From 18efdd4b4df8b6bb8c74c86c6e8b11457df23602 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 17 Oct 2023 17:09:48 -0400
Subject: [PATCH] updates

---
 .../images/bitlockernetworkunlocksequence.png | Bin 4100 -> 0 bytes
 .../images/network-unlock-diagram.png         | Bin 0 -> 17294 bytes
 .../bitlocker/network-unlock.md               |  67 ++++++++----------
 3 files changed, 28 insertions(+), 39 deletions(-)
 delete mode 100644 windows/security/operating-system-security/data-protection/bitlocker/images/bitlockernetworkunlocksequence.png
 create mode 100644 windows/security/operating-system-security/data-protection/bitlocker/images/network-unlock-diagram.png

diff --git a/windows/security/operating-system-security/data-protection/bitlocker/images/bitlockernetworkunlocksequence.png b/windows/security/operating-system-security/data-protection/bitlocker/images/bitlockernetworkunlocksequence.png
deleted file mode 100644
index fe459be8e054feff16178729f439ff972608243d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4100
zcmaJ^XIN9)wp9@hQWQ{%o1!GBG!Y~S8k8P7(j_9j7&?eRf(p{>ri9*m3r(tYga{}#
z2_T4IfG7e=uY$<SdG~zp-tWG9?vFk9{N`R`?Xl(<Kjw<i)lp?;02of3IKiy0rmTPB
z#7U6)q|?(-D{paYZ>X<}PgP8w8o1d%^|5+lcS6C|&D!p=x{K9gJAFGVTa3qhJ6S4X
zLRZUBWoKuHL?R_6B~ejrZEYhXBR3Q>o(JYkOiU~;F1~yBZf<U_p`l@Xd^|inJS{D4
zX=zDWSve;sCpM{0-#i@xf!N#I&&<q_$z(aru-4Yr@87=<4h~96O0KP~85tP~!4oZ<
zN(PBbtLyu#tE(m^CbhM-K0ZEY&z_Z+muF>Vota(t3C6c}&C%1-_x1G|+0}b`dP*XS
zSg$4Ha5#u`c3fPX{nIu@MMV)2k^cVvgM$MtEiE`4ZewF}_3G8b!$UkC&j`WV+1cT0
zr#Lt`>KfWqjq@^c8~671N^s50%*>6AjTj6Du9XdyPK}L?<>lqw-riO=u6*_CRd~Wc
zd3m|d%gWHmyyD_wBogW5jbmhFOe-K=ym&Dqv(VMmb!%(u&Ye5ozI_uF6}_vSLZMI$
ztO_|rlPW7KhlYmI)6+kF`ebZu9G8%9_BbOb>Q!}hwXm=-KR>^;v~+NAFyGCD3qn|i
z%W;q0v$VCf0|Nskm6O%f)CL9y)Qr+DOJ#Xrvctl{Qc_Zmj*do0N3-(V7Zw(}y1LYn
zrIj`Kj~_p#<PJqgM_bqhWoKubnVD^FZgzKf+j!K=YUgF;y%tw0Ji!$^IXQWJeB9aD
zSyWWy@9*y$8(&TJ2VPxS!4N(5BY7zD>t&V@?&$|}inMyu^ok!koZDA2g||in0y<z!
zO#Dc6!2@lNd*v|}oA-`KwsthuN$4Ch$@1W6cMg9SuQ{JPm-(qy7Y05*2&R*E@%*Je
z<W3e?Na?)~yR7p0EO@W5hNwx&A;vKT(5quPL7q%*$PBzsS8O6CK3xF2r8%U_0WR=3
zcw++JRH{`U&VOkin4H@30q!hMwwNHJ0=*h?wji|HhA~}d=0Bp(DZ=+_eN2%<2@V9^
zfZ=JifGb8E=bEn>l-*U3Ni5+qUKURwB=v?9Iu|*L)Kz=6rZ}(ZcB8+Tx(aX>IZyF+
zFw*9VU=MHK$R99$oMLB9j$T8u)Op8Q%Zq)Gosw4UAQC*!Vg~wy=&v{zD#o>wW?$VZ
z%EL&#_d8{t9$kAw=i#qY#CH8FSxe`uuc#H<_k7QMtZQv-;n)K~DxgXZE4=N73Ou3X
zPYbNremb*BEC+Ki$Sw)~%H;>;@u8fF#*oDFzWGAoP&~^5vTR#b&K_d0J0Kl{**)3M
z5s{?zPyv0U!&0?~+(MBpf1A2a3VjK{Dj0NpdPQ11IU(-fEFPZ{@I&Sa9<}be{XKZ%
zDUq5-4&T0^!)@2{1RsccaSpvsl)WvzEi;ThK-?nJ3-G2|0?XW3H<<2mfin7qMjUd9
zDeaRi#|^;O!@Nyg!nYa4)E1w;D=<BRS?12g!LI(+Bbz9^u@m4-W%!eadotJErZ1I{
z#fI<;Y+^F|G@|Z10jgwFX`t`iNqNNvY<f|v*x`Iu=t0{RRWDzmR@7vc@cS0gtS#$$
zy@ZUx5o4Cku&l$M+K}-16Xq{8qKPbywdzJ1!XK}sCfB0{)l+7oG>rnWT;~im)V}nV
z6+QAD3%Ukw=s$jZY(f^Lbu64yy_sRQc~rdA?S658yZvJFby`0EgGVkux-DcR*;KBs
zskz&q1_&<^&QjDQfbJC7<ivB=^g8*HD$lXiTg(Lyze_IRpj`Ram`fhEV`m`4Gt4M?
z8Y+SgmV5G_X-y1(2z%F9`cCfno;#tY9wlQKU#rdRfVIJm9ErU6*f~qljY6Pb=rz9S
z(_%3c>Vw|ETox>gVq%aO6@RyWog&Ae6Tgjuy-#3<7#Np2Y<A@ZwCT#2X#;6*iiZuA
zW&~{m^&`USHb}3Q`SD&Z_51VjG~~+1?;CXX-L4TxWwOf|W2@>T2^v90Ei@kpV`YjV
zqF;M~5E4da7@$Q&CL!JwNsPOjb(*|>bdV>Ec;K>LPF}>cd*{H7OXuR2Sj?ED948ac
zz&Z59N>*cG&bVHa0`_6)l@FMG<s7=sgB1pNoFp-BhVQx&UpXq;(I&s^egjZv)TYvt
z0W`K0m=>thJORGwc}|xl2C1jqfsa?$AX2Vo3Hv?6L2g{QPH8dlx^sPi%V{$4Lp^>c
zoPVk<b$}>r9-o3|jczoOg`4$^yg%ELhIZU{Y~XV$H0!wgL2W{+a{dt$6VZU%tO4&5
z_EkYMsTT{M*1y_RgRjK-i$|8xeLhn7|8o3`GABU+hqjMt2_tK46&s#TU2hc&l3UVq
zC=acr8ml<8cwml~IMSD&p_KD#>SiD1$U{$oV}YJ`LlLKes9~ujaj?#dh;G<}`~>C)
z7F>Ws48M0mzDFwO_gwzBK?}|xesjERKa~ZXc;=MP|M|eeZOO3JT23O%vAFl>XEUeQ
zEw_<H5zodEd&k7B{7h%i)-Q;-`}!gfruh6|;PX*yBeU{Jo<7Uhyv)Lay7ZMvL#($>
zCUj{+6e(PzFDb$yggi|)Ejphc`V1kuEhP(M{*ATHcMKmNIv)AfcDk+4s!xZt`gCr?
zuD?c{QN^K3NwywEF(s%km8?Y@O`+vI@=yb?=Yn(<F;l$(dGxi^W1~5`T+U5Xs=rxs
zb9fy|&W#TWwc9N<zXZzaWDJ9RJLy~Ca~<nz-$ydCkzK|P&kwH{+x+1sbo$x!MFkpW
z7(xDTgUvNq<1tM^5eZ%Dasj(qS{<`yM=IUey$7Ij1L*!faKljF*R1Rq!TH19l~a`D
z4t{ycwm`ScZ51WO&uCT$**Ixi+l~8rL`j$}YD^IX0Db$W>aly0)7`KN|9QQ;4_g+C
z@;Bz1t$q|E<jnIC77^dX*ujZn_DF97N^d<z6jnRY1as!SArC#gL7Ub%d>i=a^eCfo
z_%!%KN-N4w=lqcS$|Y2)as~T6;c=O%MfgLJsmiM5ps#>x%ko%jsYFCWx6!1`D#A$a
zfuo?^;Q;IrY#~qNjc?K6<?c^!0UZ2;6A%0>podPkQj(&$c>eVAcNt4j_3?AO$%BI3
z8RiGJ%vjBSJ3G<EWPJEMRVo@g_XyAD00UMpfP$;_qZj)kj>gYnV-0t3u7!@OI?S-Z
zS@TiJ?l#te`8@?|(ADWDQ%Z+KRCbkJ;uH9ByG@gE!Td1-TEvStR|Gf0$1NP;p$Hmw
zIP^X2U}=RbKi&k|!>a^ib4p$1@;ymCu1P3SQ%}i9?Duwpr^oG`GGVXP=>Mw9S0Y!~
zo?_U{dLN<y4HD-gt8n@JmW4Rc{y}klb;9~L>0(t>_`7*M?Ft6uqj#B(-gZ-}O5q5p
ziVJ;A4+eel_bl7_Rq>Z{^`d)IQbGd|XMt(F%0J8lt`KF$I>cfS3c%SHN-@39V5c22
zg}&AkSrU5S+J7+L_QXk!D=38`;6J#v4?<bM(5gWupyKyG&8P8P)9USY+Rt47(T<dJ
z&wRE>2$tTH`_{NVK3e|7FR8)7bnm4CIlB_D*r?M&4+Zn3<>ZC=7~31-R{cN0rue2+
z8Z)9XA|pJW(_t8L+WQ}F4uo8VAUbA%{fh1STjHdD^laJYDLJs{0WRkpmzxoe9=ODJ
z3b*SJyf~lp%_45RC#a(AtnK<~l1Vw&eHG|?Kg#wSKPX|PQ3?<lO|3}bIS(vJiS?WJ
z@Q$igdmz~;8bun_9_HSTnFO_Jy%yb>Kg*_Ul&N&#_Fh|ukjUP7K>B`;uRjNjBt~e;
zi#MkT?CttFJ$tym`}?UPw7qvHA<WN2MxuDs^x4KXu=jJZQO62Gq6N2sW<{xf#AyCl
ziYN7-Rhym#(u{sfaz{T&WmdkR$30<D`10#bp#*HJg*-*f0!ufPuUsfW#c9GN3Tv7W
zOXu-$Do`VbtBOi$!`0zhD2(HS$$SJq7$P-1;FoHzW#i?85P)F(|LhP9^;fI@Jpm`G
z;@kIgH==uymDIM#{<`ry8nF^0Vl@80o&ERaf9(WKM(nNS6qo_!IouhsTqO&L6JXXH
zk4=*jRFOQH>Xf;}Ezz>S!DMrv^IX1OhQk<289C=_XKLJJ1#7{JfikU~kz7>1g52bt
z(Ep={z<|5IGI95z{nL}KtLfZUFz>oOSUzeygZBkA8Ug1f&=(L<4-G<ylf!pl-Kgza
zDB$h?7e&yYgig3*(aHX6Kcd&sRcP$y>kEH(XlCFz7O`@FaX@!j^JTN1|JWo<`V>kQ
z0a;OhafT?(2Z_J64YB}RYK1Lge74#<aJD5zP*7x=@}q#=HS-8jG<yq((6?~(_ILFo
z{lkJVR2u{|7jaT+49_PzYnfgL^kCj4%+yGiropaSKm^!>*9j&Oy_U&uMu-0}BvMnW
zTj}2E*zG_=9P*V_d5QkVBjR71acI8yxnZ^(1z-Lf0sho9N#A05=b+kq)m$pzaySjz
zGF;#btv)T*iNi2Dv|`$r$ll2i3k?Y|LEn0~f7-glC^D|!Ea%oU>+|&J@Q)d@{*eiF
zM-uSYa39H<)lKS*^}AW(w$_U@h%^_92LWlfT4s!Dk+_Sw%my2-)>AL(*w*bylQk%U
z##iNaDHjmo9@H<ttvhRK*io;DlP<3gZ3=6G5U#+A-kcg!s0(VJxOhvl?L4nn-keea
zd2l<@_cZe*AS>E}i79VR0oq?G@sh5ixET%lS`JhbX7lvwC@I#AfGljevEGH2TG(*y
z`vh5tb}!?;!Yzv&yg0X|Wz<_QE(SEL)QRv?7qCuRi01~(kb4{k-EVH5yU(mjSog@!
zX14hd8XD_5Dy|t+5aF6oqT}4@S#jPJt$dBcP3W)ba5#@YTu={-Bh2RV4`Mk8mIZl&
ziHUJEWi84`U};k&jh%Q3z<dc!uD@BMwx(n?KY8SshZD$~>vTmWR2lLM6?v&`#j!b9
z?;Xc}Wd!`5;CmFH7s^6Of%o>#1SSdJXJ&2vKHYS{&*_>*BD^zDN^l1tmE``UozuYN
vzs^MK6DAf}92T#$DU@N)X>`otj&#|mbL^w68ei%K{e-%Tj&hZvW#In+3&O;B

diff --git a/windows/security/operating-system-security/data-protection/bitlocker/images/network-unlock-diagram.png b/windows/security/operating-system-security/data-protection/bitlocker/images/network-unlock-diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..664fa3f7eb4e994d2d1a1de81e23e7b516fa3fbb
GIT binary patch
literal 17294
zcmb8Xby!qgA2mFPz>PF2-62S$gn;BAC|%NxNaxV0A}t`@E#2K9E!_=+AYDTb&3gv#
zc%J)v-tW5JKjv~gGiT18IeY)s`mMD#feLbxSPw`ZfIuLuH?PH&Kp>=L;BoQ?DsY5}
z|M~;)54!DZ4G0K?@euJq0wp970SA#FN|Iur;z6=a;6L|GL}f)mpt3NGD+3e|2u%A%
zTvWvcX?MZfR(myh{j$WHQHfWo@50yDtnR&~6x$Aq{cG9MChll$b-wsEIFwp{EBirP
zo7}?3CT`=PK$vjd3L48T3men;wT~qe3b?;0`Ci0$vhRXEtBO*EabPl2X|g(-YY4Fd
z^0Np_>9`o<p7)m!%^XKMX;t{9<a+J|Ol?c1W>%@D+vCJz=;+tw%L2>Uz=sUYb><WK
zltsEtZkL359%X|d&<98z*=580$?^d2;+6A-Tl9^*xA$$BJ&rIB2!tC=X){y4%1~f0
zxa6I@jnbkI0#PZc6>FdCsjmBFQgQ%qspGboym}pYmI(Y}G_i@y(B@eXNJM)wJOBw4
zfEP#v`atx*pB8aT;s<`_=H=DW(Mc}SmGvr7ow1zk>gsB=$isttWi%R;+!598Oo<eq
zA0L0m%F2pL7x@OJ+2B-^Ea*NN^MDggPla=x_Vg#@vAgkNZ<f;2PxxwzGPzTwj{^Am
zO`amoHxOFw(wz}BM9GFtq#(H;M*rf8N#;^Xb%2bX?rxU4J5{^uS!}RH_QY9qka;L}
zCWTG=3>oi4FVL#i%)@sq7|?r}Vu*X(up&#Ut0!ab{c}xXcR4lU4R*gR0?W9`LJcG7
zkT~%8-Ef#r)%VaqB41v2fIuAq;+X%BPm_`)8}YLuEOx6y3FZ<8Q>#Z~iK}YlL#LYs
zYNq#gtxl(gt|LQ2<Y&EIR)z{|yx&c(Es7B3y$f-4EQT-VU;ZG5RXIRt2>l0+nw<>w
z``vYhJTLg4zqDp}R)NDbHRRw}?V6e{81c9-KHLuMsC?-Jx$F;A3Zm?M%faKcvb^1;
zedRz&URkyi1y7*#p<Hb);U$z7YRZPIB$-jZzy1O(V4ixPjsJWzn;lLJF{(@m4_Hs9
zx(o~3Jq)dTaB)Q0xQP;{duzX^I8>8O+TW~hyjtsSGAkgpol}y0O!8W#gmUki5Gt#`
zZgkseaXem1?((w$n)>u6N*p%W*_-KJJ$*wMHceP}d+tr)u<;{p_ja`b>h55rXCv%=
zwq0?fEnHx9rLYi1^;jArc)PYKwk~#%eY$z;vSyp^sYIGvtBiRbs1D0CLh`Au=5;AM
zZEu<@HkbFl&}?!3^!Rnh(P8BNkxg<nA=G2hUAD({&y4xO_rY#2_X$PQi<z<mY2SwK
zy5sd$_-y#L>-IBR#)A0e*R<?gALo-AT9q?v+%K_wg<Fa;d!7kul-ND&Ox1lzugjej
zG?oLw`X*te)FWI06B;wZS!kZQq!11-P^3qv-3Zj)X-p=anM>FvhxO5q`|nM!oP-9;
zMs3M3q8Gp$ZabZux;+y4+{ahtDR1O;*I!u`;=@bao+TL?_v7ik3Q5DyBI#hz6WT)w
zEQY$e<zF;s4tWSn?OUbZXbNs7pN7dVgu7p}KPcH2T)dsR-9kyd>2Dc7LZ@K4hSv$h
zy-_Ff1Y#9BQ}IVKDc!y9O<H(D_m^al*RbBmcW*jF1PMn5k`4QFx(?Uohax_6PN|<p
zOszfTiF$49ypHwiwh_O^Ll|Ds1g(^;-hUA*!~i*k!0P-OMZ?aRZan7FH&M$TZ3X6r
ztAKOqioVVAa%je3j9ADwA4<CKpUUdmH@izV@WNtYc)ae;sZ9+2SQFAAQH+}xyuLvg
z3oE;W0|(7tNuP~dl%#0Ch`-<syJ%KfmOd4;ekTdbq6lESjyH_rGwkmU3;rpal$%+K
zYZJs~QkKVERpO@S*&^hhSNjtGfGkxOhr!~e=Fx>0w-br(c#;%T_^m5<t{07J#M@7|
z_J&39rVC=&-f)A3Wp&DY>chAR*`_~a&358+zpS=69gVck;~r(Vg&4wVc!Q+AXFSF4
zO!CV*vcTgZu*T=M#OhyV_*tiH5kwo(7+`2BsUNPtZ$g+5@lZH^+r9GVV^_LmzAK6z
z!8&NZ8)fGy$yJ8{kI-A9&=L1@7}}!(xHqPI(_({j76y2jL<7&eS#7Zbm)?>);6kHC
zaoj!Eq)2*<?wlL_`vjLE17wb^DE>g;fmEBoJ;8SiEL+^yJ5_7Z-1wPs-*l2f#9#W~
z>&0Oj*rec3fVt)xG#=$GvY$b8jpDb@vl9=4>mAl}yX2Y@>IzWS4`I(vh*MoLoYW`v
z1}aS@%F>nuxV=U_x%BG4b#jqt#LsR2U@zbN!TYtYb}ZGRD*tR7`xx>ZqbcrQE9L+i
zGY?l)_L(Bux2VSht(!PDSm0u;v8e>e<R=zAc3Q6^8oVJeR$NQKR{CZGnA`H^<&RIo
zaA(QJdc&3^@z!~r4(+27Y?DU4`>Za*wpEKCGWa*wU<d9su0zpLuaqfn8ety1=0UPL
zLCV}tnx-3YelE?-x8pY%BG>0Y6(ISk>=CfsT|)5Gn7cxaZM`Z{t1<ef{!p3aR|P)j
zT1|dS%Pj^oSh8DYAucAngv-mOIw}qG=(*H)bB+mt6fNwxW?aXc0<NQ;ZziR}>arr(
z3kt5z5{8tzfl9A6FJ;~rv_x~dfyYiG6QUKDs`y<MJWL}rZb9>)(l{$K^#2ZC{~OZo
zjw;Rsp7lmE`>sQ9A|y^mkWLZMpzsKR4Y(^zr@e9=gzUO3FTFirYBbkb-w!kV-sF^=
zb#(^|^wp{S7Ycb^DA9zMo}M}(uaS_ERhDtWO_(1-)PE=;aH?IbH?XPPy`vt3h<K^g
zq(3`OJs&kZuH7T%*_uZO#hSA94qyDru%4m4{U`|uNuz*-3d2CEtc;Ay!Pfz{-Ej8~
zGP>TlBRqH9*fO=#VXpUNJH)3Hu*Dfe5dc3se5WD)hx8zjVaJ8LKmXVp<P7nCYPOCP
z0ZdtB5H77>HaS1f*Aq4>rVg@Yv7I_FjnjtdlWiRll|Rq@H|{a&*$1p%1(0z1*W$YG
zDKy^)V38=n=|7Hr4Inq<6V8zMeHl7K;M(Fes30nd-%rmYz%1*M<Nr0Z;YzSz4x0-h
z?qjLfxP*p7<oIRa96vU<|2V)20&&vdA%={Pc$(qSldhAvjTL}TPZxkuwvN3jjX>#i
zGk-=sv2jLfQSAUh=hq$Bip`&M6~#Uw#`+Z?GV}t^dCazzx&03R<HjpCui&mq-+d(q
zE2~l-zwG2R4|IU<aB}Vb{Q@Orl~G}W(<kwrzYgU(nAtjvDhRCw^nHCzS6Ey;=w4V<
zRFyjK5Lu*~+)`6#zZ#@d@6eN-oo#7o*j7GM7!npn3Q|d^vsy^tw%A!GCx@nvOh$)^
zYtzurI&M#DC@U*dZ?YYGKG4o9DXCdod!Lw;bo|NT-MbD9O^|xA>2?N~hArZgEYjrk
zw5h?w__#V4?Bg5~8jAl76hl5+zY!h~oYv456BARg_n^C6`P3ZdKgr8s&VVXZ(LZCk
zS9O*2hDpO{Gy7YX7XIYK%zFWTO_qfu#;d}6T=6n)Nc=oJ??s5B*jwpm>s=I@D+4Ac
zCkys4-2u{4QF7uQmNnhfG(gelsm!L3Xwu}hH_t~(Lh=k0fMKQM@wx+Jn0(0(i?mUI
zPw)M^`O}s&>mE_Q*iXj?O?vT;Q!WR~uln9SgSMfise5gX4km68(~`~BpM?hymfHR5
zYP)ye^`>a7PM|%~cPY-^?1jl<3bs3=^VG)JGAatALZOdfJM`DJfEMN-KGkeq<3P0n
zbG3fIGP5>a>xm5$z>pbn-xPejFSHQ8Re?nHpwh7qInX6kg^AlDMf@W%Ce_qhbBmA`
z#uJeK(~(J5O1fnbYu!}2XR5Gx#rUJN3zpOy?5X@Y<PY}4ldSAl821?&AEjk<K2W@$
zEuWe-^k`S};T1g+LB=7yRGb3SZ2hXQ_)A&QymXSqhb337n=g9|k2N&2HpWV^oP*T+
z*S5DCF($zNtWiGI*5~P2sRWJ8+k$+S3zCEC<0?$JEQE|ECZsB8a(ekfXi%a`*!6N{
zGBHN%OSA15O8f&ZtM_~EO9OCLHl`GK*;l0CrQ@uvZ*+z43cqQai)9ySdA;t4!Rh}A
ztbt4)0>TA)a{<1Qt2g_xsGv_=GS@aZUi$1Ok7^E3triZ&X?PN=GQaqlFJ}wtc=Fq0
zf(Yylmdk6(g57=u4^WOxvdYsLCX#~|Bzqgc<Eqy3!let=+kdp+E07jkerkCED#gW8
zw8(Y4Wk$xpR%<Zd9&a|QVbRf<o6=IRbaYK>ey2*5AKw3ZvTZs+Zf2ojb~lB57aC(-
zKj$&m#upyXm;RZ8v)Ff(zTeT3YWpO#p_+U8S|HKN(>&V~GBTN$X*V=@s!<|%a7el9
zTO*ZflU>wDi#M0_^Cc<Ui)fFk*!(q}<3=*CkYrPhmX=hG(y#5XGJBE=vpCH+=K?i6
zvwF}3z382cB4zUZz>j6~rH3D~@VOB*$^d7f?5PUP=^Vdc^VQ<b%wV#xN%T92MY3Zx
z!*2cTA!_WKj`tPj(^s9ySzCPzGmb*1S^&uru9AdXmf7F8xTp+BpY|mJ;eMmuTK9tI
zU0)<abYZobnOD_vf@a>%g(`+tOH~|K)ojlX>#kdFSEJt2guK`p3=x{Id4A<U2k8i9
zOv_*iLi?bkoyuhM&6=&q{~RamDjt5NCOF|95n=7bW$ya3W@&wX6K{P(Tc$-VNvasj
zGiO7}*7Wjlwa<9L%)nTH=PTuGLss&$8gs?oKjQslU>D|@3oXpvGT8;yau$YBpOpjI
zT^X30W}oXDoLTAApYvZPw$$cj_+<;H)*AZD>oBr>+1?|qN-Qp6l|hdBByL&Z^L!zy
zvUw-2^QlX~>G=2~lL13fw2-5K0@<>_vtn&A1?~Im>^hZ>=BYQoj2bL0J$m;%w&3ah
zS=aDG%G(kfn{phXv+qnj?Td|2Yzm6%Shu5FS?sl&In!|MJV+O&?7DX2i;CwX1G`Uy
z=RyXa_nk2?5bvQXG-{2aU&7tzn&>!rscTKQPj_dOaxv?Grh?gEbT*DdRZJ^q#7}GV
z{8m_H%+ui~g!!@Ha?-(pT|voE>_<y0n*h&dBWDw>rSp!C&qx^Q9_T`>Bua-1j$>_{
zOBqGd@(e@z=#g%n2CA|pQPtMU)~_$rp9nwOhYpMHwY0`cpWES=-G|}7MJwbBE3K?-
znWyb^y3d0=!j4^vE2sNO80RXvgqxM0ZY!hca__nSKy>uz<V37SbH{MyDzXTKA%i;B
z-l>yGZR)hTjXcNCynJT=h+X~sg=b#9BLE!hdzTMwTq@&S-vIR?Q2gcYd|mv6TiDv#
z%jFDNQ4cx;7QeCB{7B$3*ETgX7k;C?5vF(Ry;9$HZ^JZjRZh`4pfx=q9FOM^#4)$%
zRWOj!?3`JXsZ0cvGn_z|1V4*UNNztr?&>D%s2pnu&o>n9pKNU8s@2~IiOzQBk=?!R
zg^089%~jwU+v$P^R5dzF;f;uG^Jgf>hb%Fzn#QjI$dBUM+n=Mcn9?43;`OJS+HC#w
z2)q{w<p@gur@9?x@eQU5!;%$7r{fm0`-Q)!&qsXo-MIE?0g*f-Aq{pmVOPQKjm0GZ
zN{lE?O84;aS7)AVZ-uIRue&`3FWp)yJaf6_%WVc1(#@}qXGF@bMzfN6N0=oxfv=3_
zmrb~T&`misyZH*tTXOr8baJ8&+MD$@$gM<QKfjqhG7tJt1{c6|MnWr{D}dICKp1B~
zG*(qraX4h6pbC4hY(psu_`@nLf5a<6M=_)(cJtm*y#{m5liv$K22Oe15v(x0VO>^N
zH<KujhZ4)STQciz-+@hj-SMpb*XhWNrNIlyc1~U%dMgX}-np^2b3G_wypOzFKd+gC
zsN^ag52*17MKK<5C1rqQv);?GjOhFl6o{<g5oV9s!}OuQ55naIF!F0a@He-b)>cvW
zv`60p#WQTD)LB}->Jo~g6Ef<2vZ!<%p~Z{+ful4c1x7JLs3STJlNhSE!&WG%Y*;6z
zly7hGYy%JJSsnw}{WYL3O&<ewzU*V6^OIFi0O<nm0j#8LzFMw6EX)l}ZaxCLW}W-J
zLi5V-PxU=)`!70%xa7bsh|R2%>;Ad%E#2eaT&u&76+!u6_cFxJ@s~%ds#<52vZA?*
zR7|?wuk~(QOsVGq6v+&Q8kZjNIfG98<Qa4xmimqRCu`dlMJkxG0^bg^V%_|(0)nJo
zJ0K}u&cKAK#!}_fxs~y6dTwv+(j^;(9v3I|X@setQ~<T66z-P~7w(VW%({|%{tH#S
zHLMQonY0~b+63QxC6KV~F+LS7^r!*f!|OnbZE=8&+~X{9N{h&t!Egbc%*AMU8;geh
zg&s)!V;q=FPR*{{qS(L1u4(r{U74IlpnA*Ir5;5Z9tfn81ym9n-cI|q{ywP=G{{kU
zD_!AR2LYRUw(<P3=nt%Hc--DzwH8`FNQ$Fmc2m_+R@Oy>C_X1u1w}<m(oQ;7=h8*0
zCvdp80W~9%H;ga`L$5%~Yif$5DB=9bu`opfL4Q}9<QeP(bGzQq<U6IicO>M(7e-TZ
zFX&jf{O-u&=ci+>S7M93_thjJ7ZMZ*3JE+gR;Bk!)BV9o0Q1BuSHR~S89w$+WFzhE
z{weg|9M&*&I^ElKEVc<Fpm(om9EX--cCaku?WG*Rpfggi6*E21?b1DZ$e;Ox{pCH^
zSU1t`?xWawgurnCc|C_+XTyhFh33z-z?8riyyMwnFTRP>7&tmQLXE7fii$KUy7>7I
z;oN}IS0)|HHZwjR1vC!o03$fC8)TGlT??*b5a4eVrd|8c`-+CGb!(!)YN6h7a(sM6
zuw@dS*BW(k;bviNUES03ro@hnnD~H1I*q7<tQ4Tn!D$k5SXxF#XFjav=H`Xz>8%YC
zl9Fa*cCsC0F#^4@^VE3kVol))GU`TaH1pKG3J%^TC8~OeoT{;A$phE)T9WzSWR#@q
z-Lp;ZFGfa2sQ2+8x%Z>kfwrXC4?#xV=$aTLcV?z8n!0^+?RNS?HTB+)W0Mmf>(2d2
zO^ZKTo;Iu6WEB++ByJ<<sYn2y%7bWjGjO~t-AXw^<4XB~ps5s}*`GhNzSQ%8Cxk3j
z<=TyBbsYdy_35$d_=fp`?32g?g84Ll;QCyM>z|Ll9Nj!FL_IjKk(*1FzZP=vA^PU0
z2+M*Wn}vsv7^tutV(01t$^jSGMu|{#>YCsERF88P1GYhwrda6F%#<8~t}<=mki-e~
z+J`L(8tm6uN)>DC<5Z}mY=2TyM+LzEJ`mlqndXlSd%RS?gP3yB<2(aQY~n4LZIPQ|
zAz23*Q+#hMPt7E8Z@0}N7q^5t(W~Hh8K$_N7c8FHrZwO6e|?D#jsw#xpW`zO)|JuR
zJa(7UDIMy2VJRAt?)QhMeB&Wn&JiSd#Kg?8P`=&wSRsaRih&IHk`77DD}zC21D7WP
z>pS5-w`BEYn5U?2^4MDN@aF{FMWI;5Us+8g>1&;ThKOE5+2!VlC3DCTC+eP$0@XuX
zowMe<IaNDPOn%;R)Bf5e0io6GPa~v(!^~PGkEesZvOhY=K#M`7!Aw<UDn3L>IRXw2
z!^;`az-rD%19K>(7A%w`uIDvq!lkipZ4+ns5YVS2x@G${lUS*;5M$eiC|G!1vhL`Y
zm5-@oaxfmo?&=SfI*+MsMg75vM#bnr1D)qT!nlMEA10NuXP05}yj+lMgUeWNn^t?e
z^EWcr&Uocjrnj(9>l?Wq=7^uRJX1KfttyB+a<sCkXmHMEjmE4oV&(Mb0Qy@72b$(A
zK@IhKFH0&?w>Y*3Q|2t!)M7nf-m!i`aKjdF%h-jAiUs$ZF!^g{c20jgn&*&b*iDhW
z>5Cr?bHueflH_?k0dyX~e!2g)fp0<I02lIy&mq0D80Ce6UPIU3;><Fu0pZC@oK?5v
z2J8H=D`B}ZLA;i-o!QB+mkqpg7b*ig5(k#G5{ikmrU8maR$IweS4+Z25r=csr|72^
z0<Tu-E}UPj4*v*V-uX>}`EQxt5pu52#WoyB^TtjECzC>y-q_{nYM7)MeK57Xh!8MN
zZgx;BPIrZk1y3%-wq&Y`T@47VTh?Ll#N0Y}_p_I@m}aTu_o(1c4*#s))a{w0=H14b
zj4(gwx2G`ses%1=uU#Cjq>*fW=J1Q~QQ;I8DI`OYaA6-{o<9ZsxOvyUjV{aaPBcJn
z2jRQ#j3RRHE=uWhc5Sox^BSL#xFNsn%cr$4;f4*i050A_1G5n(b?(sbCwU}V4@e?}
z_P;yXa6Rb_5s6{065Q&<36)!${l<gL6c~9F09%|eTs+r|Bqu(bm+LOIEx2?s<3-x)
zu~63mYw(9nz|wOiNvr)cu!x2Ft_%ILot?Kt047feWoi=QicT`CW!G!&C%<{7D21bF
z=QyQC+O!yaUK_xd%$_7QK3(7sX<E`bhn7Yh&8gPcaWX{XJLgZo@YoVtg10o-j9d3&
zMYD0Sf><Qw@XK-!&SQB!XBsk`0HDkj_mJifx6s#YJg3tuRg~eSFJc#XZ*XiZ(X>4Q
zMH0B^uh~r(;PI8}Xni~dwD(Xf<YhHW8f@qaYsahpU1$pI<a+&foz!=#Qh!@bkeGR5
zJ}y!!NT3KR=;AW1yESmj%O7`XleGz2`=a<XiGF!i2E2Y@JRw$I$EMq8dUA3;Wn(SB
z8ez5>VmNhrQk|LEDez&zhN_)n!^=p2X<&s892#xdoY?4F8&C%mg4FI`?ag16t_3(k
zZHbtv*SIchS)QjfltU}WM&>u>i;4JACd94Gwc1Bznp6@WCkFuY9xIXE!TF_-kgn;Y
znrhz9TZ)#_B^CbGiz_-AbY!P=<X9G$Po7LGc-A#c%0k7oJGA#DhS;M8QqXIrE~Ena
zilA?42zISRXmm9bHCT81gJe5&v~r}Q2<nWKVI9sxp|(vAl41GM#&kx%B8^#7X7F-_
zReeHM^WuJwnrh)V8uEErDzMJYFN5|K0DjDDc(KpK8O>d;_ykxr6=5`%n~HUb&rQ=~
z^&aL^w^>#<!rMm~PoLOOvl$g@caXIKVo~yA2u7Z6&!3#yXynbb^WMD7?op;YKMUK<
zaP=@1n{a*4U2}36cVavkf(HS4FlR`5Ocib0_rU9i3+N^oFV@@5N8XYNK01;41pZ7*
zYq?UEwDH6SUTv%OdeA=(`KK11pdo87V~&bw`{!1QARehd8a{dvU9jvD?vRp`vqpvM
zyV}No_66Q)<k-%2f;#>pXs!Qrp{_Fnf1X|a$l+KfADPo%s%ujkP^)tCM9C;pW;S$5
z?RSFp_vGdbQP(%esYajYVFN%woWow%-eUOu{AhihC1a-i8`iIR_>@Uli0|ACMs#2t
zI7{h#bW?t2`@3)cv_`=rFc=JtFT6q8G_S49fmM{iV;z;`zOJpG4s1r}R;#3jY=QgJ
z@c}6eTX5Oc<LaQh!ii|~>(aLHnIB+C)z|}o0cD=1$}i@MeCp{;j{qZurVT)bfjCoo
z?0>APuGTa%x_Ly%YI%N6t5*Y!Y=@3O_^t9DnPa|X&sU13!onJ5M&d+MVaGq<&Mi}7
ze|3_=&3%qVHlDjV%BDFBgAb3$vjFxMW%2-lA09WRi;?nZb#+c-)90!XgZ*5-1HvuS
zP~3eyh{%b?#Ny(u?^41zRlb2tmeSfMH@eo*$NFrB#SUohei+?vw_X~D;_7H7&`xej
z7bdY$3NF*+4%*w=4qN;ffAIuAP|PMv{RS1g{`GftOiusR&@lvCiT!Rv_KI11;>F~|
z#LR4!MU%v+@QzMM3L6%u`K|6P9^+%+t>(9V$mgC@%1Lju+3@XNo3E_#IQWN#x%o$W
z-)dQ**7E4}o4rsa@_RKt_(kVgZR`KweAML8>ld{ze`+>EEFzKYTrQv?EaUc{#W7Vl
z%wOOUMwAL%5eR&HI|c|tTvSXguIq))NQ%nmqw!^Lz~>uy$d7m0?vpxFQ6OkZ*uRu*
zPRZZ$<exnBYrw|`5&-oV!*}vuH2f`%>WOIs80SyHsn7~YrGGvLnbbov#XwTP2a3#u
z8kakjnskI>y(<bv2^M(+7@%TfWJ|3nOWN`-{h-f)MjUWRFV0$gm^B1}i~%D|0<@6|
zC`5(wj`krxW(hsaN>L`<say1{-%;%^w`J9&GjLWfTt#T7no+CL324yU-VfJjltP*@
z#?1Ai`v5=ZW?=<RPnX10DP?r~Na8m6veYjlw!p_<^1&NX!K%U2ZA|H407QY|5F9HF
zz3w^sE;Xw-vbf!pj&4&`4J^Y)0-@;{fXu7?s(l#EOMu9HL$ODIO-D=FX>pJMnF&2`
zntH)^3c?UdAMqc8E#P}kM<TRXojUtYHl6x+K%M5{<TOB-*xlW%g{>pK372Cq=(T|6
zPH_o0iGtbh&H)sYHBq28SMRu8n3vb%t{Vi9WOnMXFJD~H`7sADwwba_JQfGv2aje?
zYR;u3K79XzUo!|@Rjxsl#_30@WTvP{U6ey&Vq#I*h%Ancg9Dd?n9y_nCNoJryF{nP
zgJ}X}g_nR1E{Rrtsst+)Y;w*-GRQ-lA04%Si{ru~U|e$QW$KBX>16oxd0*1Nnr<Il
zMY)GWnwOq+A)>T+kY{dW#Bg)1qcBwsN2ABZl4YJvUFruK^o)+z+hdp72H(z6;d~U{
zvLI11jkFf<(fC_c)k(gtEvyI6{j|ypW=Adc!*fP)yYI_vI_<gU>B8LHPU{@+YJ|O4
zZf$mU*X-<U<N0cOIyLjeg&&CxFa1QHg(v~{w~3Iud-VNT8WaZbY?gQ#0^PnZU*>KI
z7n|PSYbKz7rz7<v40bJ*?q4Wgf}$5M)1|fYmdTrW%E#Y-mlu{|6fB)4BlG@Vp9p_)
zO7!Pc@9oNk^KlrMVTp>~2q4pAITKS-SF5$&YQciei>WU3U{D(^o`8y8P1jaSW!DEK
z(-)e7Bk-|#j^jvnO7{NS`ZV~cyU^uqPn(6*)y0mzY3;@3Vsoq4xeX67#8>16%j7-7
zD5<PQSFO|tTMi92Uj)emSmOgd?~BbGr<*HRi0Dywl87q#-NGpYComf|V|I=%KaFNQ
z=W=Kqf1@6?<I_HVArPgR*@zoqdqRcYfG|?Va|n04Z@+S;5lMZJ>dNrdP^2?R6_QSU
zI-Aby0tP+uxvM+KoC^0QODkc4YBxU}<Xku}Sc-m}n$cGk=yK*G1I^@qB3cL4H1h6W
z`f(+VKrPeU1e-3fTxn1Z)A)54F>IP`>_#N0g?2YksNCr8Ryt?YXCFwre<-%5_Bie2
zWPC>5@=vULA52RtV!(-77Q2$Smm#Ry(zd^_v820YFV%z{E}y{as$0en0{K_cBP^|p
zDh5yK(2B)h&n1`J&td^n5ol=*8E4Mx!#=~X7Mq?6Zf`$CHkyomdM$!RPO~&7`^h}0
zD%K%OQAy!kWxSh1l^LjIz+hCGJ2s`&zX-Fi#)lXBI{y4vGI*hR(rSQz5cqxQz70N8
zh?LoQBqdq$u^dX<=<+dQiHmf+r(dpE!ndpE6K*V8xhzQW*u9u`sXb(9Nm0MT&z9PH
zYfiVdpNHX_FuB*P*syt_dD*9>fzlj>xJTlc;w<VV+w4(HZ<+Xx3fzq#ZBVvfwgLLr
z<ph>JfQwKV@$zb5yJ;*9L9qnL`mu_fSN-zhpNP>@0R@&Z`UgC}%BIpZ;Ibt3GDiVC
z#_TKS!yiLDq@&TmVK)<s?P1+ueNm3oM_v<*u$T<*4}q{xEv3^xUoMznyT?`+j4Pb{
zf?HQ`DD}jrANIwvYthd+T=$c~-N6r0Rqg@5WfXflQLA{8wUj0iiQK7k*Tv>>Hd$Ur
zEXx;%BbnX(ah2Ni!_|zG^o<{g?jAgLcNy(QmyxaQ?WT3!njA4K24^5j(I8+`s^*Sr
z2|vAhu+-e2>uYCp)Iacjg)Z?d^94|Je-L5YUEl|$V?FoKnrkN~orZcO?{1jhH8C~B
z{%&0c@;0*ze9BwTIa_Vng4zM<F-(g}lTA?u1BCq3mA>vGm7x~b*#>~ImuK0_S<jAe
zD(63Hd;==>1r|DhM|jHRN9%!A3R~5o``ithtU7Y|d%XZD<nAGf8GPSv!*P#_44)I%
z2eLl+I7PTVr+s-D#>q-&5VhRa@wlKQOR59q_wS+JDqdIzwFmUuJYF)g7z*ON#_KFR
zN>({zgM88}W`6N={GhD#P5oy;t8hBZ-D$8<;Z^ILz31ZKP`NA}i(AA?F=uG&Bfj%>
z5BD1Xi9YAn#|ubjLe7G-i38SLv!K@d0jx1n)aBp!6(#n@#l>Z9ei4XpL`i>@7S=1Y
z;sjQVRNJwiV!n;wm<{kzm>sW8ZU=R1tBl`79{lE4Z(%p%-|a=nIdLn1;s+!9`R<vp
zO5wXaFnNk+lkoAT48%;%WictGbSwU32DJPtj7S|-=;rK~MuVnV+{Fo{M|(a0lvZ6O
zjTY>&Ok2M3;JY{pq!?tkJFl{oOYf=`jZ)phqJW!c4X1L-Fh5oJ&=KJs4YfGV)`ulM
zU1e>$Ur1scEs0|GA|ZvN)B~Xwd7!T<eNq{!1@umH^TWg~=I|{9sZzf9Pf}IPeeCfk
zsk$zxa(ut<0zM%0H`66yBm~L~@G(l85j>)c<C+#C>Y6XJ(v9eUsW82D(Ggs6ciJ+q
zQOYAEV~M?2>cJto^R+iN<x<D2-T%9X%ACN97pAb5+veD~b~5?gZv`vvTjNhla%A!S
zq<?c1^{%VWEShhVe}nF1vCcM@P6=R<#;Qh4WEoiP67LG%Q@;Tgy|02{a-ufQ=?d@t
zI&YI;q+FTbE;TSenDl1nHBCUEN5O!{tI}L~o;XE{``GUr9^oBnK#WKZM;1u*b<*Go
z05c^cyHoS#6DyU}oqF_-{rsmB4RE1*ps1ij`u`?Hh;@ksl6v)<;Q&b1ftcj~od8SP
z6cREANww$SdCgV)F+FQ*`I0-+B9ryi+(aLi!|(2gVsL}UX8-iJ8uh}<v$*tn#3}~(
zM>Kn$!EBWDkMC01>bF4qy)y+%I!QtPBaH7iJzHkf+v0O<rQkaog08dG(0P1J{B&0V
z0DbQj`XDm9TK$`StM~67JpLq(`7>dB`z=fjJkmGQ+D;1{|5_+Np>A^Nh^R1}A5fa2
zwvl4_amY>->TaxIShD?Fc`#^9`L=nyE7+Lo?pIQMfCZ*J+tp9^*LXk=d*Ns$JL5^_
z_whmbT_6M80|fgfCMI0N0Oh^<{Q!wp6Tdf_*J|(M28YcESy|Z`z=tue&>*Fx<W197
z>|99ym8mO+6&dg=gJS=0x&-h?dIg^v>ji!bb8{vxug(O()h6i*563G>zaRA2WZq0y
zUF|9Qc{4!#xuY?yhX&A}lZ8l$)3ALaX#q@d3rhz`jvzn3lvr0rjP!gmaWb?rv!qs5
zV0t5+Ki4DhcG8+dvhj}-aZOFl;;q0h#yL9^P@Ezg{c$-=kN5EvGxHYby5RpQHCh7x
zIep}t5=AmnBS{)<E56PJfXiIo)Y$Ah9q{jWG1Q$KWov+9H}Lep78cuYo5G=yw5K~3
z*HELUPBu0bXf}&c7Gx$kbIAhEgMNN~nER~oS}n_)I9(;jG|3(8Ko^QFU(4yz)@{MF
zXSBbnfpnO(^&jg>?Pq7u65w_q>iM(yFE!Js69uEodq0;9E(aRci<zu4?257J44u_y
zIKmwG1q(Pm0B_uBUAcw5fins$iP{7Znv2Q@s#qNPT3MY7*A1FGb(c3C%!K!FDFm1K
z*03>dxOmCVfZU_i)0g!o!Mk%~if0K1TU&28?Q&3bF7=4_{R%eek+L+7c)gE!g?U_*
z@}j1wE@H|#ADuX;uHLK<E#~nY10E#wD|LRiRDgihd&pE#2y`+cvBX4~H0=?ltb9RU
z-htFB50W;m-mc*s3Emglxh>$ls*GH1X4X9?8w(DEzisbN;GIB1!yS}?@=TG-PslSy
zNV!s3snnpWS7IKC3Qwz9En`U(VWOuiBod=|#;A5(aH(x%IFEXIjF);8jn^V8ka%tP
zzdyPEw-^b?g=*a~6^Ri%J5z1($TpZHF(uIi&Y(7GJT0%XAeb-jVoj}SJ8G(vDpRy-
zq4|2|H9HQ=cKcj-jnXo<h-<!Aur#+{D_=cW^4IpOe3J}TOy!;`Xj1Zxb!SpaCf4Ih
zPVc<+E*c?b>OF-8MrBCOmU~Al)+4T$M7+DSJ7b*A!JB`r(d;X_rC!BNJGAe~`7k^*
z(&RnbB{zDVxjB~TxNCVn9wB1$LHWe<%W?HoVQ()eZ0zNJYYLuU8go=|?a|Yl>TKn@
z6vs*E;EDBh^l%m<&mM?UOS@kABygIN;t}^dgDYDYk2EiXNfVIcAYj5v{n4Kk^jvR9
zyh-=Oi~CVX?<&pS$|hR%oS?v56I=mP==|_N<D|7ylV$Hi8laLEH9Lj0V&U7BioPT*
z7QNbgF6g`7ATYNB1h-b#u7t`sJ~hSHWzq2;WRJV*(_68y^UDptnqO#ozDsZ5&A>+P
zLsWgWscDDSpT)CLuesb2oiE?fDj|uX+V;n(DMjNi`M%jW>gliMOJ7WhF238K5x#WV
z(~N2?Yh=W02xwTCv)Nx>_0`5vf1_asclv=$vlc7>8p*v7--#drd%Fy0wT^7?xQeXq
zhjCqXd&5f_p`|Z@AOIwguUUyvCF}(28;)B3jh>Q8*+tXCXq(Tw$v?o(mWLF5PhTC7
zs*FfnWn8;E-jxr*UzbkhR!jCPG<!;cB<#93S7<hFdM!6THZJSf{%<;tI>}3M$@dP9
zp&_WeuRA`Xa{ji!ebb>mlMX&=K}v(mi9cI+m6a<<O_HrEEFew1u(<`b`9<Y+Ah4p{
zk?fZd{pH$)l(Z%4@<N)Rt7;iLE{y-a)DK3ziJ@w=Ft3I>!7C)-$F<p~z=_rfvNzH{
zIayhm5L`UL;ywi=Q2mxG-o%|4hc<<H;M3N8CL$+h+UmJjM`O`zTFwmZ(C$A)w?GrF
zRXhoNQR_22dAcuIyHHIpe1AR`eJb<RY@*7>(9p0IrYz<KC<doBi{`(IEAQ0>2o%M5
zRhfLJSg7c1s06D{zxveKMGk`Jdztc2Kd&>9bl>n*^}e1Lj>ot$*j4K1@wvG=Xl-vl
zO>`bAYf$yIee8Ux_tH?l+1_Ik*O4d-I2Ryw>m=j@Q-OZx*4qI#c9Bl64|!2X_VszR
zJlfrEiwWHKnuW`Xi<bPS@W^BBaz-=lBW(HX(9%3q-mNDI@K#7qWY*PH*S>VP%x*j4
z2r;m|iCfxQwaMxr&wqHwG_0I_fE)#VjBc45ed|(dc=$f49V7MaVF{1xQMY=ts^)yU
z8vvLDfzyXsbgdEx-;w8<W(RXODk}A=fKGY*4SL{OXc?k9fF1v+7^7U1q)Ew6`5<hP
zb6)Q0Ea9C0<Bsi(j4<a>bdWRQtx8*m19}=Kpr`Rsi8j334c3Rs88fu<@pJnfOXZ{4
zp?wf1OM9+v!kz{wX(7wMnO?M-|Ce6yJkmsnu?++h3(IxAY|GX`F*A!~z(fzmZb7+4
zH88N7I7X|elP5$v5m<|yPx!ZZMmTDl&NB|%(zaP0?Nx75E9F#?HG2}tslvOA9sL;~
z6~9G<IJG;f$1~_A>(Br4cG7HH$i7P|-A|z^gGm{Ew3JE^|303xh$CR8(L_sWKp+(p
z<NZ)7umG`{%_3M*xU7G_*3*GUi%4u7_h*Rgo4MJP!&AIT0>4(HwGO>+ndhSVY|Gev
z<bYZTWXC>{fVqRr$#fKK=+vw4_50Vh+pos5oBg7S3KPAd$?dw6$U4S30Ew)?jVbtm
z*Jk(?IKU7W7yuPQA0v8Ipf$nqmp+C%D!ieCmBPl_I09|Dp~XeDLo2kTTmCx!eZXoZ
z6#Lz77S!NWzcV79)EUkFF!AGjOGPJ0<q1IMtgyHz<K;+jqqoiTM8sbrTDDG2M1F71
z%)c^XU)_(7Pkj9-kQs_19&*<s3po9(@j(?|MX)6{Dk;FMBKY@?gtD7?>gb4hM~h4(
zMIae+=bZM&f`GjXHDlO1akZ8Ro$8;LfKiy^zUc_S2NWrw%LeAhzqUDS4<Tsv-zMze
zA9a@~{L^#=2pwRYa{~`FfQ9}?Jn{F_$<#Y0dZ)kvx;27Y;?i21_5NpE5TQP8O`KBz
zNmI3*(JW~mZf@g;4<E)1ytnf3m<PpPjncby1th4-mB>#J^-9vPh2!u3mYnjwIuKq6
z(VP88RuKR2$B%&6w2$`ZS<-NrB_|b=*ZC;>t$8Gn4OpgmTE-O5!{e8VT%4Cz=I4hB
zBOxcJr$z?7?&ws&sm;n-&8OH`ck0#My&k?mmDuh0ZW6<nIM5WcX!Rtzu*^Yubd(i+
zd&{x{P_kpJ<sNyd_PhX6gMhST*$)Cu1d2D_<pteZ|FLKpso}<wMeNVb{X;R`N_L^p
z_c+kzr?F9qO(hdxYYU5`wOD_EHGvd7f%u>T%(>kUOSfbqmYBHan!VY5;Jyc|)Q|e8
zuat|I(PB6nfw~yY2)6VCgOMP(68Dbydzc}S@>;X7R7b2Y@&h|tQduwsW2M1Um!}TX
z;F=*8r(rQRdLxj?$xkOY3X)LlCrf}en+{mBwH0(MZtP7t5e@Q9Hl92REJeDjkI2Mj
zjUhSyPcW^&2CUyXw4b9t`}B-f)xk=JCYL$Vh!9#YA#Rp(s&3`Fmvh%o)W8=a!8s}!
zD@XpBu?Z1nLVY<c?N#PcNFZjkBF_)_X%S_n2C9$VOy>-Zngls*Jb>bYK&os&#*bbf
zOZqa!Wfezm{WD?a&}fils$cHrW909>lG4Jgf9X9LskaImDy3ZcNji-R<dswGm)A7r
zCyo}DK#mOn_5-eog9}}kBhTPqo(BhIrWnC9O+~E@9~c2WwaUN6wF!7n*=nS%t@YXP
zh-h%ITgNQFGM5@zqbO(%nB8`19zCr1Wiy2f6<jRjyt{h4W2dp-#Q<HH3|N!Fg1web
z<=aB|&Ac93k`M#RO}!J$N2;Q+QvR>c93pK2VGJ2mC_`sh(N<ddPNJMZ0<fS?kNjKq
zu$aSujV*{BAh+igw-n|hQ-S^cW-`YCNczS`rn75w2x;eFZ;-UHTOjqK$+<^RfJc+4
zHHC{_22@%;LR&r4GpNV-Ha{#oa@~qt)>r((>4$Q{r;|R-QWTcYqx2mg59w=OcZ8ZI
zN@2-UBDS4O@%z81wW2S5#Hb@i2DFFqhx8^y@P70Zq$DZ7242@Is8u!h!cVKWdD26a
ziwy&9!+3$sfG$H?iu?EKo!j}X$0XpWZbrIw)sNFQo0v5ChFhoPk*6d);8h9T5&^_?
zk@E;Gy5*!`LUw|b#rc$SjwqK2jJ+*w7?$F;D*#xei6+*lPZ&0LLEoh$Xa<QXQ{Th^
z(#t^IuJ=Izu;FKBi1NH%t?OII)s*lh1IC|$w)^eEpwfsk^}hG;0NBikwS2S3yj0f3
zFX7u(?*S}k1`Iv_RhtJit%>(R-+RGf(}z8SsSJ~1d2{@2sVIf_wE@v(7OMJs?M`!P
zAygHT`|~E=<<KC$>tTDFrN1E=62U<L=sW?)04ThoNg<Hw0CK>+TaW#-ptiQ^Ztv*k
z{it#Qdx07o=$(N#WdBQZA<7k?AScgqKo9<V3fX;dOS{o7TQh?r%&c;op%@KF`>`KV
z8b6RXi~8*EZ!$>hwGk>?cfaoVsFOeM=?mUMIvE=xP(F~-#ZJB!a9^5?p_lD~Eb65S
z0x4wBhb<BEgO@-{)d=|z*>j~(7Gcb!Xf)IerMz&+uH#~8w2_lnKk2`)OjD0yyBlcL
zUCY}3)`82=-Mu09t7krr*Yc{cCVb?O;Hl}WY671uWG#*SnDfjqp@b?JH%Nb#7LPrn
zs%nCSl+>gtyPe#j!vG#WieHXjY995L;_<g7Q@6H1+Szq7OujJYdAupB$*Y=F5W=^^
z1DYkob~o99oh~`S6`&<_+Sp)-As#$29eR%eo+5E;E_-UGHKz={nV98&?$Vfk7TnIo
zj`i8Dl%b_||0bCgK(Y;yN!=~->KwQ=S5z3^GL7j$lwWA{m*^-@5=~&*JsY?4-$Fs_
z%et$q+H@1A*x1-^J<8~O;jgtPz`9>r%mUc(IY1&nbA9-*-1Kb~zWtv8GwFWK6?&=4
zdWSFRr(aGfkwAaY;Khmta>r@2%V<{{A^)o0&UQo2_)f!mw~W*aQGf{lv_>EGNr3lh
zgFIHigB;-2-$Cp&HOl&uG9l)F9Qv2x1Q>?Hj#UM_OE$VTA}W6sj^7&&fK)#)iOm0=
zNO!IgLR0y@djGYn4v=D0nvXMYt$@rH0>2TZ={M*C;%A=6Cd2K1**~uU@cm#AF4ScD
z&qe>&P6fcG`s;!S!G}r$h_u~_LvJq%$0f&Ao;kBba@V#FI}ra%>A1YT=^XgKSVCB~
zoBQtPW6eBzLmbo@5C^J6>5gAc()?zOl!3M41!^VLzr*~I@GH&596HvMlatB$dCSPi
zNL?`sAVY=E1p;C|f5I`3raCt__vG;KPo2!nOuBa<P+%?57E(=RrS=3eMW5VEK@+9s
z;`iKSqO<;ICKYv4hjUoj5!^9=a9mGspp$Hc@cc&y0^5d|h#4Z^uoH)cgb;($_<>yg
z$n31!TlQM`N`T;{W(&L)mwu&rC-=lyVs|)P6jt?*p;G~`a{FOrWd*%D1ah26Ss9=2
z+bPV<vzqzPMzOPsG%aG0^0+jq{u%4v<9=w%`5Tlq1XqAEsENo*xgvq`(E?rmf6%y&
zqFf%MF6zriLx7zWCP+kGDYvL|@1i<(91Yt#aG>9E@nT*BdUG<p0V2yEJ@2{Yxn1$m
zFwdih-QZqE#$gt?TVrnd!Jn~yIrTR$;#hPNFK;d^S+S8pDroq29|+|0#Cz6pB-y#?
zjXY!Iz5OjF7?DA$*qWChdJ%e~k+wp{h|=GI{^7@s)F4oyHW0Xy`c4vaDtORKnKX#b
zE|Hq`ct!|Iag4dkP^DQM{b5E7yPg!$d|IfBW+@twBAo_Q*s|O_7O7Z06Cje0CH%p6
zr#=t*A=k0GLUWeBUVF^J*5^+VA`_P~xVn@GQHx)ABB1vF5sN_|qJ#Mi6O(uDJQs^T
zDf0a^oeHms=L+g5I!t$_OB;{?zyg&%3lA80&^{VLjLr*7r@OkqX%2U<?!DC1QiCGQ
zGx}c-<Kw9*-8uk#<>a!0;2+G`2A&<bw=AE0j`nceJoj<7Ea&*tlZgLB8%QwTQR07a
zSS6#Y0Oizu+%0vX&cJ+^K_~ytNx6$)|H&a}`JL5ITEYNmz2uM9wlMk?i>VIq^v^GV
z6p+>z_cg#FQN4!+uIl!ztJ4|4vXSL=5nLW_+Ft2bIA86H#Zv#{pR0P%ociaC$-dd{
zi=ogbiD*7ryl&n<88NwO+otzV_tk68%d_nv11S){?%)IVU{zjRTxrh%Ve=9bt^A_R
zsD&8Pgh|5^cPGnZx5<)IOm!k&o*_)QjGRQxA~y)|#}JwF12G!tEL6W`t4BT0$)=?h
z*hajcV)0rtxDqNvY@KS#dUyy#C5Zr(paDcG$(;tElg^DEyoqnq6eO=Em|3U1psIfZ
zA`sieU;fIj_w0ojO|{2wBSZ?^Z{SwJB)|mU=qTQ`s^eR}8m{!qs?gw3?QZ+4M7|vx
z8%!2ZbGg|##)XhoZp}*KcNxC$M7R5SjG#7Sp8{PZC4;A!LlfNETMf(xX}S#mIu+P?
z0v>C9=K%!4(=CG9hfS_+VbyI@K>3JbLlSvRg@=}lwq>)I?mFw~Y+aVSGgo0eInU8#
z0LsM%w!P3VEiJ_#1yI%-DW}t!JrzulZfmVGpf_-92Pu%Na|`+p-b|RugoK1Zr=%hd
z?<7PZ_T8h~{>#XyzbWm-pXK~7xE<ZBq>p?qeVpojR0-t1y*I8i*GH4~oB0F{CZ2nr
zE%~E@aw+JRQF60uo0=BPEi5of%rZk6bZ;^pDFuyIhl4CxQKiwU%T-v9Bq=?)wm}c{
zIsckAn6m65=m$PHLZv|VvyGz)e;q-cPEyEDokq5Vlr+Uu@2Q5A_hx?LA`|4|dMA<x
zG)wrL89-*)C?1IV)6y-!ViYxRSqDU9n?3cY*N%Dq^M9wn>nL`C6!?ZFc<8Sbc#Ec%
z2`VB5ZWp(fg@ov6wC}T~j1HGY*fB*jH5OAG3JN$@Y2}S$V8=)U<?dl%?d$wqax${x
zh#Y)-nsCPBufeM}BpJc?F+sTac7b=MN6}|(H8m59sp1p-3If+a{313i3yUGs-@)(S
z0L+c`8-U9Y+klW1myQ911iD_p$H)euWVHRw)c$2+M6vUo_O;Bu`v(F4f?Xrv9s$0`
zpZv|~3xI+^%KU%8?uQ7|2iBfJ8Ki1wu?~p0<vma4qB8GD*81J60=ol&5VGR$9fDH8
zVLHQZU=~J&zApz_^T1k2@c#hayURVp@AwG3{P&0!-Le;fu(HIb7r4$quMNafh|!lt
z<^g*7KfYC$5fFZVU`!W)Y`0GE*T%lP3p3J+k_89=>q7)3^UHlZs=fbj)7=|Oh8T0k
z@0St#1cw-kr+owas)gPf0sfH>MHwxy*>HNy#$%b@h<+K-CG8^Wca}X%WEHr(yRg}*
zYQfQhmiI%zeY<rEK|{%Ac<`9hd&}~DN6%f7%T+xqgooni?;gb6sXaUfubyMYBsN6H
zbC&jDS^DtldEDn$;PLtoS^L}0gE}V(Zco1}(d@;b22LZLxUHXhaBH`J#fs@&Kbl{e
zcz*GTUSggV>js5<nBy4UGNJmqQK~nA7Bxm{YSOPjw_&>=1eJw;+1d;+-QxUmqvPU9
zyOac;^P9D}!jpJWGEmDal3n>(1eXT|fA5Q&L;W9rr@-_i|82n_DIkXUx^+lmf<WSX
z!R*av*IPgbbPN1>1CbT`z%!WYqQ}udOP?SEF|f_DD0Rhtf3fJWh2L(uqh)Y_aQng!
u2?ScNWZMR$3Q36I5~aNJ=Uwl6^$|fK+`7+bfIpuBdh<$7yjV>C)BgeJj{Wff

literal 0
HcmV?d00001

diff --git a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
index 4825cf8d37..b075578cd4 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
@@ -2,22 +2,19 @@
 title: Network Unlock 
 description: Learn how BitLocker Network Unlock works and how to configure it.
 ms.topic: how-to
-ms.date: 11/08/2022
+ms.date: 10/17/2023
 ---
 
 # Network Unlock
 
-This article describes how BitLocker Network Unlock works and how to configure it.
+Network Unlock is a BitLocker *key protector* for operating system volumes. Network Unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. Network Unlock requires the client hardware to have a DHCP driver implemented in its UEFI firmware. Without Network Unlock, operating system volumes protected by `TPM+PIN` protectors require a PIN to be entered when a device reboots or resumes from hibernation (for example, by Wake on LAN). Requiring a PIN after a reboot can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers.
 
-Network Unlock is a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). Requiring a PIN after a reboot can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers.
+Network Unlock allows BitLocker-enabled systems that have a `TPM+PIN` and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the `TPM+StartupKey` at boot. Rather than needing to read the StartupKey from USB media, however, the Network Unlock feature needs the key to be composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session.
 
-Network Unlock allows BitLocker-enabled systems that have a TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the Network Unlock feature needs the key to be composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session.
-
-## Network Unlock core requirements
+## System requirements
 
 Network Unlock must meet mandatory hardware and software requirements before the feature can automatically unlock domain-joined systems. These requirements include:
 
-- Currently supported Windows operating system
 - Any supported operating system with UEFI DHCP drivers that can serve as Network Unlock clients
 - Network Unlock clients with a TPM chip and at least one TPM protector
 - A server running the Windows Deployment Services (WDS) role on any supported server operating system
@@ -27,12 +24,12 @@ Network Unlock must meet mandatory hardware and software requirements before the
 - Network Unlock group policy settings configured
 - Network stack enabled in the UEFI firmware of client devices
 
-> [!NOTE]
-> To properly support DHCP within UEFI, the UEFI-based system should be in native mode and shouldn't have a compatibility support module (CSM) enabled.
+> [!IMPORTANT]
+> To support DHCP within UEFI, the UEFI-based system should be in native mode and shouldn't have a compatibility support module (CSM) enabled.
 
-For Network Unlock to work reliably on computers, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP. This first network adapter must be used for Network Unlock. This configuration is especially worth noting when the device has multiple adapters, and some adapters are configured without DHCP, such as for use with a lights-out management protocol. This configuration is necessary because Network Unlock stops enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter doesn't support DHCP, isn't plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock fails.
+For Network Unlock to work reliably, the first network adapter on the device, usually the onboard adapter, must be configured to support DHCP. This first network adapter must be used for Network Unlock. This configuration is especially worth noting when the device has multiple adapters, and some adapters are configured without DHCP, such as for use with a lights-out management protocol. This configuration is necessary because Network Unlock stops enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter doesn't support DHCP, isn't plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock fails.
 
-The Network Unlock server component is installed on supported versions of Windows Server 2012 and later as a Windows feature that uses Server Manager or Windows PowerShell cmdlets. The feature name is BitLocker Network Unlock in Server Manager and BitLocker-NetworkUnlock in Windows PowerShell. This feature is a core requirement.
+The Network Unlock server component is installed on supported versions of Windows Server as a Windows feature that uses Server Manager or Windows PowerShell cmdlets. The feature name is `BitLocker Network Unlock` in Server Manager and `BitLocker-NetworkUnlock` in PowerShell.
 
 Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation isn't required. However, the WDS service must be running on the server.
 
@@ -40,39 +37,31 @@ The network key is stored on the system drive along with an AES 256 session key
 
 ## Network Unlock sequence
 
-The unlock sequence starts on the client side when the Windows boot manager detects the existence of Network Unlock protector. It uses the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described above. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply.
+The unlock sequence starts on the client side when the Windows boot manager detects the existence of Network Unlock protector. It uses the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply.
 
-On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming Network Unlock requests. The provider can also be configured with subnet restrictions, which would require that the IP address provided by the client in the Network Unlock request belong to a permitted subnet to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, the standard TPM+PIN unlock screen is presented to unlock the drive.
+On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming Network Unlock requests. The provider can also be configured with subnet restrictions, which would require that the IP address provided by the client in the Network Unlock request belong to a permitted subnet to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, the standard `TPM+PIN` unlock screen is presented to unlock the drive.
 
-The server side configuration to enable Network Unlock also requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate, and distributing the public key certificate to the clients. This certificate must be managed and deployed through the Group Policy editor directly on a domain controller with at least a Domain Functional Level of Windows Server 2012. This certificate is the public key that encrypts the intermediate network key (which is one of the two secrets required to unlock the drive; the other secret is stored in the TPM).
-
-Manage and deploy this certificate through the Group Policy editor directly on a domain controller that has a domain functional level of at least Windows Server 2012. This certificate is the public key that encrypts the intermediate network key. The intermediate network key is one of the two secrets that are required to unlock the drive; the other secret is stored in the TPM.
-
-![Diagram showing the BitLocker Network Unlock sequence.](images/bitlockernetworkunlocksequence.png)
+The server side configuration to enable Network Unlock also requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate, and distributing the public key certificate to the clients. This certificate is the *public key* that encrypts the intermediate network key (which is one of the two secrets required to unlock the drive; the other secret is stored in the TPM), and it must be managed and deployed via Group Policy.
 
 The Network Unlock process follows these phases:
 
-1. The Windows boot manager detects a Network Unlock protector in the BitLocker configuration.
-
-2. The client computer uses its DHCP driver in the UEFI to get a valid IPv4 IP address.
-
-3. The client computer broadcasts a vendor-specific DHCP request that contains:
-
-    1. A network key (a 256-bit intermediate key) that is encrypted by using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server.
-
-    2. An AES-256 session key for the reply.
-
-4. The Network Unlock provider on the WDS server recognizes the vendor-specific request.
-
-5. The provider decrypts the request by using the WDS server's BitLocker Network Unlock certificate RSA private key.
-
-6. The WDS provider returns the network key encrypted with the session key by using its own vendor-specific DHCP reply to the client computer. This key is an intermediate key.
-
-7. The returned intermediate key is combined with another local 256-bit intermediate key. This key can be decrypted only by the TPM.
-
-8. This combined key is used to create an AES-256 key that unlocks the volume.
-
-9. Windows continues the boot sequence.
+:::row:::
+  :::column span="2":::
+1. The Windows boot manager detects a Network Unlock protector in the BitLocker configuration
+1. The client computer uses its DHCP driver in the UEFI to get a valid IPv4 IP address
+1. The client computer broadcasts a vendor-specific DHCP request that contains:
+    1. A network key (a 256-bit intermediate key) that is encrypted by using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server
+    1. An AES-256 session key for the reply
+1. The Network Unlock provider on the WDS server recognizes the vendor-specific request
+1. The provider decrypts the request by using the WDS server's BitLocker Network Unlock certificate RSA private key
+1. The WDS provider returns the network key encrypted with the session key by using its own vendor-specific DHCP reply to the client computer. This key is an intermediate key
+1. The returned intermediate key is combined with another local 256-bit intermediate key. This key can be decrypted only by the TPM
+1. This combined key is used to create an AES-256 key that unlocks the volume
+1. Windows continues the boot sequence
+  :::column-end:::
+  :::column span="2":::
+    :::image type="content" source="images/network-unlock-diagram.png" alt-text="Diagram of the Network Unlock sequence." lightbox="images/network-unlock-diagram.png" border="false":::
+  :::column-end:::
 
 ## Configure Network Unlock