e9DBJ-S-1c&VKGk*~N9-AROj*dR*=BZp5L*$k=Jr?HK(?TPB&g
zd7G(6Q_*4^C;1HvFB(rhdxc{@>V5!!7@@WBF;m(A^YBx_v_3|RX)i+-J2d-|UWVtM
zRzP|;K&)3&tkG*;#2Zp_6oph&Aam5$oHx^u(sRQ7JWo`Zf#r?NQDmA7_hfgF8f9W6
z2cEu*Y&u|K{c)U%B$zc7Ow!u5Pj|tQ(?qjtwBKD@w+CF<@c?<mdOf~)j)uxLkIH?l
z&?bT{-}iJrhci6^T8e%x<m6nhLn1|Zu0V3my^1o)MTVavmsu(cFP7c&W(oaxSmyN5
zeTmi%B}dZ?Ua}C)Us49|L~GAn8MmKR$uNv!Nh?xehpIUa6(O>477n2@S7^UiP4mB`
zYCtp)|48@Sv<67|S#r(lC>uF`Z{)*!&F|&T_IUUh4a7crif9f}ol_r(>5C1)Tpr%S
z)#yW*XiZ|_)7qJ;%RS1cd55L1Ovlo2j!LRpgJt_#T=8Kr7VpZD3~mZtxE@DK(S7cA
zjZwEaG37SBubqQF+e$wdth%MyHZ`!b@Bka^b_Z3XY!elBvidpSpw96~z{u*QaCD2)
zqU^R4iDnOT?kyf_sABGnWDuYeil_Srcz$OoL{~~IyWcW^(FDWWLtI+qEz;(xJ;v&v
zJkZ7uyG!Pa6%JdS%f5M5a0R~gV)Q?A>5Q?@bXIG#Bz>Ei+`!o*{j{Txi%1O0;~I{B
zR2y2=NFJuv;`4YeLPnnVkI<U^_Ifikv%UCgnXxYl+NLWO&^Z|M@k*COy^7a4OmnL9
zv#fz6ehtZ?*3)poo~)bZR%Lq2_}^|nAZ_dT*xI?y&KHxo<(m3Y?uixJ%2Dz23OicR
z;ZDgtN_+eHdYv{`R={Re=!NsXWicy+R*xfz+x{$T96XDv=ar>()jO0qzt&S*nxKm%
zIx3NM{_4IonHy+t3j{P*vR&!feD>l`q0q#Ocug7{GM1C$JFG%NKk)Fzpz}*S@Tl^f
zd$GS=C3Mu^wojB1xSXc;5#w^9VQ6Y1)rKaB*vI^ODMo8Ro-sK<H?B^=TnNl)%6#QP
zWz0^?q%O|0<;p*|iRUOg_5%VxdJKr&Dt^@wT7U|Tdv=Ht#OK~u4OP<VjAEo%D1|#Y
z-Kv&TYz;fEg))fcM+n#O(%N|&|171Jco0hBv<7%Whh<fUbQ&-Fl3F^%Z^=1u3nH?J
zP1UlA6|*{+<Pw8n)mtncJilt%#BunNTckdV#|x)2$rIWVcBbA$#x$f^viEZ8s8wpV
zTG4=9*#5Z$TJED|XR25`$yr(x<)ZqCl@f>2>nk)MYoDK#&#t2N)GqhSgfM3p&1A7V
z9Xdi6EG9h0ElWM()EWH*?u>(zO1yK_V&z+M{gX6@!_e)<jpj-QMZ=1Zo80laT&)W2
z?|n5koqh8&Rq{GbbT%jxB8PfpRilEltK@z&)yMNagvo7DR8E;sfl-{RTpGQyEF~uA
zNf{BSHw3dv+~YZYatNv*yHRV&1n<&Y>uHyjMZV#qGRkV{5X#Q8&{Y#2CR)T<Z0SK8
zS{0h&b>==gm0k*Ejn>2?{b3G~cS)^_cR$uHj9Ckk7VnxrG@$j6WQ;JlD_w|ASwRJY
ziU!g<G|2v>%D4{tVKJiA0_G4~*kTQfNJ*ge6#E&^9;P&qaiN6@&`GlamrpwKLDkEN
zqy1!Fa@s2pI*ZZ~Zv5E1n2z-8R#d$>Ged~j^B=ij=AtCxHPS2p+?XgaJ*Lovbl$0J
zB($#BKh{7_6ZHgf-zMEnPJP&65B|`^+v`gvsmySu+*9(Kp3WY$ahlk$0#T*pg6=d@
zTgHIPrROriBrd{(kY|9OyKLT_+G=Irtt&iyj<)od6Z&tjLX)nN>e-$wwKSWO!=kr@
zX|2~N#m2pgabIWW)$b}-7ehrSnaL5zXUuAccACrKqWXVPY5a>bQ><n?iD3~tByq@P
z%tJZvnKF5yinnH0yL_2ZrqwH2sYz%LNkPVbj8Ej*_VQz^g;|U$q12g+`kA9$vs?BS
z&+&#ti@v5lo7*N`HVSc<-xeeC`Tlmse;YQa$d$$-vOrA;tD)GB6~hTEGjfh;cJ;n#
zJBF92Gu1=8e}JQ=N7JfHFVUap{H;<q=Po^ZHKGHP%RBdK)+^0v_NL%@m9PSbqmB;3
z;|DXGmkg}r8WUeNt7ao8=c?%HfpmHjBSiGsK@qyqC`PWU7Y*eiEmk`;JF0>Yo@Dmq
zKBAMVrk^ooh!z-&$8+sQgwD%6$Khl5t|g8-bl3}IcVtV9w`x)rZ4S-t@eh-Ue_P<o
z{;mx#Gss@}*`c|eGE`ce0fY5uvc;k)FTo=o82u?TSXIv6N1V<u=qHBuPdA5Kh025-
z%4p9OPeI!MPLZ3Pu(p8ge*6=m4cIHwE6ve9ddgK1CKrba<)-Fv_&XI%6sW)yUR@TW
zg;u%AX<CKCY3=qpq0@G5uVJ*0nKEMr1D%PyjH%M9esWhRU!&pIh`~$Fl+rFn2qwJR
z9y`=CCY)AOpBFW$5D1(&%*JJ3%MjH`r{{=^9P>$+oPi0oz_+UXYMERA^nvB>@tBsy
zf|gEMv<>s=+<uXe`I6fE{7rvSl=w1xOk`Wfe6YM2l!{t6F;b^DI#;KOWY%;S_;t3}
z7cV)3d}2?jV82Qn8j5Fx*ED&FSJAk_`O4z&c7s3|Zn-90gJs77-g8UN<JCIFD|Ir(
zIL$^5p8pupFT*F9ZEj%9d{58o<#Zf7AI+B>nupfPB8C^_GIN7^?Bv{pX$IVa4iwKP
zh-<dSR2|on-bv?<%$~^<2CdK|+k}*!Yo6vt<83PI30=||YB}Aji}zzIY^0kvvt7Z}
zE8CSqye`b@$0k;s!z!jaCx{KFwNAHkWH%ZTfL~H#jFaM8-Fy{cd>91Y0e3xhIHh$q
zx0;w}V*G)zS4MCmcs@qKyiANno%c!;>-T(L!;gVQIf%tOM5$y~xj4%7-Z4qNM6fsy
z+4jc|mP)ZJg>hx{gmxM9qdZ8}A&3rSUeo-gJCr?jN8u85Yuth{`D$0S8=X>J;Vjn1
z>-N^UTQAqCQ7dYp8m?d*E~XIY?&GI^H|}N;D{u76k{p&J@=q&f4#q$M)&<tTzlc<V
zDTV?#cpD)ThKbZ^oHJ{@+adFKI64{Ho!VaNb%tJYB{R#R8(sz`%wDX4n~n^<ZbN!G
z4S7lM0WUu3)YZg@$INMfFpE2K^Z8v?<q=9D>?PJ9w^&<lf~kY9m!5Pk<VAq|_|^h*
z7_#LOn;<vGRikVY6$rVM)AUPFiia~w#~P<*OzxDpg|`YpIAWy|rav4L$Uhj@K)4w?
z5Ttpq2v#Hz3P<&HhBlc?cF1?g`=uH5%Zz^sas?Tlpc0ietU6YdYu;gHH+C@N70x0!
z)K{bM0FW=GXEp>=V^Grp#uipEuB>)T%oETm4HqM;2~WrFn_O<q=y7&+>COe<Ym%+e
zjg7=Lh>v&K>!_vDt-v5M=cBDM9L5AQ+RX;A(+od5M?Mjn-)LTzf2zyVu2j+)M+e7<
zK_6Fza5wdptO0hAN|To%Vh4UE-g|fvv4NWS3(@*M2PNR81$;<LQ{h8%h*R~Xh7w$F
zo1?6o5>?M761y#w7LnY)OlXmJN|T<X$T)CYn-AaH9ZIh_H)}F5pJ-C6Fd;pe>)Ik0
zqB8_Uq9I#4g>RjQ4QEA+etFHduYM6(ze8s4fDD#{nJEbEc*>M(1)>{Fs^rbkzwn}T
zVJ?U)1KObkrc;=ZMX*I&f=+cPFsK4t&|!=(<CU7l#HBc*An<g5;XJgz70Q7AS1~+R
z$FHajnYV0QMgAjm669c+(HXDJw|D$#O1wEmgmsLBwqG)Ksz@$;rBzsRy|Y&P-TWz7
zCSR;t2Vb%?UI*crGBV8TCL*AyO<AhMN>6&iPC1bsOS9Bhig|1HwQF|Jj%%lq?})-`
zKGt^gb_D{Iq;?Y9J13nR3oD4ICtWt}bYvtlbbt}-5V#<Fu!tlA52L%@4`pa%BAu`{
z&iMaYsABU}=FWcHUT~Jw3B_=~V&1{nS3~JUf6A?yM#x%pOVrDB)GpfY7rdE|+ZF<g
z<9*N4*p&0fD%8Y=0Ne4wdY&Q#f}XBQhQH2JgmCk5#=GV9o(}CodRd*<E+gk0oa`h$
z@|DGEnU?8vNC;peX!2viGvPIMh9JUq6^S-^S=zDp8W>ivF)G?5R51L|a`!cg_PoKc
zkdq>L)Ea91z9xZDQs=ci;O3HTFf8nZ(x-UBg=v#>ruhsVMT{|}ptY8A7tUQ(^KrDa
zMnPFF4jV2ryQlqHx6|_u{B>dGj(%*MfMExtNdZ%=oxe~ua2HqIk8`_ko&q}}dMndm
zH4L++H{E_5_*17@OUI`*>(ibRu?lT`b#9AO|9d%}VH5fgYB0#AI|YR*fDLTxdDf$&
zG-T!=F|5QD-g7OA4?D?da}0f043Dzf1@HHZyCrIj373vL;@)G1e&RMzL$6#?Pss6O
zXm<JAku|&hB-%%ac~6`EjG~D=Ccpi}o0{EameIb{k2MZFr$|RJ=DF1=lSw2=rwB&3
z+^97@56jWdfV;EgMrXQRDJmVEa<|Sq<JC-nca9x@+~wwF7MJC}#1wJrs_h=Y8l!VP
z&~awbxdk|^3I2V7PN)~o1|oL<ABDNtpP_Oj^}>=1ojQ2FztqYQZFg}yU)}A^otKYg
zyb2$n&+)qb%h@8)<VjaG*<!$f9(GP8n2sJOp#7`W{v?g@cS<YmoD&sBBG1zs0YD5N
z>oqipvoJ&&H~Du<j3J29<HDd2nuv7E6IfA)y*4G>nWXiYCB(g^0^BiqRgY{P!HpF7
zX5}K%Z2H|E7W9TH_^MXH6_wFC9c4X}HJGAUEuYsw8t^twhwQluo9M$3jV}e9cmp=y
zzkLSAP73YXB?c`{(kVSkW{>%hp-hfLf>ujjT$9d8{0?UYYw(;7G5Q0g>V++%@_A^4
z`PZ&aVg!oB*u}IfOepphjcY8s?jx4HSPj<*geU6e%Y3zVa_$24Hr1X*>-RHWbQNVw
zW@ZQysq@d0MXyTsWSCootE`vA_*A<9cjV59#F@#(#iMk(YS`4~l#|>QT2ET*oW_!3
zQY(Yz%Hrz^vNx-lFEr>MXt*B=aD)yLd`9GVJMB*VM?0`w&z>#h<TeZ8yk5I!h#46N
zvR1Z}y_@$yPJ2vfzgyyvy->&5Or4=fw<8RiWN)vI538^w3^+oQr&WSpwlzVerE1!t
zqo{qc@CDLoa-NZ^!So0NC5;#pQ}6Yf&|I9LXZ+r!!ON!y?VPsILia0qWz{hNJw3Uk
z{=T1#zYsLPxYOS$1@HocewP;eZljHq9{Z$gPm34uOBQESdh5WbD+`samO9|-68fI`
zp+#7m!drwwq}CKYr?sWEvH*<yTzdv2ws^FHa&133T?Zju4Ieh8ERFW_#TbW|Mev1%
z($yIiKF>aJ#5IaK33i;b=n|8AsCXe9TrX5`5AFBMcD?Ug)o%sskn6piCYIMI?nHJl
z9{$J?3QF?!J1o}olrC1mBJ0yN)h4)H|8(rE;whCNy||~$xlx6$Ynl5y(0iz6Q)Ca$
zA!NwKaDzBBpwF1rWoM?IT4{FAMBco7Ywz(~532EE(i3VzBE|R`t?jf*huicvh~SyM
zV3&92Y9!&WbB7?h+cP8QZOn`0<P|>_m+3JE9J@Pel@xH-DeRof+&O(sQJ5n)$XL4Z
z%q_rBpAT5o-`93)NzFCKWB(yjhr>}?cfT8ftApUYq-WgpXKFvox}8+WV{JZgwD)qy
zbZ2_C@1r^qx>8|l?WE)*v58!qMZzTSBm3kCY)_+jHWcr2p6v38jTR3}dqZ1>K4~gp
zbg0yxEPpGeUe8k4lkoFe2{-`<&L){#QC1dgv3hNzJhzmKv75nX8`zn8^oxx%MY~(f
zs!Hx~{>-b)0={QG-D6p_Bt%h-X@U!d)a+FA8Zr4gkKM59;CnZ@=d*#s$4<0)SBb}x
z-kObkWoUd8$LmenG3nK#)=L&ptIz@R+&MuY&!L2ntQtX#dA`hEkY>FIjcTRgSuN;S
zZY^Qy<WUfzSXjRc#ooyopGCH%#1_){iV(t1R44wHp_j>2z?+4A2e1G;kRVT&c&<o4
zC9Bpm;@ui~MH|xNJbI1U#eLQ=Mxp>QMy=&xr!$ZweuMCH{M75>ikq)C?m!`7a)&kU
z5}czuRB1$-+>v3gh_mq;!U_anJFEpMOwNL8Q-kAl=+se45Hsny=v0J8PMQ>$1Q)~c
zGFME8fv{e_(og5eSqS-RHpKC}n=tjVhoU-E&}XUDy9Vwm_ZD0TJeRkFxdX0|U{J$f
z#r%+=;zyv+QzaU*a{=FfJa<r}o~VvmBvP_XmHZ4~!)bA#a;b?J<Uw6E9dH{+&UVQ}
zhRj_@Q0-M=zUqaoFlGTu8f8dvCW}66)#N!p9)V4;VTLiWQXgpM(O3a`72T9yS4@TI
zHk^sh)ipD&s`)hPdxN`4Ml0dXrwh9yk=g7n0@6i%(?zWxdj?#gKqbX}<SdgO$UYe|
z%8hYul*s`fJ+%C~1A7o=)#iY<3REp>aioUU@QEy4aB6iN3pA>9>z~ZGb32ll_mnLD
z?9;V;mJHf({sP@h+CX&DBv{q<&_t0wwctV!d@{ER4yuWHQiq7c-3#M3v?GhM0+(4v
zEtFs~NI2k&nLU1^6-s=}Let>0PF75>_NKcOg``6GNv8yTN;mMfM;U@zF%G_PJYb59
zjEPide;A#TZQPuNNb?XRQG#R~g~wZUD4ywtnFC=(fo^nABad+ly2lnn6-gauZ}}!n
z`VGW}Gtjgl7H3hDR9VTrtWe*|gnT=!tTD5u=5V!xaJ<9UgIJl&YAj49i*}2<2^T?x
zG{0c?v5m$+I}2&r7i20dcbL|X@{2R*K!qT)XUQW*liD?6EL6`4xM6k&mdf@QKLh77
zy}0fVp=4|iqmzVt%q(ajF|Kn@r0P?h8vTU_w)bS|TLmuD8<2u@P+m#I8{%mhXw<YS
zbz-pC*8nzMcg*6UO?x&DZ5Tz%bCMw2b~v0GkN&d*D3}$)S9BLAJA7Xvzu?K9QLpXn
z`jJteH-zk&g}XK8p>;tP?Uf|Weu5$MRFEJBM*C@{sDW((Q9ref0v@z^3}m(LlItDv
z$`|jRrwv^~cJPJd7UZfUGstq9ts=A-mPMsOzpr&9RwAxJQe|1pHy>?m#|=uhlYmK@
zZJR8mF!lf{Nz`vACp(*FP7dH6sRp0p6`jEt=F7m{cdOY&bQI~gH)$(6mu2-2q+_6p
zleyLxmXAK8I_?1nM?ByA=Iyd_?<(rawN~~gwPDH%a!vI+rayw*;p*k+ypomIm^m4P
zf+Lc<*sT?NJu)6OS83L(F{xm!3{?Z=Ph8e@rC~8&MP*y(z-7y_9;0i(ZWP(s-vT_(
zV?Dime;k!4e*>V+s`w)p=z;wew_~7MZkl(F-(q66+Qyus{pGA%YQM9BdBkFFb&Vo<
zV6280dtgE`(?eNtgim^Q!nMp&n|ID!@c69(6J%cayhnvf-czP*V`8Muu!>{I92F4i
z`N@(3#i2{E=?@|e!t~dVb`7NP>ncwAfG^%v=I)8FyhLiWO<Ux3m2xU_;FO--qw0RF
z;aso#yi4jp!NJ*9N75*hHdAu-VD%2rxFRMv&3%-g_~s%!TGJ~Zy(kZxhB>y@`hZHx
znW+=Fkj!tIW>XXW-fXD7v#32+&c53)Evw%uq28MqK~%F^5%X<DhZ}&F=m5>t0>%z{
znep?_HbH!yO&*(zuI~Pw{aUeSzM7Ags2~H%w#qvaeIk{@M1hKgO>Z!(z3R0+E~DN3
z-%3z?v`|nOi0KpN<LbUWPMF;m@EbVxFu$>tRsI)>cGHsJai8yY%zWGx^8w`N<CU9u
zcz%EkgzMT7i{QG&b49Rsg{iwABugw4Vj1otm3Ptp7j{F2;?{Q5{s@&L(+<URa>!9M
z0zW6`_VZ1J`a+^gzInGyT=KD&hlE_(ku`7>PZVF>D{Pi?Zf?;IM9o+pf#|Ggsrac%
zh)<RoDkJxl|Ldn+^*53gp|kU6a<c|gl*-@kl#G@IXSQ;_uI_sWsO?vex;H>Dj^W1!
z%f_GBYKJ~ozPC)ySb=vXZbVW7l9RStGuRe^-SmXDqay4LEIZyiWRV{mmIr^@!)I@^
zUf$RbEB|?`g}s~gpKU?cbPkO$oFD(sc2WP|?KZLtj<sVOK*C=Pzbf&6w<9h5k1go%
zjlIJM`+qrG0|C4BRsX}?MsN1^(*L_1_FoRN01X&%ZtOIHcaWT;|J)8@Uu_or^(+Or
zwD=z?=f?>(wvX=rzKwtO>`&;=o(l4H-;Xl@C;u}8{LkkIXYZH~aC$2lQpA63jsJ8~
z4FW0uD`rnFINjy^m_NQnXYIrsu(N-|&-+%Z3r_g43BZ2etombv`xi`Lf5`ez!cnza
zRu>blF*f;qUmpw*@Y@fhWDm%3N4Bal(yd0w?Z;_IFwOt@F$MOZ8^=omQhJTL-8<SB
zrWUMl81p>KdhKYZ?$Y6@$)%aEL1rTvnbWO&;0&Bx82k+DTafy~<(et)-U3T47(IwK
zSGt&?zHo>pJK;BLC2-T%QR;X0;1Gz?wa0s;O^U4M4jT?5ygmhWYexq{ynM7qlxf(P
z%hPs=Q^9W+>XtvMFJMJ?MVcCL&GxF?==AQ&3}KF!6z5DdhU{XF7r)6_Ax=MKPAC@@
zufz`?WD3gTJw7kHJY@>*zyxA3^%DdnlIWua&%$4Fi9}@8M$cx~8WMf(qGwdArw2)V
z*lR1OJ%P&H#J&=Q%9&T7gkrz6wAnE3?bZdr?drkXI|5S^D_cL(rUnyCBSd{=9<@eu
z&-yW6^e-zmojFp<yn8UXY-OqTc)P6*f2N8jZF1DA$d9lXbAdcLdiZ8drfz%*ZgHm8
zs{OohxB*njx!6m`nK}m~>QON{-IIF?`YN3?IADcSp5SYWhN}9p$c<N1*3Q<H-)NSu
zLhH9|HA?C&9iZu!mYik9hAy-eI!s0CW|N}BE#fgg!=?QXyc<OXmX}*o!;-g>IBx2`
zQn2uC{POpx)~S8^O_JkfbA|6;ncBN7yT!~I5oZSYIL>1<_j0TX8({hUB&5;SYD|LP
zLTA*7L&xtT{?2#N_q(1}H1uG^1bn{XA}(j>#+F==kr!z5s^}PKAJ*Z|jyG5O)_gaR
zP?TM(KZ~i4^tT*{YH5Ev5vOwgg7xa?kRWi_f-8D5eIz>kkigz7!$DE1g+aGJIX@+A
z_UrMo?WyrnNEb#{`tf#-5T+AUzth`xet9fceZkktG^I&r{r<)P%ilM^mg9tvJEKx?
zyT$U<p*;_fCSMh^4iTf7g9n2%qKD`F+>wb>??Z8QWrSmfo|<`otSw{r+w}mwC|J5c
zYOg_jpnGb0^v^%_88oebx;@J5c28F0Yb6uqGLO%_AJs>~kf>DuyGnAtf98Sq4*RwH
zxRC4&HHcQWSW&oe-&xvlp&GEnxm{T(!}<8J{8Rf3FF!qBlr8acZ#d!%L0Bm{UhL%B
zFDp-NoW>fm)39s`q)iV(cj+E1%K*OmEv^anAX^iYs?DECyfdYT)K9$6v_nr(tEaph
zwWGLJhX}Czg)%l1_LyoqkiTe_`5P1O*K3{H>%a0WeIUIrtIi<2%d2#;zqYa+L`~PF
z=|Soa|1(F8?blWk^l|OL*YlpBrFcQ(2uc6DcP)oZn-b)g!eMG-N879%4sB)#cZewM
zSuXgbAj_OSSR|0(OLxAWpq6%af?N9t+9ICH>?sVKYRokod|^GZdTtfMb17fQ4PBtP
zH@EU8<?6vV@5UlJ7V4rUMaC5;$9`K<p>fKqB1eZtUF=;vCV^Y#^*;!fIMeXDq(Bcx
z%Tr$n1B=Czztk7*TFLTp00s=z53GCFzEG!~XfRmUH*8fX>u;Lbb$NOaubvPIv~FS4
z=}*l(wbuYD<y^eD1jMz~7Kmf{jTU&$ysenK0|l#$D_oeWsh)zGzIwfW8&%N9jiYQ2
zPQrbrdpXczFIAT*OAT@fil3;>3Xj?(Un|{E#(R8A4B=qv6481%;jN9CyS(SJ8>9W1
zb=~pl-%iX2iAQQd%RDDU<;=?F0ujYdL$5HN<afd+S`mnvu$oX^ejkH*^ay8j_@L&B
zpIFhbZyz%ibNb~<9yY;LLUfEUP|;63D4C#i%hv*~q8q0Wr9fTC$k`S>IOpdLck&tz
zG8;Tu+pw-$gLRr}dDXKL=^bAt0bRxc?Z9mh?ekX^zePtX-=$SrGA<n4F6d?MJVD6h
zNUqGh9~s9t-HPZn>U3G46?M=2%i7EL(5$z9Uy5kW)S!D7DbhVi7>D^_=%k$L@j0Qw
zr?Rv)ER}pHeg_mKNi|^-3eLP*z108$sl4`>bfZY9Xjt4~IvG*s)8G6sJfS9>w3n*P
zssM_2dAcvS-SCTOjp1NDUe@u|vK-%iDF0XCXV9|2@(|#~y#*@J<z&vh;MDwRa@fFy
zh|4x*MGABe@9TYvc*)aacmy0h^?nZyC83qFcJ8tK>_$`McA8mSrWiCLbLrj51s2tF
zR7qL;2r*y5XJ$4K_yGtvglU4LV5dBvf#i62<=$zk(dm`1cY*U&Tt+3BcCQeIJHpN%
zK~NML3M+UmuBUb1VEWFyYd@H5d!ltMC~kMIA0ZC<bE3{{!PjBepm$?zOhWh$|Jg4e
z?LDMCk%{-ovFd~FvcISJ-|h+Pu|0to6nSf!+SL7Aa^=IJg*w5oAyN0BqfFxn!b<#D
zjW$1qnCJ2Joy@}2%3dlfZcJb;ijyxsCgprGIt?vN(Obyp0C~%M>J}ma>o?k#J1QEo
zUC;+^In;ItS7!)fVWL>U&{HRmc2Y>`kaCnHYkt&hFopcPjg#lcFMXp2y_T+zHN_|y
z5R!^lzC_|ibb}^DblukO?km5saYDbmoI{s}CK)>UzWdVWe~sf$e75a1eiTc9)*e_#
z%_8Yz9mTq5GOVMuC~UXB%#jQg6n}|OOf6n{kjj{s<S4bCx`)&zy80-oD#wl;SQq5Z
z+BwaTkCC{kHV2MKQ?J8sg2JnbZ;DqY(5G(^iL%hebh)yH{BT{j%MS&2=~@k^$blFt
z!<Bk`eqf<8={NM{<LDufIh-1_%g%q|hd^9UF6q)2gZ<ezK5(Jd(fTZB2LUnHO8z36
zP?A$TfvwSH3=L!^oJSUTU3I3KgFGxCK#J^*9eXO<VV=*d<-6ZHfzJNq4n60bwpb+)
z7cT5Xz<F6Z4}s^1ELaWPgnAm}DFS|ZWj^6k&%Tu%U@kGxz~9y$RM8OVz%hs+u>BjB
zXq$>0YWp~P#geL=IX$Q<2=a2mSkPY9=Z=x{HQ1N;`v$6@vYu&+^Dhg>Q!Hei(-dMc
zW7OxFW>M@Lc%*i&Y%$fYYh~YDb9U<nx%~>L#)zO12(ZN^0iQDDd<@Oy>2`q<CFq3`
zA;S`pPrtbo2pM|TE~*a>V?IPrcus!lqnI?Yu8w`XwUptr5Js7Z)2?*_HClG{H_F=R
z*6Zh*Doag@l3(Dnis!JvzFK?a71N`2jw~+&v1dhH25Av}Be|I_k%O7L2E(BSo!&JZ
zwi;tIE`JxsD<Mn0oSj!{84FXAC-Hz>rtm(bd3i3f!$0UbC(6%@gx{-T>FcyuW?|Mj
zM;C6GWWH<ysnXmy28Uoo)d{m%gJ&Mc&__1i^U@|xDMoYIjC)kKeQcX<xf;g~LK)mE
z-BXoYAQv+VzOTG$LoYEANL)`n`FBmIul{5?3#Mk%;WdA}VxNkur{BbW!TrRut0-~`
zx-c6eyf-=it<LBeNFadGsTQ+yyp$54lgGr1(b20ntlr-Fc%3ezaGfC74p%hh56!bW
znotTi%p)<~I47-<5^FoI4<$6WvH~|9RbMsd6{<39bf|4Qve4q3GYDK<9W<+6(8q#3
zbc6jN3-48RL_J?SkUr98l(<yFrlz({lgw=B1?O+?03<)yb1+gXBJnVU?S*EMlGMr4
z+T-Z}Hwo7LdPq2NrVwb~@Px(|NKRGZE;Ma$g#C;MqdVWLt#Ej}TS7pTELR;jrZ&2a
z^}2SvOmHFnW=#f0Vob5{6m)R{Q9O>))eN!;Ff)(wBiRx2nEHWR_9@E_9<j-0QxFg+
zHLC}UrKACkHHunS_RqT=9##79Tk>QU>L!P^1x6O%RzS~sCY7Y<5pAUn{k)~bwv3Vx
z%VPs%ZV^>~nB`EIZA0G~=CG~+8ekli@*F>sXKe?8M7<Gvha@azvx$XK|GE?ASB2`n
zv?x6VrMMeJze9R>&5b?TvJafbaGLskyk9C_l;A8~HfJgsFaO%hDgTzo4S#9q@=#Dk
zJV%7(CZGs~ofu_bHiR`CxO0&CF1yt>j7!shvj53(sxHT=uJ(i2UNb_{Sr>aGdd8vl
zxtLVGzo(Gl0&6;iIiamsV?5d?oKwG@U9A{Mi2?cl5C&^hS{+g8*mn+Q%t?&KmvzuP
zSzkW-EO1Do<h%9nv0i4&8A^&bbQifz&qP^Y;mSn@)=8QHmH{oIK4kR=mu+Fz1LbQG
zX-6QpcaEGYot<GnD(Jb$T6KCKO4{~y^BD0kDOz><=@X58DZl+qAAJQ(7tJl=zTije
z%R}q+x;a}8eE}80%_eXBE^=#ZMK4u5Xba@_2joFBa{bCYJL7BbQGd+(;P+eSv=cmW
zDK|f4`?xO0(XMuvlrRIp_~y`!Ju?##eLTmk0;ialKn>)1CwkND6o`k8Lv>{_ySGEi
zIZ;|3^i|(_ll>_*;q7WeN=j0ou*s~}_nBvbpUVij@r;1SQE?APL&+GW8|HD6zV23*
zO@p=fb|+4%FVOpr_ay*YK8kEcO8^dcE*`afQR)Z;qG2boYIXKKVn-vs&A5QOFZ4W#
z>SLGb!k-MM4k)|cMNdr+bI(yxT=Lk==xYFhM%72Y=^sp<e$mHshmT{h$SjKLUDH~!
zBS)}|;eovCOeGXjxmEvWFZ}t)pB{AoMKE|k82e6|jA$V@$~>WWd$?!AeAI{_-<ihl
zC@xuSX8zOQva*aEcWO!hc>aq%qs`S%lLd*#pg88?h?*Oi5Cg`SbW|orbe!OBl~^it
zcrUm!>0`*}5{q~u`v$oZDLyIotyck_XzKMIc?+}6W4*-+a)di@q7Ut6k=yd`^l4jF
zky4+rjEWVnKc$XneW(^s&NLhraaYBMK$ynBu7$MmuO&<4!zU{@0gU%LybcjD5ueHx
zwtl+)p<BE8NO**S%buF(64CpSsn3SA<dhLp-&9k6dzL+V;pXMc%xUk5V*C1;KWp!a
zsqtZ7c7zSpxyKvh1zOM%28=x5MCisymB`({f!nyq^<eSK!R%*WeSJ~@iZM<_a9h7-
zKo3EbBRRbEK09f>yOZfP1c-zk@%}_L$y-7<=*~{QCf)F$a8CdG;KUH#!lXSg(AQtp
z;&hq#;a%V^IY*TW2VE$eb1AoLKjz;&Qmorr7untPwc_hgi#OD~(_PEtO=m{DEYflI
z32kyIKG*uRM*}DzBSd$dcUK*HI6~IW-$nH&C_r(vjP9AI)~7-4PF&aluni%)IxhG3
zvQ6oj6B)a;lYf=|fbWAR6ojX4drA`78j2CU<phmDEk6OHSC#lI46iyTodVPE!-Lc>
z0@V)M1i8IGw&@#XWsDso(<0)pop$FAkn?Vt?9eG$4dbu<-e~rU?F)<+N340|NwGeI
zE|RYR(y$6LKokj>7@qdtw*?}mK7AMj+iLbKFV*s`P%xzUQn1fXmOHW8-y&dTPFftC
zrtP2JKip^jH^xW$@U|Q9;^j=qBc$kk%C@6+qsX=_0X)Nl(NfXNl;ukCKf0>Se+l*#
zuI8Tr;?6`D`{zA>22RxL1f9%FJnPa2*dtaLPPia*(a``z+yP?rd`iu&%y8|Xzf!7q
z4U)6#49C4kZ`qPRolgzZ2PjT8G3@p=U^h#)pat167tZF8&4w<Xqb0dpJ4ZUWL=q-u
z1}YM`HorF;?42ZeOI`_jfR%OpH2qc-v`Bo-f~lFyt4<^ywc;QJ+6h}Emck8p<S3?l
z@x;xVWKOAif)Ou586u^72To|bFhZf0%YlCsrT!K~8qF=_t!?U7j1?uw9Ns2{mx3-f
zd%kDQrI?$NM9f?;q^52cq~)Sa?O9M5zw%nWtNd(^7bCYX{3V3BpASuCf+~3`TX+1M
z)$8a(`&0^2a^?(QSiZ3`97<7LXsNACCmZH_ErVLnj<}>6Aq3j8QmYS;y8W4<REpN;
zIe*yis;S}WmHv9+y~;6MzsqKF>j<QyMQ$yN9Nt`#=QKTT8_rd?Jwe7(nxWuez<p?L
zh1D5_@{>QDl8XMIA3yaF@N*wl6w0C?_g-rzx-q(mY9to=Y&Zq81A5_XRM&J+u6VMb
z09A@*#aHwa-OJ8wlTQf4rF|vJP5x}oBXoEhBtT;IsT2VZxVJYEGLi*uBf8CaamSzw
z9RoKuSJ)hiZ{ACF@kOHZln!qzk!5GN_f-u&FtSPhYAlZWEOeq&O?`c&uGLfs?{#Fi
z&2oK4YRJP{ikGG%o5F_bgJr+e14qm3b^~n3-2w&5>quaQvXbHnbO^_JcMH8vcdF<6
zEpuX$0v?|M@nJTJj^pRr!FNhesk+qP4XlfM8#u-Pc7Z@OF;6>U5rOgX)JD%R*<A)+
z$!jZ}LH)gkWu7(UgcwkWupfvA>|TBm6`qRb6IIfFHD+InlY%a^ah%$>Vr6o%GpkX2
ze5JQUJel@F=yqerkXC|xW@Y%keS)T{Kx;(n$5CvC@zKa{k)Kv{ZDlmpXQ94uadvRw
z)r7^3ZhzYyiIv0z8Dzm?(q2^s)og(>#{3xcn}=6+yfQLr@vkS9?GzOO6F?rbu~a-z
z!b%}gZ()!#78-}Lm<*y37m}<&r?qYM5i|i0qPXPeN}}!r5G<!>_PH)r(Of_i&2X@;
zwU)E_pw)u%FuE>!!mGb+vW+H@t=_B@D@yg$Ph5Ix9dr3nIICALX88dUHv&CO(%)N#
z)x!-&g0NQcpSs5w0U&PcNFpX!bXYks3Mi$32U*KD3xFIW8;j{SRt)R0!j0?;JEWEQ
zLIaSTyfwX*$4;c81=GQuhk5lUt&oX%b08bs(7+b#de`MJ<vr0`e77mqddJsSNL)+R
z6revz=H8^ylM%t0Z*eV`)mJiI&Wm=y&kPz2*ZW)Gu?R)~{&E6nUM$yq``y)q`XGIu
z$`QLVyZ(E~KP{=*4pW0=ajdk-?s#NA2b(vpYbBCby2(&H5#n8XmNg+EHddxAbIsv~
zWP<$6=M1yEwo+SX+QRtTYe2Je)_sawM4gQ<&<IHua^7k5UTDxnrH(_9(dboE1Ue}E
z+&*fuxoJ28(-i3kcdVb8FX6{GU5VNS?hRe{{k9_DDk5X&Ke6;oZ+4oFpE$8wun^F^
zh4FS=oy!ZMH^bHUy?b;1b=F0fBGZ`_uL|s3_1hxPw*~aKbEAF7t3e~E%u1W+Q)5ST
zt*ox-t&bSo4B^pS3;3fXEf4l>;G$!xxi5P5W#=x%%bA<S;LeMSt;Tg64=IuwzkAd4
zP@T_$98}u#1Vh2B4teQ-HPqxa&I+D5wGe8mX(+6<4RZF@x^s`7xVL)G9@?7cSmtyj
zDqh)BTIQ%$Cg8E@AgdB%T!TH4AZmR;X>aH;Do^*i1;wb?j$UEB=qKV02J5%W4y96G
zi}6FiZM3ToHxS$32O}AB&-FxdJ(kJT0)gq+ooA~pwY32c>Z^*WCoEv;@KGr36-e!D
z282Hay+AxC$7+-_lbdd^-nj|Fwf1<)@&maF(B<i2*KdC}G@*9snj0!1wW-;lH?53+
zIB^$R$7loOrT)~cDkqWKTMSya!mc_a?rwz`xvq)_(JE)x>XPDP_~YVB_6ElTednGH
z&t_=_1rQI5zV!dr-@hCIBi~gWoh<a4Y9qDVUK7X$!r3uAK@+zrZWoBnZtE@=`xT{p
ztg_N3)=QJF8iaXgxPt!;_+HSLGUF#1E{BI7+z#OqU46)3`GFjw-r^v)?vZ6bldq8m
zLP@4^lKy8#_WBmdLYMQ;4^NKJgdLSFeBI~@7=mQRu<lrydy>2h&0+eyd+<cJ1?V*5
z-M|A?Zl*1LitTO?25n$LQ~gfnByb=EC=gU~PZ=&)(-~AWYbjlHDpE2STj*Dm4MH1N
zAn!tbANWc!ntPuTXSJUJT+nvrT&JHGoFoz3=?*B{6fU=$EO9mJAb2#ynyq%@1Y=Jt
zTS-H4=N}<qmWC$TryIJJ<EiJPc5m|KCcb3>Bj1FPZBrS=CUF-$3l`aV(n7D>pGw;m
z=?$z;JxrQlHL!ad9>k@^J>&^b2D>Lma~t!!FBKR@=qr&_p3b-f`_wtqk}>Hs5?t-l
zYKjIOzWYexeOhuL!9DI~=L#YJRQRogkHO)8_`j>_8_n<;oIM*%E~R}w_~OiF$ZqL1
z)jsE|*Iuc@1#X#3`ppb>NSz2ON$ANQ%XiO)>imzW{C1SC05{a7c)2hFf%Uk#=6Z@w
zL5U8a%pMV)_MYY|>MpR<7|)cv>h@7CKhcf&zsUOTxF)af|5$5jU9?rf1yrq~fMB(X
z%vh~OML`8*Cn_Q$OIAW4Lu-*L3ND61hzpRF$leKph%yoZA+iz~A&>w8LJ~sO?>>qB
zwBOh7AMy2q=RWtIectEX^T@MSNIOOVD5dfMU^=(55yxI;a1{SXvpnXM-*H@RG-{^q
z5CAov`&2e>xSs?3x5<}{cqUOMFlV$Jqp6VZnUS9W6U-X^?73^~U0Sq1+_N|G@fk-_
z6-GSHo5oF+@|9MuBgW>SRhc!PrKd%Dyxd~fTb3$`t1bhriETExJ$j5?`?5mtdz6tC
zmWk>uY|E^-OQ8T>081?W^tS#4<yaO#NUmt4`cNRK{**${!I5Pp9qQyMZ&}j#3oDZf
zV__$0rK4fCH|1%@`mgvyPqkciBpDT(kv#^s-^h9Oa{>3K;_D&1wbuAJ1?l=yUJt@Q
zmDkCB6`J86+B(o3ZwQj((U$Vy?Z;IIiUMF)uWeS3N?d!MFU(ZU4c%-2DP~cJ5%$eA
zV7u)8)T_^Lg`Ll5kabbB-D!DdIo`}I0B_7U0@#)*yjCRg%rZMxWfBcMP>2VSA|D5m
z(|1|G=B>Ki)E6ZW&w+G~nsw5m5}1Ig3uq929nwTeZ@NcY?27TrXM6%mjgXb$-l1&w
zqv*BYx{ex?qT4?XUY>WGoGugtu!gn{sA2g0g=;U~pX>!dhIIy8_;k8t&Z2R#_FsvI
z9b*J2564tXed;nffVak<Ye4Ag#W1%kYRh_c6EJaMJx4alBunBFFCvo6RE!r^%WvO_
zwMn70rKqY<IM(+WZyffSt>d%GW#c~54o7mctJ3k?LXiDgi){M+YoW{{U}+`=LF}uw
z?pXsWqMBK7%X5r{nR<iIlR6LPl~lcYrLtwmw$$|&4u`&XwC_%1%X^v<x%O}XS}5tp
z+g7@eDk7&giI*8BIzz!N%WZqe5ft!eU*@eIx?FP7cK+dQgFW&W9@SkSa7@G;7Zn~w
zpFIGf>D^Jm(Jj3PIo$x#%C$A+*bE%C2>|A7R?ZS6aK$w?Js?N=^Na33UEvvA72$i1
zJ?a0Oi$`q~fL=;YN=si@z4|u4I#^=Q<TTT!s}6F++~fL3aUp&M)4Fb^rW5c=@=0am
zg(%on>MFItU;Y%FP&MDN(ssAJqrO#d)3ig?;`n!O&-=FJdPzU`04CVjaufqciAW%2
zP;t=y#y7CBF9!2_4`N>b-0k;1IfKq#j%k)>ydUH}d_b-{U*gj=+|6n3Q`Z4N8tBC4
zyYr!Xfa~Zn_=DTaVIR!DFmDxA8`QGGJUzB2oiTg7-^<&3yCSSZ&+QFJc3tvjIg49H
zr&o)8%9R4%;YOU{TL4SGe+7f#HfaQV_lB^{JX6zFtkuqk$MU8h`i?z_(7JJ8o_94V
zwpJ4Bc;-k9yF9O{D_0ydGU7&!@ZSA1tghzE*&jtp$0yC+FW{I4@@ODMSPAcD$DaFB
zb$8c-h_V`3?EwbS^1f0T;xzbv(*Bmr;SR@MZ~}}AN_G9R{bC~|OE{O4=G5@ABEupw
zKl(6rmUf?9cXu88boAt<r`YMOtKv=*v`X^!TrLHn10#w&*ZKY~$nG>Fgm?Y^2ipoa
z%ENNHOTITMKv;&ptlEb(-8OJ-Q%T`T{OiZq@o?_(jZr^gdk^*s{yZc4tDq@wi}X=U
zQ+Nz3WBGTmU1neG$_1aNSYJanTEPRw%ne~lE#MsAd#0GFyrLMSUx1)Xe#?vQ09p<T
zFs$;>mW;jcuYi=;P(#Pf5SoW=eDm7Lf6&P*kz|R`+xc)Rsx?6`(Y|W&p<o~Ug2H%P
z)v{NNbW0DtwxpGbh;pt}y@F<7*V@ei;T$3(&HDa&>&7*IzJ%P{R_|+D&zm5l1-I&{
zG4)N?vK7IXT+AL>djT<#<3ZYYz)>>|@5VcT63sf5v(ndFHi|mlAL@$qG^%`I{OYg3
zcPD5u7xvZB#j<CGbmJ*i_4L<h=t+iVc;k&X0j$XB??7r0<bTe|14t=B;1<l-01p4-
zo(yBf+!6dJ%MdmHHERCd40F_PiglO7N(E@chgDxVSori6w;l*fd3Njx|49GP(S*Eh
z$GBSuu5I0pbyOY+W!og$OZD1wA?{X{om8f2;LSy_)<^2OVrP%s1|}fFVWw`e|8Gtn
zAQ+v(H$)<%PXi%-*3HQ(C&CL=tP=LB0^Z?OAU>AP8f<L<;NQPbXThh30ED{9$qTBX
zR~aEK?nf+1t}tE}16R)8Jd{H-^XQr#dL7rz$u2j99=-X`i-UKl-U@f$VEQ@e=Yblz
z+`nUu+YoDxeBDtGSUz6tIzrq>W2{O9{Nw;YrQ#nv1+dUI4aa{3jRyv{;k-+i>sB-4
z0jlcCwO8#JUpk!%A?SlK`6Qc1laeE~2S3|9X3HL3SPQ#K{=%&{JUQ#o;BZ}MeP%_n
zt_1!HSpSd*WLWXr@R;sc!<=HJX%2I1EG`@12C5SvD?i}+MM%&8illNvcRW3<4pwRl
z-PRwi`pWt|h{yNp>WJAX;_Bz_HsL%sP>Tth*ekG{{|kC=!k72fRkc-<AQ)!rPUmBJ
zEx;G;8!<9FTD91^IY~MzNZ*UuFOt|5TgD81KIBt5D|-Ju45s%**RO$qI~>A3@9AvM
z?8*g5#Z1n1#xdww7iLoO9i3*hP3iSSZ9+Xz5!Vq3YXe@*r-<J*4()3Qz^JWyWhQ*U
z1o=t~fL3vTbm)El6{Jt3ic9C&H%r)?+Kj9VYRgV86kPZg?D~s@f-p9-6lCt~44rL_
zYe2Aj0+_pwHBWMk!#hdX&^QAFs@gDs7z}!>^$V%a9>PZttI>!hM?-DSfqn~sA&6cW
zA8>NzN@#(<x-Lw0W+h}QZI9+b4ucHv=VLcuuy@D5?027zk?JBQR0X8+w3p+fDhn)E
z^cp;FzX4=1(TGr$qyta-HP2O7Ok7I(_TKVEu)AO6>f75PkCcVQhAUYloz0CRsHek4
z+B^lG^#lzWkNhI1=R`sfX;4g(ZSO^B!QTCkL}8t22v8<)_V{}>)cOE2SR+Du#F9$^
z*2o1=Yu;nniO>EOFb+V1mPlLpy02hQG}*!dQmuc}>ufTpMzH2T&b2g|6DI%6TiQwa
z&VXW-K^qrs2=7#(@=rcq+meFE2DY4l*M!=S^X|mXCT$2a_uiMB=M@GeIzEFfj`laA
z-?*Jy@CKOo+*yyStC`{368{p^C>y{5wgrS|n%S0%Wm_gC$2@95)o&7gVx0E#z#>?$
z#^twOH}{fc8s6bZ(yh+q-wpxxCtQ&{j`Rk>J?6wyc{xb5Jk1ya#T0*OOo+GpC$wy9
z?4xP`Ak!33hf4B^3BqS6{RUklS5#1HoNgZaIb+!}SqLHW9DC=M*hhT`&-6-P;Pm<c
zN0|XjlPKh!58?YV(oAm$^$6d8zdCctk<i#_e;2Ae?Y;A&-Rl@G-QFIbVq$s)NhOv(
zyr@!fjDTENAj?PtT>EfeZ4I7iy)_rqp7kNmb?=R>rCB|uY<$^;My8RZqf!8AQL#gx
zuQN#2r*UsT7WV8i+&MB{lJN?_d;X;}8GAr-@T~U}ceR+{7`39c+&DZ_HS_1qKw7}T
z+FZ~ju%dDtZ3sx@p&?PkCM*^`e@Rd(?YQ$iwxf-*qqV;%|CNf&J+4<^ivbm;@BL1K
zF`p3uCP>6O+r6770m5n%$#a{3{3qo<>s<IXgQUO0KxOkdZ{y0rHb5)1O$bO%Z+gZE
ze~qMp6<QlXJR}4SM<*1D`)9ZS{py?_9Ves!p}VA+Bl@8pDy%R$S@0-ds&(<RSAuR`
z9c_Z@sLjHdAl7Jb?=Ib8X@|Btdhw?rJ9wF^;_5q@gopnw@qNz~1xq)914_4`9u?+(
zPEd|GV?FoTNlX5`&I(L!-Q^lEn@PhrcTdoCUDp^%@>>LWM28;irzADy*Se_&--eUW
zZFcl^7`|PK;+-d&h@0#~nX+fg5=~`2C(}?nWug;SDY)5^+#pK%caw)`C#sWGV|~H<
zWu;8)$Qr+`hq9|6XdXwE^Fh|)nF3NvkYfYLCAASzA8?jTZk>D--T3CIRwuscMHdts
z2fa%n{5-xAc2`3PlM0gj(`*VglG_vVXvGWkPL<F@kD`!kmlDpzc!%^=%Ab}`dWrA!
z&LeXa@(pRWRq_IO%`lg6;lw$C0D<@<n}q5Os!tC;`=&yq?{bNqH9iAIkJxM*Ml0bI
zaSXTlpmg{s8g|uL?K+<b>Q{XTk&Vqt0((p4o!}J{$@|YD{$7|#tP!g`C4(orgoGK_
zT*m>F)8+ZyCLm6T9?adDnP^Mk9pMQcRRGK^3KR^n{8&(mTlHWH2FuoryT;8VB-YHX
zVNQ4`>3~p#g~#444&8Y2%FBwlL~2!)vLPfdL$b_(Z0jR)b-JF~=v5!^M0elFF;{Q5
zewD<Z=GVddb4W=5=|sqps>QH$O{~?LSB}5XGaG=~shZzgovb*t@kg^8(R}){ygb5W
zZI@q&s`%rsEJM+2iYw!#Lipav+?BL1GJhc-7{F;<pChHqDWEUIIS*g}wz84)msKml
zM>gi_)d5HVunLUSW^wg+Y$@9YXoXtP9W<lRM;o(<E#T5HslOyZ3Z^ekpU)%7#}0Ru
zsyM_hSGl|?FL59`{PM2Oe0^jdC~W6Z&(0nZxj@kTuZ4m)&GpniWEwk00=$+O6m4rE
zaje}8fEOdAvKJ)W%UnlVkmOpitLuopEI?&lWa+9*^B6c25H5kjA7Q+fa%v4|90LFx
zIm3N})z@r)nF9#nKNth_l>IH+k0`F*Mm7Wu9b{8y<+kyquq*4;+42V`W`ER_6fi=Z
zR04}~<B4d>Ehk8C@I#<A4q*7|#-wQF8)XdAGqn<A>)4nADi(ym?JFv0J@@H|y=<u%
z!4eRSrU1bCk>57^l=ovX*^G^({+Qq9#|8jMY{&#r4Kle;*4P!>JP7rqB{e>ZVE}Lz
z@ks?Nw=-$?h7$Nf&Jk$4KAy+m8}Zy<l?nbXTN)qry)A!;NCTQ2wOX^?RRZ~Z5ho30
zs)`LjnF8EsTCWU<Bf<mMMmg?Gs#P%Z9Q&ffzs;kmpePw2nY8L{t_unX#f(yBF%yFx
z*;=_j!;}X%O&KPJD0`QH!EGDN0Z2x`gbMu5aGJHC?kv-t^nNttK@paiiiO;p*MayM
zs!;*5(M0W@oi82oQa<9f3R+GOb^#5Y-mcb{vvgKjxHOI2Q#m0nxr_e9H?$2KSH(0i
z6wT!gt3C`@jvL?Kx^6pwUu=D_=LHsOygoGzFX72s4ZDLLDX+}#u1oiNL{iQb8zyGm
z=n93>L(oY#+jP_wcGXU!JKohOW)Ih^I9wWMKIx@Yl$=G|@+Qr@dBfUFE4(nB=ZKr_
zw=<GgDtr6jD2K}`Ob)R{<=aX3HK-NeaP_`#vZC&O;U<9SxgOsby=!NF0{<pevL1E`
zd@BYZ>JgmB;LpKSl@{vb^`rEsEU72=3|o{Fo+nT!gn0(@4a;(wgu(jDQ;uf2I?AD;
z%QG!R*D>9NxX}72fpkvVg;vlpU1<DJI<M6H1><R7Z%H^t3KnH0oBU9B|9fha3d~qR
zXU2B<i>l<Uwdx|v3oBUN7Ij>7z>YPufm<8ZN%n;!^JE=g^*b2-)iii>T!LSy;fV+l
z=SrvjbY0>%y_j-ZLyZU(EijO7IJSY;NyWG-G+5NTp_AL=zEjo&%rRlVby9}Oy1J8n
zZu=KXx?+!wPA}BgQ)vdEoVX3RJAF-#xx0GwhHps4MdmEr*5*|kB7`=R-eZ`@R`o2)
ztuzyx=Lfq=d$IMMJpyuD2-(1j>d%~|AgTeYA7n0Gdl^D^vQG@8uRqhY#`Zkc1g=PU
zVf?@2c=A#CRz96}DQh5Zo%A@FmU(ckoXW^Rwuz+UykKKhW_+GN)w(2nd0~n|xYyi7
zRr(75{`6PNGb3YX&1$ajj$C%rV+w(yFh`rMKoAZ~)IbC~YlFBJ!^{aUapl~VGMwV0
zA-#Yq(590Vtnre&Q6G%|njG9QGd(lv-;|QMZ_-1Y&BRAYX-AV+pB)2Pm#Poy+Bvc;
zZ#Ww2+X6^e`+v5bTWK4lM`c)IQz8Z#oreY+&kXLjovsADXMLJ{@To<K>7*BzW0r1M
z`-dyHg^Tp)mk~=|Sr+^e&aq-cExyNrS#H&Y6WQOfyK4Novv7OubDqr7(rAew!?jkK
zXqK;YaLnpLX(h@_AgvYVF<Gg2c@Y133-vVU)YxXfV%KWcm4Vhhpd%0cVo8^OY0)cz
z_zpA03?LZ)tesdfx`ncz5Bvw7TT-{zr*_zf>r9b7A6#BAT%}y5dxou?nTvdP8hB{c
zoFhI^YX2Zp%WV#7qfQ4o^IjnRd!>&E`ivC(c3>8FX}+ptJ=(h=**m(8&Y_injfZ3{
zDRAf6&|(mgEhMk~vYB4{%rg1=!(9?N3zNgYmwB0wvkw{|Oct1@hhxHwU^)d|py|^w
z4fGj<7eK*c0>|Dq_N#yFn8~@2>cI&nqBx+3z$yvoDetWBG7-@o(>-x2KLcejKhr~?
z>R-}@R(4nBfT0b5d-%S+Rw)W*`M|3{m$1t)9b(>Wrb?Nf^E~HVq?bD728~npRbPD}
zOx=$WVE3+pRp)vP%_lvSAAn#{P@cu?AVqAZs3a29yJHpP-sl$vPTh}f42li<sDZe!
zT$s)sP-fDmg2D|Xb?%#L=#C+d|5-J(?G87C1{9z_YeTZa*W*g>QSX>xi!N<!us=L#
zAiuuqFVRuY@`TIGSz2z_NU3=Z@BYZ@ua=kG0saD{4r8x@l#rqN1>zp1KQ&?rEL9CJ
zT-_u#2)34B(t_QT-5$7TvZFhbKR^pd0R4{Xt#XOYZs#tnM%C71^18S{lf+J%uqs>U
z?C0B1!#-#o(dww@RnP%^;r)Ojcj#CHJFEG=)s1(F_|Z(q%F!FeO~5!~Wm(=WDmf4t
zT8hr!C?_U95F^5oY~XwIUB<hLvtRK`1A5?eTMNQ)5ee5v_oWb;LNX+`M?Nk#skqbF
z(ZyY(-Ty%6Op~ZJ$ET|+wibE(Ujl6|^^sKVVO8<d*QB9{LIZM7=>)usM+ojMo!F4`
zl<UQN%jrU^SeULhYF||z#Dyug6)id_NY9ChURgSRgTv16(!I<b)1~y3$_?4TqcroC
zvRT8eDc>GIdb?DNH$$n0qegGrx?CD(kN<nrZ~CkB`1B~gUGh#sA3gkSgPmOn5CJn}
zctepHByKlL4iu+|64=(+(cbfaPn&t?kGiD=@aO4l-k{T`6PG*59PN+fM9N3JvectC
zTP)mAFCij@?_I4eDqp}x8=;Od`=v6$ap?UJ*pwH>Q4#-T<C2IrvTMz3ffa)~4=CJ?
zEEZ0bx8Ar@ogA0_l8`NCjQ7GrC~@}{`J{!B$}S0R^iRl>99wbT1)W4G@N;9nqWbe~
z*$^Sn(AHT!f&(Ol{r4?wCz-UMn8^k~_;*a7F#oS20s$a4bL5-=07H>pAga=4V-y9D
z4bxNtTA%l1BSPGi8-VUx6^-BUEw`3C2S&fz|LxY2DMt=9>Xb-9vLU=aIFS#g55`gY
zdPUU%J>*^z;n&KNMGoOEg(VZEvCTWd>K-5#SNVcSHoyx&0|IaXBZ2bXr5ObBW?f3D
z4AiV?zhsbDmS<9_7r~}DUD7l}@`Mg-?Phggkg64;d>89T!bMwd{eELfl^ED4w#bU>
z!d6u-%d3RfRy<bS=eY(+hZ;*GX-^i&jzseq{SG?gNf!`RxJs=V?=x3U|6RDV(+~Y4
z0$z61hI+=aAN0sW9bcqhF!>7;@1J*pR=6B0@E9WK7J;trMJf&?J3(N}eazKH$Q7@}
zH~QzS%ysOyymtnDGn%|Y`1$dM<bk_7@)f6J1;u!QADt2`9Xg!zI+qs`E1b@7Bq4FK
zCf&n-EBcrd(|Wyi&m-3(7^V7fk%$NIiMDV0pi&!@C&$chp9OX=`|WI|fwu5y);C~K
zjr#m!g#orz6LzQTsY@sU@UohPP8u#)R7<#m7gaHksq3HQ#!~u8-p;jCiKh8fNhjBp
zz$<6uQE?|p?^qbI=Y4zqvuD63Axgg7*wEM9*x=ua3GpOSHtI1>=xVwJ!C3XHYAESR
z6M3LizJ<xU;t=_o|28~VAO{z{1xlhY7m8pm9%?Un<-7tFD->U2c<+zVZ;&qM?iFDr
zwaF?}*!#t;>;IazBxfHV@WPFQE@f~v1oR|qS8<@8As>ONIsCzn#bDZyI$*LvwUIem
z9Su}Wexf4aq(aH?0;2$8<8v#4zdO`5M81M(kgi~#QbKyZptkX{JKQX!uFxH1K3ghB
z7F}F%K5D>?@fa8`M8B#IK*du~<~=MOZ@<8U)m>G)`vZyIF%7exryHoI#$P`el;se3
z54bLb1&B^u37xd!C44$g*LLG+)%f8q?6<jH_sLiE{^Ac-^+x_cPP{^_;X85L5axpm
z<CwZye!3P!)9xp6Oi^?{bPEPD$N+(mB}vB}6S+ows8>KIRh|Aun*>BD#2XloRy=1*
z9)Soz)gD{S4&QiLXn=Gc_>t%MS4Xa74LR=$E|#B<Z;R!ddBq79K1zGw$zD+_e%G;w
z4o3t{tDsjR$eSvE1VEh|BPYT2FLmwes(#Clh`7Z0m5%STV&jc!@&1wxd8*-))GApY
zDIb6?%erV5h2_yrY~1r`-fOG8a-4wQ6+-NXSKHJmV`<7Ho}C{HF`!H;&GE?@UGwMU
z^r;bl=HzoA-oNYkM0r!V4*CTNtNnt#K_AXjP!7HttIpc4>Idi|R8Z6utgQK5<vlsi
zTj2Qxvwqod8a_`@fr$Y$Rrac`>u7A@LX2Jc8Th<zO6HWkO;x>9&*1RePBPn0{fcnt
z6#y8al6Qsk7Y>f6G?h)o1czOM9U!Rz!Y56=vCKi)-<@9_iVPJUB2?xs7_#Thx&-}%
z?Kd-G_#_n@?m`P?&jsG~mUrCxXz?<RznE10lV|}4z5sOK!rFR%96w6r`yehCw06_h
zL9IUT!Iu(nKS4OJ`V>e(4!@I^LKR={g3I74oY<#M#z`~u%O%xH{qj^ZEv_%<{yEHK
zGcRYH?9NVGTZl0Sqi`<N2p&`v3eQ;sitk>|sTQHZAnT!<>SM=zA86&7J+`)%InOzP
zhE-gvR_9k-789tv3v?mom&azRK{s;P(XdolowYj9JCInql)_dPhM&G(pXo8^Q$v%t
z5yKbUrYo0TlNzo>kSuALh!9o9^!j(Ee=(t^7kVkwC7cL)Q{D>AYw?Gk%AXI%&h|kW
zBe>%re+^ZrKp!Bt8MLT@b{-iE+z|rSE^?yeb7hL?PjFXluXJ{@6jQs^!Wnip;|sYx
zVwr;Zd5f-o65_>W5kIrsIguse{Cp4*g_O}lT+vuj?#D{gu4pd!YUZ`q!pCSmY`sgG
zJvRsxRqLP{T`tzwu^<>usZhmix`YR<2RWPOyo{`8aG+T~C(`qn3ZuR~;j{=AtpQ_g
zP?L9BLMp|;(D(!Ax*8F;Ft3!Hp+(Lf_;G`F!XdQMUqqXbwtuuRYmDX^(ofVT`0>91
zz|($kezUbL0!-(^&Q4mDCAf_R^;53=O*~w#@3`W5b%E=NjnP+rMJn^ABcedT_eq>O
zOZwnb&+it=?BLF|Tmx#-o5t(hG(+(jc$vT^CmeYhgj70t5O$hZ?ri%5NJ`v6u^bqf
z$Ls$<J3%1fis2iHzdE9{U~_+Kbo_YKK#gr=g`0w)V$**9W#;ojHbIGpHZ93%di4+p
zx(Nzi5xLM>*gxl(Pj?Ak4=_P-Kd5S4i^vw0fI!GTevjl1_ZS@d_Q%*Fb-F&6It?aO
zVy=XXMkFDQLxZn%GwPIGY51Q-Zpp_0?avhzo@BiOT_mR|2Pf2^i_IsW*wdz<4!X-u
z<2imA6pf1vXxPIdfolBsAD5Zwo3j;NABWwIz!`6}H*7+2?2SP@f){@*{CL(fz$Ta%
zC91Di%DTBNw1>;JVXfExIUp`t(NzwA^yYOu!(d}yM)Yy}r++c)cJ+aJQ3a@Qhd~Vm
zet|X_>mB?G!sBJ&at~5z@cskrK*|@A2Q~1`5G5~oHy)A5N(G#F{MqM5u2uF*SHd`j
zl^Pw`00DWQ3i=9Vw?QpJ&H?=sHiQI&t;$@ewzFES3<mA&(05lsnhi*^&>lHYH{1Hl
z^pMDqpa{rm+BX5tlzgiYi{Sv=I93=hQ<-8@B0csKGm~{e?_qGu9Kqqn5}4)B8pU6Q
zPzB(k7-_m3w09FVl6N4IXHPk5^Y)zS;NDjsZ-YuE4qU{U@;jk-VnufG$5?<8-&u34
z^1>0=lg0m|F0GrSYO}jPkDif@Tx-i|+TRLo;u#1uhM`ux==L{*AFot-+XRF9#I2i;
zs+(pz1xG-EboUpP|Bj+6ol?XJer^{GxhkjpPA7(@f+Whs#dS?H#m)02R+$b(=3ntp
zqBl9iU7+L0@NHNofdnd>7rq#<RS38jtwwgDOC>W?J^Y;(&n|b=J8nbQoTC7=0u4fy
z<w1X5$=xa!2xpFjt}?xC%e)7M6+Bs?A*fsRbaacZna7W!oQ73LC#*Iq$4NA#qLCKu
z!z)}F0Kx)&VJb*&f>KsXNY*~NLYNHdBLcOs*)%j(d=r#94}g#70^W=Pp=%J83a~~u
zadAye5}KLFEv^&@f%b-$6qeO}c8uUbR<Og09M3Le(AByBv9Y2Yv<yG_!dbVz=><nq
zj~^q21IQDb*@H8UG^OaHk6yRh;4I?3UE0a?0={<Wrl*zmE7#+or-$mh&~*RlKTVC0
za>wz>G}Xl)r7II_%asi1X+Ur5-YBwMye3wGhMR7E66`W4qu7Cb+Z@<X!$XT;JN{=H
z;&b7$lnuEmxk|a?CN{3A+(G|{4eJ~z#ng?1{`x-C?GrS!oiBo27~oTCL<)8XXc0Z4
z21Bmu$H;&w!+;RQxsyk<|G7pP(h0x!rnZ4|EpF;4SfqfoP!R4!8SViavj4QuKSxks
zG=x~=4H{Kc#S+8m<o-zFG-b<X%iBLa`CReK5sA0ux3`wL|CIW5#M~py#Zyf)GwWjK
zlBedv1e06$ByJhrXPMB_x?kz??FF_Z_Q~S)N6_rR3tFds+Z_MhlfVD|S|X&;9M<GG
zQ@QE6;k>{|RtSQ`jGwb9HN%DA7F;Ere)%l1ptuJH+u96q@KWk*v^`gjrd*5+k;&im
zF}^LYymJb%I08M(TW~?fjAgufF_lcf&cCL=jUYrVSfFjq(^kMvK2a;yjUANo2yzUA
z;p+mPmY|h=SJL{{a`qlTvun9!6fCEAK>?5vf}1nCg=tX3Eqvgbs5rfE1MJBG3<ROA
zh#A;`luz?n6*;Rot>z3njG|9K2tOk#V^pGvdcolvibXrq8ieyv_(PZ#SKji1vT4{!
zu^nw}`p~&kdYonEvjutO@aVVA_gpU&FM{pXoXL$nyKrM?0b`O75ecoeRie!PvN1w7
zd80HjZDqfRd+OA{PKHecfjd$vVmDu01iSDMYLxx3iz7;=Ur(fN$&2peR>k2>`$zZv
zfmv~~?Wl26Fh==QR{yNZ)4{EJ*pcCeW1@YFVX%GMq3>QkIj3mm<IDs7aV%LO8X`&m
zJPWy0Lr~}Nx3Bxmi6vFacbx$>wsMO&fgru6NSW4S0=v56KfF*7!d#(E_u&Pu4MD*^
zU{hVSmqlYwL#(5i+0VecspECtBx@Y|o~vIm>}qB9zpT)Y8kuzO>a%6ma=HIJyOW?w
za)kSeKG`7g^VeRzOqi`XB#GRYRcV>F1lDT9fo$xr$1$~;;j%dL`&<^l$fyR(G@Jey
zzMw=a*k%@2n4~`rN0wt-u36cBp*DDP*1vDYa~E@=6Q{>;Szkzvqj*@MW?c2E%uI5h
zzhF==b3S2uMqs;`8Zy74azIm+2MGYBkMemzB$A9sSOYlzyylyiW_O<9rPr+BYu9w0
zqF&izNG>2ul+>2P;n0?M{<~%2GJ*UWoh?@&eIr9+up<n1pL_L8+LxnW#{l_@WLN<C
zJ7b4wzg7)LFErm%-951q7H+SRKPLn{BN61KMa|_l!K&wZ4M9NxV0+gwZOZ2qn{$&1
z%{19Ui#8kdWAhfG_gVbs?TRQ<nqY-Hr*9=eS(%8&i#~N<@$6gA*<1J7!NVOc&R_qW
zLJOJ{YZJ>*ePPg}TmRX(B5EaTZkE0{vBoA3@5k;_eZDh@Dzj(~xcZt{rYaM7T3?Z5
zKYwP~%+!mL_)vNYb8z1Wi|f2jLw!mI8XhtoN0{B^XnjSz#7`uch@Ng|Psu;_(X9I4
z?z6+J*i|85g}0=n7gZ_k9IfOh-Oi*4Gr88EEc}BMIEVu&UpT<59dFd8O`S-yJVnR0
zV3U|TLTY?m&n#kOIjXuy5%?ih&A$G!GCw{>t%IzWHQ$VJKPv3-Gt#)JWi7nzX2{y%
zL}Ybz;4f(#VWSD^uT`$^rqr-v24?#?SrTQ~nI(*5N4z-EiaSuM6WnS2JJ?=&=a~dN
zH@UQ0x!EZ9xx9F>K-oW@XQv_shQU&;G^+54&z>8KL#nb)5Vw1BOKMmIg}o(Bs1z0-
zi`pj_v2D65dDlow%l!~VlQnIF7_2p*-Z2MvcLF;lU3eBca{nO-8c~UwYwLLd+lAH~
zc^4-#-T5p{<v7)xJ2);8vk6WWdcxI!Y14?>Dy0(=H^zFEZ_15lU|xpL@(SUt+m>9d
z1R@F22Vm@~xhX7>z=|;Er+q;*Jy#`pULK*Oc_P*YH&`DAC##v`O>-8bl}DY=*hxoA
z`{1)gV>`rSNZ`P)A%o|HkkD0@vs;KXRUED5^3b?2g`n^w8mQU?%b7UVvzl+#vT|fo
zG2)wfe8NT`{)njQj3x)9&Flh19pirtMHN9~V`k<mMT>R+;#(&Iqy6jfi&D`RhV|S5
z==|vo610PdMfACSJ7BGAG_p4lg~3f_IjrW0hATNZ+I^SCPVS%8+R*boDCOw1wQYv^
z4$7ij%gD)31k7)Z>==bFkQ^ZWlM=rNU)6bmw`fFAAq?R673W4(VMi&pJ<^*hVeb_p
z_ZPs0i|N#`KD1f>fOPyNAf-Xj$iunEp|I3L{~G6BP9?*_y!M&!CPRMe%sR(JiS+{g
z3XZ!MdK}ACqH!YQ?rwvGX0?bZ+67)#;uVnOn*WcDrTvP*4aLn-(KRBp%C&+l1e$js
z+yP-DZvQpc(kQRR-SP@Eo8eYD`7!V`EOo>G#HwU`kV#5AMgt@MJ@>_J9kd?Jl@ToS
zZf7^C1Y_M-yt#Y(=*Vvw!^4=)i(ttWh7^5IRY$n~@)lm$7iL(@8WbH}bT;^l)o<os
zmd1J#o(Q!!sM2%{RIOT8aUlx{&{E($qcvfoF;D8yhsEdIz3IRlQh;FHLpDQ#^;9ER
zL}}IuZ4zc`)Zt-JGvAOi=*S|uG(A8w<H*{~(2NJo{4r}=eXyCG*<^hw!)$*<$p6RS
z6<-+K8g6cb9ZfSwKMS-93HM`^w%q5u(=ub^4!^ISV;Ml}74J=Az6Kh@HKHuyMYS~-
z8p!>$1Q-)QG)(uPmZc#%pMCelQdl_fxf+>uWn@a^+<eQ78YG^n9mn6#fTWFEg0oXf
zM;D`U>PJUsW*0scK+5)oOOS=%3tpeXk{)u8w00**nS^c&Zq|c_$aHR?jU#5ohlgrY
zF!Z__uAkJ!!Hy5coyI7p{==};*{bN3?D<>tY`DbGJ=WTSFrO{?i*GJaZ@|hmkyyg1
zBO2Uk=7nY8>4%69&UCX={?Fc-ppj;Xo_{bST@*)I$qZrvZN5YgU?$Yaw+5iCe}vxK
z{)dByx9TLMC|~G!9OG?Pt{BXOUdgnXXE#KqNdUVa3%zBDfta3NJxDmSN1xJn1n?6t
z0L|z>snHBNR+tsXz_viV<Qh|2DtSs0-Du>!^p1~TESQSZ6RkWLrEkDUOJc$zYf!$5
zMl)pf@L)wgK8!jx9b;)&P(aw9wi-5iLt{;|YRD-_i`fNmfZLGG;LArsaOjF)AtVps
zh+@H53!)0u6!)yCD&5SM`+ClbLV*A0`R?Kx2g(XswEI$NVH$D(GZCWPoOi!TaL<tj
z_cDX1I9{T#LsoL?ybW$bR1BSe{p;)k>;LiquP>c5xZpB7Z!`DKsv+`6@a_k6H;V<E
zH0^#-A*ALl`eu~>Lx|IuS`fQgoul{lTgZ66J2=!tB`N=yK8-ECzN|j-K8Ic=)EyG;
z2Zr%vi@$NX;&c4UeudvDpd@e$`2p^l0KVYef0Segh0iV1_Im8{ei%J)o%TKX0mP4p
zx6SQANHnmK5CQ!3sPH>ARMY>QAJC5ku2|8Ej4*Q33jUP}2Vi3_b>!qV;fFL{EG#2t
zUP*s%%;)<4hmQ}LqVOJ@kaxKwGqR*Ugu$2BHS-qsGAtuNM3Exgt0kDMIX^j;2wBE|
z`QMTi=X6wW6d*dq6p!T7_~B1e(6LF<0>V1-0~2(a_p9$oO*=vW?LUSBA0x3<fM^yR
zJL@`{zyr)s9{#_A2&YZ=!BfGxMdbt)lX%EHeXV9UVGC2`aLJoek+$98$cHK9ftkY2
zmHo;S|JPC~<nx}4cf66Ag%KqFS1$t$<SH+w7plg}sdIHi!fN1U9Dsqn=Oh_en1H;@
z7h~zBnvFhs%)L_VOKeh(niU<xU~Pf+#qzf#X1ijDbm7E9ttW|l#0Ju9As}KQ9X=ds
zfyB-~r60{}QvL+-;Fd;)QKO#wXog0z1Ut;YUISIU_Qj;x`F>S<c^rRpq9Ktoh^e`^
zhtVg$r(W=ZYd0f?H7IKU3?+okU!xnJVG^wVvs@XFE0$goZioNR{HeU;pWkW0F@!Ta
z5*d@)$PMIp>kKfOn;V)e@yoV`;nHiOClrow?o-IEFNvF)48$tA#lU)#zgTZi20LPI
z{_n1za+dewIQPGnekLW*YHVlYT>k>Q^9zU$in;>y6_cjl?0|tq?++3LvFF+X(D<K0
z@B+R(B)z!@RQ<gnn!A39s|vt?D?2x_Zx4<$<aF$yI}iKWkwtWA9v0Fi$c@krhqq9!
zhtEgR`y$Y&=EWZx{EhAC*umFm!fvo=dIf4?OE#G*Q-{m{EE>cOq55wj2H%7hlq;JA
z?~FJz(n&TP?xl;dZkMJ(VOqikaAupDut-I&pQ{|lWLN`DdeP-$2c3B8-xFiqoy8o@
zN>k76AkMOsG29yvJ1hyLcUk4WU>)!D=+AWB^pfa_L&&wOK_tHLp_b@$CQ<1HMYDPu
zhZD$`rYSwW#5Nh;DKSA&599PJ_vSrp;+hjA%!bH&nRK$TPJ^)gF0utsuWG*!r;Ldk
zeqF6H(NIrxvr}SVvE@JEW0|O?O?Lg6Kxo15XrxaWC%<?ogD;5lPwSJ)saygO8T%$i
z=a^i9rT58)dv<6a&>dg%Sv7L9)b$48H393$ebXg^<0qRJ!i(PjpF_(RpX*6EjM3v}
zXw!B=dwi=!u<+7#=cPv;W#40Z7CY%*t@D?$MLXGHpA!;q9FDxp)u+<Jhk6SGiosH*
zAToloJWqDfcv7FK+gL<Pg1wGaHTej|H~IY3!t*qUkmOnw4ca78&wnKHiV|<j4O(CU
z!TxEQS1KaOA1{_*_kpv&aJ@mhsJchE2L*>mHIB9~x;>t@&qP)fNIQbj<CrI8;N*K*
z!>wR`$d<vXcc=ZD8f#nlliVOgD<I}E2k%-D281UuBja%f%j0=r)cN!{%MB#e7+N5`
zZuTCewEwIuQyQm`sG>h(wSSLAHjCqR>WfZZcw97GKQBK4JW_p=ioHySlt!F|Jxs4s
zy|YkF)C~}HfMLiWjIriqWOnMmNz;~Blkzt6!<op8VpH=4kF5P0xLon)nzmw*yiL&R
z5D7a*m85S$hBo&WCgR@@#?^yF#=d(>KH@J+r0)JVgS%Z<CNx)JofkMgnDO&|;1kI|
zuYN>L?-EG7krh&Ak(1ul`%bP2`q)!<PBD=v`eLGMKAG?nBr1>9cIA)HtwLRdZZh5-
zg?LtzJl;mPr3s?@q|0Q`vwy1182}t`BkQ=%29b(qi_wHB7vm=J#p3_vu0MRjv=13~
z1f*2^avPVO^WVOEMGxi_mNg2Z;h}(H^)jvriaGO*72Lv?FB0w_n|i=Zz|DX3F1OtS
z9c8at3vRzFTegpIQ5L(5xZTS1G@@m08<EtGNh=CPs3ytADM==<t=R&r=pi&X!Su50
z_p3bBp(LU-y6<VA4s4f1Z8>&r?lbGhx;QI27X00ml_}%);66sXbm8}Xs*9*wi%(ve
z?Om{fyw$503A2q*M&}!(xaZ^=f<x?E21|`m$GB_nP3i{P8k(x~9gV(wK6~=Q{hpre
z8W!sHDCxaJC~P;y%N-sw4q~Q+W4vJL!gYx?s)JXkdffIE?2`u7`Jo5(I&06fSu+Mb
zUdPJMyX@!PE<K^4g4t;P;WT9=*vYHGy#Y-Q`+X-r#gRa~@MSw6EkY;7K=XLjzyq&<
zz4}cp)my^4x0*?B1?ie%e=>qOp|(?emloG@1=Wc8dGWGjnyppiqES{(NQKBhJ6~T$
zq*zA@kbi8AEUy`>8z9AWH3!8(aMd~up+A%@(_!f(UEN`|?>?eE9WN1;TogSH;mbeW
z$+kaqRJNy=(RrVk5}2M=+st343+&-O*an9I!W<V7@p%d!zmyjYVqBS(A(^GjaK`%m
z4>Vf)G)Om)wI=B*=Cu3Tq`x0Dvy73wl{}WJw^GtT>yf_kv;FuK<4?;{q>00O+3lgJ
z&L~6&S1qe2QI{9D*6ukIB9oYTR}UXL_1l0k_z%B*4@h(!|Ao7@lql}E#rK)@%A1<(
zioZEZL+&^F!SEguUQ{j2uwx~;<lk-(;3mZM%BC~*!@t}NbfgI^_d7b3c~?x2PwJXr
z1E3d`c1mi6Z=AXlY~-0-XO#_e2b2(S*W~d59<&H{Oe0F?!E3Og&fknay5Sm^eX5S2
z(k7(1<lc7b6)@SV_`%S10sH6;le$gZOU-4=bjb_{|Erba$E7}o=`~f#IAkc0vL{o?
z*(Bjf;6Oxn4#?V|@O{RxCm@3dNx_z~$!D=lJKwVzdaLk}^C~=7Oef*Q?fJ)ie^ky=
zY`ZYS?X`n5>s(P@>q#UGIKeA(tIS2C-8r&g+~E6wCVedHb&P7a(aRX$K>%mryLgj%
zJ^8S!S2d~~*yOv+tUt89Udy~=Jo#5%<c}5+lkbT#_-sP{LErm$N&9o6LG|F=^!_{6
zDLYXp#70uujy^N5`8V`sx{mLl!$d$}rNqV9j;;Ljx&*(^C_9D|urCYK2tXm|O{N+`
zfvUX6esiNG!iky-GxPk0CSrNML36HC*6U2PA_c5(X|<0|8>^9HO}#3tt&$dvcKFAz
zXXLJA{py(jt?gt|B#2Q!$fIxTBWWi*Zd(Z(JE*3S&nw|jtie+I*Cr2)K(&u5Eb4ve
ze`RE`>y0M=kK?YOd+thT49aM6D{;;$7g<?^9|>5=a;>gVJ`309)nG+pJ4g7Hk=ubN
z*a2;gYF`i1-H8_g^Nlw*`bPMB=Fm$ZH^D8J!Dh8=Lmi{i{~+qsBG)Mg^+Mcx9}=5k
z;hecrA2te#G6`Kz7ihzlzQSH_0-nda7hco@Dx>O<;OudfSIIOjG377sACqo9ry~`U
ze#Ky~(-PG*dN6dof5%JyXROJHd}8%Csm9p?c-UKG$gWxd6exZiFRcPbM0~3YLQ%C~
z&Ke`~OAl(Wp0?uFYlffSv1r`<+J-szN?u>R&)(dLil1!_gn`wUIukEs@2cyM>gt^g
zptyMx=3BJk-|KWLX8&9)!HXd*BYUb^)YD_K=;~4pv$g><@i9Ay7A1Us>bF!wBVD_7
zSq!%p{^yM*94B}f%iMa4RqP@U!R_mIs_`9QG?JV36=oA{K3%Kfd=)YS4Fdh6Ag_?o
z0afm{>A+qd(Qv9{awxX+$xkLfZ(nP-HjA;pg+IR$3t40Njfsy-F4cCPNvs)tm?V<m
z+OEaGHzakq%uY1L^X(k^V*1Q|i<iJItJA-_wUZTrgRzi?PrcmUx+>}R^QE1BUK~-v
z!_V@V&1nPzmlJPzA=~soK<&lJPp-tOun`(g#+x*V0!FFfbk(s8%orq0{KWJ!)tGUy
z`(oH$b<}aT73EbkZ!lamee-wU;qCQv>-ygD<7Ejo%ASdbOD+|-PQuF+NdZkPRixGw
zNabJTZA)SqlF6!>qX1d+-WLEn3)9F@aY4$?U{>h+Q7yDr(TDFI+-k5dx>vYmWv5{h
zv%T=LZKjZXcTzV*Ib9YHW-y|fzbc`R%Mvo8Ks_L2r(Okr6%qwt<h$g@+>IbMngvdt
zSQa*CRonymJk$VX-PaQ}QNj%<#Qi_qnlRWA{?I#!_p^ZaU4cVFQw9i{@D^4si#&jE
zZlT!vbH+}vt57llT=1cmur8@Ra@Hko%AT^6Fn?QNN89W9HJG=fw*JTK%HnkqMZ@>o
zXu50SnjSPa{<8YhaZ>0*=AcE2Z&Twk5<r-@(I{&!CG9zrh-1DF;M1f<0EUzIH%MX+
zM-0e2uS;-ZkTA&*)zSR(Wouz)kEp4V3XZ%}&YVX7!2Rx6Q&z*=It&I^^I|2v+*;R6
z8I8L2RcpzfmDKRg9Ai7}jG{99#8#~-EKq>QI|`hXJ+EW*t^6Yu-q{8DgcD_;(zfW!
zs>P=6SSdYT*I?zcH+M$1`nVkcBLx}TTlmAOpPofzB+csfnR;M@p!L%`#nfRb#obDL
z-LODErVpLZQog3ZqZmG_`RVKD7TFx3&ZTQv0W6+t=*S|>5vW*MHEqAA3GBo78tQyV
zh}R)(+WtN1;T^_bhcB#>rqN`1`MZ7B%N20BcU1c0cj7xQW-Tq7W+y5x49X`yex3TA
zTEYDC^{o_Ld3Nk8&AdWSN6S~r*C(_D__?0ADeV^Sx!IaISpl=#zyc#mVEV;t!PaYl
z|L=MuS+mPfh@$z*u$%KQRxf>*B}|Zb-|fmeetnC8W@PPf;sr94SR@)cVb<bs;%ZJ9
zFR_2&w!ktfVv}Nu2cVycC=Rb3X@lX6Svh!Ei3b68iW?&7*GP&_B)l@^#%i$@pKb>5
z(X@-~Q<9^wwVN~t{ghy@ix1;w#uLevKO6sK=CStZN(3&93-?ApKE8i^|L;xNIUCJh
zJ{KCdXe)S<T8T@Z9l`te3mq1|zKYqoUI9Rf0B}^Ltb3owH`tGv9J2$XEA<S(H6=+C
zZK|%?!2bCY)y$w){j<vV*0N~@F~s&tQ<I~+jo3Kn07J?92KI->4X!HV*K>3Qz;j%3
z-j27;sav`9=slyJM|eVX1j1MPv^<@KnQ`<Qz|aR}hkxIe;TJUWD9&KNQkF@A&?>Xu
zBhDs?yOA}8txyKdMHE&kKlta_As#4_R={qjs(oQr9XM|J;mjfKgF93fzWvW51rrq&
z=uqNp5mNr>Rm~4SJZiF5eZUb{F}vX?UUU0(<n$7vS*tSl8`xV-oz3a9jN*k~pxf)1
z-nrFiZDr~{5lGu_y8UpKuN~<WlP%=KKT10ctaNntZ{93?NZF4iaMc1nlH`*@Ly10}
z7rXun+x3S=s(-XHbDt;crI=c;UvnFCo0@DnZqAG5H?luU-;!dS+=l-CyVbrUubJjQ
znPBJWWr5-!HMUa)iJ7}$yS^yKW@w2JKkuqf<H^Jn(}*(U_71p}DYoWG0{yu)Wg!W7
z?%tNoyR|W_r!q@3&uXC$(1~i!?Jl2eKf;>DuvIVA$mx!v;b$BUF~x+nX3ZT8DyyCO
zoBNK_tw7=Gg@z364D=sdDIDYNHum@5C3_kB<!8A8+ALX5h<o+$DvFmkjR(S5M3Q37
za@g@j8qs<Lb~9zmFKTq4Y*Z<jzn$B0|301}B7d&gF`7mg&u%zx_xp<=sU6q)qqG^+
z(V#kDqN9h6cp3nKa9MBC7PB^RR|1yxw}yAEAo?d^x_#qaQ(E4h@8CC}U$6r<u1?v_
z?g?#wEBzsTPa{^aL51VCD245>Mt=Cg{}6;@HX)ZO?`Taa`+>Jg1R3~TJ>-G5$?|ky
zsi!quI9P4Unkxd^l?ORnkM=zJ18Mv!^I-(ycdq>}NQIMYtZ(Aq@A60E>6n+oHE~md
zn(5Cri8vvTXyCXd-#kpY0~{R<0Z8UD{u)?nm}b?}R%YJwg)gH_F2=D5J7Ymiw8`4>
zmNY>%L#iLL`~8B>?BO^Ap0#j#ag&`3K>-XOC{{6>kW^HY0SQ1YTMQ{=B&wO$UQ7*8
z-P_rN%!Jk521pkeK=ja3c#FeLkL;=UJ+;XFIEV?#mi_UdTs0-tdmKKZO<pbuUzIak
zHBC_P;r-IL1~D<*fRzJ43X*!lKGW&u8?h1}GfSW)`wS}hj1=vDsUf=r)%2WQgle(_
zm9_++(qR(~P(m!b8Bk6ecabGd*i*iO4}YFaE23F0y1GtND&0{gEXs7vi0m1<&iSz@
z_19ih%*l)U?!gtUcE!C(+puB^TyKhdPB{OPKQDh*tf&uBzR{M;2UVEf=6iaZH+QBp
z^EWEM7iu<2nUo&FTq*dc?>)uaVzz@x&Zo`Ctn8QmIYF_5J;~HWEgX8)`Ey))i>^wU
z-=b?Z06bXZtB)J^HS;gt$*p09jvtIdtS;u?YD}7V_!SJ6dQ8KMMSkAYY2)hCi+Z+L
znFUkp&LGSKR&yd3YPs#w=@FCkYHqSF;V8-yfD*?wwZ+z}#io5FB|v=HH{;)%r0mo;
z+x`5{@DJN5X<ZQ*BA$(j-WnBUJ5m`qC>}^L!`q{bpocXT)z-hgQ%tdJa*Hlp`7o^L
z?l7%yeyCz><IiB5d)*NsaD<oHU)<N+@SY*$L{;Fps?A{&D2wH2oWZ&x{%oW9MAi9U
z6v`p81>$V>pF;VdaE3O2@=SHdUvr6zo+-S{`^?-XCTf1QRXR3vmcdhqmLQdI0)+tZ
zW6#Kn@{ENNZ&#CkeVwFOfXRp#rk~8`Kd^#Fg+ohd*@gvFkoXt5Z)ff##QXw?bA_Fl
zE?L2N=K!Y3Ud_=kcU`gUR^uv071kfeTw_l}^xRuI0j<KHQgHH7ncs!PjNKW;lON2*
zv^^j8Zgo#FW1+=sTC#n!!Njz><C-vTc`r^{PqP6hg5SE;a{hFCrAQuoO;{YFKohkI
zvp9EA^Df&NU4tq4P>AAE1u5^M?6Cjuk=T6FyP+n)?D4o_rzPMcaThh=^&gYeFbreL
zSVwhHl4MT|?unFk%+&8OI+!>5tdD)Si?V$9aSZ;Kews_M;#ur)(;iEDV>*u0@pNJ}
zU{C4}jX0dErnoKiysR_XcIWK?NayL@LM_G;KD-+<@2KB;*^M_pmaTje-a~{B^x$S%
z>T#Z1$LC#kkkQ_S^Kb`TLylvM1DGdx^$`HT!H;!i+*`T?4glCp|Gw3Fo?aDLSUmY>
zELe4)cDf=3XUFZZ!WV`236MR~T06l*+e*b^^9WO#(9bd;g|vE#k$bdJ<ep-Bqp36%
zFb#p}j`XCOT0!ju7d4gOi~T(*A<^SxV_mlXn#YY3H4%lyxOZQ9zD*0_nmO+zCr(ve
z9=9rT0wRBQn+983g7Pkw4^)#qumXVWTGobPzeYu`i9GqRIby3`_MG<0XTxr-<h*3t
z3czIokqFKC-lM7I?=0l!W-<j;VKYvrUb`PR`aMx)%6YOYX~)s7p@rs5S}(3^Xlerb
z7(uGPnxL2NdAph_+?>Obi?^)#bjshz>0Si(*|5%tU-2P8r(Hs|@_yK?PC1Bx9SkC_
z>vT2}1mYhoggeuGo9`#sN7OV!D6gtNk~6#K|2(%l#x!~+g@o(sP#L8VPp$scnWU!+
zsFjoM?YgtppSzbm=hCxD3$)-YQM;a!55QF*U&(SC!x_}*oKE8nq*G@dkCugOj2mzT
z&y63gygYLs$J|-7%jzRIMS-Sxm~6@CoiOXgi8?aRE%G?BF!0{W6g;<k+~E5c!{6(X
z&ZCf}Q3Dyq$tlH$fP{ZA(wx1pmT8i4Mcft7v^#w1mumB8br~QDtZ^%-phl0EgJ-4-
zdY%FizNCS9OZt15rUcnko(^E;v&Oa8Y?K=bF7qx)h&A{N%r1LM^U58dE^MsHRaQ<=
zg9p2+DF{oHc&|M%qcS?DSa`pY{wRcHvc)0VB`Rupb7k~+h7Hq%fJSWxGVY<_VffHQ
zp1Ijn<;9tH@Vm$bH7GY|)OLZ}7*DiuZIUV9yUSZy0V$5}R|4B}AW!qYgo(<_<0@7-
z_U91ihqe}foK4&|Zt%_Tvg-6=iaS=&<7%d;p7;P>Q<9<f%A>6rdFAqW@QQ(2?qiMv
z4H8Y^LV4g+jk0Zb#6Gdlg4QBGEm<Xa9)Ta5$V;Zdt)R~vglizJ@Ue*i9U2;Z$P7JI
ziK^^0voiCXNXM`adc8ZA34V?atG@rKm&QrQO?E8yLsoOx7vg}VekmBAbpUeI0SCbX
zr|<b!rRl|{$kS)FQ}-~~{TBS9TaBW<_7Wm)po7-D@&{m&G$r@CjeX&h$;=G!b@;-U
zM|K*n`Q+(z4L5Z$C$)sufsYsa-Hj0g)iEmu!-oIqcG$%gBWV$D!N-jgCTgK=R#Uuq
zfmX<C-djD*#hpO&>lO14y^13wtblSkvS$-yZ0yzY@p+k;{R-Qg5s<<zl~h3#qF&A^
zRvcV{q6Ai-9gJ!>m;?p%arzysBMOWFg^ebw3A=x4BG1vSKW3mqHuPud!+?}T-4Y5M
z{or8{fQ*SY%&%o8tsT$7rQ|s9%vrLUdsi7&fD$3>n9145(DsFq7wpa&;g3sDzgU?e
z#wIGWhW_RUq_E0VRhh0AtHDgnvs0SK413U%$(glGQ{-A5@^2_a)hCNRN#!Arhifq5
ze%!4<US2D27IAwy#uD#xc~M{rAj}s?(z-Dt05Mw%=7%b~YMEx}+>v}^0CZ-QR|>1l
zgC19>OOsC!0b7<!>{I#4>>B<Jj;>!dn2&w+w)&Xg>QQG8GkRkb9gNr|pcmcM6jkQE
z3%NwxEi^Y^PhBGX-V;7BtNIkv@EwDJ`URYIiJGcU^2{TspA9Cf@#CsKKqTZ;H6E~K
zTw(*DpiL&xeaR(6KV<FdsW?Deff!LPcj^nlN>hBR!B-)!f}$%}=>wC>PZ0-?v{$6=
z<WzC!^!PsSvx16CgY&2xeaL1OKgAYsEb~wg8O&9GvP}KV$@i=PT@?k#G{bE(y7W9f
z(p`qv7W3IP(s|V3z72lkdmvI!19gEV{%~D=#Fv38Q9Qd^a3ho5gKh}RK88XjDfB1I
zgC9!+Z9rcE@MD9hx9*l@f*Xy52a}K=Ur_r_Sm{J<@C+x0f~@-0G?4TdD47AF4dwhT
z<5(Gh_2&h`gfcT|n-oB!<OfCGz!x3(LY}guw0*cX>V{<e4x`}b69Y%02gH2Fofa^N
zkIyd2DF$Ja^B-}2U0Z2YDqc#>_C6QzT4!}C0Q+WE;fjB)J6U^f`~#qn?GLLf&e4G#
z4IfP#eiqex|CSiCqJ2M%E^r(Lv~yB8xVy?hCQoh#OK89w*r6VDXR_**;08xa!mh}4
z+8RUl<^|HCo(i9b^#5840a`Q6zwG!1zU&pAcmn%GOJ9*UAXyzu?J4R$(5W+jHR8-o
zXl6#JYR-JX8+MI_Ng}{ih}D(h-5_1XF`M}PTeSt%!BXEIa6c7x_JBq(eu$yCTc1<i
zY2kju31&`E!zzI<ZX+5f?wnY~c*G5wnxH;gxWqRB=bPGU#y|m0g&oq+`%X`IOFRwB
zzS9Dys@`%OmmCgB1x<+K6BSXvm^^Gsa(?pv*n1DCrn0VoIP*9oV?{?)Pyrnk1w=qP
z0<nUWz|f@y5T%HLL5L7az(GZkqEZDZ(n60&?~DwhRH+d{8NmP{6iF!3|L5Ktm2rID
zdEWPX*SFU9Umt7Dc$1v7&pvzq_V4Ud?!Bab6W%OyuqdEZkQ0N>g@*kr1#}=`GqUd_
z>CoR;k1knFp>fRi=Oyb(m1bWY12J&>nJJ$>IL|ONNEYqiovB6XDO&PabTI9Eh!X;}
zx4>yV>R`_59a`ILf03u|MU?AnFiyA@m`ld~%YzDbLwXHG{TMAGiw?#sSza>7ms!_#
z0M%_Dz!>9x9JV*yybRdeJkbBo>|!TiB-;HLO3cY9aI+tX#8EK)$jO~sh^oOac=gE~
z!@ZUUnId!$3kdOfNOi3aUtV-HU7?0W7r3NbPv+OhWDQH1Sdb{UCX21*OtFPYGkve*
zx>A6)Vn4%{wm3H1TQp6c?JuM83d=as^&q&N1e2bzGH?#=B$~;HUf&dKotQOeR=Mvu
zNyUNc&Dwx|fCFwu9Ym1!(z?IVBpg_3DdV(i4+tIX=(Tc-1IJPpuQ2AJE{oh|jfVx!
zD7ey6L_`}6pyYJBE;I!~S<T#$@%$ZaTs(iP9JD^~d)=}}m_DZ&hwnNwtl~Xb6T?40
zv!WVDb)vtRq9@GHyz(<}=(+wY&7Zv7dMym}ntL4_(PG;(WN`D@%QB+<T%om!Aw-**
z*-dRn$BObayWBx)*yS5ou!7Ez5m~LjwiBv$5UC~(l9|1+Ijch=l|Su#z5IN!uBM66
zj3KZ0PRJwn7K=`R1m5XEOXprAVjDDbeVheY4`l_X_$UE~nQ+>w4Q)t7#h||=Syu)G
z`NUZ9jkMg!658Nla9~-f*m));nPQUxMa3;R`SnSAcB5@z1Jv983`et-(s&C#j6)am
zrLUvM>%z+!Kz!Brh(pt!GdpRx3>nAbBgdlm*43F5D&#G6(t7*7X>;D%1s6e40S$Pr
zpb@i9Mzqp`Hbjd~7$CgOEW^)tDi)T#x6eHfIxBV<iAO#6>MW8HZU!gXRqkFN&SB^%
z_f+DV0cd<N!%@)^KVDct=eM~J#9H{XbuDmbg@+h8%DwyTI**yKqvE^g`Gq(FURoU#
zN<mN?xdEgot0SW#CQ3WQ+j^OuJCt(4|C*Y>b}Ooi3vsl>;2TGfFO8ZMF1=J<xiKET
zLtc^9DKebZ_uNwrobCX#9!<C>4Nt<NBPu;WfxgPwf*ta-%nDq+N~eR-O2t?rDAw>J
z;<%8$Um0my>W61WsRc`Qpz*$ng=iBZZaiEB9l4^g2))=s0$Gy+S5<$&76n(RNLg3_
zbh!hbAwgFb1F(glON}RREP^Yadx-AfQp^bs7U*{YL{D(_za!LVL9^?^3QI4xzvo9*
z4WX)txBG&8txoGIsU)uwaCn77TO5h;*u7OrI5v3p0HC@0N>z|0$CsooU6}flSRu>F
zO>)78HB0?)!<+ECai44Nr8tA#<Awm_{*K3h4@QNRQbm>N;^qm?`#}RolUQ}d23mR_
z4ONA%&_%n!lNrUh`Y!^6w(r<^p+<~fnZOr1toZ7}gusxvy|rbupHc0|6LoLpOcSRV
ze|lcO|2-ucPD;bGgk>;Pot+8<FL^qpSVKutCTr-sHTY@Aa?nnQEW4Uv8mu}SUPyD6
z2GLkS6QkG&+Vkj@y2XZmZ@{#TGVg&2JHq(eNdtDfHcCWEjk4nJ5u}Qhaxd*FAn*m(
z9}1mwR_nMV6$i%pNS~#>ZlL^vaPWKey7Sg6!+Dg{W?zAgO>7;9r;0Sr5YT&*w*t5S
zyea_lBA=C#umd${tu*-;!CiU^or$uXQAcHma}LGa#>LhSp4dS1wzz~|2bN=ARo;UP
zT8K^7owpavYm;sA#nz{$-y<|c8ND4MC>#%gws3rS!n}8YdC)0G+KHs2?pIu5v<qnj
zLk#&$N|`3UlVtjACc5Bb7gIiLIIJLlv?QrHnVz^DvXV)e4X!)d<ZD|ZB<SG1gEev`
zv^IfS*5*AIHJ4gYOesit&j?eZXtgmeE@>G1ou2M4n9diX>W8KXHYH|Knd^-V^l5lC
zo_x=f(cPU)X|7~KSVV|YoN$~gJr^Gq!Jp+F);#@4DQ-x+FMPVcW;`vCs^AwR3TWz)
zH+U~Lq%g;yS8B+lcETw>#mnSJwu;y7=JnAg2C)VG1zhN8QIcsam+lp_I>sAed;#v_
za=6KoyIL44zNsKQ#QqXrZvgXR`(xK)ZhQA=j>qPe<2ZNT3{Qbavu4H==5)DEUw?0C
zp?F+2MKL~7(yJ|DS;?Pv2tPOe3_QW;x%>EHdVOP9#E$Vwro2IKt({r=MDBEPdL5%p
z7(cWLRmDx~e+E$c#w?6uy5%e@eN^FB(G*Jc98<wh5S1`4B1DuHIU=O#PtQM&R|~v8
z8ZLp??-HdoCr!73$7ZQJp{2!xpKJ5qFJT=g+lNpUM#`8jZPQMI-r4?^1zA*guCV6$
zyt0zof__EoZG#szUCIq#r_S0hXk;(tmr${>N;=qDp?dE3o@0fT>*a=-Tys2tjrOl9
zLqqFC9cRtKmUZ*#oZw(^>)BPJAX$aXu|Q|R=96A_6|HGj{^1N^*&|Dx&>bp?>sBH7
zvxICy>*@oNW`v0XhnJ1ev~gk0ILM~4&j%>$V^p-A78EeN_a$-jEd3!fgB8!ITzo;X
z0#0oqSBMe%XeBe6IZdPcn>V*%oVr7atz~s>NlCPn_tcA6@+EhiNvnOgLd}))=34ap
zUSIB+=Lz$})W`g_p$?3PD`gQ(7rQ>%s%D%ZF}ujD<$8vHIIp1haiFQ)vVWYY04ADL
zmNic)74()~^_-VI$HIVD3;2H&0KJW`95_4Sz&RB%Fs$RQc#SOVKGLsld}AuNyt6b@
z0arPGlvog%*O1qzA9nw?P@76yfLaHQ3mu^|r;u8@da%05s=YR$jHo}<>$vw$?~rGd
z(C{^aiEg^>CEok=!#I_BmSA~-;{&@os-8xn^L}H^UN7zQE>D1G&B`}FUulu_ouCLU
zrcW^a>lU-9%sR$f$8!I;#y0yHe@4r=sSw$IVUkGY!GM?zeO0Ln5{Uf<!|y!ja|JPi
z=xdXPKZR0~o2uvKsZY4jCK|ljEjk_XZ5`S+aiQpF9hKf?ejaPSLD^mUXhW49i&;S>
zl*=c^<ad!U^yD()vQpgrAaAl=JvEfnUvR!H@Jt?mU7E+f^>VYSglG@U?(sNcTj&;f
zoKqCm+qJzbcBE|7@Whe%6A1*Z#eVP>>djR$;H@yI@-TIOEGL!2OSWIDc>jpL!29)&
z1q@@Qg|_&EuIRd!*4JlBEXSYM;T=@q9GzHwCB{0cb<*ETdr3oW$DOXB)0?mNZ7B_^
zvD0-I^e$*}%5>fuQJ6-tsb3$Hoo(xpu=#l(ej=;I-DSr(MZR8b^q8pO@V+co*TC?C
zSHUryip#aSdb0b{qtn^uDAddStLq^YUz~b(BP=eiE{=cprkkFU9^sTZG1Z(jeN>C;
zxYs`plcu}>eH|+`abjU>g6wK2u`Z6BtBJYR40O|s&{652h2Kv+-SqgmWdUKE?=i=>
z_+y&Utr&tFUcEU<)=RAr&ueW|L)VFt<#ZP$+lLYv=CLY;%dHT49qx3I&({!=rm3|w
z``ifm#e|Q=p#nj8LM(o>$G-1S+z(Gz6a!C2?)DAkpxNo%(LVlD`YvwYOpok|v&#cE
zx}$1`m7NyyvgysENeW&eFTMEMdsiQx9^O7)&#ah;U`{`@UETaV=De>1D}KFE-!sO=
zC(_B$dHwg}_Fgs*rR0z1WaefHbUJUNvGSfcP@_UA#hxp3>XKfUBbSZ!Y?Nrtv)!Dk
z9Rw2Y81eX(i!?$CzH!c}Bb3B}ve@{(KORui2R+)Or<Aj+rt>%5K#ZPl7x~FQ>PbQW
zjokoOhI!3*RND^!QPk{PvWPx0qVSS%ETNgS`FXi209kaNc^%JXLUpzkWQ#hsPSl)z
z*3s*W3!*}Uteoa+T&R6adCus(tq(0{?X~j)d)pQH^eH(@#SV)FLD*V{2a-9O;GQJ5
zGmi+PuaQ}~x`Yzq52p^fi}h!{zq?s?S14(`aHXa>rG4i(!?N}AhV5A<`ZW5&c&#Y}
zd>1|%{SJm~^{{Dpdd9XSbUI(2sx%@UkvyZ;HfvmXR6kq>35ArUV)?lsQx{JE&AAww
zm#M3_WOCUSLc;PcFNa8%lhV~=l;;DUIwc~xOU1<WY^!<a@`+9QVZ(CQqAngmq4qrR
z_60*uRY;h6*mOVrrgvB<36mylOysQ&{Xu`zJ=3XNLA;dNnIx+>p(C=P!LEhS?+Ftt
z!JFlSRrlQ|);G)%(7q1NEn-yjD_`uE@qD$eRgyM;?oL+<Q%VPDCD`3(>s1%WBVe~!
z%41y_uK(C@UZT8H#1PNR@z@njBW#U6oekEDls}tIsomjcJYRs!RJ?a20W`bXs}5_E
zQ=X_}N*2(e!7S$6Wc8@_XOWX4<f5fZ3t9E?)F+JmF`=~QWtNm2S)7^-t$B-1Ll`BW
zy25WAUAI^^v0`iNWX22)t5iyFbq1gc@63@Uhdw_YbiM<B%sab3-?ZlF&<2nSzpDHl
zApOq`G`|5%ayru`@mTE7G&_(8=qz1RGix(GqcO@>AyJ_>Dd@bhgOeh2x@6a#F2@#T
zYg{tH#bjuI{a$O{kbykG-cYnmoyRLNs$SnDeom#Wj`~Q)U}a(dVu3$EQ4-LA=^jyu
zMRcGR>(zdx!<pnXJwds;dcNtKp2nT=tTf{b?;$G4D9iS3u;LQHv*S!0Q~Pt4dJN;~
zYutouz@yXQG9&Us{%t8Px+|u=v_txH%RmL}%l(Y5BxXTUXrO(JUl;iymL=?+MZp{B
z;d$%h)Ok83d%?uU_JQLBpvc(tk75eR)OGXN1P;dXkS?*xJpa_)%`A(`GQQ=`(vMxC
zrzORMQ^F{AI>W#3ujjSq1Kc8z)<jSMfF-G?U3x&<QW8`Q*<f=C<~)sFn#B;KO5$jE
zf>(ma2QjLNN?Sc0FA`RG(yPE<9;8*KYCDw0wLtFPAOo^pl$HUJ8{N>XL7ShBHk{AZ
z-*oGOo}S)gb4jzx)}*ER(|Uq|FYO);pN=_`8f`fwj;l>5Iu5nfNTa7aOac$M@Hzv6
zF5#J8Xbz)DBu85oq<Lm{^zvgeo-0*PP}2eD^>PhIJR-YJHIJH3;yZHy>B-ltGI+)Z
znN#T!K$R4|l}0cTMg`k5E#2mSC#n@bvf|==cb}zBHzX$Eg|&3AlrV=mv~A1-tCO01
z4=s3_RX1352c0LFmGHPk*SG1*b++U`8ft46t38}1fdk!WerHQ{$C&h`2rV8ktY{k5
zpkgYN@WcAp2#9$yN*o#7)|EGOl?v?2{fsnY?COEHubaQ7$aUBHHtj(92!?xGfjqcs
z(4X`7=#PXnh02k4#A#H;20Y)GN)0B~Hs(GULG<#r>emN)nnVjdtYe60GMC)P+sZNp
z1-d!QXB(ffxM?}BC|Ui4uuzH>*J9SFOYsOxP``jQ`n*J>QUNDA?{rjPyctW~g$Zd@
zCqzN24u3S*nWaU>X(q7Bsq@k2YI7*V_gfd<*Jn5%i+U@g>J%$T!;upw<aeQ?NmQi^
z-dNK@hsDCO6~W~o*GEbrWbZ=4I<S*IFM|gLRhT*Lxq~yWo~0oujP}%8jY-LPgl(;!
zAMm{YniR~p6tSAwe;ojwN3U>3WFmO_u>!p^v3YBTLcex{L~;bvMwjXJpz{b?xjd8v
z<_^KyeD|3)EW&KGx!QuUXp5vB79=rptE@|Pj1F83Gl^{2g6k$SB11`xBi-2w^C#--
zMM(WhT5Y@0aVw?i%o7aY2ZEQss=06qRhopJBvJF`%UCP{v};21Tz8>e)PPN!x6D(8
z{!8iCT(x`gV+CV*J=6ILEfu5ElX;xLOM*?go?uM*7nsO19a}*k-A323960M4clk0&
zXkj7ma?OP-tLgX(L#E%y8Z@IY0F0Y=wvUtL?FJ$-qY6jU-Fw`5Ztx|_@6xAaJi#ss
z%Zx~KKF{)vJyN|dLMTp9m~0cX`FV53gx_UTigC>QxhkPMU4??>n{&-Q==t8G$E_aV
z_qoK)$nW-39Kwv7z&sxU^E|(`%zUm6p@POiqme19VSW>|-=3QIvqoo!A3|D$`QJUg
zF$haj=B3R`CoA+57xVj-QgxnhIT@_Y3v%{M=W86jLwNxsEN$kD;EGY0y*MD4aI~R*
zhsUW{hx%YJ6>T7<O5jB4AKQC}LQjXIUtLch>t}jKcLQit)U->D$ai+x=np>*B2+Sj
z)M7j~ftk+(??j-U*koOeehf1uj>zJBf72s2owKiPIN`;9k&{9k{&93ezEDb~s$Ey_
ztX9PYCY&=wf%9j(DCR6_H9HrJX*kGJlk;krr_nXi>STkoE469bhHihprn$q6a=J5T
zX}+X&fy6cZ@JM56nU{Xj_|Ya(lR{lvXRn`r5=bJ1CQCy-y*Z!vUYWmMSI_Mt2S!d}
z9ZOS{VMuw#h*XN3j2`f0dW8+4?|N3$5TvCX!B}-{^(DyH;6DLyi#2lfzq8JO2>oAP
zy!c0<Zv@CqOmpe$_Tkg3Ad_OBs<7B~{xE*!Ng{Zm9?IH>e*paBV`o503cAz|mh{1d
z-1`9-C{dB2W$~IkN%0dqp>ntQp%nukC!QNz_+D;2Fpk(+CjSul4)yZs#pA)yl6%88
zbOUGxH5jUl-Mwi@yC&5hRN)C(Jq3sjC3ZaR;_+RLiSXLcOHLQ?Rn?&Y=A7AHSeh@B
ze-wO$dTAF*<^<&}*3Ul$%LzaY?J}hvL{iwQ1uSU;pjJ~SNQY`BKQySJ1d=bF;@knP
zEmdu<_bx*87a*?Y4}cXzi<dO?pO9i2t<Ne~jUms94Kn#Zz!mKxnZ}T)H~*UFgx*Mo
z3VDF#Au^QxuekJrPjCK3d<97pNM0(<Zu6$_-o!yxI;H*|Jpzdg(9KEGJV?Gj8t?~z
zeEi|1cu2zl-Fc~Zy~>)y=94=Uvq3rIL#vjY;0KHLy2LEqhrO8jumNrG*>*d63^v&>
zSMu;iIb+9b;hu)S_Wl!UmHRgH$5Cuz*1=xlDrglYGRUC>Nztn#Z{R;Sz3?j{96TNg
z5*{y@_AB3e&~T_ZKQP^?P4n>AwmO77d@tpeYe>X9Wiuc)FBD#6vsDWLl6@=O0T6t6
z;B&I5JNhf-?U=v<&=-p!WEIjf)O-izh;_&UyYGd>43*_5@P-1^5OS(0HAA7h+x`XU
z1~+miL~6Aya6C#GId`o05IkwJdAm*kBs5+d*<pxd!WH6?mA&|A$r82%WQ%B<U~s`K
z+=j9m9EhPjIN+nIx5(10=^nEfwD1M-Zs1&>97L~slv|){Vu<`m$FwA*K6}BCRS&C_
zg51V96w=ZO6x2X&LvDxw${<}9LQY5!-7vD?cU@!~c-)W=H!k%Ks=(fUj)to@Ajd%S
z44v}u3#;H~v3z8YUI_~stf~Q4>{KZtOaj^67`MoS94Uc;yOrAvt7VOB1Y4UF7Xcgj
zJVuU_bpcm`qIt+|Yu3SV2j9rU28`rYHUZszV~l*-l2+8@9V7$WqZ4knYFfBb0E%#9
za0@>8r>!0~IQwS0NKINxC#>bCP3sbF*ucn5{Z-Q!YVa$$?*2$Wk(*F8{1Bh9Z&kB+
zUIxoY9yVcd9pJhg`ogC;89vbQS`5+##Xc#GwR6F*u-p)V?0wHcT_SAe2Z+KW$t@kQ
zN+?Cd3wfVJqW%T<lAAX%3xF*CXLt!&QZz8T$$Ll>1_67w?^G^`3n>1C;LWI060IXw
z;V*o?gMnk=_Nm*S&N0ivW<0eHcAQwGWQqK0v3w2e6z<>PC>dqjk^2$+F<m_|1MVkE
z89B_@5vpS10rx`^Ila9MLlt!pIfyjTIx@OsGt336ZgCE7XB!KKHhULD!AK|#k@ynX
zPS8RuCxEP<2TQ<q6o7?Sl>u#fVD%zVuo+kluwO0IV4Fp%eD2^5xP6O0*smyEq`CrP
ztrVC5d<cKS028CZTII#S0IS*z+wP44Y?-RfuyfuhBcG77b8n<;S~}^g5J5@6MmS}H
zV7x&L)(OX!I|$2dIDxng*#>Dy*E1bPQ}#e;LrK5`V%0Gr1gen;8(1Tud`cbmS>(>o
zT@rzh3R!d`26l#<u98%TplXjG>kV=mF-0HHFOYxgJ|aRI!Id*&1j*0j61f8gR?2M{
z=VG<6z8c1WT~<A#F2RA?fE@A-(L=B*MncM**<*%KLe((b1a~3R)*itgTp%C}7I_M3
zQ8uZiW4<|F5H=!83+YBX8>?;`VWTBJQZ__z^vgX6X+GLVKXG9E5x4{fK|(4_9jA05
zU=24Q!1AesTa|pe1S8AG82-5VU|=@Ff)=)LN7w6rVzR0#q{IstOKesi1=P-pJFE*c
zHEIuhq9<Mm>6J2^5S>DQ;#G?zSim%5C9z$w{1OCS+<RetufQ>X3GqzTE7(p)nXrNu
zKf|>TeU^3!{)}K1*#okuK-{bWpGT_l1Q<bpZ;=3(W!1vK_ep~vhY`vD86_GpT~&D^
zQ51O<(#&U8IH*8#l^<ZjVib;)ZiEkg9>cw~J%aSo8s^$~GsFVcaLC6i>Nv%$KCyw}
zAf^j9KK=^=hbj#?JQ}2t>c;Sa9I?{R#1&}-x87w1S4Ozor|XeFW67qN?KuND+!}%q
zazz=#PdN}<M#$9`ejrYji|}VCfSDcWMB8iFZ)_?~(GtpL#ZizE7G(?{U=%ZB!z*$V
ztO6a0$tqKLS4{&;$jgVr9pwy<4`N0LHm||jXedJ=pb^e?E(LCL(2(8d9#}+x)~66a
z!H1Qr+&&ZGshbdhEv6AGjvzgfhtS|`h@b&w20KAH5y30U9d1@q_!C}zz(OJDX5;5b
z_3=l(K%8pvBiyHVa9A0z!)i0k2V$~_D{SH1B)&pV2MMZEzOaB91Y%<Fh~hJfXvn=C
z!s{t-7_Yi)4Z*Wf0KrWU!9;?xg43hB$&ZjU1@#gp=MQ>_)dC(v9sct*A`W5ZszKlY
zctl271i)=0B!p~cTEvEZ8a9xfX&=HB7$a3&Frrwgvfc8_V5<&fp75y9umkBAa^Bhk
zix4h*gBOQ@lTF<?YeZ52Y*d{7aVP;rMP7nz7LP-KWw9O#M<3}agfDpDF}u48Miu*D
zvb7n6DjXYCk*A^R7U5w?GFTM=-&~XX3JyY)G0YAPQJ+cB7RH2_Fk%r~amc`8o1j2i
zdW4|rR6PU%A3HXxP$F>B1J<3OG!E4OyF@JTb0o#XgH%->!Y~#ull|oB2ee||bKXiI
z&-iPD^!HR-YctP$^HD(}JR^wIrg11Hf-{DvLfDZ2RZ^&VMBtk021#_hAf5l+F7Kcz
zXp;`)^8r@V5D0dBY4M7(+(P$JFkOk?fVjEgrgjkY0&i~R`Qe@LpoTJb;7TM1-T@Ns
zXd~f)a<%|p0gJDHNK|5*SFZE@h&^Wn;Gxr>gQRNT)$4GJW{B_)1WZ81?1K#`RBGZ9
zryZP+qT(O6KyjeYwmK?KreVY$%K3eSTG3BtVCSLS_gKS%(4Q&rl%a1xg|rUXR352?
zU5dKOa~UopLyHqfd=md$9%vp3q?aICqVDL}z-5dU9=|}`YI`oMg~E3Vbmj`8<eO9>
zxNrW542whVffcj+!C}HzKtqQ-D6>Tcj!G?nXxPt|`ts*JUhtIZ7clk=gHvE&Vj#4~
z3k?4aGKdW$e@p~N5PVFhhJE2_D$3%TKh%oPJdyyTG;U8nsH+BLBDIhhs%ro6D`<2m
z7#?IHks6_2F7-a;<IoRc?6DtQR-Gfjc^dTf4up~6%P@a?L=o^QGLp^1;M(FE5-Z@+
z=bq3f28OD<e2G{UTnY&7q!8?45KKeAS?RNJ0ImZ95j2BKG40RZ0iUWaB7+-r`3GRJ
ze=h;^nPov)4UNyV4T(fjG;oCy69?RdH6|hK2EM4e_z5!LgH_0<)B-BIL-$h>0DWR7
zD$u2d24MY&PBxu_FT@OJpY^YL3)Doc4}Pio<1>z-npOyRL6<u~Tf@nCHi?2S0@x7^
zF2%$@jrUMVfi*^~`(jT4kk+d+kiiiu#x0BxAGox*q@#*tUC<920bg9c#`^)ERTk4;
zqwg2Xocm(>b30W`NUPA)8TzvtM7SPYYJ`4~B91^Gd@H7%RwNB)<KTnOJwYUE1=j!&
zNWg&0$kfjy2tHX{Lm~ybOaS!v@6C%4Iw*(Q@i|L_J_Q7R>82iF<W~0d1p4h|I(z&C
z*W7!**eT&NiGd${a!!2FSrue>|5n21SvVvcM8c<x7JRbE{L+t0AoDECV^6%`2H5#K
zRP813AChxIp9E4qEe$}QxP{lm8JKE`X0cOE@S8>EnqX5s%uY_g4`OTW|HT!52mG4g
z4pF=M#Tb{qXrA!p^3vzg8MNV(gQTV4^1o0yb-<Q^5ELl(7jjrr``e&SH#LPuHSkyU
zc8#NHUjVlT%>P3#BO@cqLhU{0HP(Ahhx68g^d8KW>b&4b&gJ@AM2)ZuRY#K-uTS+!
zjC%*e%H-)xbwvJ*tIyjRn_c)W@sIUU24ylNZ!uWcsz};F^!?-q7fdAR+g-8?hphAt
ziDfd&yU;;UKC!US8MxH0+<Nx*oa1}vy@E<bTo13RQZ!5MwC0Cqr|C++SURzwJ0u<=
zblB7}@qWSvZoR3#Cl%;f&P$-SPj+m<L;l_iLf!tHN6#m9d0swfBJ(I)ZpiOv%#hsR
z@snnbiNXKcn~E&k#6RC5eZ61VpY!nf%XzA+zZ@#3`OK;(`X@M_x*U5Vy9J+JI8}33
zHQt};)m08DKSFN^T$%tCxXxWxn6C~T>;7?k7q7=dg8CjOnXN6)uSoJx#DB0hoWgKV
zfb%A(Q|4(!EA62C&*v|f&1VEYDc|0mR>!!%+@xY{Cf}U#gpsJ!Z06XQ=C09ZgQ{!w
zlJ0fv6^8mzw=%EXSNd>Z-G%LsHI#}TdgpHMJ|f>&;})qNttWU=MbH>4o?W;g;H7c1
zOSjDNBga{&xx-r23o-pp%f*2T$9~Qa$&ML`@_$6+xKSc)7d-t;TE3IOWtXR2`P^CW
z@Er!uMF0<KBO{jB17NkOr&ghQWyyv--VEi~ob4dXRj#~tkZ$bWubg0?6}i0ksiON%
zCBBhX>l$Xllj(fzU&{kK4+RN|ovd5+d4;|T`R}UgL52IAyZz^>flGDDvBlft<>>r3
zm*xVK?2nbq>hSg6ZJ~^}WQ=L2v{;ubpAJqRabXMD>%Z#uY8i+?rH<zV$Nze4cv$9N
z0h;8Nn}WnSyvMm(8O}U2mp)QJ`rEtVVSd)<7NyS{{lF4jP7EJF?_+Y_2337-F1-i#
z-gjS>lV2M5J$DSb>y?SjPiDS?m3iB{56D*#;>QzMO3g>l)xSO~;eS|PuFCWCY{0^z
zoKGR8zkX9dAE)D?lJ&Y1eLs$G<LwW1;lER`*R_R5<Vej-=MyJ>T?_f0lRqG=akkX^
zV2xj3&69%d7Sk182V0~fnZF0V+1fIN(M}QP3<Xb~FS|2uu+lq+ln?ya0~F+CCZWAw
zD*H@*YzMX#zkTCw5YGQZAR)fYfuAPTKxU^4dvrbDT+|S1^_e2L9c;;uWR3-jEhbn+
z>kL12lq`RBNH>gG;uT5}^9I~GkUxp6PJpexJ@>V-)oy}hs;GPcxUuRnO)nV{9Pycb
zl@mV3=YXf!21GDRmVrp{Y#Ad>{W``hsJV0$JBes}P#-7&?gx0OPUt1J<Y2V1^~Xp;
zH2mUG^3!FwQ5>9}iCwSp+g{TyLQW*yy?_T&?t}g?jjiSMff8UUIF3wss?KroOYTZ6
z+hr#J{qU7`dAdSr_bG+Q7-@yHY@GBM(!FxzZ3=j%N;td2Z<G-Ab{N9yttlj_jTL^+
zojmfSUbmy@ev_@7V0PG0z+&XT67|bcknC3=1@3wN1&K5@q*rOWDd*crN55SUB;ZBx
zSXp&$=hw>P>+)<DxNh%D<ce`7r0+o>lHUqJB%Xkz2^uj2zArCD9V55-ZhI(wM1GR>
zsXs~1sp+;0;D%A3k_6}DTKeS^VTs#Bj$C<Te>lp}<U}eYMDBBXrx6It5hCvtYVZ}{
z`%@S(AATaFWm<3|KS0N&iI$drZ}Bp3%XOXg<pv3a{KLL`=EQ%9vP3-8fxzM{9-~lY
zh%GdCxu!eXb0m?j+hflI+e?4P+-vy+TGD3staGfZ>g%N@tTt{YyY(*gL4h5qR>Kik
z1KeKn-)VgPFpSBnhNDWh$G~i^Luv|T&NjMpTtJGJ6ZuLg+<Q#V5ysu{kP{>MKQ(5E
z@U#~N3yN_g!>zU2)M+d6I{Vb@dmJATY^lX8UY7Lo_YgrWe|12~NG0z{=xK78Ef)7W
z{w3f=cVtwy*7=`QW>4X*4gSN*Tog5DsL`wbloSteP8B8Q{GXb;$RJ7rSem^ga7q}7
zkUOJMZa!oL`0d47%59_~$_cd=xd>9az(ffCT)nDOmZVKjE!RjBvS8KupIUgp*sci}
z_tPRn7DO=tOn3KWKRrSEJH75oLdp250-YtOd`Xf_UD5g!B&x$&`T%P9q3`hLhfQPC
zql&aTw*y8*;Qr_9*172#M$_C!(0Qm6Zd{3Fv3&H?dfmb0d_QqMlB_IyV=enN_C_1l
zjrungE9gr(#bq8e*7UbemK#(`soK#xH#t8u1Wk)kd5HTNuj@83Y~zB2{KtO(Clr0^
zV|(0o&q-*PDNhr2Bx5T2oMo>F->r_eKh}8y8arPro!sPgB1);IJY4%5ih#{#_67vX
zHW>=QP|BbLCK)eBKk%5tYWY9ZqXEfKeTsDuTTiDH=N+#-`@HWz^zo4P0^z9}xFJ6o
zGA?5${~cglzN`WJRck@Dv5Px6KZH@nck@z1<>y`lKAJOD7L*@m>Pbx`NPIS_n4>>h
zw8#|-W#>eg0B39)T5TCv?MrB*e<z{i53lDzpE>kJ*#~5qH5(y9hram4tTv^w86P*D
zsr};{zIN`{#KJ~8EB;gV?o*6_uSCu_sGy1e;ud3fLrm0ae7%z=KZWtpfKB}E#X$*l
zUDNx2<v3H}MxHtG+Xcc{-Ia$&LAS&Tk&u%)81|xtNDt4e^gnn^+01lUP-*|(%a3dD
zu_|9{IJAtdw_S_owd8A?!ED~dTJeIGAH;_JIo15Nv7BUw4W@jS+V}-xT!utkLV6ob
zPz$Z~wI3T;<>4*&AzTNRjs*Ob)ik<~u4Ic4E5|3V1HnF95L)%qC4CH>)$X9P9`dwM
zn1}GghI%$8tv18jU;Bo$?BCOMNT@fur+u!3?lCbSB}wjw?vq3*oL{L*+DDuDb2PNP
z7rTku3!L{gzu%@D_c}y9F1P}#nbaiRI9OfyHLtVW$X7i79XD&}Of5~!E_>+LOlGv<
zCC8RPLn!0qkNZ=&X)_k-;brBs>Xn3Zpp|;vPKKp(ofsqBrjPH%OgHJ%$X}ja{Cw^B
z_l*%iLv4Ps-*Tl%1S?}#0ksgy#s3Guel~gZ)ex35Jw3Gg;fOP#E<JM?9KSfB^}~&?
ztQATqp`0MDrA?k`<9kCL;hV1l?i4sIU(4uIuj}`2rlO~zMWocskK2;DX?U-e*@(6b
zu52A4SC2P4y`;4+M_xI+aqNiwz;_i$zN9m(#Dj@Dp*3gxQWOfdPod(A6>cf(esnr;
zG4jQs>4n%r%G?Y%EBkQ~EMB4Fg9p|{0uGs(cK3-U^{>k&-u{(LPi!8hr+}yV^Oh3Z
zNU|#(?92$C9RkclDDI35fYO;y!!tXILbk>9*Gw<?MbYhR7)kx$AQAYxc2vnzP?=z6
z7WPwNe|0*MH6r6BiHXH7h!pm}q6-w1Z}}TitINY*-}^fQi#h05G>_lV64Z=Vk`Q$~
z2#M!5o_eP)4ju#@CFGb$_op9;63{}I^C=n15%p(JQ~BS{bo+gBE|QnvDk&$7)>@xE
zXuV9Un=2&L^)q&p1BKAg)+*|kUpznP1TagYY@_d|F{{%1t8;`{cT?)yw1mPF=}gI-
zEjTpiTJ4npCv+17#lJ1Tf3AR*G)V%liQ5bB35xj)tP2O0UzXCAKhly%h>BF%S<ZKg
zq}Srer(bww*VjyL2O{`29KnAbnZ%Cc?=!CV*gz`Z*{1lbsy246(=qS5+RkOZApM=-
zAih75s*8VrK@um9<GtDX^)Tam9pUCra6z)u7e$+Ov4!*e_K=wa&QHHNe4fy2Qt4-`
z&u@CZZ77ZPK{!eYWQcrc3>AZx)jkx&a;~8=)7@ZP#+4UDZvB?2Eh7iyk>|3DC5=2)
z_h*)rruZ|6th9rWNK9bG#EjU<<iJF7^j8T--V}Jm<K1sSV{6O2sSM7mZ5vRw>f$+0
zQ=L#suav(0T$EPFzZ7;i9@OG3=Q~G{3vZbwbh~Lveop!92D+~f;%mMs^y+d&EqM=g
zn+D3~09)pH>SK~7eIF*yMu&#iO(ZWWF4<G>hJH;{e4!HG%8Zmn<RdsRy^}O(%zJf?
z(*&rQLrlJ=k7+ytDQQ;Dr%Vxy@n|IBhR?6z4a!+bFEwhmV2b+Ml$t%<XoDv$&F`OD
zfDWqoe0Pr17!qo`m(|W=*}}Lvx&NS4!u<QR3`%vWd~GiMH)7OUV3~ngM&3BK-sM{X
zr`AH~IR~VoQU%>#Jp#8}qzlx)wOvr~y*m^_$|jPxk|BphD<^)jXBwPBYrhgly6?0*
z2IT&q6a_b2uZTG{L!JLD5zAT7N=YA;iaR}LC`nfE9ho`RolzZ^PPy@Atlb60m5ZXd
z*IMdlCsYAyE?Z?D%cGA#dN!1gd<WpPkd`oBuS<G^OaETfe<;jmTRGnaid+gNXdu>l
zEl71CkODUTrra~+$@*xG=ssD9gvE4Ps>8t3`$J|tp6RQQ{mOln-XfCKhD&N)xTq&_
zYl$EQC=6~y`$gqj?z-F5ul+|k#4zy*Bk$CJy04@5iSRZaY>rPL(0KHK74XyUMZMvy
z#5I!(#{MX!WD&|wZEzm-*H}H%rmQ$BZ+1}7PEHxV-&K!G(H77E+K9}Nhv!q4l1nH)
z8f6}P8nY;^6@pz%ho;MLo{8UviE9nFzek5>i|jcId*<-euBG_oh1UEBk0RRf6<Sc<
z8-K_h6#{VZ+?L90Z+ZXYM1n1mu)c%w)TP(&dW!-x@AMkbLWy5!L67}o&2Ml(l;o>a
zhD#Ia{SWz%pkc`3`veXNLGTd%Bo5t{g5>tz3L_zMv?&G4Sw#KtCz&#<|2gvtJ_jKC
z4iLdNlH)f?BV`!XVZ7P`*6=iR@Ivgnmb1~oaXX@pIe9eNNBUW{EHO7<HBByOE;xOf
zxG@BQZMV!Brx<?2UnxnG>TUDUk5(!XMg7ll?gM+{S|ecgPVQ)7oOX<^XJA?BrJN*f
z@}MzT{(#mlbcWsiQ?%^BP)6SgO~n6dS||d1<N#NLU3K(RN_AJsZB{DZv@)w+BEXg?
zh!3_8IsZ}e>OheYdrF;s6WCJPR7HdQjd2$U11}L9xoHKUv;m{^Byi}V4L8)ygTUt{
z34|nB6+Y6ZdE0s@mVV_GFGpf&#mxA8-V?URzgEkLM+t{kN!MXd%}v)q@lq5NiT#E{
zAtfT$wXCa!jGZw4$XbH2HX@+u;<r~bpo-4>-T#aPxH^+()_Tp_>?;s`do=^9XR(#-
zjJpNuQH_~jr$Px2tdN=f;BomxS`s@=fhvABSIZ66+{b@gf8e@~B=%Q(&f9$3ItRLs
z+ezpCZT5dA2$`}WIX0W3pa#V_5;%e&d{4W}3RjcHhc7@2TVP2_Eyf;->@Ae-ZNh7l
zHuf43RQI!WLO5*_3GaE7B`X!G?+!(fvTgYUn;zDFPR{-ck`V6*gD<mTNYH0<jm&^Y
z(CkgK(&KbboTotoLrZF<#!0qHg8wszuhc6i;MDD&mt~(MBb;#gU5`C~3b}FZ+DtYH
zLNQ>3e*}<wSP}j{2!3~)w6g5dUhsZluxj~vI{BZ;u(tgEI<S=Q)$3*+ihuH@<i+h;
zL;gJ~a3GMcxUZdTv6l}1Vys;_lUVtvV=wL}08{CO(D0JM3b;3GvZ#E1h(tX^zD3P&
z4*bc1&#|1gjDUTy$xQd|LPFGZx8dj9G}{*<OH*|X(mw?FYj?%?tkOV0wwr~b3}a89
zXVvMdgd8j)>938N2mb~2LY?~*sUcEw?nRX9KKX-D_o2b(9Qj4@#H=#wRbm<Ow@*wK
z1(+<&!|V+2KZL#Rd1?emj(QlDlktnfkaChz#wCXIxYo6XH=X-0MqNm^PoY8@oq15u
zbR%fM^^^*$PU5bu5@9ryf(iSxZEe^wl%kZbyz$`B+x`zUs~?hhH<8ZT%pCmyB(2}x
zctndAWP^aoQ$BIye?(G2=c$n-O&%(gS|vM3#wp-u_K27byUj*vsYS0%g#N443hHOo
zzPo&~U<ui(oUgsJt24!%mk;P<20Ys?*a>N>^F}LoO=6in51e{>V(%~de;=iOfCLVm
znywND&)H|pjebZ^zE(Nk?uB;)V8sJBxW_7+9a#&1XqojNY0j0xu*9k9mk;T>R-R|Q
z(p4e17B|__K?;Z;k`P|Y?|nerXrDxU(0>izl2T$~N``}TNFo{Zuzfowj&zmY<Jg|h
zl>dtt{#~NK)@~k*nJVezt5ZGpO88kbNw3)Sg|H_51}mqSFJ7=4FeXcIrv3x7PGt3`
z(nE!!_IUAv*;2Y~w}QU<ux<CH(Ex$C!~bog%~2dfojP#ADUEG^D5Q&xy8ms7vD=e;
zh53zK7V6z6^j~#XEW)Jeyqy*H$_OwBf@YmNlAS9FNqJu{jfEEU+dt0y2fIfJkvYja
zE3@t>(<}VSZ8R`bPKhL@b5ZnXe?Rv1xY;`EArkTrX^SD{9Dz#yev&<#&+@3GN#~6J
zg%_bk%<~6okHQ4|(#%Eq^9nK4Q8oqP70dbl9HJWz%touQ*B#8KdK|qLF>wPQ4L_$X
znt-i`XvS72{=sbS>19d^$%Y3^uke983GmZh3J-<qN0Zf@Vor#z#p{0*>e=Lb|0-1z
z+_&>>%P=!k->BJ=BA#s0(x?32#sp`|)f{TZJ}|G9J={%#q|HRHg7qg7MWH*DLj1I#
zeJ`8t08Jgfy#x(e?GtHm80J@L(hZo(aUufalz~@6BNBw``YLx+(lw(`IM(35p5<TR
zo6HZ;`mc#Y@rmW8vGglWSPK>N`jGY*b8WI;8||+Fh0O0BQ#?cl|ABBh$(lD~bdD1<
zH2Wu=@k6?L_!0#geOPtvFa<3Qe{-t}>guO#r7@LNGOkebQ<1|>1zZ1m4Mq>+rc0>p
zAF~Q}UoU-4f_3J9h;;`8GDlhOqm4AZjlm^VO%W2W<Wua1%8N9=Mo0T&j`n|u0U1Zr
z#8k#1-Z(60oJX>(u}9z9sr9$^lD?4<wnV=CSE)m*xKuZo2Y$8Q@ozR*AnSY@!EGC_
z-oxeLGuKQN|FRGDmmR>hW=)g{>bL3DYju+BE-76z%zShA4w=EP9c2{3LziPae>%yF
zPR4tG9S{FznH_4Loq4;TNJ;)fvle4#_P1>R(_X<}=eTPVsn|@_fR~!JYL<$T{{zJp
znLn3O&JLV@G!&8Wj1T)29=~jUvKN29;WBzy-O#0{F(m3rGk8EsioSu&KkrHnulD!F
zR2g0GoO$8>q9S!Het*XEqKf?$*+=73DLZ#3P{x1zar?cqC)%9THJiWRlYMvpal`H3
z8-{0G>Y3T|#_*o0*s;eAE`}ZS#~MGK`RUC5F_Q}yPOy};Vn#1pmn<CXwJFh>n<t{<
zR&8FnC~Ao`>vmMn$E2&#OdmgK<kN*6zdq0F&q(l|?8N9lI6l5$#E@~<bOW7ZuGy2@
z4LVb$PmWwO(Gprc{{L6_e{Q8>%@dp01|6opzcw2Q!&f4Hd|j>H3w!R~LrPV<v6G%S
ztLQrXBco?sr){Y2I&%F2Ho3LXlTuNU-{JUWQ+~o$j|fbCSMkAp*nTfnFFT~+x5lmV
z)XtE)d1<+5#T2My)n?npD)Ek_7YsdmH72<;y+AHE<f<Oqy~!-pjgr%p#kQw7#k41m
zA-P>v;5aFWLZ1S#ih(&%W^gs!o?X~*<BgI6LZuGrEYM{G`G|@ew19%rFr{(?rQM>a
zVN#S2m-WrB|3Ojf-VY~@sAXFCk{9m_@X0@6wSwSRn4=<#Ah8?BVNn`^YHsDM4dloA
zqCp+fle)=qF<WsAwZmnx`{0*hgGXH<JrtIDyeABFQ2jeR^<y^Im>!Phm3)grjrg|2
zEt|-<ua2GbohZ@7m*iy$hq10*hhHiUPHN`E@Xl(#40XRt?C6;4;fq$J3+A2N(*0T#
zGm0v8K}W7u;4l4pxrKZ)a67j7j-{(PS#RTvPBJa5TQh8E{Mj4#<W?q09n|@|EuIzM
zqU2h=wF(W3x-B2$YIX$2(D-}Ts)v5UHiv6ZYUp1*(rNwuD;xv!Zwm2!R}fXxo%x{%
z*9$BiauB+&3>?tQM&R<+6m;kP_JOP6S0#K03uZ`BLmw8Va{9P30`Rh(=Cupq7u!Hs
zuXPrzpt?_%^;6Bcli6Aw1zXZmq{@ic%xJ5al5+ZFNlwbczZ%%mc>`JXU0=M|g|u-4
zJ0-^(w&e*p4;_q^+w!`c?7)tK@-!tr22V~(;NR=XX>VN8^VqVn!Qe%!ssYvAARR~8
z`9e3UTMaiDc6CoRV><Oi0ZuVzMX57yJG?-N+CiDUX(jYd>Kb?xe1P>Y7Si-8$r(yP
ztX>=UZ`Vr;#MPw&2XAO+LbX~wo{_%MsHNl!d*v2s>$DW7p5s9s1zATrA6|3~kiz^G
z4qKwZyWSJGV<r3%p|dY9;;8PI2-l$d9#LXDx|MzfuDjC+{%iS>%mXHO$x$zz7Sk@q
z`9poK*v2sWW}m+_kMAK$8Bk|a-1Rf<4*kt@_S}IVqQJvejMDA+3i<tKf-c70o0-2z
zH+$QBS1Jq96~v?DJE=t5y}5cXacnsMfAPC#jd@;?q;_K|41X%;!YSjlg5MfXj4T`~
zvxdxi!XZRr#1uXkpYjXUkD!*N-!^@7A)YfS?5gnFW4_s1FYFC~p@asd<$RmYL+-KI
znE(H>z_uHnhA=}$p26`C3FaGYAa~q2{`MHanz(JO7!R)Y26W;9JjJ4Y*0N76nNz>x
zngP}GLKrdpw?}rVmee%s-0q=jwco9IBzL#X*gw+o#xYdG3ViALk6D*@mCG7Xb1<|X
zL`28z%|12pQc(VekhLMz^P=FVhPX=u_i|xLanOn^N;h?UU3u808(S7md7b3S&A=&T
za$Va60K+YLBklW4hRo3-O({AH+WSI9K4@I>i5a&#=|@o-i!<|mvGD+3w5nTUYWK_W
zKbR+Rp4GoG^q_)Op?jvkE9ES=p*$=7J*7C(%=cfLzS{;DRo-CSb|TxdI@#IsO>v=4
z&|#>&Mvmoy!@2gMob9A6&;5$j?x8=_9`DV4iW?(k=@d!RubMRH?X;&Jw<^*_>~|f<
zKb93*WmABQK%MmZfTox7bYbr_>RX?szRjQ??UWw7f9vXXT0dO+*_O?vgDO6lsC8)u
z6U^uo=4r|5-|Q*Rx>}@HuFCuWe#fk~{bl_mJc_;*P%a*<<seo`?m7Iy@<v`@WmM25
z+3#lQ!mB}0hU$Y8=>5HW*0TQ|%@=JE74Xw^kwas6fn0n_B6pz5U9AEI=mFa(R6$Mw
z=W@5u?bAv>eqV5=WHx|#B|7X<L0;o`QoJ>8%JbKQ_Lx?b!FZ+ixKGX+5$2xhsKsPo
zEuGyg{CmxqT{H(!ZAO)nqsJ)U+N2iqaq-1&=s}1m3l1kzu+G&Zp?^YK8_?%%7Q)E|
z&KuzSlTfG|+rBH%xq33Zwg&DHYV4OY*OJ?Bq)x}ei5m2<f^8;(Qh{M->|LRopTS>4
zJl7?X+D&bf2T7qiq}<kg6$_Z~;UE96`(ITPv$wQ=YJfCO7<Nhy)lm~n4vngDA1$8z
z7&WxY2if>p7)VLL*E(uxMqms9-&BQe!wMsXt-<&V8AbPuTNb-E?I(EP(b(`V9~P%`
zH5?2KP@(^;|28|VOr5+_tj@>BtPXw~E>-yP)iaW(?ZwoI)-i4KZnBpj-%mq93eWR<
zZ=^1l`}y4-bhVv@9$W$bEI8D^b2K1IzOTU?5Jgumr<cfe?mTdE3E#*!GhX_!{!F1P
zcSJEBAC3E^m-+JJ@R2jF^TbBjJD~QMMOSNtU)h4`Ti1_nk(0Q}Zg2Y3o2=|Dg!xrT
zkM=^xc_3iyHh3&`Vf1Ww;geYg>jk*+4*Ii@o~~vz-<g*`)=SKvys*Gpm-P;hosRm|
zV^M$OGsekhw_)!Bmmk}P)w0<D-Gm1Id>;Q?7TbjQ8GMvD@1_`Y7#Wa3Ncn$om;dbX
z2CjEAF5yTf14vWw1%rMJ$xA^_pnHqbX7pK?lpo2Y+)v|lmB#k}%?7VkG`$nu>QU#n
zHFNhqw~HgD%s+qaym?Y43+@jp@<&8VX>)^>>m%Wm8t2J%Q_c3>8AZoe2u_jYiV{1R
z$-oU?h?2RZ0ndJY7ZbJGXkDM-AUnx)GrLC#bivtWOta=`_SF@mQyAg5^FjQ<l$6oq
zmXwy#K7(QYN-I`d+hju+-u#XE+zTg)Dr`(%RoHy7yn?8@I>-CN@A!lAl0;D`G*$K7
zX}wzxQ|3-RoHYy0A6+Z?hVGLc!!Jo(zS3El@&}7NUZxR7j3wDOB_A<&wjf0@6ctwX
zz6+cx(R=A^k&{OIIO#Vmt^P#GIRY(~&G4=fT40D=3M&^gFV8cA8PSIq@?Cz%yO|gH
zb9ZYUk6)&(6!9*uH=Ig%BS<W$*gN4;A6|jxi`!k`SgVT1_GFt`R=EArcAeRz@zi-H
zz<rfk_-?k&|Mmk>r8GN2>1|GL?N=UT|3w$8x8BokvZ4kH&dDV-n*k-8K607rEy}N@
z(_D8m7am_Uyu~_xa=v>yVXl^S087z~U^Q1-m92O=Do~Ewnax$u(8204E#};?iDJ$o
zTH=Re%=ZPq^QeBIUt7J2%x!A-m=#nZdh8fF#m>w9n5kQ#tk(U91@!ZVDGvry-iQ$6
z?Gy<y>U{g=79V{Wu<tIkOvX-EtjxM>jp@i6QxE=gJlxxWL&C1iWcc@Y7gZdBhDS`>
z{M%IBws?8elYcatx$|uD!<NR$t`OnduX_7dtm&_#&>wx=a7*KEW=ndE$q&=6td70W
z$#7h})rRog_TlXZhsnb;i(b@%$v@J4Da?zn{3q><WBIzClJC{Nza!<_rz?E>g;72U
zD95VT3Zgo<y&0$b#qe+L9k_?7uPAf75sCJ!f8*?EzVTTEIzL@8<Vcxy=XmzSUh?qp
z%aVfCnkcDkEz-fVSd%iFvBlj3_?gy{)oEHxCw>zWqBo8MKzB;sq8QB&I_<sVmyx#M
z%4vhCZ%Z^$AoB|aabrn2&G)^PaKSxI>BF<@o`mD$F4Et+)UT#a=3#SwrS%RpuT-q&
zhD(zSygV}urL*MBZc!T2CEBb??n?~jkMcSN@ta7<V$)RpD1;faskz1<a+*z|`@yRW
zkYKmq*Z~3<bKcFYIq-UtRpd*{iUrEEUzfIG7_aNoD|zI`FkwS3Sg)fEB1+Hbmd{%c
zR;p|u&rvK#9Hp}sW<xmxsW;Ah8RAW%b%g^@8&s6rHPU|uR%kGDZC;q!*gKl#)Yq?5
z>FOOS`XlD&GOX<C@hQ`V?2n}jWGi!-4hA3X^&W&;e0VhgdZf0z!?%j8*d<lT_9jO}
z@c+0;r83D*&WOI;YLp|}=a#Z9NnuwZLl7ex;@o-D;}2r+R?fIK>1l@zi|+mXd1KKg
zo|k(H7|KeMI;hy)lk!>STTi()j=lA2>8<vhk#IV`s=nmqY=z#&cK}!=@D^p$?mj_m
zv$q&_U2|~dNhRGmsiw-)Y<fEx2{_W;_ywcvtyF7IYGGlCxQly#Z{Cy4YxG6Np!kGB
z4BGQp!SYN>#OueRe7g&W+o}sme6^g}dur!>Ie#=FSiGNq9A01Vea+ap<VSMX>n4TO
z<4<#^-@Xx<yW^l;!=N-Sm&Q=07QK5u$a_s$uMQj>#E;2MDR{VE^Uz(z|Hv>ZWcz6t
ztSZ=G)ZM(WllEr{%X090wbF~qS@rbe!@FffjtGmESgy8MjWhUuv0KU=5CQhdEp#{N
zp_p*od6G67pF7w5?)C0IDEKo!F8|s`8z0xqaz}^9QuE%sY{%yASibHQCtJAcQ5IAo
z-t^9%VQ*K0b<LO}rwL14b&HABX)#)O=vMB5d6h1_$WSW#{jU(t1BT?7*j{o)ymje<
zr80H}-*)}_4YOY<Zzn6W?2j#;9;7{O^KfaSUUu=Hu3)@-r`|o()XIuBI1(*dp%lc@
zKRcJ<ZQ8HfpVde|TxNYlmC}^yjwvISi8j&qR<G0#NM&rzq7Ki>N*ycHGzTwhTO7>4
zE_dAZZ21Jyw!DPw#2(3>`ECHCQ_A5oP3Az@a(u#-lUkWBnXL4U&gFi<N`pUiR1Zjd
zmM96}7`%FR*kKyxfcetBl)^v{;>`J{CZ-qB4u!awLVd+MaT{1QA<^L(G@8~Q;w!(P
z1LUUm1>oAeC&~RX*jr_Dw^Du}g?xyLc|Z1X(W*b0|2`$c%1Kj80HDh9-Ar!(e9csp
z+4MS=D%k`{tDb=c1)!Q>S(7`uYv1ti9i0A-KgJ}#u9z#)U9uf>U4EysQHwcx9^<&T
z@MKedS&8+Ccvr-Wr9O{p&#Cy7E2R#T(Ps;n7K?)8?&5VbO-5DnhdcZ(p}o0EY7(Ok
z%k|!(j2!~6{6aT%1jmK<PgcKRm`$!cauYGxxVV+<P};&y1ja1D;GSu>kz86Ie2;qF
zD3brctqZ}eeI{d9jWv~R=vpcpn<?p%9M4Bzh!wgur_=`0_0YV{5iT;8iwg$n#2(j4
zJSO8nP@FdZaOTp~v%)3*r@2dK-}T7)b(y}fzwyYanvvJD#0;Er_qJy=Yh~W^quA|b
z^m`QMtuEdAT8Z7q%XFU{S#9MMHZGX?W0Zfga?_^T$v1g@kzBGi9Ud~0L3R$qH7eDy
z%%>Rg-jE1UJ|~Z$8l1O7oBucnY|Rq@oE4FJXu$-9ea$z`H}^72h><<d$J8)FWt!CR
zY!U&FA327<6rH%Pxl+%LfFw0lTfxFpQ&h?ad4MF965r#EiJDFrSw>ZPRQTRpn<>>P
zS<lPW!Ld+yyQK5mxtmo=WR%{@TxhoL%Q9P@TD<s*6P;l9`o?~MRh~WAS^}1%ww$wu
zhUM9{i=X=jZ@GP0pZUpY)x9A<l65Wm#=U;dUJPc~(~LMK_ED$rtazMbg95>;NLehy
z%lTF7?B*Y5bY=<{Hvx{=f~gOrhYtTC&d0nvaex|{zIC4m`6|#PmlG|^=hrfExglfj
z4#-ch8b9X++@fk+&5$i@o2+r?BZ<BZ_1-qCA6z+Z$3wT<Em+1kd;96k9g5(yiPgRp
z(<R>Jm(L16cFN~z#+rL+Uu)Y7-jf91!e7+{8>Zxg{11CN7L}up(7oOeI&j9>{f}!W
zx#c^e*9Th?j=9{|s-5ZWSz)E<@Egqsy=Cw$H&N0|6hwmRMb55cag8-ZtmfL)+&BQN
zBPU*_nZNp6*3UzxhB0*WqUeTRb^eZHAP12@wesiXYDUontF<J;G22^oxMuPXZx2ti
z-1p=1ewDHglh4`Q7Y;{`2ncE>zHy4r6#t89d9htSQS>Mu7lqJRRs1+Y=H-I#8{X%p
z-lgO%&h_Th=?W#I8T*-ouc)0)I$>!Qg+Lwg@pt$V2|VR@j$6IEdu48IC^w948(BJe
z$H6I1Y;Hp3j$+N=8RE!xd}?WnXiI?5Z3?SAc#i)&te#Wfistgdt=#_H*~u`~JCxq^
z)Wz3z!UL0o=m1Ky&8?<)95U*e0!VIs%1tp@D)1e?U|QlJZ*!goR^)bhM})Kpg`}$_
zHCuS&7gKapsViP_)(CH5@hmpT#-MLcA>9Zw$p|rY<aOV?FzH{e;IdVz#4i8N?UT29
z!Hk4>W$NL(Cuf5%<~DgvCcY5eJ!iLP%WQ-2WM{XENtQx-A!ebgk12eH_|fky$<3}O
zuJT^(WbXmt<6A&Hd~`LesXV!@ImbK5doE+D(tH0{>GS~%qcNW`vhGFS*?zvl$%wNR
z)7`TC$M3E#S}ZvWI+$!<Et6fDGr6=(d{W(<#cx;HIn~4bu<(&*h7cm+rCy#zm`^X_
zbi6lwW;?|Tw=~IFyKo_sVdW*(+45lKcmR4a<YQ&?y~SBxOV>SqTfV23ik5gVJmvCR
z%X(+L`QPMqNA?=_D=Mr$@+-`?Np4+e3Z%>g?xF2_e4n9a9?Mgky=lUjqdjJnG${Ae
zu<`t?8!?H|rZTX);<m)vk)yP0b#7*A*zhHK^`MJ8IdE`MeP#(m`Aq^Or(ldJdrrLc
z(rD(%WEtyz^^|PooyU4^<=cXt3m3Y?yx&vL5^KsGJdVxpXU}PFQFM*lxUrKW6-rHE
zoSZSj^kKq0{aN8$UJ7ktOoWKD*l)I)>FH5^&0wkPO-`S8SB~rvthQ(+pCDI5{nZio
z)<GxMK;zl!C>IrLlAHY)%PZ%&S#GNtjnHLhyhXZjI>xCh(P=ryc)>W$!PL5Wz$(h1
z(1Ur~HQje4^W%NlPD8(CmEexBzLT*NvSj<>w2zf-{S<ViBp>zvw0CA<O`dDN@2abH
z1lo$I2&61qDI%hlc}j&U6$Dfy43R`dL_j7Xh6Iw-rGSDGT^6EDDN6xm3Nr{96ojY|
zqF@LDA(99o2@sMHLgxL_x~}i*ckQ!%w6DESI3@3s`?-hz|99t=rMxi1Jus%Y_-^>v
z%yaQ6vbsXnW{<b?+vhzihnPbavwLw3#%3OUr!ppaYf2{7?Yqg7h^2;94tJ|k;3Q@G
zrs@Xt&-t0-O>nmbn~@tDGlIm5>ei0uAJZP6{S9nt#>*(E#g)@s1}hk010{FGx+cA2
zX#}S-?g=(RdKW>AgEhc{Ls(m+Ox(uqT8(r4NOg$rVoUi!!3z!FSx36lGpTn=JAY9g
zW-W<=Gn>X|&ioj}nVd)PMmgR#{LVgZ7-y2$M=hUNB0KHc0wd*qnlq;qzl}KNuwyMd
z{YveC5?~+Mu6jO(i`x)i&Tc)G%a6TQm!W(r4FEF;un328d#~tOiw1%Nm$I;!kgVYP
zK(I-(=o5<v;O7Ht+bZec*uI!4GDCfEB(g0f)UznpZzD(S@q5T9>g?#miMaa|LKbGY
zh7^(&UAK|94d-2oM4j53on)`+fXwIXs#2MGwLY;zH^sJc<IEz^X13JNy4D*DJ?%AX
ztYfiE&;k=~B*;KkrgePLSYipQ_9*b6m}XJ!mQlW5TZcw(c7Sb8I<yD#ztSAx-y;}Y
zmJJW4?r)u}kKm^W1GaFc4Le{NeJ|5y-uaJ@d1aw69n!;<-8}dTby-n&(sG>x&b{Eh
z(y@NT#*5lj&b1dmva>SiJ<F3L>+HW6h>*5tkds6>)VE)}OXMGDRf}O6IBgm#!8hX5
zoDTJ0ZJ&X>^RGe&kS*EUVeef6$wc^eRGb>53boGXkAb+${%P$k6SRP)?v;C;RA$@W
zjuX0Q_5FRc!N&TKfozQJ@9{!SyMINjBt+_pfeyzf%KboJbqHQO#T-@iC@aCZ2XRi}
z?MpfZ)_4Ovq%vm6vi;?1WiTv+`HYBjpNUOAobAJgtRtv_uuc3o{$LQYbI@L&HCq(M
zn&Nd%scZZXCU3|y;hGA@YQ>0i6pBu|Ekz4N1=AjzHfw4y#{(_#{OF6+<l6HF+3teA
zp^{#=0DR(z=P8JO`AtGB#yiv{m%;##v_=x2^sVj3zS5^AM=%o$XCM>ApeLj_H|kQ%
zl{zg`t$x>45U%596E~qG>jP_9Lpz(~m2#dlCf*WW9^NgAhUrl)MfKKyX6@4fe-s%f
za=8S9EOj8(UVYd;4|{Ct{g5uH>UL#62=TUQ5QKxTCkkmW94c{Dn?S3uA7m2WHI1e-
zh*!j#@te~tmS+tlkog2#GPSp;w`U!)D+!TNW{-*D?DF!*U{xD;m|P8hl<svOPW`@t
z|NZ7CYdkn^<c<uKC)MTo6Q`-$E`u$O4ku2J+rm!br{auAeCdnYmT1f)L(G-+Ul0=@
z69m)7D*7-oA9TU_Y$I7a74FieMEbCF%Ojv&HffaP0=j;tBF#C}-5}#Rtfi7Lw<#<>
ze;M}UVreaN>XNN?;cd5beNa*PPj{>&RN0E8-FpNoREF*%oBioTy*{uyleXrtRa=xB
zB2cVF)xUb)%4YU;th5C(r0MzWcanmnc@GHgl%X9PwwPD9($<LkspKTWwYA_4f6mp|
zR$F^@pa>gQQ;zT3Q4G177?V*JuYbX&??)f8U_foGdMb;9k>5CQE!_K<&d?6;w0z~J
zGFh9{wNJkbgS-@i7{#u%NQ+YuWUI-suGjvF-;skf|0<+y#|IepzfIH;8${q&hP$ac
z+UUiBF|!6Tvb013LYG&|ZAp{ngPu5@gc3A`^lG=)5hHEiy?$lq3sm($vGk!s!^fCX
z$(lhtM&a~tT~<J_?TcFQEH@Ejj*T5*+f23nrQvWQ2X(Qyn~Y9{RHp2;gS}}r=albM
z;^$4S>DG)K=U#c@%5I%4aljt1YI%lCsRG`hvwx2TNRm1u{JKZ@^~+wLDKvFUtaJUB
z<F6Lo=L5QiJG-^_hrc;RI;k5KHP_J7Db2j;RFCBC+gyXHhRXDDnQK9KpiArC+nHcN
z<ksSqLN38+cY}unvpfCpy$A2t2~cXvokI2>{X~5~L7|WSC{A}zia;gY^U(fQrO0UJ
zWe;!`=5<^MW!dAM(yUvZCUw+NO<|t|hx6sD6Kz+oIJO}Dl(@;3nH+g5NjcQ9wB~u+
z=hP+TbhR%83m^Ws1IfyauAP1QwBGp8D}46CGebw5Q}NO^d4+Yd*Ll#!w6(OZIH%E~
z95&*o?i2HjhY3Do?S+x-vZ_>%A;LEI08~phU%1EHqd;8WM6{+;D~D2lLB6W?h!gv3
z_I>QUdEzlqagCi>3$Mrb<@{6Z_~m2gH-3hVUx19|(;Y6*kp`$f%W$u4DHYl`|AGNM
zTkmjm!3<x6pKffFJ+JAYiJZM|?)5@@+f6zzj)j5`kh@wHg9}UdbV-smif!#}QK19c
z0PAFQ-g6XzZm={QHAI1*Rm5z{W`9x}?%S+R05gm3oa~7}2_@<M!sc4gbBj9e*B%9R
z>cT4(5#VckBJqJRo#sQzZcFxV&ewXo!2Gx8`bu)YL@Ce=!#dTKOef&W7147#LdS~I
z?O$XPZ}1zp;aS{%8qRlOaN}8`ACKt5X+H`Dk}5;M%Iw{kx7G>jR%~i^Uih_Qr}qhW
zmj8#zdg@nfRG?PglVO>WHnCs;q!=<1q3wo>_GMD=m<0(l187`_-D<tTBdGz5Wx=Hl
zC49Xp@j8wQ9&EDX6WM*><m=$>@2!Z17%PhUZ_C|14OdMrw5PNsNuPJVw#gZ+R5R93
z=a)eEFNX=6Ur85gf;GikwgP9^pfCFhKmPmvN5t7<<R-;S;39UY@f(xlknxrKg%FqL
zib^+SvnzbCK(mrB4PUs0Q+DgbKX1V&T8xkP%#AkS2L3C!{*X&*dc|rA+wj)pGiW=e
z^2BF%!aznSiAPD%gO@cpOV=b}EK0R?V8}*nChxt9XPo$HsjI3lg&BM%DD}eZDR+l#
zx9NalNN*rCBWmr1m@VV6XK<3KsX9J#Avc50To+r8qc<MoeE%^&cwLz+w8?<ym~|S}
zI}-AvrT2(g)!J`^sf$6@c7q_dJx2>?qG6bQ4FZ!My==V4ZmVRw*;(+JiubwvR8RxO
zZ=yqTlVLbMp~n|ks;m4H``42^)`BeY2h9chm%mSB%jmrQE4kq`)8=0I)|rOx*i{)R
zxi)=12;VXIikqKk%(lJ+g(rmSjOS$21CRzt?!7*!+BzmcQ&@w~lrjTrrRP`)XAS&B
zq&uyJCu#zPdarha6G_{%lHP%#y1t@x%fVN*IWVZGMxf#Lb05QZ6wp!ZU1ecHhD8J*
zSgC0F;|L6<blB-|hW($V>Rue;vu5pkb?=9zE7HrgORgiT>E*?)adGxm*yLo=m>s1A
zg+;mdioYXatBtRW|1-O=#`m52_;{>SeNN`HZYxt6Pjsc?th=``sNb2xgYr*xwzYBm
zSyM>F%NJAZNs-ighuO@#3ihotRP^ED_)b7AP}+m=iCoiVf=MFUe2*A|vly>EY}^>~
z^nM|2vejzu7n}&U?=E;&h<<vaRlbSP=TzlRxle~gmnh%KE9#kT@qofbf_XvK5ewpA
zx&RBh<PptrU!IQO<p{Lc_Escjf%mRBuW7%Y@;)0!N?nly<>IXLF|)dPL$`_7Lm>O4
z>k+kAqd|tHL$%~C>jJKclh>^(C?)0eQ@9ce12LyqcwMj{v|}q%VlCg#Ni7RCoXTx{
z;4Xez#t+YmCNEIj(-}-U3aqa++XZOHtCIE8BLBbnz=|rMREP9hMhCo-J_|8ynZbKD
zynjFi+KU`AIzg)ntsTF3wV2d!eSC5whvz+D6-Xd!Z**c@jE%O^DGWC|oM*v!Bi*i=
z{yi>cn0L;0P67!tnP@2N9uvHJJDFLwkQFF7Wo3GbbtM{g=pKmwc61m(VXBo!w$h?#
zn=>p_L&N-V%x)|BGB&sl+o^3(1MhtwI)G9Y9pi4F7-ByT&25_|W~Ui*x`k)bGYclb
z=U9gA2e?5EsXb!-gATA;q#^b74A53-u!q98$&YL7PW(Pz->}{7X%OAj4#sJPC1O>X
zyh}vOEN@nYBv$;yrNE1I*Jq?V?!vbd5JfaIKg`kV)-Fz;_iWtPx_ySIDQ%HkahOA%
zX1jp@d*UrHqt@YCkYsH!gwGHub>M0h>AyOsO1kKBzF)R(I_x6D-}*fIc`Ev$^agPC
z7yeO?n;c5=IB8Dc+e=_&UzYWn7|Z(>J(5G-5DE`jepB!d2VBC3=xZA54@1RB=PJ5%
zW?H;9=j7ud_h!+Pz}jar*jUvv7E)vUJ7Z(9*@OEzi(R0f%0Olf77m@TJB2vsbWKR*
zzTLGA#<5ZRwU`eI%eO3>oG-&4i&7VKex3%&c&im$_eHs=Z0EdRP3y#?DMY!|8E?os
zgDjNYoT^we7mRmYtJcW$DT71NB_lQgl4NH7gR4w=XSwMvWZsi1)&*Jfk0X{s8%S|S
zgvw+mZt5RVI9Uc~TRH)W*@K>!EG+ENO}<gxDL8H=Sjmzq0&C|#Mb~E+15gT5@0zl7
zm$Rtodmf$Y<K*fw#e%~Ph8}9*ytT(v`d>MMKBxLtc!$^9GlRXZa0$$BQ*;QyYja?a
zhnOw03E=;?yOSGe>u#5yYSiAVQmk|VlZ2)#HI!QoF)U03XV)p60vT<U9(X^L$t8-8
zVv<{@t^y|4m|Uvu0)yVaE-N>eota1Pn{L?VPJJx$CKxKQB*k~>MY0h^Yv_jZmOl8!
z$c7Pnu46h#eMVMt82cK9UW@9;%FLt*i;q(rMpy%cP)JxjLD5iym;T^Rkrc=!ch~r?
zEOlMcz6mKdvk{w;wxf-Hxsm{bxr{szSAT-3J{v8XAuz4XXCI2dJf)x*l2FUFkIIT4
zcv{l{+fa{fj(eMg6?*u<uvw?UwiYk*7(GAk?aCaki9$;EH<3C6eSHR&IzLcyt+=h`
z1CU&{V*d{=X5RLvGVz^~ttON;xaojRWg@@gqWM7>6@IG00)6xZ>u=}xkEL!u)FsBf
zQxtpyi|uoG&OZ>jj;L%f$;?kqj7&PETha2o9?S=;d55G$RnzhEzF=dc&BIK&NTx;@
zJ-FBXaY~v2XOAUg)~2btrJe?P8}awsGa-`j(eX_5F#mLBZ3}<@jp(L+)LU8t+HDSS
ze}PkA3|TJuQokCe9eya)3#(YmpYW&8+A9aAk~g8;JWB%(`ocDun7dCiO|ovLfKRJ`
z8XeB`8UA+^TA2!=X3l@GgMjyGkIpVpAH=ct+F=_(=(eS%6NnUO5n`KHLH#C@=8W9Q
z+QU&BG<&9NnuIr<V<Fr38exf&37!kRsXJz6nGHX>lJdeB7d3o|4~T$xxtQ<E_KM8F
z9DY&bVp4k5E;N_U+EIM@?yx-(ypsQIVCC=o>_|~RW(>X}<wYy+Jfl}yaZ7xvSNf}1
zr%{T!@D9f-lE;edH}>Ub3Cs@;zdz@XJcf-exrSF~%|CT3#um|IMuzOM(GMLye<<H=
z=dhu>pKNw?^M3}@-Ci?_3EuHD$*L{m&6mUA+h@=wCb5>Zv=%>191ZZ0fFv>UN0P|S
z7G?<$Ll~ycr^5ovPTXMLEIOS52qp26?TkDZWAfc@<9ju@jU<m0S$M}03B_vLqvaEy
zq4zYTQRCk3_3A-~UjW2L(=19&-2N`$utF9IgamG)M}bQ8#J9H!oyn6<LJ=j9dD(Oe
zU%E}7eO-O;ma0H{W+;=^&EguByEGkMPeO(%Z>1&7(_zGL6e{h-s<BjBIyXzmt<%oF
zd2+jbf2}vj-H+NGhicAVqrA@04Zq?4YvBO%6+9`@sHl*XudBBbr~`~yZBwOo63ZEU
z7Dme@Len%F{$fMQjPx0PHy3l<JiqUXAVU335X2aru9ic`+gMa}lE(1k&`#NZF3_*`
zihuGBTGzh1T?mL>q)}`rY>R<>fz=(1w9NYHMSe%l(&W35%ONlwlDe0T{5rTLNtKDn
z7&qHjcM^QP(>p!i#<?D{YHlbjEKDPp*08zpk();9v6n+NfV=4sp`w+T&AU%`fBB`z
zu5c?eDe`8LU9VUdS4QDpj7&TV(}vTy2gNtRVy+w5mAp_Sz^9YNF|PzJ^}B31XFP5!
zqLbg6z{Vwes1)_oa$zb(85bEe=z}1PD!=d*gn2nLgm3i;_`nUexr)2kNn1l#TvIzB
zhxVgzsbW_pTZ&X%0_MM)2F;6N_-BuNl`^&Z>yKAoS0nLTi4kdgM5qYZX7^mscx!l~
zcR_52^8K?k?KRO_Rce7L5NAMVAdJcU>d(owvGOuS!|+9_TCBYq+%O-goOnYFowtnp
z_T%)+gF{cY;v#03(SSrWJ|37^*&PfBI>)%r+y<IO_obsIsJhDz*%-P{bp~uWzKt^7
zLC1P`pFb8FCMjAG;1VJ?wd16B5T~7fxG2h<@)LPXj4w$}QQ}WuVAI6fu~2!kDHJV0
zP&ju{F3B+O@6#E<CdTo6W==L6Xjusv<Z<7D5IcwA2bFC7f#+yM(PfkJt4%{00KhxE
zb5SfmJL+0@t&PsS5E%qPSF0NLd57xOEy$E5kXpp6>Kv8mt~7Fd(mT|=gB-a5kj%n{
zYd8};WOiNWV+8db=C=-TBy~J<zF1yCZCFYwVE;~xD@r0v-XS(TPQ*N{q5rN`rer<c
zHs_9JcScF9%xlWS6>Xj{ddPK-E!<4jXY(%j@Aof%QbgNNwl7UvlX9-*gq+eX#v(E(
zt8@x%>F|c0swUCtDs9&6UM}hV17SK$^48j}A>L=A&5l!6R!HNtM%E8!rh-pL?wk{Y
z@Fv+_ehb{zZFL}LO6-TrmB1^Ct2!q_iUHrx4(D3FgSaCj>ERm^l!}R}cvnP~yU&NH
zD1o)Nj!4`Vir7Xf-oaC`7WoIK6z?TZ;H3csV=pU(z7S-r!Fx8xxw)x^T6pdw=&fnA
zp=Bc@Qf=5KFPjsU!25>~#gMxMf+6|?weI9t0idx~vEmVr!uJ|kl$g5Cu>5@5wf2Fv
zmm{8Z=$qfwc#Gz>=d|*YlJAE%n_|%)QjfxAFJEyJRu3@7E2VolqexR+$u6=~S6<Q8
zMKI_*Nkw$3B`A-+lFXaXRWxcu-7b_M(0>x%suEZDdG-8PFdL4j2YY?I8Dv-3Z%x{}
zA+}?Vx#|HmpI!7oh*S4EY_t1rFw?<mG`41Gl0z;|h%BuOA-C#L(C$M2@wVhLJa=+v
zv8x=;=h{#1QViRZwp+ONDS)8yp!m^=xYM)JU%<ieqpp_0-_JsrH=V95c4g?^r2Qk*
z{d|OqTLQV;LDGNTKj6D&PCi5k;JJ0~`#@RZi11&+f;IBJUf8U#;j?Y&`k855dqFBq
zg4?+2w@0`q87k;>Z?^vI&zLA%Jq0`eQ%Nhe4lVe=T{FGaN3iJPY(G-e&?k&^nJaFF
zRQk2BtuG@IJV(~@I}N;(-Vwh4X|GpZYejG0Jb;vkIhdQfR;daJ#7${_fP8@H20AWZ
z2yA~N-u(w#W@6;cU4R!`A@2hHOhvGwOG2&_fE$~OPMlAwHGNeSoEUj4wiaNgVKYZM
z?a5ZHAfc<#dXl`)rVq6!z2nnDR*$O})JIBAW|VCan3%Zn-DR>7R|5{19Z-Om%OA~(
z|Db>9FZXnCShrEY1@!Gm>e5n$AY@EXmw^C|K`$vW=~xcIi-%rHS|v24x<0{*;TR^9
z^`1$(<@W-a@7Je;Yu*~-g3ib6zjVDclxvEgZrh=y43VvPF9xhBAvD0rC4ZQxi0B>J
z{GXh(3Y(1El7sN;lg4vH>^O*fp}-~Q?A398_sdZl^f_uuH-C1o_pWvi_kHV*$i3|v
zj06^4$l)5vs#`6^C+7aW8Kt_i5AOLW&Z)fY8<->zNr&t(A+_{LHY&PXa!=)};Xh>b
z#-VVFKlh0FvCp5VO?-RBdN*vytXXh^dC=r)Yk)Wf2HM9Dohu~u+xdi-CSLzoQ09I)
zSf5TA$dp925Geu7Jb|XZ7N3mS;|*f=fi4!2qdKxwV{GYY5|uDnZD?7Y+V|+vF*n&`
z2FJtl>6cej`-G_)4y;tNL(BPBdpB0*E7@pm2aJiQmfxH=f_`%4pBDWQ23PA7WuuFo
zw@@nTN~{LBndbR*>IYS<dBE8C^2>v|{jd!hhP0<FU6~Fs!dj^Of9+KMrUVNDxZ4fb
zpMJNh1$XH8?m3yjt#`k^s6JQ5d!6B#WMS0`D_<zG)RyxV#Xo20p07a`u*=&dX0XSF
zPh7Z~g{tX~09M}H^AzZ!C*2l}Kc-h_b|^b~nbj+rbINDS(Rb~2M?8}u;5_gx6pTt!
zlr5uFy{Y$iuuF#(h?rYSVQim|M$=Z}kE9}Nmp^3Q#`L-Lw@Yg9ef>D3)kcj&fc0`_
z4=^+jn74o0`}oy<)kYPqg^uqe2O*1RrW0~=5Q^}^wZZ70ksF@NYAm)v9%AJ(MPR=4
zV}K#;f@|r5dN7aRVy|A_tCzjGthj7n#%bL~1Rhhk@V<_Wnr)lS4toeTgbl|x%VfCc
zW8oQPlT+n{<i~5K+L!HEV0v&efM*DyJa_K{o<Ou2IZV1Q9iKzBWnO>_v;2{sM9~+0
zS9vQ|7brnXcp=w0puA2~u3_Qzumsq{`In3Xdw{OG>JWU4P^a#8A_eGF=vHj&3VP0c
z<=4^W=_Wk>nywe-u+L}S;~SFiw8ke^wWHYSqS1d(dTsSR;z!U@*3G`L(A=Xe#cInJ
zSo_tCF&6RSm8;>)YuUCduNi5@X8ijSjNcqT=gOHRu!Vts*GI9(YZ>)s;xUsD+^<tL
zRQ0V~W7{xZf$(61_D#a^E_s*!KyO?|@Zw~ppr492D#gcv*JiWnz1vgaBgTPYyX$w>
zCK;#M<6o8kHaLW&>r@kq(UCN{8r0h(^>DHuueA9lJrlHJ6z*m63VbngA}LuCmypEJ
zrytFabqQ!F3fo$@{lYSyU)@taO?M1X4k)aw*h;<Ac%|Hfq<<2D)`^s-!;)`m6z|cm
zhdq;_+#d?9c23so?L3pER{|v^!T&wwRsM9|BbyEQ4i!+C$G%RXWZ2%i7F!XwWqeCF
zkNG7{;_d*p6bRW)_Wfyth020?@IJ?jj9R;%ENN%gzy!|=&`pds9UF=sl*@Qm@DWyr
zGce6{E9I`ahcg5SdCb*V7^(w^Y+#1dTUe!N)$*8m0A~0N=j2Fkz`v9=b<PDl)$ekE
zYNZ)<UviI>17`MWuLnthx~AYW2B`@j!rAm{@^^DxA3k<>wp>cq>?HHsE7LsTSw1Zv
z<2j<R5o!^8eps`VOl$Z~#k<REpKP89uabM%F%yd>@3DdQ-Ef@O2cqY(pSc2qS+`A6
zLf4vZpm+&U@=pZn=!sR-WZn!`t@K7Rkej?F6=m5rWTLa3{`~0|gqaw~7KNskZRcQ!
zKRr4E9_h%T1O$@^M7#2B%p1X*JZ(fCdl=w)0^DIr@v?b(>ALtCQc>j({LEyfx@q9<
zh%L-*Q73*pq|VJ|+dj7dI1GQr!(+<ymkhykzS{?ebztQ@fH}qkP5D-mRYrOBhy4zu
zjb)W|XL}#lA7LPwD6yX2Za8!sXR@m029Syhxn|>Z@sw?1*lxw0!sPg(g@E9M3z@X#
z#L&sFnkU(g0l|X+ijoR#9yMh0O2N)cTJJW|bY@s?kmPM3es#CzPg!X-;U#t~y1!&_
z&CTDv!`n1WnqiZq<qD4!x$Mo;{r+G^CMjX0(K|vK;43(|fhFf1Qphq(x}S-^>Wq1R
zQo$@DMmW%5J>t9eCr$FfH1vg(!iG@WkLBr|%8wf*rh-=`xjBPzVBpasp5SJ&4{HR-
zxB3Rbkr(-4n>fUiiv3X{M?jqp!@?&F%h(eNQdGw^3ah2qEY-vKc~cZWe?1}vM)`L{
zGiOp1z_)O3oUsVNoD10chsqRpXHe4y(s6M<&-)O^GP@pDA4so_1we^MU;}-{vSfj}
z0Eu<-O8k>F|Ln6r%tw~Vuk8^TQJApVqK?)Drav%<tL}8d@sB~9%Lpz;rJ2I0PT^bn
zjyv|19_Y0+rTf5xI&>yL-IV#p3h@BtHAbklQ-olfy^+p7K)h!^fPaJcb6Uz+5{G-?
zcEz##;9m=#Zt-OkvEH6!J+*W0Lz;D{`>qJY^waJFwzv+M#V~MBZN`XPmD3p<93N?1
z^v{p2hBeIU2S8u1E~`33c3#5nZI64hhOC$DNXisF`&MDeP58UicJ4I;p93`gY=$@Z
zi^e`#v1XDsuEC8k%9BXsg>oJJt<u|bXsh`N7Cin3hYM(62klQdyZyISN5vzDotAI1
ziDP=yWL?{dO8U0geD2ofv%!x*J13iuMx_SL01VT@)r8z@5AK2Q`S9|;^fq=MFw}K<
zpPLTrLr@b3Ztn>N|B4F>AN}A#$Y$3f@{#Z0;TPul*Zjq=^4N~`yLLj+hduYMnTZaG
z;{a^elRm%xCf&zh__xDcaxfH0GB9?XQm|6JaaCYY<Ot=2qK!u0MZWkvArO5H2h&YI
zmD`qq0XYhBz4Tlkv275qf07<?uUmUXap~&oFq$bLDmrUO>n|~ZXTbo{0TXh{Ko{%B
zi-M6kf<8QpkyNB+c(F9>iK@-D<<Ziy+mkff`%j?cMcY-+@bV_o)&j0|k{rHiQ`-sF
zv!jwwYdZsN<fnwn6Rro~)R=$#EeJ+UI{j@~4{0fg6QpYHoXcHXZt|E|7k&W^15YX9
zg_zj~r7dw$5r{Zl_Kh2^*uxX;9mbaVC*$s)nL?<~`of|-Bafltx&l-V;>3FogH+-(
zRID~#gAS{iB+4WukOxAuSffqb#12<YLF)n4i*@B(hx;4%23@q<SoHAlu=!ATE8E>A
z#2}2~E1FrP=kd5DoL7I$*MPEJPv9Ko$f|kz$*%a4pnCOaQCRli_a;e^NmhTUa+a&o
z`k<A?H`O)D`Ce-~p1w^-evEaMi36DcqsF}9<obf~3L1@Z9BF(iDe9aDk1mn1Jz`cD
z3%|*z;e^8XWpooQ3IM#0;HxA>F6}vG)evxsr3K6erQ%HqeCpCqHBZv{8J_iVPg2XS
z;tR$zgm0b{?zWT!spNr-x91q#Z|Lby37$i#a|+OWIU)Fl;{Hg?@bUnGHoD|KdSAfZ
zzc73#VGzHhL?OQO)BrrTdjPF_rYV@Vxml*IVh<ErnGpY}Jp+$_q^!K2R)-EBz9e7w
zCzbpuZJWc8`N_A&bxl+9$5>DKueUoV4JAGhuLnX@bQdeEU*7=gj6!r;cGxAW-uo*A
z<98Zq+Po@(Vl#|1VsEvD@B}-%TrE-}QTIGnSb<`Ns<6*5r!M^FICw5#qt0LBb|QnL
z8SK<nA08vLE~t7XHC!9Yah=V#+NobOA)sE_P|89kh}CKpXc&}r7?G(}{ND;4)|Z`a
zpmviJ?~}E2;qpc(HESNx&o9LiSXWTViw_Jfl>%q4g7X07^=?Xam=!$?Ec?Ra!`G8K
zcnc|i`5L2o#ekyjVWmVSt#m2{d?$sb#>V=KV2<fA<MoGfLM;J`j<eLYANb<T3b?lC
zrims-O33anTFXR4kw+w(znXBwnr^3FR=c?qc@i*(_$zuwxaMC35@`+j){9KRb8ON)
z^J<ZzG+gL8kRRr3PrqA8b6ec<H=)JgD_?0ir5=&AWLTJwz7^GxG4}LHS(r<1kW}3{
zY0_>8%1@N@LjJ&J`4`+-0nuF2I!^7vuy#QGP<#wRu`P8uk%2*tMsYggo}m7E6OBlB
zlT>4O)^xYkfWFcv4D-*uCO9M;z3qRjPNhws`+Ua~qPtEjv6gTE%@?wp!gjNpv>3c4
z(7ImkOMs)Z(lNQR>tcTvv7{G>b%~ePvMzfB3kk*C9HMGNGM+t?_OQOA?4Y)!!zS99
zbg}9>GAb-AS3c6zaE_W4KNq`5Re<`q`T~LbuX_Ng(76~`rlIQ_BIU|ZG}_0i!!}!)
z2qrPPyt1jfHOM5iMW7Wa&Vj5ApEYGjw}EZu+%6erZ1_izBeBz4bn_S9Qwv4Rru<^a
z|0uD7MKoL*ojRTz#~~fJy9K5G=HeA}7#*x={5|7z<*zMd>s1NNE9vH97e`(T*cqvB
z!vzca0DN{`7IL(Eh1+wVz7{;`rpuB59!!?&I~pJTqRG8Y{fu`3*tW<<=F!!}ejq*r
zg{iZd{3c*`gDi|ow7p&i)lQAh)FW0nxbJY8TpI|EJW~Se@6h~P)34I#^;ro*a47g_
z();q!T~S<FM*TLwF*aGvu!a}h5JUMCg`$inUXdMvP^w_D?o@eh@+|{E&t<*XtE)MG
zV`>#4oe*%%h5277EbQPTtrLGOIM7`7R(doXn|}I{Q=N=A(nta{fBMVOD4G&|i@qLz
z>~YkFl41VuHU~2(?Lm^)85a+4JQG%97@cPVlF`0&h9LJzZ}2981@`Arq|jI7aakFq
zUg>0Z^9~rcckpx2s&*`J1NHzb2sVIdek)DT8$HmCLHvRam>5a$h3L{=ywXVl^ijJQ
z;)DHoL`tJM=#^={9V@!q4)%S{sknaB63UXN_Y3coO#;>^eft?|maeOzNx1DiYbqs)
z47phgU9dDyYKN3w6?&;TK=V_6I4qalF)wIBFT4glae`HQe<K(l_o<$Ho}lRHM@bt2
z2<2&`;HgfWfD|lVjrMZ>n9nR=P<HA$1HR0GlW`vMO3B3$>ZfhD&pwqUW71Z$g|C#>
zoG-?x$-On8OIF4jV?a1eJz%z%4E;soVwJ_787uspMpjk>^tBBc2JPx~ra-ginna4L
zeeS0`v-ZH&cyAVug%b<do#VLn8O}@J0%#3DI)4Xu_pp*f4~q=#dE@t%&%~6hWj#Vd
zt83_w$-4%pZ5*K;SdL7<MwC~JFSRcz10DE}L1B}c=cBY1^%dO}HN%PT?nX}9Z7JV8
zbJB}j6Z|}~Kt6x$V#_wBB%_p&+=VF}Tkru_s?+qu9$@?D!vE&+?$(WNUatS~J8wyI
zr(v3ylcK#@)$#IW9=u+Y43#vBa^YasQY&B;J`;IBGARHsB~E)NT6^=swH!Iar9YwH
zk9Thq?6TLCVzqD-3`pwjX3Nf19!tThHe18d=$4orcOAT~%Qu58GHIfeX4hI_j3=VA
z*h=O7k?htcYHZWqts+PPW+;)BHFdgjXkv$8{pX5d%bMV8L8^D>2mU%7B`O!)y=2a$
zBn$I@w}%$zM@au!RsHf+o@6~oHXNNC20q#4Jy&bR{o^A~$@(ODi6l$&^NFqMgA>GD
zva)$a@Ud5X4(O&UpxWbxNRJt9$<F{a&9@fo&b1ucq3rgPm@}&l!xQ$NK^W(A)3cI%
z?@$Qkj3s*+%4^qW4fkdoHYT}*$CV4FspspVe^IM|PlpC}r)G;J+cgdEv5m^6+lAbb
zCC3P1R4WSgeiWIvEE&^wyg>nb7hZ{_i)cqcF0i)q?kxB<z15$6eaUJL&^$rztW&t8
zO|Domkc!<)q3U{9X7ct-<D`c}sCxxx+O+^8bu<V@PM@{#ZkiGEm2ku_T`-QQny&Wo
zEtW)}FuDb~!j%Jn9}5H34uQYX!oUY`c7GkLtY9_~Dx2uF1-jFV{~9*`aIO!0YfF2j
zXsr`%a%tc89`W0Gur{%Y*mvX0QN-zc4VisAL=MpJ%9@9{_`lIfU_bU&n9WA|u*Ve6
zy5QNCYWv&p$Ay?u2gCl?VQ|jHXXge8T&u2WBVWOUKkFb`@;y+*g%J35`iHx<YFMp0
zO~Nf1;d_)#AvVanDa<|udEcIs$heVC#9yjW&^nTw_dXSrl*pmA?Y<QTqf&)aOS5Lo
z9p>AJCvAVTOWq)##=CeO%~?cysw(`h)oFDZuao9-!+bw)7|9#IGd40Fd1{NSvZZ$+
ze_^uD+KP5SY`C~ehH`(&p!~yQ$tl$<`MTf;4wo}<^^P5k5vFD^lzkZWw7aQil=_Sy
z=7G-m2HgoSIMMzr&DQI06;KN1WAq59g#%Dw)2v#te4i!zj9}y!M33idLXn!zcO>(1
zUjOqc1ZJS^gC6Rp#zj4UDm&~Z#37F{2*Ms7?iIeJe7vC`quy%9I;P%5cJ3}XBI!yQ
ztjGkOs(*sFrdNB1(VI_7f=m2$B7~6n7HHrDu$?rx@3Ou9kGOLHa|hTHzN5JJZHm-*
zXjoJ#Chp=er*cOj09$)@z(LJCk^58NerH(zawZJ=Xq#bg)c6pG>Ol6?NtoA?P~XDj
zFw<qKAfUu5nNX<FX!d_tsU#ASsy1thR|UYz)A7WwJLXGxRI>F*p+f)gSjwC@b%N<w
z%?!|tYSJh0`Mmwb<E>&p<sv9&D|{GB4ytoxE8%0cILXD65UuDJan{?yIBoI<Kny4@
z;s;2&m<)DbbYx$uAq&7$qz$wmhMcVu-o45ygH!igUA>w*v7AGIr;^Uw4_jxm1yTBE
z73_J!^Jt<HHqlyq(-g)8QL|<NDo)}d69lflQwi7vU)@6;0Ro2UX(*@|*F1h>KbWVH
zmEMV`D)Tp++z568R#IGDuzSz3(xAXeiy*PtL5iJC)8`~Nk0P~~^L_+ImXYog!ol|#
zmdh%gC7;agPeZR@D`PH)DH8!pOX;P|*DMbE(ot0J$sOHL)z9)iK5v`eXHFj4r2o;X
z8UU(@;@nY%DlOVVAohV+++=ssHfZuxZ|rF<Ndio<6(j)pz+?x$l^BQH+ED&l8ej(0
zm*qX)yFOB4bF)-<KH8W*PgS*Jj<5x$S(6YUZP>{}=LvIYmPMz63{LG4*T<EujVVh3
z#pN!3vBIWQ4y{!bUKSa5e<}S})3M}}k+I|Mz<w6_6|wlm{v&t-GY@oAH;-4CG)Y_q
zdC+9ggSLL#TgRoUaKiIxoXxWQfkLCKK8}t7D)Ujy#8`pApT(ziN*z*4AJG<K9oc!y
ztHMb+9D8Z_j~^KLv{AabCt-BYDuDe<#ZnJ%jW`V)y1{%{b$4OLvrKY~*eb_!n~Wpn
zc2;IHjOu=|yoJ|xaqmcgFGL$T`<p|)#vRl}5oD8<OZ#vtcFt<vTP>->Yf7vsMD*0F
z%v@bQzK&-4*0$V|ZkNwzfvU6i>m$l{(8U7ZYNh2FWkv2aK^WZ83BUG_pP2vk@pu21
ztt|f$w*Ln^(v`-fOrnuI7oVGytYJ}2gOnrdNDSC0E*()ae@w{uJL<nywx2KfnyfFA
zsc#cp-XTvX)4KMbn~t%Ds=LnP)yojLc{A@Pt!isf1h)H~zz2dk`KK5K{8&N`A0X#|
z1-+*F1mz*5$?AsH-0_|B>_TKh6xJhjUF?$bkK_OIVgCQ$|9=Ai&!51r^LwuuKq_lx
Wz5izpeyhiE<WSJh4L+y;`M&^Tpq}Lb


From 8af64f7c30afdacc797f9afec5b76a8fa437283f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 19 Oct 2021 12:09:39 -0700
Subject: [PATCH 099/105] Replace absolute links with site-relative

---
 .../mdm/healthattestation-csp.md                 | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 5f1347d92d..9583426aee 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -60,14 +60,14 @@ JSON Web Token (JWT) is an open standard RFC7519 method for securely transmittin
 ![Attestation Flow with Microsoft Azure Attestation Service](./images/maa-attestation-flow.png)
 
 <br>
-<p>Attestation flow can be broadly in three main steps:
+<p>Attestation flow can be broadly in three main steps:</p>
 <ul>
     <li>An instance of the Azure Attestation service is setup with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>
     <li>The MDM provider triggers a call to the attestation service, the device then performs an attestation check keeping the report ready to be retrieved.</li>
     <li>The MDM provider after verifying the token is coming from the attestation service it can parse the attestation token to reflect on the attested state of the device.</li>
 </ul>
-The protocol implemented can be found here:<a href="https://docs.microsoft.com/en-us/azure/attestation/virtualization-based-security-protocol" id="attestationprotocol"> Attestation Protocol</a>
-</p>
+
+The protocol implemented can be found here: <a href="/azure/attestation/virtualization-based-security-protocol" id="attestationprotocol"> Attestation Protocol</a>.
 
 ### Configuration Service Provider Nodes
 Windows 11 introduces additions to the HealthAttestation CSP node to integrate with Microsoft Azure Attestaiton service.
@@ -240,9 +240,9 @@ This node will retrieve the service generated correlation IDs for the given MDM
 ### MAA CSP Intergation Steps
 <ol>
 <li>Setup a MAA provider instance:<br>
-MAA instance can be created following the steps here <a href="https://docs.microsoft.com/en-us/azure/attestation/quickstart-portal" id="quickstartsetup">Quickstart: Set up Azure Attestation by using the Azure portal | Microsoft Docs.</a></li>
+MAA instance can be created following the steps here <a href="/azure/attestation/quickstart-portal" id="quickstartsetup">Quickstart: Set up Azure Attestation by using the Azure portal | Microsoft Docs.</a></li>
 <br><li>Update the provider with an appropriate policy:<br>
-The MAA instance should be updated with an appropriate policy. <a href="https://docs.microsoft.com/en-us/azure/attestation/claim-rule-grammar" id="policy">How to author an Azure Attestation policy | Microsoft Docs</a>
+The MAA instance should be updated with an appropriate policy. <a href="/azure/attestation/claim-rule-grammar" id="policy">How to author an Azure Attestation policy | Microsoft Docs</a>
 <br>A Sample attestation policy:
 
 ```
@@ -447,9 +447,9 @@ GetAttestReport return the signed attestation token as a JWT.The JWT can be deco
 </ol>
 
 ### Learn More 
-<p>
-More information about TPM attestation can be found here. <a href="https://docs.microsoft.com/en-us/azure/attestation/" > Microsoft Azure Attestation </a>
-</p>
+
+More information about TPM attestation can be found here: [Microsoft Azure Attestation](/azure/attestation/).
+
 
 ## Windows 10 Device HealthAttestation
 

From 8f62eeb9d24a59ab6d1203e37d90e3bac70f52bb Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 19 Oct 2021 12:24:14 -0700
Subject: [PATCH 100/105] Add backticks to apparent code blocks; label some

---
 .../mdm/healthattestation-csp.md              | 181 ++++++++++--------
 1 file changed, 98 insertions(+), 83 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 9583426aee..5e6f472f82 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -103,27 +103,29 @@ This node will trigger attestation flow by launching an attestation process. If
 
 <p>Templated SyncML Call:</p>
 
-    <SyncML xmlns="SYNCML:SYNCML1.2">
-        <SyncBody>
-            <Exec>
-                <CmdID>VERIFYHEALTHV2</CmdID>
-                <Item>
-                    <Target>
-                        <LocURI>
-                            ./Vendor/MSFT/HealthAttestation/TriggerAttestation
-                        </LocURI>
-                    </Target>
-                    <Data>
-                        {
-                        rpID : "rpID", serviceEndpoint : “MAA endpoint”,
-                        nonce : “nonce”, aadToken : “aadToken”, "cv" : "CorrelationVector"
-                        }                    
-                    </Data>
-                </Item>
-            </Exec>
-            <Final/>
-        </SyncBody>
-    </SyncML>
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.2">
+    <SyncBody>
+        <Exec>
+            <CmdID>VERIFYHEALTHV2</CmdID>
+            <Item>
+                <Target>
+                    <LocURI>
+                        ./Vendor/MSFT/HealthAttestation/TriggerAttestation
+                    </LocURI>
+                </Target>
+                <Data>
+                    {
+                    rpID : "rpID", serviceEndpoint : “MAA endpoint”,
+                    nonce : “nonce”, aadToken : “aadToken”, "cv" : "CorrelationVector"
+                    }                    
+                </Data>
+            </Item>
+        </Exec>
+        <Final/>
+    </SyncBody>
+</SyncML>
+```
 
 <p>Data fields:</p>
 <ul>
@@ -136,15 +138,17 @@ This node will trigger attestation flow by launching an attestation process. If
 
 <p>Sample Data:</p>
 
-     <Data>
-     { 
-     "rpid" : "https://www.contoso.com/attestation",
-      "endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01",
-      "nonce" : "5468697320697320612054657374204e6f6e6365",
-      "aadToken" : "dummytokenstring",
-      "cv" : "testonboarded" 
-     }
-     </Data>
+```json
+<Data>
+{ 
+"rpid" : "https://www.contoso.com/attestation",
+"endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01",
+"nonce" : "5468697320697320612054657374204e6f6e6365",
+"aadToken" : "dummytokenstring",
+"cv" : "testonboarded" 
+}
+</Data>
+```
 
 <a href="" id="AttestStatus"></a>**AttestStatus**
 <p>Node type: GET
@@ -154,26 +158,30 @@ The status is always cleared prior to making the attest service call.
 
 <p>Templated SyncML Call:</p>
 
-    <SyncML xmlns="SYNCML:SYNCML1.2">
-      <SyncBody>
-        <Get>
-          <Item>
-            <Target>
-              <LocURI>
-                ./Device/Vendor/MSFT/HealthAttestation/AttestStatus
-              </LocURI>
-            </Target>
-          </Item>
-        </Get>
-        <Final/> 
-      </SyncBody>
-    </SyncML>
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.2">
+    <SyncBody>
+    <Get>
+        <Item>
+        <Target>
+            <LocURI>
+            ./Device/Vendor/MSFT/HealthAttestation/AttestStatus
+            </LocURI>
+        </Target>
+        </Item>
+    </Get>
+    <Final/> 
+    </SyncBody>
+</SyncML>
+```
 
 <p>Sample Data:</p>
 
-     If Successful: 0
-     If Failed: A corresponding HRESULT error code
-     Example: 0x80072efd,  WININET_E_CANNOT_CONNECT
+```
+If Successful: 0
+If Failed: A corresponding HRESULT error code
+Example: 0x80072efd,  WININET_E_CANNOT_CONNECT
+```
 
 <a href="" id="getAttestReport"></a>**GetAttestReport**
 <p>Node type: GET
@@ -182,28 +190,32 @@ This node will retrieve the attestation report per the call made by the TriggerA
 
 <p>Templated SyncML Call:</p>
 
-     <SyncML xmlns="SYNCML:SYNCML1.2">
-       <SyncBody>
-         <Get>
-           <Item>
-             <Target>
-               <LocURI>
-                 ./Device/Vendor/MSFT/HealthAttestation/GetAttestReport
-               </LocURI>
-             </Target>
-           </Item>
-         </Get>
-         <Final/> 
-       </SyncBody>
-     </SyncML>
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.2">
+<SyncBody>
+    <Get>
+    <Item>
+        <Target>
+        <LocURI>
+            ./Device/Vendor/MSFT/HealthAttestation/GetAttestReport
+        </LocURI>
+        </Target>
+    </Item>
+    </Get>
+    <Final/> 
+</SyncBody>
+</SyncML>
+```
 
 <p>Sample data:</p>
 
-     If Success:
-     JWT token: aaaaaaaaaaaaa.bbbbbbbbbbbbb.cccccccccc
-     If failed:
-     Previously cached report if available (the token may have already expired per the attestation policy).
-     OR Sync ML 404 error if not cached report available.
+```
+If Success:
+JWT token: aaaaaaaaaaaaa.bbbbbbbbbbbbb.cccccccccc
+If failed:
+Previously cached report if available (the token may have already expired per the attestation policy).
+OR Sync ML 404 error if not cached report available.
+```
 
 <a href="" id="getServiceCorrelationIDs"></a>**GetServiceCorrelationIDs**
 <p>Node type: GET
@@ -211,20 +223,22 @@ This node will retrieve the service generated correlation IDs for the given MDM
 </p>
 <p>Templated SyncML Call:</p>
 
-     <SyncML xmlns="SYNCML:SYNCML1.2">
-       <SyncBody>
-         <Get>
-           <Item>
-             <Target>
-               <LocURI>
-                 ./Device/Vendor/MSFT/HealthAttestation/GetServiceCorrelationIDs
-               </LocURI>
-             </Target>
-           </Item>
-         </Get>
-         <Final/> 
-       </SyncBody>
-     </SyncML>
+```xml
+<SyncML xmlns="SYNCML:SYNCML1.2">
+<SyncBody>
+    <Get>
+    <Item>
+        <Target>
+        <LocURI>
+            ./Device/Vendor/MSFT/HealthAttestation/GetServiceCorrelationIDs
+        </LocURI>
+        </Target>
+    </Item>
+    </Get>
+    <Final/> 
+</SyncBody>
+</SyncML>
+```
 
 <p>Sample data:</p>
 
@@ -379,7 +393,8 @@ c1:[type=="bootAppSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events",
 c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_BOOT_REVOCATION_LIST.RawData | @[0]")));
 
 };
-```    
+```
+
 </li>
 <br><li>Call TriggerAttestation with your rpid, AAD token and the attestURI:<br>
 Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Azure Attestation) | Microsoft Docs</li>
@@ -387,7 +402,7 @@ Use the Attestation URL generated in step 1, and append the appropriate api vers
 GetAttestReport return the signed attestation token as a JWT.The JWT can be decoded to parse the information per the attestation policy.
 <br>
 
-    
+```json
     {
       "typ": "JWT",
       "alg": "RS256",
@@ -442,7 +457,7 @@ GetAttestReport return the signed attestation token as a JWT.The JWT can be deco
       "testSigningDisabled": true,
       "vbsEnabled": true
     }.[Signature]
-
+```
 </li>
 </ol>
 

From 9afca2687a9200e47faab4ec9f520a6ed79e7f0f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 19 Oct 2021 12:51:07 -0700
Subject: [PATCH 101/105] Added angle brackets to resolve [Suggestion:
 code-block-indented]

---
 windows/client-management/mdm/healthattestation-csp.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 5e6f472f82..7e05d3b90b 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -242,11 +242,11 @@ This node will retrieve the service generated correlation IDs for the given MDM
 
 <p>Sample data:</p>
 
-    If success:
-    GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM
-    If Trigger Attestation call failed and no previous data is present. The field remains empty.
-    Otherwise, the last service correlation id will be returned. In a successful attestation there are two 
-    calls between client and MAA and for each call the GUID is separated by semicolon.
+> If success:
+> GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM
+> If Trigger Attestation call failed and no previous data is present. The field remains empty.
+> Otherwise, the last service correlation id will be returned. In a successful attestation there are two 
+> calls between client and MAA and for each call the GUID is separated by semicolon.
 
 > **_Note:_** MAA CSP nodes are available on arm64 but is not currently supported.
 

From f4cca76942a312c2022de2e4fb4c0e9db572e2bc Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 19 Oct 2021 13:01:54 -0700
Subject: [PATCH 102/105] Acrolinx: many fixes, mostly spelling

---
 .../mdm/healthattestation-csp.md              | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 7e05d3b90b..b6e69dd50e 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -14,7 +14,7 @@ ms.date:
 
 # Device HealthAttestation CSP
 
-The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT adminstrators to assess if a device is booted to a trusted and compliant state, and to take enterprise policy actions.
+The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT administrators to assess if a device is booted to a trusted and compliant state, and to take enterprise policy actions.
 
 The following is a list of functions performed by the Device HealthAttestation CSP:
 
@@ -36,11 +36,11 @@ The attestation report provides a health assessment of the boot-time properties
 **DHA (Device HealthAttestation) feature**
 <p>The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.</p>
 
-**MAA-Session (Microsoft Azure Attestaiton service based device HealthAttestation session)**
-<p>The Microsoft Azure Attestaiton service based device HealthAttestation session (MAA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.</p>
+**MAA-Session (Microsoft Azure Attestation service based device HealthAttestation session)**
+<p>The Microsoft Azure Attestation service-based device HealthAttestation session (MAA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.</p>
 
-**MAA-CSP Nodes (Microsoft Azure Attestaiton based Configuration Service Provider)**
-<p>The Configuration Service Provider nodes added to Windhows 11 to integrate with Microsoft Azure Attestation Service.</p>
+**MAA-CSP Nodes (Microsoft Azure Attestation based Configuration Service Provider)**
+<p>The Configuration Service Provider nodes added to Windows 11 to integrate with Microsoft Azure Attestation Service.</p>
 <p>The following list of operations is performed by MAA-CSP:</p>
 <ul>
 <li>Receives attestation trigger requests from a HealthAttestation enabled MDM provider.</li>
@@ -50,7 +50,7 @@ The attestation report provides a health assessment of the boot-time properties
 </ul>
 
 **MAA endpoint**
-Microsoft Azure attestation service is an azure resource, and every intance of the service gets adminintrator configured URL. The URI generated is unique in nature and for the puposes of device health attestation is known as the MAA endpoint.
+Microsoft Azure attestation service is an Azure resource, and every instance of the service gets administrator configured URL. The URI generated is unique in nature and for the purposes of device health attestation is known as the MAA endpoint.
 
 **JWT (JSON Web Token)**
 JSON Web Token (JWT) is an open standard RFC7519 method for securely transmitting information between parties as a JavaScript Object Notation (JSON) object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.
@@ -62,7 +62,7 @@ JSON Web Token (JWT) is an open standard RFC7519 method for securely transmittin
 <br>
 <p>Attestation flow can be broadly in three main steps:</p>
 <ul>
-    <li>An instance of the Azure Attestation service is setup with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>
+    <li>An instance of the Azure Attestation service is set up with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.</li>
     <li>The MDM provider triggers a call to the attestation service, the device then performs an attestation check keeping the report ready to be retrieved.</li>
     <li>The MDM provider after verifying the token is coming from the attestation service it can parse the attestation token to reflect on the attested state of the device.</li>
 </ul>
@@ -70,7 +70,7 @@ JSON Web Token (JWT) is an open standard RFC7519 method for securely transmittin
 The protocol implemented can be found here: <a href="/azure/attestation/virtualization-based-security-protocol" id="attestationprotocol"> Attestation Protocol</a>.
 
 ### Configuration Service Provider Nodes
-Windows 11 introduces additions to the HealthAttestation CSP node to integrate with Microsoft Azure Attestaiton service.
+Windows 11 introduces additions to the HealthAttestation CSP node to integrate with Microsoft Azure Attestation service.
 ```
 ./Vendor/MSFT
 HealthAttestation
@@ -132,7 +132,7 @@ This node will trigger attestation flow by launching an attestation process. If
 <li>rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller.</li>
 <li>serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation.</li>
 <li>nonce : This field contains an arbitrary number that can be used just once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.</li>
-<li>aadToken : The AAD token to used for authentication against the Microsoft Azure Attestation service.</li>
+<li>aadToken : The AAD token to be used for authentication against the Microsoft Azure Attestation service.</li>
 <li>cv : This field contains an identifier(Correlation Vector) that will passed in to the service call, that can be used for diagnostics purposes.</li>
 </ul>
 
@@ -219,7 +219,7 @@ OR Sync ML 404 error if not cached report available.
 
 <a href="" id="getServiceCorrelationIDs"></a>**GetServiceCorrelationIDs**
 <p>Node type: GET
-This node will retrieve the service generated correlation IDs for the given MDM provider. If there are more than one correlation id, they are separated by “;” in the string.
+This node will retrieve the service-generated correlation IDs for the given MDM provider. If there are more than one correlation IDs, they are separated by “;” in the string.
 </p>
 <p>Templated SyncML Call:</p>
 
@@ -251,9 +251,9 @@ This node will retrieve the service generated correlation IDs for the given MDM
 > **_Note:_** MAA CSP nodes are available on arm64 but is not currently supported.
 
 
-### MAA CSP Intergation Steps
+### MAA CSP Integration Steps
 <ol>
-<li>Setup a MAA provider instance:<br>
+<li>Set up a MAA provider instance:<br>
 MAA instance can be created following the steps here <a href="/azure/attestation/quickstart-portal" id="quickstartsetup">Quickstart: Set up Azure Attestation by using the Azure portal | Microsoft Docs.</a></li>
 <br><li>Update the provider with an appropriate policy:<br>
 The MAA instance should be updated with an appropriate policy. <a href="/azure/attestation/claim-rule-grammar" id="policy">How to author an Azure Attestation policy | Microsoft Docs</a>
@@ -397,9 +397,9 @@ c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo"
 
 </li>
 <br><li>Call TriggerAttestation with your rpid, AAD token and the attestURI:<br>
-Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Azure Attestation) | Microsoft Docs</li>
+Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Attestation) | Microsoft Docs</li>
 <br><li>Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties:<br>
-GetAttestReport return the signed attestation token as a JWT.The JWT can be decoded to parse the information per the attestation policy.
+GetAttestReport return the signed attestation token as a JWT. The JWT can be decoded to parse the information per the attestation policy.
 <br>
 
 ```json
@@ -655,7 +655,7 @@ HealthAttestation
 -   0 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
 -   1 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
 -   2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob could not be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
--   3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pick up
+-   3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pickup
 
 <a href="" id="forceretrieve"></a>**ForceRetrieve** (Optional)  
 <p>Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.</p>
@@ -665,7 +665,7 @@ HealthAttestation
 <a href="" id="certificate"></a>**Certificate** (Required)  
 <p>Instructs the DHA-CSP to forward DHA-Data to the MDM server.</p>
 
-<p>Value type is b64.The supported operation is Get.</p>
+<p>Value type is b64. The supported operation is Get.</p>
 
 <a href="" id="nonce"></a>**Nonce** (Required)  
 <p>Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server.</p>
@@ -916,7 +916,7 @@ After the MDM server receives the verified data, the information can be used to
 -   Allow the device to access the resources, but flag the device for further investigation.
 -   Prevent a device from accessing resources.
 
-The following list of data points are verified by the DHA-Service in DHA-Report version 3:
+The following list of data points is verified by the DHA-Service in DHA-Report version 3:
 
 - [Issued](#issued ) 
 - [AIKPresent](#aikpresent)
@@ -964,7 +964,7 @@ Each of these are described in further detail in the following sections, along w
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 <a href="" id="resetcount"></a>**ResetCount** (Reported only for devices that support TPM 2.0)
@@ -989,7 +989,7 @@ Each of these are described in further detail in the following sections, along w
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 <a href="" id="bitlockerstatus"></a>**BitLockerStatus** (at boot time) 
@@ -1005,7 +1005,7 @@ Each of these are described in further detail in the following sections, along w
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 <a href="" id="bootmanagerrevlistversion"></a>**BootManagerRevListVersion**
@@ -1018,7 +1018,7 @@ Each of these are described in further detail in the following sections, along w
 -   Disallow all access
 -   Disallow access to HBI and MBI assets
 -   Place the device in a watch list to monitor the device more closely for potential risks.
--   Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.
+-   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 <a href="" id="codeintegrityrevlistversion"></a>**CodeIntegrityRevListVersion**
 <p>This attribute indicates the version of the code that is performing integrity checks during the boot sequence. Using this attribute can help you detect if the device is running the latest version of the code that performs integrity checks, or if it is exposed to security risks (revoked) and enforce an appropriate policy action.</p>
@@ -1030,7 +1030,7 @@ Each of these are described in further detail in the following sections, along w
 -   Disallow all access
 -   Disallow access to HBI and MBI assets
 -   Place the device in a watch list to monitor the device more closely for potential risks.
--   Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.
+-   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 <a href="" id="securebootenabled"></a>**SecureBootEnabled**  
 <p>When Secure Boot is enabled the core components used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies this before it lets the machine start. If any files have been tampered with, breaking their signature, the system will not boot.</p>
@@ -1041,11 +1041,11 @@ Each of these are described in further detail in the following sections, along w
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 <a href="" id="bootdebuggingenabled"></a>**BootDebuggingEnabled**
-<p>Boot debug enabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: the device may run unstable code, or be configured with fewer security restrictions that is required for testing and development.</p>
+<p>Boot debug-enabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: the device may run unstable code, or be configured with fewer security restrictions that is required for testing and development.</p>
 
 <p>Boot debugging can be disabled or enabled by using the following commands in WMI or a PowerShell script:</p>
 
@@ -1071,7 +1071,7 @@ Each of these are described in further detail in the following sections, along w
 -   Disallow all access
 -   Disallow access to HBI assets
 -   Place the device in a watch list to monitor the device more closely for potential risks.
--   Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.
+-   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 <a href="" id="codeintegrityenabled"></a>**CodeIntegrityEnabled**  
 <p>When code integrity is enabled, code execution is restricted to integrity verified code.</p>
@@ -1086,7 +1086,7 @@ Each of these are described in further detail in the following sections, along w
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 <a href="" id="testsigningenabled"></a>**TestSigningEnabled**
@@ -1221,7 +1221,7 @@ Each of these are described in further detail in the following sections, along w
 
 <p>If SBCPHash is not present, or is an accepted allow-listed value, then allow access.
 
-<p>If SBCPHash is present in DHA-Report, and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:</p>
+<p>If SBCPHash is present in DHA-Report, and is not an allow-listed value, then take one of the following actions that align with your enterprise policies:</p>
 
 - Disallow all access
 - Place the device in a watch list to monitor the device more closely for potential risks.
@@ -1407,7 +1407,7 @@ Each of these are described in further detail in the following sections, along w
     <tr>
         <td>27</td>
         <td>HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHANDLE</td>
-        <td>DHA-CSP failed to create a HTTP request handle.</td>
+        <td>DHA-CSP failed to create an HTTP request handle.</td>
     </tr>
     <tr>
         <td>28</td>
@@ -1442,7 +1442,7 @@ Each of these are described in further detail in the following sections, along w
     <tr>
         <td>34</td>
         <td>HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSE</td>
-        <td>DHA-CSP received an empty response along with a HTTP error code from DHA-Service.</td>
+        <td>DHA-CSP received an empty response along with an HTTP error code from DHA-Service.</td>
     </tr>
     <tr>
         <td>35</td>

From 887b5a6f3711508e8feca5e311eb2d6733a390cf Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 19 Oct 2021 13:06:36 -0700
Subject: [PATCH 103/105] Acrolinx: many fixes, mostly punctuation & grammar

---
 .../mdm/healthattestation-csp.md              | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index b6e69dd50e..32bdbb1eca 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -25,13 +25,13 @@ The following is a list of functions performed by the Device HealthAttestation C
 
 ## Windows 11 Device health attestation
 
-Windows 11 introduces an update to the device health attestation feature. This helps add support for deeper insights to Windows boot security, supporting a zero trust approach to device security. Device health attestation on Windows can be accessed by using the HealthAttestation CSP. This CSP helps assess if a device is booted to a trusted and compliant state and then to take appropriate action. Windows 11 introduces additional child nodes to the HealthAttestation node for the MDM providers to connect to the Microsoft Azure Attestation service which provides a simplified approach to attestation.
+Windows 11 introduces an update to the device health attestation feature. This helps add support for deeper insights to Windows boot security, supporting a zero trust approach to device security. Device health attestation on Windows can be accessed by using the HealthAttestation CSP. This CSP helps assess if a device is booted to a trusted and compliant state and then to take appropriate action. Windows 11 introduces additional child nodes to the HealthAttestation node for the MDM providers to connect to the Microsoft Azure Attestation service, which provides a simplified approach to attestation.
 
 The attestation report provides a health assessment of the boot-time properties of the device to ensure that the devices are automatically secure as soon as they power on. The health attestation result can then be used to allow or deny access to networks, apps, or services, depending on the health of the device.
 
 ### Terms
 **TPM (Trusted Platform Module)**
-<p>TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption and signing.</p>
+<p>TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption, and signing.</p>
 
 **DHA (Device HealthAttestation) feature**
 <p>The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.</p>
@@ -132,8 +132,8 @@ This node will trigger attestation flow by launching an attestation process. If
 <li>rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller.</li>
 <li>serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation.</li>
 <li>nonce : This field contains an arbitrary number that can be used just once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.</li>
-<li>aadToken : The AAD token to be used for authentication against the Microsoft Azure Attestation service.</li>
-<li>cv : This field contains an identifier(Correlation Vector) that will passed in to the service call, that can be used for diagnostics purposes.</li>
+<li>aadToken: The AAD token to be used for authentication against the Microsoft Azure Attestation service.</li>
+<li>cv: This field contains an identifier(Correlation Vector) that will passed in to the service call, that can be used for diagnostics purposes.</li>
 </ul>
 
 <p>Sample Data:</p>
@@ -471,7 +471,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
 ### Terms
 
 **TPM (Trusted Platform Module)**
-<p>TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption and signing. </p>
+<p>TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption, and signing. </p>
 
 **DHA (Device HealthAttestation) feature**
 <p>The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.</p>
@@ -504,10 +504,10 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
 <strong>DHA session data (Device HealthAttestation session data)</strong>
 <p>The following list of data is produced or consumed in one DHA-Transaction:</p>
 <ul>
-<li>DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot and TPM counters) that are required for validating device boot health.</li>
+<li>DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot, and TPM counters) that are required for validating device boot health.</li>
 <li>DHA-EncBlob: an encrypted summary report that DHA-Service issues to a device after reviewing the DHA-BootData it receives from devices.</li>
 <li>DHA-SignedBlob: it is a signed snapshot of the current state of a device’s runtime that is captured by DHA-CSP at device health attestation time.</li>
-<li>DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has 2 parts:
+<li>DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has two parts:
 <ul> 
 <li>DHA-EncBlob: the encrypted data blob that the device receives from DHA-Service</li>
 <li>DHA-SignedBlob: a current snapshot of the current security state of the device that is generated by DHA-CSP</li>
@@ -541,7 +541,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
 <strong>DHA-Service (Device HealthAttestation Service)</strong>
 <p>Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.</p>
 
-<p>DHA-Service is available in 2 flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports a variety of implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.</p>
+<p>DHA-Service is available in two flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports various implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.</p>
 <p>The following list of operations is performed by DHA-Service:</p>
 
 - Receives device boot data (DHA-BootData) from a DHA-Enabled device</li>
@@ -650,7 +650,7 @@ HealthAttestation
 
 <p>The supported operation is Get.</p>
 
-<p>The following list shows some examples of supported values. For the complete list of status see <a href="#device-healthattestation-csp-status-and-error-codes" data-raw-source="[Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes)">Device HealthAttestation CSP status and error codes</a>.</p>
+<p>The following list shows some examples of supported values. For the complete list of status, see <a href="#device-healthattestation-csp-status-and-error-codes" data-raw-source="[Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes)">Device HealthAttestation CSP status and error codes</a>.</p>
 
 -   0 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
 -   1 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
@@ -837,7 +837,7 @@ Here is a sample alert that is issued by DHA_CSP:
     </Item>
 </Alert>
 ```
-- If the response to the status node is not 0, 1 or 3, then troubleshoot the issue. For the complete list of status codes see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).
+- If the response to the status node is not 0, 1 or 3, then troubleshoot the issue. For the complete list of status codes, see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).
 
 ### <a href="" id="forward-health-attestation"></a>**Step 5: Instruct the client to forward health attestation data for verification**
 
@@ -948,7 +948,7 @@ The following list of data points is verified by the DHA-Service in DHA-Report v
 
 \*  TPM 2.0 only   
 \*\*  Reports if BitLocker was enabled during initial boot.    
-\*\*\* The “Hybrid Resume” must be disabled on the device. Reports 1st party ELAM “Defender” was loaded during boot.  
+\*\*\* The “Hybrid Resume” must be disabled on the device. Reports first-party ELAM “Defender” was loaded during boot.  
 
 Each of these are described in further detail in the following sections, along with the recommended actions to take.
 
@@ -1125,11 +1125,11 @@ Each of these are described in further detail in the following sections, along w
 <p>If WinPE = 1 (True), then limit access to remote resources that are required for Windows OS installation.</p>
 
 <a href="" id="elamdriverloaded"></a>**ELAMDriverLoaded**  (Windows Defender)
-<p>To use this reporting feature you must disable &quot;Hybrid Resume&quot; on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.</p>
+<p>To use this reporting feature, you must disable &quot;Hybrid Resume&quot; on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.</p>
 
-<p>In the current release, this attribute only monitors/reports if a Microsoft 1st party ELAM  (Windows Defender) was loaded during initial boot.</p>
+<p>In the current release, this attribute only monitors/reports if a Microsoft first-party ELAM  (Windows Defender) was loaded during initial boot.</p>
 
-<p>If a device is expected to use a 3rd party antivirus program, ignore the reported state.</p>
+<p>If a device is expected to use a third-party antivirus program, ignore the reported state.</p>
 
 <p>If a device is expected to use Windows Defender and ELAMDriverLoaded = 1 (True), then allow access.</p>
 
@@ -1150,7 +1150,7 @@ Each of these are described in further detail in the following sections, along w
 -   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 <a href="" id="vsmenabled"></a>**VSMEnabled**  
-<p>Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1GB of memory – it has just enough capability to run the LSA service that is used for all authentication brokering.</p>
+<p>Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1 GB of memory – it has enough capability to run the LSA service that is used for all authentication brokering.</p>
 
 <p>VSM can be enabled by using the following command in WMI or a PowerShell script:</p>
 
@@ -1205,7 +1205,7 @@ Each of these are described in further detail in the following sections, along w
 <a href="" id="pcr0"></a>**PCR0**
 <p>The measurement that is captured in PCR[0] typically represents a consistent view of the Host Platform between boot cycles. It contains a measurement of components that are provided by the host platform manufacturer.</p>
 
-<p>Enterprise managers can create a allow list of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allow list, and then make a trust decision based on the result of the comparison.</p>
+<p>Enterprise managers can create an allow list of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allow list, and then make a trust decision based on the result of the comparison.</p>
 
 <p>If your enterprise does not have a allow list of accepted PCR[0] values, then take no action.</p>
 
@@ -1231,7 +1231,7 @@ Each of these are described in further detail in the following sections, along w
 
 <p>If CIPolicy is not present, or is an accepted allow-listed value, then allow access.</p>
 
-<p>If CIPolicy is present and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:</p>
+<p>If CIPolicy is present and is not an allow-listed value, then take one of the following actions that align with your enterprise policies:</p>
 
 - Disallow all access
 - Place the device in a watch list to monitor the device more closely for potential risks.

From 652ba0f13925e171850bfb508883e3556f610941 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 19 Oct 2021 13:33:51 -0700
Subject: [PATCH 104/105] Update
 configure-authorized-apps-deployed-with-a-managed-installer.md

---
 ...-authorized-apps-deployed-with-a-managed-installer.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index ccdc08e421..b33350aaa1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -14,7 +14,7 @@ author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 08/10/2021
+ms.date: 10/19/2021
 ms.technology: mde
 ---
 
@@ -26,8 +26,8 @@ ms.technology: mde
 -   Windows 11
 -   Windows Server 2016 and above
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Windows 10, version 1703 introduced a new option for Windows Defender Application Control (WDAC), called _managed installer_, that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager.
 
@@ -41,8 +41,7 @@ Ensure that the WDAC policy allows the system/boot components and any other auth
 
 ## Security considerations with managed installer
 
-Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do.
-It's best suited for use where each user operates as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager (MEMCM).
+Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do. The managed installer is best suited for use where each user operates as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager (MEMCM).
 
 Users with administrator privileges, or malware running as an administrator user on the system, may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed.
 

From e37b6e4272aafa018039e15b1f18e7cafafda760 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 19 Oct 2021 15:05:20 -0700
Subject: [PATCH 105/105] Acrolinx: "Powershell"

---
 ...e-authorized-apps-deployed-with-a-managed-installer.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index b33350aaa1..a31d84c88e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -84,19 +84,19 @@ Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerS
 
 2. Manually rename the rule collection to ManagedInstaller
 
-    Change
+    Change:
 
     ```powershell
     <RuleCollection Type="Exe" EnforcementMode="NotConfigured">
     ```
 
-    to
+    to:
 
     ```powershell
     <RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
     ```
 
-An example of a valid Managed Installer rule collection, using Microsoft Endpoint Config Manager (MEMCM), MEM (Intune), Powershell, and PowerShell ISE, is shown below. Remove any rules that you do not wish to designate as a Managed Installer.
+An example of a valid Managed Installer rule collection, using Microsoft Endpoint Config Manager (MEMCM), MEM (Intune), PowerShell, and PowerShell ISE, is shown below. Remove any rules that you do not wish to designate as a Managed Installer.
 
 ```xml
 <AppLockerPolicy Version="1">
@@ -197,7 +197,7 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables
     Set-CIPolicyIdInfo -FilePath <XML filepath> -PolicyName "<friendly name>" -ResetPolicyID
     ```
 
-3. Set Option 13 (Enabled:Managed Installer)
+3. Set Option 13 (Enabled:Managed Installer).
 
     ```powershell
     Set-RuleOption -FilePath <XML filepath> -Option 13