Merge branch 'master' into privacy-update-vb

2025-05-15 14:57:23 +00:00 · 2021-09-30 11:06:05 +01:00 · 2021-09-30 11:06:05 +01:00 · 1b6a368ef6
commit 1b6a368ef6
parent 630fd60b7c b80b74a37c
60 changed files with 2918 additions and 2732 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -18956,10 +18956,10 @@
      "redirect_document_id": false
    }, 
    {
-      "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md",
+      "source_path": "windows/security/identity-protection/change-history-for-access-protection.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/security/",
      "redirect_document_id": false
-    },
+    }
 	    ]
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1,5 +0,0 @@
 {
    "cSpell.words": [
        "emie"
    ]
 }
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@ -40,29 +40,30 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 <tr>
    <td>Business</td>
    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 </table>
 <!--/SupportedSKUs-->
@ -83,7 +84,7 @@ Added in Windows 10, version 1607. Specifies whether or not the user can intera
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
-   GP English name: *Allow Cortana above lock screen*
+-   GP Friendly name: *Allow Cortana above lock screen*
 -   GP name: *AllowCortanaAboveLock*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@ -106,29 +107,25 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td><td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
    <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
@ -159,16 +156,6 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 Footnotes:
 - 1 - Available in Windows 10, version 1607.
 - 2 - Available in Windows 10, version 1703.
 - 3 - Available in Windows 10, version 1709.
 - 4 - Available in Windows 10, version 1803.
 - 5 - Available in Windows 10, version 1809.
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@ -42,36 +42,39 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 <tr>
    <td>Business</td>
    <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -113,36 +116,44 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -181,36 +192,44 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -246,15 +265,6 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 Footnotes:
 - 1 - Available in Windows 10, version 1607.
 - 2 - Available in Windows 10, version 1703.
 - 3 - Available in Windows 10, version 1709.
 - 4 - Available in Windows 10, version 1803.
 - 5 - Available in Windows 10, version 1809.
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@ -14,6 +14,12 @@ manager: dansimp
 # Policy CSP - ActiveXControls
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <hr/>
@ -36,29 +42,28 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td><td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 <tr>
    <td>Business</td>
    <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 </table>
 <!--/SupportedSKUs-->
@ -83,12 +88,6 @@ If you disable or do not configure this policy setting, ActiveX controls prompt
 Note: Wild card characters cannot be used when specifying the host URLs.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -101,16 +100,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 Footnotes:
 - 1 - Available in Windows 10, version 1607.
 - 2 - Available in Windows 10, version 1703.
 - 3 - Available in Windows 10, version 1709.
 - 4 - Available in Windows 10, version 1803.
 - 5 - Available in Windows 10, version 1809.
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@ -13,8 +13,14 @@ manager: dansimp
 ---
 # Policy CSP - ADMX_ActiveXInstallService
-> [!WARNING]
+
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <hr/>
@ -36,29 +42,28 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
-</tr>
+    <th>Windows 11</th>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 <tr>
    <td>Business</td>
    <td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 </table>
 <!--/SupportedSKUs-->
@ -74,7 +79,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
+This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
 If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
@ -86,12 +91,6 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro
 > This policy setting applies to all sites in Trusted zones.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -104,8 +103,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@ -14,8 +14,13 @@ manager: dansimp
 # Policy CSP - ADMX_AddRemovePrograms
-> [!WARNING]
+> [!TIP]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <hr/>
@ -67,28 +72,33 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+     <td>No</td>
     <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+     <td>No</td>
     <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+     <td>No</td>
     <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
-</tr>
+     <td>Yes</td>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -106,7 +116,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
+The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
 To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
@ -116,12 +126,6 @@ If you disable this setting or do not configure it, all programs (Category: All)
 > This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -150,28 +154,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -189,7 +199,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
+This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
 If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components.
@ -197,12 +207,6 @@ If you disable this setting or do not configure it, the "Add a program from CD-R
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -231,28 +235,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -270,7 +280,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
+This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
 If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update.
@ -278,12 +288,7 @@ If you disable this setting or do not configure it, "Add programs from Microsoft
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -312,28 +317,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -351,7 +362,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
+This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
 If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. 
@ -361,12 +372,7 @@ If you disable this setting or do not configure it, "Add programs from your netw
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -394,28 +400,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -433,17 +445,12 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
+This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
 If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -472,28 +479,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -511,21 +524,16 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
+This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
 If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
- GP English name: *Remove Add or Remove Programs*
+- GP Friendly name: *Remove Add or Remove Programs*
 - GP name: *NoAddRemovePrograms*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@ -550,28 +558,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -589,22 +603,17 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
+This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
 If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
- GP English name: *Hide the Set Program Access and Defaults page*
+- GP Friendly name: *Hide the Set Program Access and Defaults page*
 - GP name: *NoChooseProgramsPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@ -629,29 +638,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 </table>
 <!--/SupportedSKUs-->
@ -668,21 +682,16 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
+This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
 If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
- GP English name: *Hide Change or Remove Programs page*
+- GP Friendly name: *Hide Change or Remove Programs page*
 - GP name: *NoRemovePage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@ -707,28 +716,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -746,7 +761,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
+This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
 If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services.
@ -754,16 +769,11 @@ If you disable this setting or do not configure it, "Set up services" appears on
 > When "Set up services" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
- GP English name: *Go directly to Components Wizard*
+- GP Friendly name: *Go directly to Components Wizard*
 - GP name: *NoServices*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@ -788,28 +798,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -827,7 +843,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
+This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
 If you disable this setting or do not configure it, the Support Info hyperlink appears.
@ -835,16 +851,10 @@ If you disable this setting or do not configure it, the Support Info hyperlink a
 > Not all programs provide a support information hyperlink.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
- GP English name: *Remove Support Information*
+- GP Friendly name: *Remove Support Information*
 - GP name: *NoSupportInfo*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@ -869,28 +879,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -908,21 +924,16 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
+This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
 If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
- GP English name: *Hide Add/Remove Windows Components page*
+- GP Friendly name: *Hide Add/Remove Windows Components page*
 - GP name: *NoWindowsSetupPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@ -939,8 +950,6 @@ ADMX Info:
 <!--/Validation-->
 <!--/Policy-->
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@ -14,8 +14,12 @@ manager: dansimp
 # Policy CSP - ADMX_AppCompat
-> [!WARNING]
+> [!TIP]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <hr/>
@ -70,28 +74,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -108,7 +118,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
+This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
 You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.
@ -122,12 +132,6 @@ If the status is set to Not Configured, the OS falls back on a local policy set
 > This setting appears only in Computer Configuration.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -147,28 +151,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -185,7 +195,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
+This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
 The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications.
@ -193,12 +203,6 @@ Enabling this policy setting removes the property page from the context-menus, b
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -218,28 +222,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -256,7 +266,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Application Telemetry engine in the system.
+The policy setting controls the state of the Application Telemetry engine in the system.
 Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
@ -268,12 +278,6 @@ Disabling telemetry will take effect on any newly launched applications. To ensu
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -293,28 +297,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -331,7 +341,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Switchback compatibility engine in the system.
+The policy setting controls the state of the Switchback compatibility engine in the system.
 Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.
@ -344,12 +354,6 @@ If you disable or do not configure this policy setting, the Switchback will be t
 Reboot the system after changing the setting to ensure that your system accurately reflects those changes.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -369,29 +373,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 </table>
 <!--/SupportedSKUs-->
@ -407,7 +416,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the application compatibility engine in the system.
+This policy setting controls the state of the application compatibility engine in the system.
 The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.
@ -422,12 +431,6 @@ This option is useful to server administrators who require faster performance an
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -447,28 +450,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -485,16 +494,10 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -514,28 +517,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -552,7 +561,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
 If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
@ -563,12 +572,6 @@ If you disable or do not configure this policy setting, the PCA will be turned o
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -588,28 +591,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -626,7 +635,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of Steps Recorder.
+This policy setting controls the state of Steps Recorder.
 Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots.  Steps Recorder includes an option to turn on and off data collection.
@ -636,12 +645,6 @@ If you disable or do not configure this policy setting, Steps Recorder will be e
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -661,28 +664,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -699,7 +708,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Inventory Collector. 
+This policy setting controls the state of the Inventory Collector. 
 The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
@ -712,12 +721,6 @@ If you disable or do not configure this policy setting, the Inventory Collector
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -729,8 +732,6 @@ ADMX Info:
 <!--/ADMXBacked-->
 <!--/Policy-->
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -5,16 +5,15 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 05/02/2021
+ms.date: 09/29/2021
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - LocalPoliciesSecurityOptions
 <hr/>
 <!--Policies-->
@ -164,7 +163,6 @@ manager: dansimp
  </dd>
 </dl>
 <hr/>
 > [!NOTE]
@ -304,9 +302,8 @@ This security setting determines whether local accounts that are not password pr
 Default: Enabled.
-Warning:
+> [!WARNING]
-
+> Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
 Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
 If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
 This setting does not affect logons that use domain accounts.
@ -524,9 +521,8 @@ Devices: Allow undock without having to log on.
 This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
 Default: Enabled.
-Caution:
+> [!CAUTION]
-
+> Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
 Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
 <!--/Description-->
 <!--RegistryMapped-->
@ -666,7 +662,7 @@ For a computer to print to a shared printer, the driver for that shared printer
 Default on servers: Enabled.
 Default on workstations: Disabled
->[!Note]
+>[!NOTE]
 >This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
 <!--/Description-->
@ -1413,14 +1409,14 @@ If this setting is enabled, the Microsoft network client will not communicate wi
 Default: Disabled.   
->[!Note] 
+> [!Note] 
->All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 <!--/Description-->
 <!--RegistryMapped-->
@ -1493,16 +1489,16 @@ If this setting is enabled, the Microsoft network client will ask the server to
 Default: Enabled.
->[!Note]
+> [!Note]
->All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
->If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+> If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+> For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 <!--/Description-->
 <!--RegistryMapped-->
@ -1728,16 +1724,16 @@ If this setting is enabled, the Microsoft network server will not communicate wi
 Default: Disabled for member servers. Enabled for domain controllers.
->[!Note]
+> [!NOTE]
->All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
 >
->Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+> Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
->If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
+> If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 <!--/Description-->
 <!--RegistryMapped-->
@ -1810,15 +1806,15 @@ If this setting is enabled, the Microsoft network server will negotiate SMB pack
 Default: Enabled on domain controllers only.
->[!Note]
+> [!NOTE]
 > All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
->If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+> If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
 For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 <!--/Description-->
@ -1896,8 +1892,8 @@ Disabled: No additional restrictions. Rely on default permissions.
 Default on workstations: Enabled.
 Default on server:Enabled.
->[!Important]
+> [!IMPORTANT]
->This policy has no impact on domain controllers.
+> This policy has no impact on domain controllers.
 <!--/Description-->
 <!--RegistryMapped-->
@ -3189,8 +3185,9 @@ This policy setting controls the behavior of the elevation prompt for administra
 The options are:
 - 0 - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials.
-      > [!NOTE]
+
-      > Use this option only in the most constrained environments.
+  > [!NOTE]
  > Use this option only in the most constrained environments.
 - 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
@ -3565,8 +3562,10 @@ This policy setting controls the behavior of all User Account Control (UAC) poli
 The options are:
 - 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled.
-      > [!NOTE]
+
-      > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+  > [!NOTE]
  > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
 - 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@ -81,7 +81,7 @@ To use the deployment service, you use a management tool built on the platform,
 ### Using Microsoft Endpoint Manager
-Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
+Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
 ### Scripting common actions using PowerShell
@ -115,7 +115,7 @@ You should continue to use deployment rings as part of the servicing strategy fo
 ### Monitoring deployments to detect rollback issues
-During a feature update deployment, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
+During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
 ### How to enable deployment protections
@ -124,21 +124,16 @@ Deployment scheduling controls are always available, but to take advantage of th
 #### Device prerequisites
 > [!NOTE]
 > Deployment protections are currently in preview and available if you're using Update Compliance. If you set these policies on a a device that isn't enrolled in Update Compliance, there is no effect.
 - Diagnostic data is set to *Required* or *Optional*.
 - The **AllowWUfBCloudProcessing** policy is set to **8**.
 #### Set the **AllowWUfBCloudProcessing** policy
-To enroll devices in Windows Update for Business cloud processing, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy.
+To enroll devices in Windows Update for Business cloud processing, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy or Group Policy.
 > [!NOTE]
 > Setting this policy by using Group Policy isn't currently supported.
 | Policy                                                                                                       | Sets registry key under **HKLM\\Software**                                |
 |--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|
 | GPO for Windows 10, version 1809 or later: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow WUfB Cloud Processing** | \\Policies\\Microsoft\\Windows\\DataCollection\\AllowWUfBCloudProcessing |
 | MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing |
 Following is an example of setting the policy using Microsoft Endpoint Manager:
@ -184,5 +179,5 @@ Avoid using different channels to manage the same resources. If you use Microsof
 To learn more about the deployment service, try the following:
- [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates)
+- [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates)
 - [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview)
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@ -1,9 +1,470 @@
- name: Security
+
 - name: Windows security
  href: index.yml
 - name: Zero Trust and Windows
  href: zero-trust-windows-device-health.md
  expanded: true
 - name: Hardware security
  items: 
-    - name: Identity and access management
+    - name: Overview
-      href: identity-protection/index.md
+      href: hardware.md
-    - name: Information protection
+    - name: Trusted Platform Module
-      href: information-protection/index.md
+      href: information-protection/tpm/trusted-platform-module-top-node.md
-    - name: Threat protection
+      items: 
-      href: threat-protection/index.md
+        - name: Trusted Platform Module Overview
          href: information-protection/tpm/trusted-platform-module-overview.md
        - name: TPM fundamentals
          href: information-protection/tpm/tpm-fundamentals.md
        - name: How Windows uses the TPM
          href: information-protection/tpm/how-windows-uses-the-tpm.md
        - name: TPM Group Policy settings
          href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
        - name: Back up the TPM recovery information to AD DS
          href: information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
        - name: View status, clear, or troubleshoot the TPM
          href: information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
        - name: Understanding PCR banks on TPM 2.0 devices
          href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
        - name: TPM recommendations
          href: information-protection/tpm/tpm-recommendations.md
    - name: Hardware-based root of trust
      href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
    - name: System Guard Secure Launch and SMM protection
      href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
    - name: Enable virtualization-based protection of code integrity
      href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md    
    - name: Kernel DMA Protection
      href: information-protection/kernel-dma-protection-for-thunderbolt.md
    - name: Windows secured-core devices
      href: /windows-hardware/design/device-experiences/oem-highly-secure
 - name: Operating system security
  items: 
   - name: Overview
     href: operating-system.md
   - name: System security   
     items:
     - name: Secure the Windows boot process
       href: information-protection/secure-the-windows-10-boot-process.md
     - name: Trusted Boot
       href: trusted-boot.md
     - name: Cryptography and certificate management
       href: cryptography-certificate-mgmt.md
     - name: The Windows Security app
       href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
       items:
       - name: Virus & threat protection
         href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
       - name: Account protection
         href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
       - name: Firewall & network protection
         href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
       - name: App & browser control
         href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
       - name: Device security
         href: threat-protection\windows-defender-security-center\wdsc-device-security.md
       - name: Device performance & health
         href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
       - name: Family options
         href: threat-protection\windows-defender-security-center\wdsc-family-options.md
     - name: Security policy settings
       href: threat-protection/security-policy-settings/security-policy-settings.md
     - name: Security auditing
       href: threat-protection/auditing/security-auditing-overview.md
   - name: Encryption and data protection 
     href: encryption-data-protection.md
     items:
     - name: Encrypted Hard Drive
       href: information-protection/encrypted-hard-drive.md
     - name: BitLocker 
       href: information-protection/bitlocker/bitlocker-overview.md
       items: 
        - name: Overview of BitLocker Device Encryption in Windows
          href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
        - name: BitLocker frequently asked questions (FAQ)
          href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
          items: 
            - name: Overview and requirements
              href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
            - name: Upgrading
              href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
            - name: Deployment and administration
              href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
            - name: Key management
              href: information-protection/bitlocker/bitlocker-key-management-faq.yml
            - name: BitLocker To Go
              href: information-protection/bitlocker/bitlocker-to-go-faq.yml
            - name: Active Directory Domain Services
              href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
            - name: Security
              href: information-protection/bitlocker/bitlocker-security-faq.yml
            - name: BitLocker Network Unlock
              href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
            - name: General
              href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
        - name: "Prepare your organization for BitLocker: Planning and policies"
          href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
        - name: BitLocker deployment comparison
          href: information-protection/bitlocker/bitlocker-deployment-comparison.md
        - name: BitLocker basic deployment
          href: information-protection/bitlocker/bitlocker-basic-deployment.md
        - name: Deploy BitLocker on Windows Server 2012 and later
          href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
        - name: BitLocker management for enterprises
          href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
        - name: Enable Network Unlock with BitLocker
          href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
        - name: Use BitLocker Drive Encryption Tools to manage BitLocker
          href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
        - name: Use BitLocker Recovery Password Viewer
          href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
        - name: BitLocker Group Policy settings
          href: information-protection/bitlocker/bitlocker-group-policy-settings.md
        - name: BCD settings and BitLocker
          href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
        - name: BitLocker Recovery Guide
          href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
        - name: BitLocker Countermeasures
          href: information-protection/bitlocker/bitlocker-countermeasures.md
        - name: Protecting cluster shared volumes and storage area networks with BitLocker
          href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
        - name: Troubleshoot BitLocker
          items: 
            - name: Troubleshoot BitLocker
              href: information-protection/bitlocker/troubleshoot-bitlocker.md
            - name: "BitLocker cannot encrypt a drive: known issues"
              href: information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
            - name: "Enforcing BitLocker policies by using Intune: known issues"
              href: information-protection/bitlocker/ts-bitlocker-intune-issues.md
            - name: "BitLocker Network Unlock: known issues"
              href: information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md
            - name: "BitLocker recovery: known issues"
              href: information-protection/bitlocker/ts-bitlocker-recovery-issues.md
            - name: "BitLocker configuration: known issues"
              href: information-protection/bitlocker/ts-bitlocker-config-issues.md
            - name: Troubleshoot BitLocker and TPM issues
              items: 
                - name: "BitLocker cannot encrypt a drive: known TPM issues"
                  href: information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md
                - name: "BitLocker and TPM: other known issues"
                  href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md
                - name: Decode Measured Boot logs to track PCR changes
                  href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
     - name: Configure S/MIME for Windows
       href: identity-protection/configure-s-mime.md    
   - name: Network security
     items:
     - name: VPN technical guide
       href: identity-protection/vpn/vpn-guide.md
       items: 
        - name: VPN connection types
          href: identity-protection/vpn/vpn-connection-type.md
        - name: VPN routing decisions
          href: identity-protection/vpn/vpn-routing.md
        - name: VPN authentication options
          href: identity-protection/vpn/vpn-authentication.md
        - name: VPN and conditional access
          href: identity-protection/vpn/vpn-conditional-access.md
        - name: VPN name resolution
          href: identity-protection/vpn/vpn-name-resolution.md
        - name: VPN auto-triggered profile options
          href: identity-protection/vpn/vpn-auto-trigger-profile.md
        - name: VPN security features
          href: identity-protection/vpn/vpn-security-features.md
        - name: VPN profile options
          href: identity-protection/vpn/vpn-profile-options.md
        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
          href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
          href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
        - name: Optimizing Office 365 traffic with the Windows VPN client
          href: identity-protection/vpn/vpn-office-365-optimization.md
     - name: Windows Defender Firewall
       href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
   - name: Windows security baselines
     href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
     items: 
      - name: Security Compliance Toolkit
        href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
      - name: Get support
        href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md     
   - name: Virus & threat protection
     items: 
      - name: Overview
        href: threat-protection/index.md
      - name: Microsoft Defender Antivirus
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
      - name: Attack surface reduction rules
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
      - name: Tamper protection
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
      - name: Network protection
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
      - name: Controlled folder access
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
      - name: Exploit protection
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
      - name: Microsoft Defender for Endpoint
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
      - name: Security intelligence
        href: threat-protection/intelligence/index.md
        items: 
        - name: Understand malware & other threats
          href: threat-protection/intelligence/understanding-malware.md
          items: 
            - name: Prevent malware infection
              href: threat-protection/intelligence/prevent-malware-infection.md
            - name: Malware names
              href: threat-protection/intelligence/malware-naming.md
            - name: Coin miners
              href: threat-protection/intelligence/coinminer-malware.md
            - name: Exploits and exploit kits
              href: threat-protection/intelligence/exploits-malware.md
            - name: Fileless threats
              href: threat-protection/intelligence/fileless-threats.md
            - name: Macro malware
              href: threat-protection/intelligence/macro-malware.md
            - name: Phishing
              href: threat-protection/intelligence/phishing.md
            - name: Ransomware
              href: /security/compass/human-operated-ransomware
            - name: Rootkits
              href: threat-protection/intelligence/rootkits-malware.md
            - name: Supply chain attacks
              href: threat-protection/intelligence/supply-chain-malware.md
            - name: Tech support scams
              href: threat-protection/intelligence/support-scams.md
            - name: Trojans
              href: threat-protection/intelligence/trojans-malware.md
            - name: Unwanted software
              href: threat-protection/intelligence/unwanted-software.md
            - name: Worms
              href: threat-protection/intelligence/worms-malware.md
        - name: How Microsoft identifies malware and PUA
          href: threat-protection/intelligence/criteria.md
        - name: Submit files for analysis
          href: threat-protection/intelligence/submission-guide.md
        - name: Safety Scanner download
          href: threat-protection/intelligence/safety-scanner-download.md
        - name: Industry collaboration programs
          href: threat-protection/intelligence/cybersecurity-industry-partners.md
          items: 
            - name: Virus information alliance
              href: threat-protection/intelligence/virus-information-alliance-criteria.md
            - name: Microsoft virus initiative
              href: threat-protection/intelligence/virus-initiative-criteria.md
            - name: Coordinated malware eradication
              href: threat-protection/intelligence/coordinated-malware-eradication.md
        - name: Information for developers
          items: 
            - name: Software developer FAQ
              href: threat-protection/intelligence/developer-faq.yml
            - name: Software developer resources
              href: threat-protection/intelligence/developer-resources.md
   - name: More Windows security
     items: 
      - name: Override Process Mitigation Options to help enforce app-related security policies
        href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
      - name: Use Windows Event Forwarding to help with intrusion detection
        href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
      - name: Block untrusted fonts in an enterprise
        href: threat-protection/block-untrusted-fonts-in-enterprise.md
      - name: Windows Information Protection (WIP)
        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
        items: 
         - name: Create a WIP policy using Microsoft Intune
           href: information-protection/windows-information-protection/overview-create-wip-policy.md
           items: 
            - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune
              href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
              items: 
                - name: Deploy your WIP policy using the Azure portal for Microsoft Intune
                  href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
                - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune
                  href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
            - name: Determine the Enterprise Context of an app running in WIP
              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
         - name: Create a WIP policy using Microsoft Endpoint Configuration Manager
           href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
           items: 
            - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager
              href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
            - name: Determine the Enterprise Context of an app running in WIP
              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
         - name: Mandatory tasks and settings required to turn on WIP
           href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
         - name: Testing scenarios for WIP
           href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
         - name: Limitations while using WIP
           href: information-protection/windows-information-protection/limitations-with-wip.md
         - name: How to collect WIP audit event logs
           href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
         - name: General guidance and best practices for WIP
           href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
           items: 
            - name: Enlightened apps for use with WIP
              href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
            - name: Unenlightened and enlightened app behavior while using WIP
              href: information-protection/windows-information-protection/app-behavior-with-wip.md
            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
              href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
            - name: Using Outlook Web Access with WIP
              href: information-protection/windows-information-protection/using-owa-with-wip.md
         - name: Fine-tune WIP Learning
           href: information-protection/windows-information-protection/wip-learning.md
 - name: Application security
  items:
   - name: Overview
     href: apps.md
   - name: Windows Defender Application Control and virtualization-based protection of code integrity
     href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
   - name: Windows Defender Application Control
     href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
   - name: Microsoft Defender Application Guard
     href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
   - name: Windows Sandbox
     href: threat-protection/windows-sandbox/windows-sandbox-overview.md
     items: 
        - name: Windows Sandbox architecture
          href: threat-protection/windows-sandbox/windows-sandbox-architecture.md
        - name: Windows Sandbox configuration
          href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
   - name: Microsoft Defender SmartScreen overview
     href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
   - name: Configure S/MIME for Windows
     href: identity-protection\configure-s-mime.md
   - name: Windows Credential Theft Mitigation Guide Abstract
     href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md 
 - name: User security and secured identity
  items:
    - name: Overview
      href: identity.md
    - name: Windows Hello for Business
      href: identity-protection/hello-for-business/index.yml
    - name: Windows credential theft mitigation guide
      href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
    - name: Enterprise Certificate Pinning
      href: identity-protection/enterprise-certificate-pinning.md
    - name: Protect derived domain credentials with Credential Guard
      href: identity-protection/credential-guard/credential-guard.md
      items: 
        - name: How Credential Guard works
          href: identity-protection/credential-guard/credential-guard-how-it-works.md
        - name: Credential Guard Requirements
          href: identity-protection/credential-guard/credential-guard-requirements.md
        - name: Manage Credential Guard
          href: identity-protection/credential-guard/credential-guard-manage.md
        - name: Hardware readiness tool
          href: identity-protection/credential-guard/dg-readiness-tool.md
        - name: Credential Guard protection limits
          href: identity-protection/credential-guard/credential-guard-protection-limits.md
        - name: Considerations when using Credential Guard
          href: identity-protection/credential-guard/credential-guard-considerations.md
        - name: "Credential Guard: Additional mitigations"
          href: identity-protection/credential-guard/additional-mitigations.md
        - name: "Credential Guard: Known issues"
          href: identity-protection/credential-guard/credential-guard-known-issues.md
    - name: Protect Remote Desktop credentials with Remote Credential Guard
      href: identity-protection/remote-credential-guard.md
    - name: Technical support policy for lost or forgotten passwords
      href: identity-protection/password-support-policy.md
    - name: Access Control Overview
      href: identity-protection/access-control/access-control.md
      items: 
        - name: Dynamic Access Control Overview
          href: identity-protection/access-control/dynamic-access-control.md
        - name: Security identifiers
          href: identity-protection/access-control/security-identifiers.md
        - name: Security Principals
          href: identity-protection/access-control/security-principals.md
        - name: Local Accounts
          href: identity-protection/access-control/local-accounts.md
        - name: Active Directory Accounts
          href: identity-protection/access-control/active-directory-accounts.md
        - name: Microsoft Accounts
          href: identity-protection/access-control/microsoft-accounts.md
        - name: Service Accounts
          href: identity-protection/access-control/service-accounts.md
        - name: Active Directory Security Groups
          href: identity-protection/access-control/active-directory-security-groups.md
        - name: Special Identities
          href: identity-protection/access-control/special-identities.md
        - name: User Account Control
          href: identity-protection/user-account-control/user-account-control-overview.md
          items: 
            - name: How User Account Control works
              href: identity-protection/user-account-control/how-user-account-control-works.md
            - name: User Account Control security policy settings
              href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
            - name: User Account Control Group Policy and registry key settings
              href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
    - name: Smart Cards
      href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
      items: 
        - name: How Smart Card Sign-in Works in Windows
          href: identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
          items: 
            - name: Smart Card Architecture
              href: identity-protection/smart-cards/smart-card-architecture.md
            - name: Certificate Requirements and Enumeration
              href: identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
            - name: Smart Card and Remote Desktop Services
              href: identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
            - name: Smart Cards for Windows Service
              href: identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
            - name: Certificate Propagation Service
              href: identity-protection/smart-cards/smart-card-certificate-propagation-service.md
            - name: Smart Card Removal Policy Service
              href: identity-protection/smart-cards/smart-card-removal-policy-service.md
        - name: Smart Card Tools and Settings
          href: identity-protection/smart-cards/smart-card-tools-and-settings.md
          items: 
            - name: Smart Cards Debugging Information
              href: identity-protection/smart-cards/smart-card-debugging-information.md
            - name: Smart Card Group Policy and Registry Settings
              href: identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
            - name: Smart Card Events
              href: identity-protection/smart-cards/smart-card-events.md
        - name: Virtual Smart Cards
          href: identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
          items: 
            - name: Understanding and Evaluating Virtual Smart Cards
              href: identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
              items: 
                - name: "Get Started with Virtual Smart Cards: Walkthrough Guide"
                  href: identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
                - name: Use Virtual Smart Cards
                  href: identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
                - name: Deploy Virtual Smart Cards
                  href: identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
                - name: Evaluate Virtual Smart Card Security
                  href: identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
            - name: Tpmvscmgr
              href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
 - name: Cloud services
  items:
   - name: Overview
     href: cloud.md
   - name: Mobile device management
     href: https://docs.microsoft.com/windows/client-management/mdm/
   - name: Windows 365 Cloud PCs
     href: /windows-365/overview
   - name: Azure Virtual Desktop
     href: /azure/virtual-desktop/
 - name: Security foundations
  items: 
    - name: Overview
      href: security-foundations.md
    - name: Microsoft Security Development Lifecycle
      href: threat-protection/msft-security-dev-lifecycle.md
    - name: Microsoft Bug Bounty Program
      href: threat-protection/microsoft-bug-bounty-program.md
    - name: FIPS 140-2 Validation
      href: threat-protection/fips-140-validation.md
    - name: Common Criteria Certifications
      href: threat-protection/windows-platform-common-criteria.md
 - name: Windows Privacy
  href: /windows/privacy/windows-10-and-privacy-compliance
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@ -0,0 +1,28 @@
 ---
 title: Windows application security
 description: Get an overview of application security in Windows 10 and Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
 ---
 # Windows application security
 Cyber-criminals regularly gain access to valuable data by hacking applications. This can include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows protects your valuable data with layers of application security.
 The following table summarizes the Windows security features and capabilities for apps:<br/><br/>
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
 | Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
 | Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](threat-protection\windows-sandbox\windows-sandbox-overview.md)
 | Email Security |  With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](identity-protection/configure-s-mime.md) |
 | Microsoft Defender SmartScreen |  Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) | 
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@ -0,0 +1,39 @@
 ---
 title: Windows and cloud security
 description: Get an overview of cloud services supported in Windows 11 and Windows 10
 ms.reviewer: 
 author: denisebmsft
 ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/20/2021
 ms.localizationpriority: medium
 ms.custom: 
 f1.keywords: NOCSH 
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 search.appverid: MET150 
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
 ---
 # Windows and cloud security
 Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services. Windows and cloud services together help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
 Windows 11 includes the cloud services that are listed in the following table:<br/><br/>
 | Service type | Description |
 |:---|:---|
 | Mobile device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](/windows/client-management/mdm/). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 ## Next steps
 - [Learn more about MDM and Windows 11](/windows/client-management/mdm/)
 - [Learn more about Windows security](index.yml)
--- a/windows/security/cryptography-certificate-mgmt.md
+++ b/windows/security/cryptography-certificate-mgmt.md
@ -0,0 +1,43 @@
 ---
 title: Cryptography and Certificate Management
 description: Get an overview of cryptography and certificate management in Windows
 search.appverid: MET150  
 author: denisebmsft
 ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.prod: m365-security
 ms.technology: windows-sec
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
 ms.reviewer: skhadeer, raverma
 f1.keywords: NOCSH 
 ---
 # Cryptography and Certificate Management
 ## Cryptography
 Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. 
 Cryptography in Windows is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources.
 Windows cryptographic modules provide low-level primitives such as:
 - Random number generators (RNG)
 - Symmetric and asymmetric encryption (support for  AES 128/256 and RSA 512 to 16384, in 64-bit increments and ECDSA over NIST-standard prime curves P-256, P-384, P-521)
 - Hashing (support for SHA-256, SHA-384, and SHA-512)
 - Signing and verification (padding support for OAEP, PSS, PKCS1)
 - Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521, and HKDF)
 These modules are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can use these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
 ## Certificate management
 Windows offers several APIs to operate and manage certificates. Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Certificates are electronic documents used to claim ownership of a public key. Public keys are used to prove server and client identity, validate code integrity, and used in secure emails. Windows offers users the ability to auto-enroll and renew certificates in Active Directory with Group Policy to reduce the risk of potential outages due to certificate expiration or misconfiguration. Windows validates certificates through an automatic update mechanism that downloads certificate trust lists (CTL) daily. Trusted root certificates are used by applications as a reference for trustworthy PKI hierarchies and digital certificates. The list of trusted and untrusted certificates are stored in the CTL and can be updated by administrators. In the case of certificate revocation, a certificate is added as an untrusted certificate in the CTL causing it to be revoked globally across user devices immediately. 
 Windows also offers enterprise certificate pinning to help reduce man-in-the-middle attacks by enabling users to protect their internal domain names from chaining to unwanted certificates. A web application's server authentication certificate chain is checked to ensure it matches a restricted set of certificates. Any web application triggering a name mismatch will start event logging and prevent user access from Edge or Internet Explorer. 
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@ -48,7 +48,7 @@
          "folder_relative_path_in_docset": "./"
        }
      },
-      "titleSuffix": "Microsoft 365 Security",
+      "titleSuffix": "Windows security",
      "contributors_to_exclude": [
        "rjagiewich", 
        "traya1", 
--- a/windows/security/encryption-data-protection.md
+++ b/windows/security/encryption-data-protection.md
@ -0,0 +1,54 @@
 ---
 title: Encryption and data protection in Windows
 description: Get an overview encryption and data protection in Windows 11 and Windows 10
 search.appverid: MET150 
 author: denisebmsft
 ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.prod: m365-security
 ms.technology: windows-sec
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
 ms.reviewer: deepakm, rafals
 f1.keywords: NOCSH  
 ---
 # Encryption and data protection in Windows client
 When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. 
 Encryption and data protection features include:
 - Encrypted Hard Drive
 - BitLocker
 ## Encrypted Hard Drive
 Encrypted Hard Drive uses the rapid encryption provided by BitLocker Drive Encryption to enhance data security and management.
 By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
 Encrypted hard drives provide:
 - Better performance: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
 - Strong security based in hardware: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system.
 - Ease of use: Encryption is transparent to the user, and the user does not need to enable it. Encrypted hard drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive.
 - Lower cost of ownership: There is no need for new infrastructure to manage encryption keys, since BitLocker uses your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process.
 Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. 
 ## BitLocker
 BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. 
 BitLocker provides encryption for the operating system, fixed data, and removable data drives, using technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot, and TPM. 
 Windows consistently improves data protection by improving existing options and providing new strategies.
 ## See also
 - [Encrypted Hard Drive](information-protection/encrypted-hard-drive.md)
 - [BitLocker](information-protection/bitlocker/bitlocker-overview.md)
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@ -0,0 +1,27 @@
 ---
 title: Windows hardware security
 description: Get an overview of hardware security in Windows 11 and Windows 10
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
 ---
 # Windows hardware security
 Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data, and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
 These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. <br><br/>
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | Trusted Platform Module (TPM) | A Trusted Platform Module (TPM) is designed to provide hardware-based security-related functions and help prevent unwanted tampering. TPMs provide security and privacy benefits for system hardware, platform owners, and users. <br> A TPM chip is a secure crypto-processor that helps with actions such as generating, storing, and limiting the use of cryptographic keys. Many TPMs include multiple physical security mechanisms to make it tamper resistant and prevent malicious software from tampering with the security functions of the TPM. <br><br/> Learn more about the [Trusted Platform Module](information-protection/tpm/trusted-platform-module-top-node.md). |
 | Hardware-based root of trust with Windows Defender System Guard | To protect critical resources such as Windows authentication, single sign-on tokens, Windows Hello, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.  <br> Windows Defender System Guard helps protect and maintain the integrity of the system as it starts up and validate that system integrity has truly been maintained through local and remote attestation. <br><br/> Learn more about [How a hardware-based root of trust helps protect Windows](threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) and [System Guard Secure Launch and SMM protection](threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). |
 | Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS uses the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br><br/> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
 | Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br><br/> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
 | Secured-core PCs | Microsoft is working closely with OEM partners and silicon vendors to build Secured-core PCs that feature deeply integrated hardware, firmware, and software to ensure enhanced security for devices, identities, and data. <br><br/> Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data. <br><br/> Learn more about [Secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).| 
--- a/windows/security/identity-protection/TOC.yml
+++ b/windows/security/identity-protection/TOC.yml
@ -1,132 +0,0 @@
 - name: Identity and access management
  href: index.md
  items: 
    - name: Technical support policy for lost or forgotten passwords
      href: password-support-policy.md
    - name: Access Control Overview
      href: access-control/access-control.md
      items: 
        - name: Dynamic Access Control Overview
          href: access-control/dynamic-access-control.md
        - name: Security identifiers
          href: access-control/security-identifiers.md
        - name: Security Principals
          href: access-control/security-principals.md
        - name: Local Accounts
          href: access-control/local-accounts.md
        - name: Active Directory Accounts
          href: access-control/active-directory-accounts.md
        - name: Microsoft Accounts
          href: access-control/microsoft-accounts.md
        - name: Service Accounts
          href: access-control/service-accounts.md
        - name: Active Directory Security Groups
          href: access-control/active-directory-security-groups.md
        - name: Special Identities
          href: access-control/special-identities.md
        - name: User Account Control
          href: user-account-control\user-account-control-overview.md
          items: 
            - name: How User Account Control works
              href: user-account-control\how-user-account-control-works.md
            - name: User Account Control security policy settings
              href: user-account-control\user-account-control-security-policy-settings.md
            - name: User Account Control Group Policy and registry key settings
              href: user-account-control\user-account-control-group-policy-and-registry-key-settings.md
    - name: Windows Hello for Business
      href: hello-for-business/index.yml
    - name: Protect derived domain credentials with Credential Guard
      href: credential-guard/credential-guard.md
      items: 
        - name: How Credential Guard works
          href: credential-guard/credential-guard-how-it-works.md
        - name: Credential Guard Requirements
          href: credential-guard/credential-guard-requirements.md
        - name: Manage Credential Guard
          href: credential-guard/credential-guard-manage.md
        - name: Hardware readiness tool
          href: credential-guard/dg-readiness-tool.md
        - name: Credential Guard protection limits
          href: credential-guard/credential-guard-protection-limits.md
        - name: Considerations when using Credential Guard
          href: credential-guard/credential-guard-considerations.md
        - name: "Credential Guard: Additional mitigations"
          href: credential-guard/additional-mitigations.md
        - name: "Credential Guard: Known issues"
          href: credential-guard/credential-guard-known-issues.md
    - name: Protect Remote Desktop credentials with Remote Credential Guard
      href: remote-credential-guard.md
    - name: Smart Cards
      href: smart-cards/smart-card-windows-smart-card-technical-reference.md
      items: 
        - name: How Smart Card Sign-in Works in Windows
          href: smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
          items: 
            - name: Smart Card Architecture
              href: smart-cards/smart-card-architecture.md
            - name: Certificate Requirements and Enumeration
              href: smart-cards/smart-card-certificate-requirements-and-enumeration.md
            - name: Smart Card and Remote Desktop Services
              href: smart-cards/smart-card-and-remote-desktop-services.md
            - name: Smart Cards for Windows Service
              href: smart-cards/smart-card-smart-cards-for-windows-service.md
            - name: Certificate Propagation Service
              href: smart-cards/smart-card-certificate-propagation-service.md
            - name: Smart Card Removal Policy Service
              href: smart-cards/smart-card-removal-policy-service.md
        - name: Smart Card Tools and Settings
          href: smart-cards/smart-card-tools-and-settings.md
          items: 
            - name: Smart Cards Debugging Information
              href: smart-cards/smart-card-debugging-information.md
            - name: Smart Card Group Policy and Registry Settings
              href: smart-cards/smart-card-group-policy-and-registry-settings.md
            - name: Smart Card Events
              href: smart-cards/smart-card-events.md
        - name: Virtual Smart Cards
          href: virtual-smart-cards\virtual-smart-card-overview.md
          items: 
            - name: Understanding and Evaluating Virtual Smart Cards
              href: virtual-smart-cards\virtual-smart-card-understanding-and-evaluating.md
              items: 
                - name: "Get Started with Virtual Smart Cards: Walkthrough Guide"
                  href: virtual-smart-cards\virtual-smart-card-get-started.md
                - name: Use Virtual Smart Cards
                  href: virtual-smart-cards\virtual-smart-card-use-virtual-smart-cards.md
                - name: Deploy Virtual Smart Cards
                  href: virtual-smart-cards\virtual-smart-card-deploy-virtual-smart-cards.md
                - name: Evaluate Virtual Smart Card Security
                  href: virtual-smart-cards\virtual-smart-card-evaluate-security.md
            - name: Tpmvscmgr
              href: virtual-smart-cards\virtual-smart-card-tpmvscmgr.md
    - name: Enterprise Certificate Pinning
      href: enterprise-certificate-pinning.md
    - name: Windows 10 credential theft mitigation guide abstract
      href: windows-credential-theft-mitigation-guide-abstract.md
    - name: Configure S/MIME for Windows 10
      href: configure-s-mime.md
    - name: VPN technical guide
      href: vpn\vpn-guide.md
      items: 
        - name: VPN connection types
          href: vpn\vpn-connection-type.md
        - name: VPN routing decisions
          href: vpn\vpn-routing.md
        - name: VPN authentication options
          href: vpn\vpn-authentication.md
        - name: VPN and conditional access
          href: vpn\vpn-conditional-access.md
        - name: VPN name resolution
          href: vpn\vpn-name-resolution.md
        - name: VPN auto-triggered profile options
          href: vpn\vpn-auto-trigger-profile.md
        - name: VPN security features
          href: vpn\vpn-security-features.md
        - name: VPN profile options
          href: vpn\vpn-profile-options.md
        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
          href: vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
          href: vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
        - name: Optimizing Office 365 traffic with the Windows 10 VPN client
          href: vpn\vpn-office-365-optimization.md
--- a/windows/security/identity-protection/change-history-for-access-protection.md
+++ b/windows/security/identity-protection/change-history-for-access-protection.md
@ -1,36 +0,0 @@
 ---
 title: Change history for access protection (Windows 10)
 description: This topic lists new and updated topics in the Windows 10 access protection documentation for Windows 10.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 08/11/2017
 ms.reviewer: 
 ---
 # Change history for access protection
 This topic lists new and updated topics in the [Access protection](index.md) documentation.
 ## August 2017
 |New or changed topic |Description |
 |---------------------|------------|
 |[Microsoft accounts](access-control/microsoft-accounts.md) |Revised to cover new Group Policy setting in Windows 10, version 1703, named **Block all consumer Microsoft account user authentication**.|
 ## June 2017
 |New or changed topic |Description |
 |---------------------|------------|
 |[How hardware-based containers help protect Windows 10](/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows) | New | 
 ## March 2017
 |New or changed topic |Description |
 |---------------------|------------|
 |[Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@ -1,5 +1,5 @@
 ---
-title: Configure S/MIME for Windows 10
+title: Configure S/MIME for Windows
 description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
 ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05
 ms.reviewer: 
@ -19,16 +19,17 @@ ms.date: 07/27/2017
 ---
-# Configure S/MIME for Windows 10
+# Configure S/MIME for Windows
 **Applies to**
-   Windows 10
+- Windows 10
 - Windows 11
-S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
+S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
 ## About message encryption
-Users can send encrypted message to people in their organization and people outside their organization if they have their encryption certificates. However, users using Windows 10 Mail app can only read encrypted messages if the message is received on their Exchange account and they have corresponding decryption keys.
+Users can send encrypted message to people in their organization and people outside their organization if they have their encryption certificates. However, users using Windows Mail app can only read encrypted messages if the message is received on their Exchange account and they have corresponding decryption keys.
 Encrypted messages can be read only by recipients who have a certificate. If you try to send an encrypted message to recipient(s) whose encryption certificate are not available, the app will prompt you to remove these recipients before sending the email.
@ -48,7 +49,7 @@ A digitally signed message reassures the recipient that the message hasn't been
 On the device, perform the following steps: (add select certificate)
-1.  Open the Mail app. (In Windows 10 Mobile, the app is Outlook Mail.)
+1.  Open the Mail app.
 2.  Open **Settings** by tapping the gear icon on a PC, or the ellipsis (...) and then the gear icon on a phone.
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@ -1,6 +1,6 @@
 ---
-title: Windows 10 Credential Theft Mitigation Guide Abstract (Windows 10)
+title: Windows Credential Theft Mitigation Guide Abstract
-description: Provides a summary of the Windows 10 credential theft mitigation guide.
+description: Provides a summary of the Windows credential theft mitigation guide.
 ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a
 ms.reviewer: 
 ms.prod: w10
@ -17,12 +17,12 @@ ms.localizationpriority: medium
 ms.date: 04/19/2017
 ---
-# Windows 10 Credential Theft Mitigation Guide Abstract
+# Windows Credential Theft Mitigation Guide Abstract
 **Applies to**
 -   Windows 10
-This topic provides a summary of the Windows 10 credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx).
+This topic provides a summary of the Windows credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx).
 This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:
 - Identify high-value assets
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@ -0,0 +1,27 @@
 ---
 title: Windows identity and user security
 description: Get an overview of identity security in Windows 11 and Windows 10
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
 ---
 # Windows identity and user security
 Malicious actors launch millions of password attacks every day. Weak passwords, password spraying, and phishing are the entry point for many attacks. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure.  Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations.
 | Security capabilities | Description |
 |:---|:---|
 | Securing user identity with Windows Hello  |  Windows Hello and Windows Hello for Business replace password-based authentication with a stronger authentication model to sign into your device using a passcode (PIN) or other biometric based authentication. This PIN or biometric based authentication is only valid on the device that you registered it for and cannot be used on another deviceLearn more: [Windows Hello for Business](identity-protection\hello-for-business\hello-overview.md) |
 | Windows Defender Credential Guard and Remote Credential Guard | Windows Defender Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges. Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. Learn more: [Protect derived domain credentials with Windows Defender Credential Guard](identity-protection/credential-guard/credential-guard-how-it-works.md) and [Protect Remote Desktop credentials with Windows Defender Remote Credential Guard](identity-protection/remote-credential-guard.md)|
 | FIDO Alliance | Fast Identity Online (FIDO) defined protocols are becoming the open standard for providing strong authentication that helps prevent phishing and are user-friendly and privacy-respecting. Windows 11 supports the use of device sign-in with FIDO 2 security keys, and with Microsoft Edge or other modern browsers, supports the use of secure FIDO-backed credentials to keep user accounts protected. Learn more about the [FIDO Alliance](https://fidoalliance.org/). |
 | Microsoft Authenticator | The Microsoft Authenticator app is a perfect companion to help keep secure with Windows 11. It allows easy, secure sign-ins for all your online accounts using multi-factor authentication, passwordless phone sign-in, or password autofill. You also have additional account management options for your Microsoft personal, work, or school accounts. Microsoft Authenticator can be used to set up multi-factor authentication for your users. Learn more: [Enable passwordless sign-in with the Microsoft Authenticator app](/azure/active-directory/authentication/howto-authentication-passwordless-phone.md).  |
 | Smart Cards | Smart cards are tamper-resistant portable storage devices that can enhance the security of tasks in Windows, such as authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Learn more about [Smart Cards](identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md).|
 | Access Control | Access control is the process of authorizing users, groups, and computers to access objects and assets on a network or computer. Computers can control the use of system and network resources through the interrelated mechanisms of authentication and authorization. Learn more: [Access Control](identity-protection/access-control/access-control.md).|
--- a/windows/security/images/windows-security-app-w11.png
+++ b/windows/security/images/windows-security-app-w11.png
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@ -1,38 +1,170 @@
-### YamlMime:Hub
+### YamlMime:Landing
-title: Windows 10 Enterprise Security # < 60 chars
+title: Windows security # < 60 chars
-summary: Secure corporate data and manage risk. # < 160 chars
+summary: Windows is a Zero Trust-ready operating system that provides security from chip to cloud.  # < 160 chars
 # brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin
 brand: windows
 metadata:
-  title: Windows 10 Enterprise Security # Required; page title displayed in search results. Include the brand. < 60 chars.
+  title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about enterprise-grade security features for Windows 10. # Required; article description that is displayed in search results. < 160 chars.
+  description: Learn about Windows security # Required; article description that is displayed in search results. < 160 chars.
-  services: windows
+  ms.topic: landing-page # Required
  ms.prod: windows
-  ms.topic: hub-page # Required
+  ms.collection: m365-security-compliance
  ms.collection: M365-security-compliance # Optional; Remove if no collection is used.
  author: dansimp #Required; your GitHub user alias, with correct capitalization.
  ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 01/08/2018 #Required; mm/dd/yyyy format.
+  ms.date: 09/20/2021
-  ms.localizationpriority: high
+  localization_priority: Priority
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: Zero Trust and Windows
    linkLists:
      - linkListType: overview
        links:
        - text: Overview
          url: zero-trust-windows-device-health.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: Hardware security
    linkLists:
      - linkListType: overview
        links:
        - text: Overview
          url: hardware.md
      - linkListType: concept
        links:
        - text: Trusted Platform Module
          url: information-protection/tpm/trusted-platform-module-top-node.md
        - text: Windows Defender System Guard firmware protection
          url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
        - text: System Guard Secure Launch and SMM protection enablement
          url: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
        - text: Virtualization-based protection of code integrity
          url: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
        - text: Kernel DMA Protection
          url: information-protection/kernel-dma-protection-for-thunderbolt.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: Operating system security
    linkLists:
      - linkListType: overview
        links:
        - text: Overview
          url: operating-system.md
      - linkListType: concept
        links:
        - text: System security
          url: trusted-boot.md
        - text: Encryption and data protection
          url: encryption-data-protection.md
        - text: Windows security baselines
          url: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
        - text: Virtual private network guide
          url: identity-protection/vpn/vpn-guide.md
        - text: Windows Defender Firewall
          url: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
        - text: Virus & threat protection
          url: threat-protection/index.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: Application security
    linkLists:
      - linkListType: overview
        links:
        - text: Overview
          url: apps.md
      - linkListType: concept
        links:
        - text: Application Control and virtualization-based protection
          url: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
        - text: Application Control
          url: threat-protection/windows-defender-application-control/windows-defender-application-control.md
        - text: Application Guard
          url: threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
        - text: Windows Sandbox
          url: threat-protection/windows-sandbox/windows-sandbox-overview.md
        - text: Microsoft Defender SmartScreen
          url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
        - text: S/MIME for Windows
          url: identity-protection/configure-s-mime.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: User security and secured identity
    linkLists:
      - linkListType: overview
        links:
        - text: Overview
          url: identity.md
      - linkListType: concept
        links:
        - text: Windows Hello for Business
          url: identity-protection/hello-for-business/hello-overview.md
        - text: Windows Credential Theft Mitigation
          url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
        - text: Protect domain credentials
          url: identity-protection/credential-guard/credential-guard.md
        - text: Windows Defender Credential Guard
          url: identity-protection/credential-guard/credential-guard.md
        - text: Lost or forgotten passwords
          url: identity-protection/password-support-policy.md
        - text: Access control
          url: identity-protection/access-control/access-control.md
        - text: Smart cards
          url: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: Cloud services
    linkLists:
      - linkListType: overview
        links:
        - text: Overview
          url: cloud.md
      - linkListType: concept
        links:
        - text: Mobile device management
          url: https://docs.microsoft.com/windows/client-management/mdm/
        - text: Azure Active Directory
          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
        - text: Your Microsoft Account
          url: identity-protection/access-control/microsoft-accounts.md
        - text: OneDrive
          url: https://docs.microsoft.com/onedrive/onedrive
        - text: Family safety
          url: threat-protection/windows-defender-security-center/wdsc-family-options.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: Security foundations
    linkLists:
      - linkListType: overview
        links:
        - text: Overview
          url: security-foundations.md
      - linkListType: reference
        links:
          - text: Microsoft Security Development Lifecycle
            url: threat-protection/msft-security-dev-lifecycle.md
          - text: Microsoft Bug Bounty
            url: threat-protection/microsoft-bug-bounty-program.md
          - text: Common Criteria Certifications
            url: threat-protection/windows-platform-common-criteria.md
          - text: Federal Information Processing Standard (FIPS) 140 Validation
            url: threat-protection/fips-140-validation.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
  - title: Privacy controls
    linkLists:
      - linkListType: reference
        links:
        - text: Windows and Privacy Compliance
          url: /windows/privacy/windows-10-and-privacy-compliance
 # productDirectory section (optional)
 productDirectory:
  items:
    # Card
    - title: Identity and access management
      # imageSrc should be square in ratio with no whitespace
      imageSrc: https://docs.microsoft.com/media/common/i_identity-protection.svg
      summary: Deploy secure enterprise-grade authentication and access control to protect accounts and data
      url: ./identity-protection/index.md
    # Card
    - title: Threat protection
      imageSrc: https://docs.microsoft.com/media/common/i_threat-protection.svg
      summary: Stop cyberthreats and quickly identify and respond to breaches
      url: ./threat-protection/index.md
    # Card
    - title: Information protection
      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
      summary: Identify and secure critical data to prevent data loss
      url: ./information-protection/index.md
--- a/windows/security/information-protection/TOC.yml
+++ b/windows/security/information-protection/TOC.yml
@ -1,149 +0,0 @@
 - name: Information protection
  href: index.md
  items: 
    - name: BitLocker
      href: bitlocker\bitlocker-overview.md
      items: 
        - name: Overview of BitLocker Device Encryption in Windows 10
          href: bitlocker\bitlocker-device-encryption-overview-windows-10.md
        - name: BitLocker frequently asked questions (FAQ)
          href: bitlocker\bitlocker-frequently-asked-questions.yml
          items: 
            - name: Overview and requirements
              href: bitlocker\bitlocker-overview-and-requirements-faq.yml
            - name: Upgrading
              href: bitlocker\bitlocker-upgrading-faq.yml
            - name: Deployment and administration
              href: bitlocker\bitlocker-deployment-and-administration-faq.yml
            - name: Key management
              href: bitlocker\bitlocker-key-management-faq.yml
            - name: BitLocker To Go
              href: bitlocker\bitlocker-to-go-faq.yml
            - name: Active Directory Domain Services
              href: bitlocker\bitlocker-and-adds-faq.yml
            - name: Security
              href: bitlocker\bitlocker-security-faq.yml
            - name: BitLocker Network Unlock
              href: bitlocker\bitlocker-network-unlock-faq.yml
            - name: General
              href: bitlocker\bitlocker-using-with-other-programs-faq.yml
        - name: "Prepare your organization for BitLocker: Planning and policies"
          href: bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md
        - name: BitLocker deployment comparison
          href: bitlocker\bitlocker-deployment-comparison.md
        - name: BitLocker basic deployment
          href: bitlocker\bitlocker-basic-deployment.md
        - name: "BitLocker: How to deploy on Windows Server 2012 and later"
          href: bitlocker\bitlocker-how-to-deploy-on-windows-server.md
        - name: "BitLocker: Management for enterprises"
          href: bitlocker\bitlocker-management-for-enterprises.md
        - name: "BitLocker: How to enable Network Unlock"
          href: bitlocker\bitlocker-how-to-enable-network-unlock.md
        - name: "BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker"
          href: bitlocker\bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
        - name: "BitLocker: Use BitLocker Recovery Password Viewer"
          href: bitlocker\bitlocker-use-bitlocker-recovery-password-viewer.md
        - name: BitLocker Group Policy settings
          href: bitlocker\bitlocker-group-policy-settings.md
        - name: BCD settings and BitLocker
          href: bitlocker\bcd-settings-and-bitlocker.md
        - name: BitLocker Recovery Guide
          href: bitlocker\bitlocker-recovery-guide-plan.md
        - name: BitLocker Countermeasures
          href: bitlocker\bitlocker-countermeasures.md
        - name: Protecting cluster shared volumes and storage area networks with BitLocker
          href: bitlocker\protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
        - name: Troubleshoot BitLocker
          items: 
            - name: Troubleshoot BitLocker
              href: bitlocker\troubleshoot-bitlocker.md
            - name: "BitLocker cannot encrypt a drive: known issues"
              href: bitlocker\ts-bitlocker-cannot-encrypt-issues.md
            - name: "Enforcing BitLocker policies by using Intune: known issues"
              href: bitlocker\ts-bitlocker-intune-issues.md
            - name: "BitLocker Network Unlock: known issues"
              href: bitlocker\ts-bitlocker-network-unlock-issues.md
            - name: "BitLocker recovery: known issues"
              href: bitlocker\ts-bitlocker-recovery-issues.md
            - name: "BitLocker configuration: known issues"
              href: bitlocker\ts-bitlocker-config-issues.md
            - name: Troubleshoot BitLocker and TPM issues
              items: 
                - name: "BitLocker cannot encrypt a drive: known TPM issues"
                  href: bitlocker\ts-bitlocker-cannot-encrypt-tpm-issues.md
                - name: "BitLocker and TPM: other known issues"
                  href: bitlocker\ts-bitlocker-tpm-issues.md
                - name: Decode Measured Boot logs to track PCR changes
                  href: bitlocker\ts-bitlocker-decode-measured-boot-logs.md
    - name: Encrypted Hard Drive
      href: encrypted-hard-drive.md
    - name: Kernel DMA Protection
      href: kernel-dma-protection-for-thunderbolt.md
    - name: Protect your enterprise data using Windows Information Protection (WIP)
      href: windows-information-protection\protect-enterprise-data-using-wip.md
      items: 
        - name: Create a WIP policy using Microsoft Intune
          href: windows-information-protection\overview-create-wip-policy.md
          items: 
            - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune
              href: windows-information-protection\create-wip-policy-using-intune-azure.md
              items: 
                - name: Deploy your WIP policy using the Azure portal for Microsoft Intune
                  href: windows-information-protection\deploy-wip-policy-using-intune-azure.md
                - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune
                  href: windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md
            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
              href: windows-information-protection\create-and-verify-an-efs-dra-certificate.md
            - name: Determine the Enterprise Context of an app running in WIP
              href: windows-information-protection\wip-app-enterprise-context.md
        - name: Create a WIP policy using Microsoft Endpoint Configuration Manager
          href: windows-information-protection\overview-create-wip-policy-configmgr.md
          items: 
            - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager
              href: windows-information-protection\create-wip-policy-using-configmgr.md
            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
              href: windows-information-protection\create-and-verify-an-efs-dra-certificate.md
            - name: Determine the Enterprise Context of an app running in WIP
              href: windows-information-protection\wip-app-enterprise-context.md
        - name: Mandatory tasks and settings required to turn on WIP
          href: windows-information-protection\mandatory-settings-for-wip.md
        - name: Testing scenarios for WIP
          href: windows-information-protection\testing-scenarios-for-wip.md
        - name: Limitations while using WIP
          href: windows-information-protection\limitations-with-wip.md
        - name: How to collect WIP audit event logs
          href: windows-information-protection\collect-wip-audit-event-logs.md
        - name: General guidance and best practices for WIP
          href: windows-information-protection\guidance-and-best-practices-wip.md
          items: 
            - name: Enlightened apps for use with WIP
              href: windows-information-protection\enlightened-microsoft-apps-and-wip.md
            - name: Unenlightened and enlightened app behavior while using WIP
              href: windows-information-protection\app-behavior-with-wip.md
            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
              href: windows-information-protection\recommended-network-definitions-for-wip.md
            - name: Using Outlook Web Access with WIP
              href: windows-information-protection\using-owa-with-wip.md
        - name: Fine-tune WIP Learning
          href: windows-information-protection\wip-learning.md
    - name: Secure the Windows 10 boot process
      href: secure-the-windows-10-boot-process.md
    - name: Trusted Platform Module
      href: tpm/trusted-platform-module-top-node.md
      items: 
        - name: Trusted Platform Module Overview
          href: tpm/trusted-platform-module-overview.md
        - name: TPM fundamentals
          href: tpm/tpm-fundamentals.md
        - name: How Windows 10 uses the TPM
          href: tpm/how-windows-uses-the-tpm.md
        - name: TPM Group Policy settings
          href: tpm/trusted-platform-module-services-group-policy-settings.md
        - name: Back up the TPM recovery information to AD DS
          href: tpm/backup-tpm-recovery-information-to-ad-ds.md
        - name: View status, clear, or troubleshoot the TPM
          href: tpm/initialize-and-configure-ownership-of-the-tpm.md
        - name: Understanding PCR banks on TPM 2.0 devices
          href: tpm/switch-pcr-banks-on-tpm-2-0-devices.md
        - name: TPM recommendations
          href: tpm/tpm-recommendations.md
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@ -1,7 +1,7 @@
 ---
-title: Secure the Windows 10 boot process
+title: Secure the Windows boot process
-description: This article describes how Windows 10 security features helps protect your PC from malware, including rootkits and other applications
+description: This article describes how Windows security features helps protect your PC from malware, including rootkits and other applications
-keywords: trusted boot, windows 10 boot process
+keywords: trusted boot, windows boot process
 ms.prod: w10
 ms.mktglfcycl: Explore
 ms.pagetype: security
@ -12,12 +12,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 11/16/2018
+ms.date: 
 ms.reviewer: 
 ms.author: dansimp
 ---
-# Secure the Windows 10 boot process
+# Secure the Windows boot process
 **Applies to:**
 -  Windows 11
@ -27,11 +27,11 @@ ms.author: dansimp
 The Windows operating system has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Microsoft Store apps must meet a series of requirements to be certified and included in the Microsoft Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Microsoft Store. Even if a malicious app does get through, the Windows 10 operating system includes a series of security features that can mitigate the impact. For instance, Microsoft Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
-Windows has multiple levels of protection for desktop apps and data, too. Windows Defender uses signatures to detect and quarantine apps that are known to be malicious. Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
+Windows has multiple levels of protection for desktop apps and data, too. Windows Defender Antivirus uses cloud-powered real-time detection to identify and quarantine apps that are known to be malicious. Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
 Those are just some of the ways that Windows protects you from malware. However, those security features protect you only after Windows starts. Modern malware—and bootkits specifically—are capable of starting before Windows, completely bypassing operating system security, and remaining completely hidden.
-When you run Windows 10 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can’t remain hidden; Trusted Boot can prove the system’s integrity to your infrastructure in a way that malware can’t disguise. Even on PCs without UEFI, Windows provides even better startup security than previous versions of Windows.
+When you run Windows 10 or Windows 11 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can’t remain hidden; Trusted Boot can prove the system’s integrity to your infrastructure in a way that malware can’t disguise. Even on PCs without UEFI, Windows provides even better startup security than previous versions of Windows.
 First, let’s examine what rootkits are and how they work. Then, we’ll show you how Windows can protect you.
@ -61,7 +61,7 @@ Figure 1 shows the Windows startup process.
 **Figure 1. Secure Boot, Trusted Boot, and Measured Boot block malware at every stage**
-Secure Boot and Measured Boot are only possible on PCs with UEFI 2.3.1 and a TPM chip. Fortunately, all Windows 10 PCs that meet Windows Hardware Compatibility Program requirements have these components, and many PCs designed for earlier versions of Windows have them as well.
+Secure Boot and Measured Boot are only possible on PCs with UEFI 2.3.1 and a TPM chip. Fortunately, all Windows 10 and Windows 11 PCs that meet Windows Hardware Compatibility Program requirements have these components, and many PCs designed for earlier versions of Windows have them as well.
 The sections that follow describe Secure Boot, Trusted Boot, ELAM, and Measured Boot.
@ -131,4 +131,4 @@ Measured Boot uses the power of UEFI, TPM, and Windows to give you a way to conf
 Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows, you can truly trust the integrity of your operating system.
 ## Additional resources
-  [Windows 10 Enterprise LTSC 2019 or v2004 Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)
+-  [Windows Enterprise Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@ -0,0 +1,42 @@
 ---
 title: Windows operating system security
 description: Securing the operating system includes system security, encryption, network security, and threat protection.
 ms.reviewer: 
 ms.topic: article
 manager: dansimp
 ms.author: deniseb
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: denisebmsft
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
 ms.date: 09/21/2021
 ---
 # Windows operating system security
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11.<br/><br/>
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely.<br><br/> Learn more [Secure Boot and Trusted Boot](trusted-boot.md). |
 Cryptography and certificate management|Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. <br><br/> Learn more about [Cryptography and certificate management](cryptography-certificate-mgmt.md). <br/><br/>|
 Windows Security app | The Windows built-in security application found in settings provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. <br><br/> Learn more about the [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).|
 | Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
 | BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
 | Encrypted Hard Drive | Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
 | Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/>Learn more about [security baselines](threat-protection/windows-security-configuration-framework/windows-security-baselines.md). |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against these risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | During cyber attacks (like ransomware attempts), bad actors attempt to disable security features, such as antivirus protection on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an extra layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/). |
--- a/windows/security/security-foundations.md
+++ b/windows/security/security-foundations.md
@ -0,0 +1,33 @@
 ---
 title: Windows security foundations
 description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
 ms.reviewer: 
 ms.topic: article
 manager: dansimp
 ms.author: deniseb
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: denisebmsft
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
 ---
 # Windows security foundations
 Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
 Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. 
 Use the links in the following table to learn more about the security foundations:<br/><br/>
 | Concept | Description |
 |:---|:---|
 | FIBS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
 | Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
 | Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
 | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |
--- a/windows/security/threat-protection/TOC.yml
+++ b/windows/security/threat-protection/TOC.yml
--- a/windows/security/threat-protection/auditing/TOC.yml
+++ b/windows/security/threat-protection/auditing/TOC.yml
@ -0,0 +1,767 @@
        - name: Security auditing
          href: security-auditing-overview.md
          items: 
            - name: Basic security audit policies
              href: basic-security-audit-policies.md
              items: 
                - name: Create a basic audit policy for an event category
                  href: create-a-basic-audit-policy-settings-for-an-event-category.md
                - name: Apply a basic audit policy on a file or folder
                  href: apply-a-basic-audit-policy-on-a-file-or-folder.md
                - name: View the security event log
                  href: view-the-security-event-log.md
                - name: Basic security audit policy settings
                  href: basic-security-audit-policy-settings.md
                  items: 
                    - name: Audit account logon events
                      href: basic-audit-account-logon-events.md
                    - name: Audit account management
                      href: basic-audit-account-management.md
                    - name: Audit directory service access
                      href: basic-audit-directory-service-access.md
                    - name: Audit logon events
                      href: basic-audit-logon-events.md
                    - name: Audit object access
                      href: basic-audit-object-access.md
                    - name: Audit policy change
                      href: basic-audit-policy-change.md
                    - name: Audit privilege use
                      href: basic-audit-privilege-use.md
                    - name: Audit process tracking
                      href: basic-audit-process-tracking.md
                    - name: Audit system events
                      href: basic-audit-system-events.md
            - name: Advanced security audit policies
              href: advanced-security-auditing.md
              items: 
                - name: Planning and deploying advanced security audit policies
                  href: planning-and-deploying-advanced-security-audit-policies.md
                - name: Advanced security auditing FAQ
                  href: advanced-security-auditing-faq.yml
                  items: 
                    - name: Which editions of Windows support advanced audit policy configuration
                      href: which-editions-of-windows-support-advanced-audit-policy-configuration.md
                    - name: How to list XML elements in \<EventData>
                      href: how-to-list-xml-elements-in-eventdata.md
                    - name: Using advanced security auditing options to monitor dynamic access control objects
                      href: using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
                      items: 
                        - name: Monitor the central access policies that apply on a file server
                          href: monitor-the-central-access-policies-that-apply-on-a-file-server.md
                        - name: Monitor the use of removable storage devices
                          href: monitor-the-use-of-removable-storage-devices.md
                        - name: Monitor resource attribute definitions
                          href: monitor-resource-attribute-definitions.md
                        - name: Monitor central access policy and rule definitions
                          href: monitor-central-access-policy-and-rule-definitions.md
                        - name: Monitor user and device claims during sign-in
                          href: monitor-user-and-device-claims-during-sign-in.md
                        - name: Monitor the resource attributes on files and folders
                          href: monitor-the-resource-attributes-on-files-and-folders.md
                        - name: Monitor the central access policies associated with files and folders
                          href: monitor-the-central-access-policies-associated-with-files-and-folders.md
                        - name: Monitor claim types
                          href: monitor-claim-types.md
                    - name: Advanced security audit policy settings
                      href: advanced-security-audit-policy-settings.md
                      items: 
                        - name: Audit Credential Validation
                          href: audit-credential-validation.md
                        - name: "Event 4774 S, F: An account was mapped for logon."
                          href: event-4774.md
                        - name: "Event 4775 F: An account could not be mapped for logon."
                          href: event-4775.md
                        - name: "Event 4776 S, F: The computer attempted to validate the credentials for an account."
                          href: event-4776.md
                        - name: "Event 4777 F: The domain controller failed to validate the credentials for an account."
                          href: event-4777.md
                    - name: Audit Kerberos Authentication Service
                      href: audit-kerberos-authentication-service.md
                      items: 
                        - name: "Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested."
                          href: event-4768.md
                        - name: "Event 4771 F: Kerberos pre-authentication failed."
                          href: event-4771.md
                        - name: "Event 4772 F: A Kerberos authentication ticket request failed."
                          href: event-4772.md
                    - name: Audit Kerberos Service Ticket Operations
                      href: audit-kerberos-service-ticket-operations.md
                      items: 
                        - name: "Event 4769 S, F: A Kerberos service ticket was requested."
                          href: event-4769.md
                        - name: "Event 4770 S: A Kerberos service ticket was renewed."
                          href: event-4770.md
                        - name: "Event 4773 F: A Kerberos service ticket request failed."
                          href: event-4773.md
                    - name: Audit Other Account Logon Events
                      href: audit-other-account-logon-events.md
                    - name: Audit Application Group Management
                      href: audit-application-group-management.md
                    - name: Audit Computer Account Management
                      href: audit-computer-account-management.md
                      items: 
                        - name: "Event 4741 S: A computer account was created."
                          href: event-4741.md
                        - name: "Event 4742 S: A computer account was changed."
                          href: event-4742.md
                        - name: "Event 4743 S: A computer account was deleted."
                          href: event-4743.md
                    - name: Audit Distribution Group Management
                      href: audit-distribution-group-management.md
                      items: 
                        - name: "Event 4749 S: A security-disabled global group was created."
                          href: event-4749.md
                        - name: "Event 4750 S: A security-disabled global group was changed."
                          href: event-4750.md
                        - name: "Event 4751 S: A member was added to a security-disabled global group."
                          href: event-4751.md
                        - name: "Event 4752 S: A member was removed from a security-disabled global group."
                          href: event-4752.md
                        - name: "Event 4753 S: A security-disabled global group was deleted."
                          href: event-4753.md
                    - name: Audit Other Account Management Events
                      href: audit-other-account-management-events.md
                      items: 
                        - name: "Event 4782 S: The password hash of an account was accessed."
                          href: event-4782.md
                        - name: "Event 4793 S: The Password Policy Checking API was called."
                          href: event-4793.md
                    - name: Audit Security Group Management
                      href: audit-security-group-management.md
                      items: 
                        - name: "Event 4731 S: A security-enabled local group was created."
                          href: event-4731.md
                        - name: "Event 4732 S: A member was added to a security-enabled local group."
                          href: event-4732.md
                        - name: "Event 4733 S: A member was removed from a security-enabled local group."
                          href: event-4733.md
                        - name: "Event 4734 S: A security-enabled local group was deleted."
                          href: event-4734.md
                        - name: "Event 4735 S: A security-enabled local group was changed."
                          href: event-4735.md
                        - name: "Event 4764 S: A group<75>s type was changed."
                          href: event-4764.md
                        - name: "Event 4799 S: A security-enabled local group membership was enumerated."
                          href: event-4799.md
                    - name: Audit User Account Management
                      href: audit-user-account-management.md
                      items: 
                        - name: "Event 4720 S: A user account was created."
                          href: event-4720.md
                        - name: "Event 4722 S: A user account was enabled."
                          href: event-4722.md
                        - name: "Event 4723 S, F: An attempt was made to change an account's password."
                          href: event-4723.md
                        - name: "Event 4724 S, F: An attempt was made to reset an account's password."
                          href: event-4724.md
                        - name: "Event 4725 S: A user account was disabled."
                          href: event-4725.md
                        - name: "Event 4726 S: A user account was deleted."
                          href: event-4726.md
                        - name: "Event 4738 S: A user account was changed."
                          href: event-4738.md
                        - name: "Event 4740 S: A user account was locked out."
                          href: event-4740.md
                        - name: "Event 4765 S: SID History was added to an account."
                          href: event-4765.md
                        - name: "Event 4766 F: An attempt to add SID History to an account failed."
                          href: event-4766.md
                        - name: "Event 4767 S: A user account was unlocked."
                          href: event-4767.md
                        - name: "Event 4780 S: The ACL was set on accounts that are members of administrators groups."
                          href: event-4780.md
                        - name: "Event 4781 S: The name of an account was changed."
                          href: event-4781.md
                        - name: "Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password."
                          href: event-4794.md
                        - name: "Event 4798 S: A user's local group membership was enumerated."
                          href: event-4798.md
                        - name: "Event 5376 S: Credential Manager credentials were backed up."
                          href: event-5376.md
                        - name: "Event 5377 S: Credential Manager credentials were restored from a backup."
                          href: event-5377.md
                    - name: Audit DPAPI Activity
                      href: audit-dpapi-activity.md
                      items: 
                        - name: "Event 4692 S, F: Backup of data protection master key was attempted."
                          href: event-4692.md
                        - name: "Event 4693 S, F: Recovery of data protection master key was attempted."
                          href: event-4693.md
                        - name: "Event 4694 S, F: Protection of auditable protected data was attempted."
                          href: event-4694.md
                        - name: "Event 4695 S, F: Unprotection of auditable protected data was attempted."
                          href: event-4695.md
                    - name: Audit PNP Activity
                      href: audit-pnp-activity.md
                      items: 
                        - name: "Event 6416 S: A new external device was recognized by the System."
                          href: event-6416.md
                        - name: "Event 6419 S: A request was made to disable a device."
                          href: event-6419.md
                        - name: "Event 6420 S: A device was disabled."
                          href: event-6420.md
                        - name: "Event 6421 S: A request was made to enable a device."
                          href: event-6421.md
                        - name: "Event 6422 S: A device was enabled."
                          href: event-6422.md
                        - name: "Event 6423 S: The installation of this device is forbidden by system policy."
                          href: event-6423.md
                        - name: "Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy."
                          href: event-6424.md
                    - name: Audit Process Creation
                      href: audit-process-creation.md
                      items: 
                        - name: "Event 4688 S: A new process has been created."
                          href: event-4688.md
                        - name: "Event 4696 S: A primary token was assigned to process."
                          href: event-4696.md
                    - name: Audit Process Termination
                      href: audit-process-termination.md
                      items: 
                        - name: "Event 4689 S: A process has exited."
                          href: event-4689.md
                    - name: Audit RPC Events
                      href: audit-rpc-events.md
                      items: 
                        - name: "Event 5712 S: A Remote Procedure Call, RPC, was attempted."
                          href: event-5712.md
                    - name: Audit Token Right Adjusted
                      href: audit-token-right-adjusted.md
                      items: 
                        - name: "Event 4703 S: A user right was adjusted."
                          href: event-4703.md
                    - name: Audit Detailed Directory Service Replication
                      href: audit-detailed-directory-service-replication.md
                      items: 
                        - name: "Event 4928 S, F: An Active Directory replica source naming context was established."
                          href: event-4928.md
                        - name: "Event 4929 S, F: An Active Directory replica source naming context was removed."
                          href: event-4929.md
                        - name: "Event 4930 S, F: An Active Directory replica source naming context was modified."
                          href: event-4930.md
                        - name: "Event 4931 S, F: An Active Directory replica destination naming context was modified."
                          href: event-4931.md
                        - name: "Event 4934 S: Attributes of an Active Directory object were replicated."
                          href: event-4934.md
                        - name: "Event 4935 F: Replication failure begins."
                          href: event-4935.md
                        - name: "Event 4936 S: Replication failure ends."
                          href: event-4936.md
                        - name: "Event 4937 S: A lingering object was removed from a replica."
                          href: event-4937.md
                    - name: Audit Directory Service Access
                      href: audit-directory-service-access.md
                      items: 
                        - name: "Event 4662 S, F: An operation was performed on an object."
                          href: event-4662.md
                        - name: "Event 4661 S, F: A handle to an object was requested."
                          href: event-4661.md
                    - name: Audit Directory Service Changes
                      href: audit-directory-service-changes.md
                      items: 
                        - name: "Event 5136 S: A directory service object was modified."
                          href: event-5136.md
                        - name: "Event 5137 S: A directory service object was created."
                          href: event-5137.md
                        - name: "Event 5138 S: A directory service object was undeleted."
                          href: event-5138.md
                        - name: "Event 5139 S: A directory service object was moved."
                          href: event-5139.md
                        - name: "Event 5141 S: A directory service object was deleted."
                          href: event-5141.md
                    - name: Audit Directory Service Replication
                      href: audit-directory-service-replication.md
                      items: 
                        - name: "Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun."
                          href: event-4932.md
                        - name: "Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended."
                          href: event-4933.md
                    - name: Audit Account Lockout
                      href: audit-account-lockout.md
                      items: 
                        - name: "Event 4625 F: An account failed to log on."
                          href: event-4625.md
                    - name: Audit User/Device Claims
                      href: audit-user-device-claims.md
                      items: 
                        - name: "Event 4626 S: User/Device claims information."
                          href: event-4626.md
                    - name: Audit Group Membership
                      href: audit-group-membership.md
                      items: 
                        - name: "Event 4627 S: Group membership information."
                          href: event-4627.md
                    - name: Audit IPsec Extended Mode
                      href: audit-ipsec-extended-mode.md
                    - name: Audit IPsec Main Mode
                      href: audit-ipsec-main-mode.md
                    - name: Audit IPsec Quick Mode
                      href: audit-ipsec-quick-mode.md
                    - name: Audit Logoff
                      href: audit-logoff.md
                      items: 
                        - name: "Event 4634 S: An account was logged off."
                          href: event-4634.md
                        - name: "Event 4647 S: User initiated logoff."
                          href: event-4647.md
                    - name: Audit Logon
                      href: audit-logon.md
                      items: 
                        - name: "Event 4624 S: An account was successfully logged on."
                          href: event-4624.md
                        - name: "Event 4625 F: An account failed to log on."
                          href: event-4625.md
                        - name: "Event 4648 S: A logon was attempted using explicit credentials."
                          href: event-4648.md
                        - name: "Event 4675 S: SIDs were filtered."
                          href: event-4675.md
                    - name: Audit Network Policy Server
                      href: audit-network-policy-server.md
                    - name: Audit Other Logon/Logoff Events
                      href: audit-other-logonlogoff-events.md
                      items: 
                        - name: "Event 4649 S: A replay attack was detected."
                          href: event-4649.md
                        - name: "Event 4778 S: A session was reconnected to a Window Station."
                          href: event-4778.md
                        - name: "Event 4779 S: A session was disconnected from a Window Station."
                          href: event-4779.md
                        - name: "Event 4800 S: The workstation was locked."
                          href: event-4800.md
                        - name: "Event 4801 S: The workstation was unlocked."
                          href: event-4801.md
                        - name: "Event 4802 S: The screen saver was invoked."
                          href: event-4802.md
                        - name: "Event 4803 S: The screen saver was dismissed."
                          href: event-4803.md
                        - name: "Event 5378 F: The requested credentials delegation was disallowed by policy."
                          href: event-5378.md
                        - name: "Event 5632 S, F: A request was made to authenticate to a wireless network."
                          href: event-5632.md
                        - name: "Event 5633 S, F: A request was made to authenticate to a wired network."
                          href: event-5633.md
                    - name: Audit Special Logon
                      href: audit-special-logon.md
                      items: 
                        - name: "Event 4964 S: Special groups have been assigned to a new logon."
                          href: event-4964.md
                        - name: "Event 4672 S: Special privileges assigned to new logon."
                          href: event-4672.md
                    - name: Audit Application Generated
                      href: audit-application-generated.md
                    - name: Audit Certification Services
                      href: audit-certification-services.md
                    - name: Audit Detailed File Share
                      href: audit-detailed-file-share.md
                      items: 
                        - name: "Event 5145 S, F: A network share object was checked to see whether client can be granted desired access."
                          href: event-5145.md
                    - name: Audit File Share
                      href: audit-file-share.md
                      items: 
                        - name: "Event 5140 S, F: A network share object was accessed."
                          href: event-5140.md
                        - name: "Event 5142 S: A network share object was added."
                          href: event-5142.md
                        - name: "Event 5143 S: A network share object was modified."
                          href: event-5143.md
                        - name: "Event 5144 S: A network share object was deleted."
                          href: event-5144.md
                        - name: "Event 5168 F: SPN check for SMB/SMB2 failed."
                          href: event-5168.md
                    - name: Audit File System
                      href: audit-file-system.md
                      items: 
                        - name: "Event 4656 S, F: A handle to an object was requested."
                          href: event-4656.md
                        - name: "Event 4658 S: The handle to an object was closed."
                          href: event-4658.md
                        - name: "Event 4660 S: An object was deleted."
                          href: event-4660.md
                        - name: "Event 4663 S: An attempt was made to access an object."
                          href: event-4663.md
                        - name: "Event 4664 S: An attempt was made to create a hard link."
                          href: event-4664.md
                        - name: "Event 4985 S: The state of a transaction has changed."
                          href: event-4985.md
                        - name: "Event 5051: A file was virtualized."
                          href: event-5051.md
                        - name: "Event 4670 S: Permissions on an object were changed."
                          href: event-4670.md
                    - name: Audit Filtering Platform Connection
                      href: audit-filtering-platform-connection.md
                      items: 
                        - name: "Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network."
                          href: event-5031.md
                        - name: "Event 5150: The Windows Filtering Platform blocked a packet."
                          href: event-5150.md
                        - name: "Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet."
                          href: event-5151.md
                        - name: "Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections."
                          href: event-5154.md
                        - name: "Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections."
                          href: event-5155.md
                        - name: "Event 5156 S: The Windows Filtering Platform has permitted a connection."
                          href: event-5156.md
                        - name: "Event 5157 F: The Windows Filtering Platform has blocked a connection."
                          href: event-5157.md
                        - name: "Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port."
                          href: event-5158.md
                        - name: "Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port."
                          href: event-5159.md
                    - name: Audit Filtering Platform Packet Drop
                      href: audit-filtering-platform-packet-drop.md
                      items: 
                        - name: "Event 5152 F: The Windows Filtering Platform blocked a packet."
                          href: event-5152.md
                        - name: "Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet."
                          href: event-5153.md
                    - name: Audit Handle Manipulation
                      href: audit-handle-manipulation.md
                      items: 
                        - name: "Event 4690 S: An attempt was made to duplicate a handle to an object."
                          href: event-4690.md
                    - name: Audit Kernel Object
                      href: audit-kernel-object.md
                      items: 
                        - name: "Event 4656 S, F: A handle to an object was requested."
                          href: event-4656.md
                        - name: "Event 4658 S: The handle to an object was closed."
                          href: event-4658.md
                        - name: "Event 4660 S: An object was deleted."
                          href: event-4660.md
                        - name: "Event 4663 S: An attempt was made to access an object."
                          href: event-4663.md
                    - name: Audit Other Object Access Events
                      href: audit-other-object-access-events.md
                      items: 
                        - name: "Event 4671: An application attempted to access a blocked ordinal through the TBS."
                          href: event-4671.md
                        - name: "Event 4691 S: Indirect access to an object was requested."
                          href: event-4691.md
                        - name: "Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded."
                          href: event-5148.md
                        - name: "Event 5149 F: The DoS attack has subsided and normal processing is being resumed."
                          href: event-5149.md
                        - name: "Event 4698 S: A scheduled task was created."
                          href: event-4698.md
                        - name: "Event 4699 S: A scheduled task was deleted."
                          href: event-4699.md
                        - name: "Event 4700 S: A scheduled task was enabled."
                          href: event-4700.md
                        - name: "Event 4701 S: A scheduled task was disabled."
                          href: event-4701.md
                        - name: "Event 4702 S: A scheduled task was updated."
                          href: event-4702.md
                        - name: "Event 5888 S: An object in the COM+ Catalog was modified."
                          href: event-5888.md
                        - name: "Event 5889 S: An object was deleted from the COM+ Catalog."
                          href: event-5889.md
                        - name: "Event 5890 S: An object was added to the COM+ Catalog."
                          href: event-5890.md
                    - name: Audit Registry
                      href: audit-registry.md
                      items: 
                        - name: "Event 4663 S: An attempt was made to access an object."
                          href: event-4663.md
                        - name: "Event 4656 S, F: A handle to an object was requested."
                          href: event-4656.md
                        - name: "Event 4658 S: The handle to an object was closed."
                          href: event-4658.md
                        - name: "Event 4660 S: An object was deleted."
                          href: event-4660.md
                        - name: "Event 4657 S: A registry value was modified."
                          href: event-4657.md
                        - name: "Event 5039: A registry key was virtualized."
                          href: event-5039.md
                        - name: "Event 4670 S: Permissions on an object were changed."
                          href: event-4670.md
                    - name: Audit Removable Storage
                      href: audit-removable-storage.md
                    - name: Audit SAM
                      href: audit-sam.md
                      items: 
                        - name: "Event 4661 S, F: A handle to an object was requested."
                          href: event-4661.md
                    - name: Audit Central Access Policy Staging
                      href: audit-central-access-policy-staging.md
                      items: 
                        - name: "Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy."
                          href: event-4818.md
                    - name: Audit Audit Policy Change
                      href: audit-audit-policy-change.md
                      items: 
                        - name: "Event 4670 S: Permissions on an object were changed."
                          href: event-4670.md
                        - name: "Event 4715 S: The audit policy, SACL, on an object was changed."
                          href: event-4715.md
                        - name: "Event 4719 S: System audit policy was changed."
                          href: event-4719.md
                        - name: "Event 4817 S: Auditing settings on object were changed."
                          href: event-4817.md
                        - name: "Event 4902 S: The Per-user audit policy table was created."
                          href: event-4902.md
                        - name: "Event 4906 S: The CrashOnAuditFail value has changed."
                          href: event-4906.md
                        - name: "Event 4907 S: Auditing settings on object were changed."
                          href: event-4907.md
                        - name: "Event 4908 S: Special Groups Logon table modified."
                          href: event-4908.md
                        - name: "Event 4912 S: Per User Audit Policy was changed."
                          href: event-4912.md
                        - name: "Event 4904 S: An attempt was made to register a security event source."
                          href: event-4904.md
                        - name: "Event 4905 S: An attempt was made to unregister a security event source."
                          href: event-4905.md
                    - name: Audit Authentication Policy Change
                      href: audit-authentication-policy-change.md
                      items: 
                        - name: "Event 4706 S: A new trust was created to a domain."
                          href: event-4706.md
                        - name: "Event 4707 S: A trust to a domain was removed."
                          href: event-4707.md
                        - name: "Event 4716 S: Trusted domain information was modified."
                          href: event-4716.md
                        - name: "Event 4713 S: Kerberos policy was changed."
                          href: event-4713.md
                        - name: "Event 4717 S: System security access was granted to an account."
                          href: event-4717.md
                        - name: "Event 4718 S: System security access was removed from an account."
                          href: event-4718.md
                        - name: "Event 4739 S: Domain Policy was changed."
                          href: event-4739.md
                        - name: "Event 4864 S: A namespace collision was detected."
                          href: event-4864.md
                        - name: "Event 4865 S: A trusted forest information entry was added."
                          href: event-4865.md
                        - name: "Event 4866 S: A trusted forest information entry was removed."
                          href: event-4866.md
                        - name: "Event 4867 S: A trusted forest information entry was modified."
                          href: event-4867.md
                    - name: Audit Authorization Policy Change
                      href: audit-authorization-policy-change.md
                      items: 
                        - name: "Event 4703 S: A user right was adjusted."
                          href: event-4703.md
                        - name: "Event 4704 S: A user right was assigned."
                          href: event-4704.md
                        - name: "Event 4705 S: A user right was removed."
                          href: event-4705.md
                        - name: "Event 4670 S: Permissions on an object were changed."
                          href: event-4670.md
                        - name: "Event 4911 S: Resource attributes of the object were changed."
                          href: event-4911.md
                        - name: "Event 4913 S: Central Access Policy on the object was changed."
                          href: event-4913.md
                    - name: Audit Filtering Platform Policy Change
                      href: audit-filtering-platform-policy-change.md
                    - name: Audit MPSSVC Rule-Level Policy Change
                      href: audit-mpssvc-rule-level-policy-change.md
                      items: 
                        - name: "Event 4944 S: The following policy was active when the Windows Firewall started."
                          href: event-4944.md
                        - name: "Event 4945 S: A rule was listed when the Windows Firewall started."
                          href: event-4945.md
                        - name: "Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added."
                          href: event-4946.md
                        - name: "Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified."
                          href: event-4947.md
                        - name: "Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted."
                          href: event-4948.md
                        - name: "Event 4949 S: Windows Firewall settings were restored to the default values."
                          href: event-4949.md
                        - name: "Event 4950 S: A Windows Firewall setting has changed."
                          href: event-4950.md
                        - name: "Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall."
                          href: event-4951.md
                        - name: "Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced."
                          href: event-4952.md
                        - name: "Event 4953 F: Windows Firewall ignored a rule because it could not be parsed."
                          href: event-4953.md
                        - name: "Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied."
                          href: event-4954.md
                        - name: "Event 4956 S: Windows Firewall has changed the active profile."
                          href: event-4956.md
                        - name: "Event 4957 F: Windows Firewall did not apply the following rule."
                          href: event-4957.md
                        - name: "Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer."
                          href: event-4958.md
                    - name: Audit Other Policy Change Events
                      href: audit-other-policy-change-events.md
                      items: 
                        - name: "Event 4714 S: Encrypted data recovery policy was changed."
                          href: event-4714.md
                        - name: "Event 4819 S: Central Access Policies on the machine have been changed."
                          href: event-4819.md
                        - name: "Event 4826 S: Boot Configuration Data loaded."
                          href: event-4826.md
                        - name: "Event 4909: The local policy settings for the TBS were changed."
                          href: event-4909.md
                        - name: "Event 4910: The group policy settings for the TBS were changed."
                          href: event-4910.md
                        - name: "Event 5063 S, F: A cryptographic provider operation was attempted."
                          href: event-5063.md
                        - name: "Event 5064 S, F: A cryptographic context operation was attempted."
                          href: event-5064.md
                        - name: "Event 5065 S, F: A cryptographic context modification was attempted."
                          href: event-5065.md
                        - name: "Event 5066 S, F: A cryptographic function operation was attempted."
                          href: event-5066.md
                        - name: "Event 5067 S, F: A cryptographic function modification was attempted."
                          href: event-5067.md
                        - name: "Event 5068 S, F: A cryptographic function provider operation was attempted."
                          href: event-5068.md
                        - name: "Event 5069 S, F: A cryptographic function property operation was attempted."
                          href: event-5069.md
                        - name: "Event 5070 S, F: A cryptographic function property modification was attempted."
                          href: event-5070.md
                        - name: "Event 5447 S: A Windows Filtering Platform filter has been changed."
                          href: event-5447.md
                        - name: "Event 6144 S: Security policy in the group policy objects has been applied successfully."
                          href: event-6144.md
                        - name: "Event 6145 F: One or more errors occurred while processing security policy in the group policy objects."
                          href: event-6145.md
                    - name: Audit Sensitive Privilege Use
                      href: audit-sensitive-privilege-use.md
                      items: 
                        - name: "Event 4673 S, F: A privileged service was called."
                          href: event-4673.md
                        - name: "Event 4674 S, F: An operation was attempted on a privileged object."
                          href: event-4674.md
                        - name: "Event 4985 S: The state of a transaction has changed."
                          href: event-4985.md
                    - name: Audit Non Sensitive Privilege Use
                      href: audit-non-sensitive-privilege-use.md
                      items: 
                        - name: "Event 4673 S, F: A privileged service was called."
                          href: event-4673.md
                        - name: "Event 4674 S, F: An operation was attempted on a privileged object."
                          href: event-4674.md
                        - name: "Event 4985 S: The state of a transaction has changed."
                          href: event-4985.md
                    - name: Audit Other Privilege Use Events
                      href: audit-other-privilege-use-events.md
                      items: 
                        - name: "Event 4985 S: The state of a transaction has changed."
                          href: event-4985.md
                    - name: Audit IPsec Driver
                      href: audit-ipsec-driver.md
                    - name: Audit Other System Events
                      href: audit-other-system-events.md
                      items: 
                        - name: "Event 5024 S: The Windows Firewall Service has started successfully."
                          href: event-5024.md
                        - name: "Event 5025 S: The Windows Firewall Service has been stopped."
                          href: event-5025.md
                        - name: "Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy."
                          href: event-5027.md
                        - name: "Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy."
                          href: event-5028.md
                        - name: "Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy."
                          href: event-5029.md
                        - name: "Event 5030 F: The Windows Firewall Service failed to start."
                          href: event-5030.md
                        - name: "Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network."
                          href: event-5032.md
                        - name: "Event 5033 S: The Windows Firewall Driver has started successfully."
                          href: event-5033.md
                        - name: "Event 5034 S: The Windows Firewall Driver was stopped."
                          href: event-5034.md
                        - name: "Event 5035 F: The Windows Firewall Driver failed to start."
                          href: event-5035.md
                        - name: "Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating."
                          href: event-5037.md
                        - name: "Event 5058 S, F: Key file operation."
                          href: event-5058.md
                        - name: "Event 5059 S, F: Key migration operation."
                          href: event-5059.md
                        - name: "Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content."
                          href: event-6400.md
                        - name: "Event 6401: BranchCache: Received invalid data from a peer. Data discarded."
                          href: event-6401.md
                        - name: "Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted."
                          href: event-6402.md
                        - name: "Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client."
                          href: event-6403.md
                        - name: "Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate."
                          href: event-6404.md
                        - name: "Event 6405: BranchCache: %2 instances of event id %1 occurred."
                          href: event-6405.md
                        - name: "Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2."
                          href: event-6406.md
                        - name: "Event 6407: 1%."
                          href: event-6407.md
                        - name: "Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2."
                          href: event-6408.md
                        - name: "Event 6409: BranchCache: A service connection point object could not be parsed."
                          href: event-6409.md
                    - name: Audit Security State Change
                      href: audit-security-state-change.md
                      items: 
                        - name: "Event 4608 S: Windows is starting up."
                          href: event-4608.md
                        - name: "Event 4616 S: The system time was changed."
                          href: event-4616.md
                        - name: "Event 4621 S: Administrator recovered system from CrashOnAuditFail."
                          href: event-4621.md
                    - name: Audit Security System Extension
                      href: audit-security-system-extension.md
                      items: 
                        - name: "Event 4610 S: An authentication package has been loaded by the Local Security Authority."
                          href: event-4610.md
                        - name: "Event 4611 S: A trusted logon process has been registered with the Local Security Authority."
                          href: event-4611.md
                        - name: "Event 4614 S: A notification package has been loaded by the Security Account Manager."
                          href: event-4614.md
                        - name: "Event 4622 S: A security package has been loaded by the Local Security Authority."
                          href: event-4622.md
                        - name: "Event 4697 S: A service was installed in the system."
                          href: event-4697.md
                    - name: Audit System Integrity
                      href: audit-system-integrity.md
                      items: 
                        - name: "Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits."
                          href: event-4612.md
                        - name: "Event 4615 S: Invalid use of LPC port."
                          href: event-4615.md
                        - name: "Event 4618 S: A monitored security event pattern has occurred."
                          href: event-4618.md
                        - name: "Event 4816 S: RPC detected an integrity violation while decrypting an incoming message."
                          href: event-4816.md
                        - name: "Event 5038 F: Code integrity determined that the image hash of a file is not valid."
                          href: event-5038.md
                        - name: "Event 5056 S: A cryptographic self-test was performed."
                          href: event-5056.md
                        - name: "Event 5062 S: A kernel-mode cryptographic self-test was performed."
                          href: event-5062.md
                        - name: "Event 5057 F: A cryptographic primitive operation failed."
                          href: event-5057.md
                        - name: "Event 5060 F: Verification operation failed."
                          href: event-5060.md
                        - name: "Event 5061 S, F: Cryptographic operation."
                          href: event-5061.md
                        - name: "Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid."
                          href: event-6281.md
                        - name: "Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process."
                          href: event-6410.md
                    - name: Other Events
                      href: other-events.md
                      items: 
                        - name: "Event 1100 S: The event logging service has shut down."
                          href: event-1100.md
                        - name: "Event 1102 S: The audit log was cleared."
                          href: event-1102.md
                        - name: "Event 1104 S: The security log is now full."
                          href: event-1104.md
                        - name: "Event 1105 S: Event log automatic backup."
                          href: event-1105.md
                        - name: "Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1."
                          href: event-1108.md
                    - name: "Appendix A: Security monitoring recommendations for many audit events"
                      href: appendix-a-security-monitoring-recommendations-for-many-audit-events.md
                    - name: Registry (Global Object Access Auditing)
                      href: registry-global-object-access-auditing.md
                    - name: File System (Global Object Access Auditing)
                      href: file-system-global-object-access-auditing.md
        - name: Windows security
          href: /windows/security/
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@ -13,7 +13,7 @@ author: dansimp
 ms.author: dansimp
 ms.date: 08/14/2017
 ms.localizationpriority: medium
-ms.technology: mde
+ms.technology: other
 ---
 # Block untrusted fonts in an enterprise
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@ -10,7 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
-ms.technology: mde
+ms.technology: other
 ---
 # FIPS 140-2 Validation
@ -6780,7 +6780,7 @@ Version 6.3.9600</td>
 #### SP 800-132 Password-Based Key Derivation Function (PBKDF)
-<table border="1" cellpadding="0" summary="table" xmlns="http://www.w3.org/1999/xhtml">
+<table border="1" cellpadding="0">
  <tr>
    <td>
      <b>Modes / States / Key Sizes</b>
--- a/windows/security/threat-protection/images/simplified-sdl.png
+++ b/windows/security/threat-protection/images/simplified-sdl.png
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@ -1,149 +1,51 @@
 ---
-title: Threat Protection (Windows 10)
+title: Windows threat protection
-description: Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
+description: Describes the security capabilities in Windows client focused on threat protection
-keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
+keywords: threat protection, Microsoft Defender Antivirus, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: macapara
+ms.author: dansimp
-author: mjcaparas
+author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.technology: mde
+ms.technology: windows-sec
 ---
-# Threat Protection
+# Windows threat protection
 **Applies to:**
- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
+- Windows 10
- [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender)
+- Windows 11
-[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Defender for Endpoint protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture.
+In Windows client, hardware and software work together to help protect you from new and emerging threats. Expanded security protections in Windows 11 help boost security from the chip, to the cloud.  
-**Applies to:**
+## Windows threat protection
 - [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
-> [!TIP]
+See the following articles to learn more about the different areas of Windows threat protection:
 > Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](/enterprise-mobility-security/remote-work/). 
-<center><h2>Microsoft Defender for Endpoint</center></h2>
+- [Microsoft Defender Application Guard](\windows\security\threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md)
-<table>
+- [Virtualization-based protection of code integrity](\windows\security\threat-protection\device-guard\enable-virtualization-based-protection-of-code-integrity.md)
-<tr>
+- [Application control](/windows-defender-application-control/windows-defender-application-control.md)
-<td><a href="#tvm"><center><img src="images/TVM_icon.png" alt="threat and vulnerability icon"> <br><b>Threat & vulnerability management</b></center></a></td>
+- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
 <td><a href="#asr"><center><img src="images/asr-icon.png" alt="attack surface reduction icon"> <br><b>Attack surface reduction</b></center></a></td>
 <td><center><a href="#ngp"><img src="images/ngp-icon.png" alt="next generation protection icon"><br> <b>Next-generation protection</b></a></center></td>
 <td><center><a href="#edr"><img src="images/edr-icon.png" alt="endpoint detection and response icon"><br> <b>Endpoint detection and response</b></a></center></td>
 <td><center><a href="#ai"><img src="images/air-icon.png" alt="automated investigation and remediation icon"><br> <b>Automated investigation and remediation</b></a></center></td>
 <td><center><a href="#mte"><img src="images/mte-icon.png" alt="microsoft threat experts icon"><br> <b>Microsoft Threat Experts</b></a></center></td>
 </tr>
 <tr>
 <td colspan="7">
 <a href="#apis"><center><b>Centralized configuration and administration, APIs</a></b></center></td>
 </tr>
 <tr>
 <td colspan="7"><a href="#mtp"><center><b>Microsoft 365 Defender</a></center></b></td>
 </tr>
 </table>
 <br>
 <a name="tvm"></a>
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4obJq]
 **[Threat & vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)**<br>
 This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
 - [Threat & vulnerability management overview](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
 - [Get started](/microsoft-365/security/defender-endpoint/tvm-prerequisites)
 - [Access your security posture](/microsoft-365/security/defender-endpoint/tvm-dashboard-insights)
 - [Improve your security posture and reduce risk](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
 - [Understand vulnerabilities on your devices](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
 <a name="asr"></a>
 **[Attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**<br>
 The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation.
 - [Hardware based isolation](/microsoft-365/security/defender-endpoint/overview-hardware-based-isolation)
 - [Application control](windows-defender-application-control/windows-defender-application-control.md)
 - [Device control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
 - [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)
 - [Network protection](/microsoft-365/security/defender-endpoint/network-protection), [web protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
 - [Microsoft Defender SmartScreen](\windows\security\threat-protection\microsoft-defender-smartscreen\microsoft-defender-smartscreen-overview.md)
 - [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)
 - [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
 - [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
 - [Windows Sandbox](\windows\security\threat-protection\windows-sandbox\windows-sandbox-overview.md)
-<a name="ngp"></a>
+### Next-generation protection
-
+Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. 
 **[Next-generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10)**<br>
 To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
 - [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
 - [Cloud-based protection](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus)
 - [Machine learning](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus)
 - [URL Protection](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus)
 - [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
 <a name="edr"></a>
 **[Endpoint detection and response](/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response)**<br>
 Endpoint detection and response capabilities are put in place to detect, investigate, and respond to intrusion attempts and active breaches. With Advanced hunting, you have a query-based threat-hunting tool that lets your proactively find breaches and create custom detections.
 - [Alerts](/microsoft-365/security/defender-endpoint/alerts-queue)
 - [Historical endpoint data](/microsoft-365/security/defender-endpoint/investigate-machines#timeline)
 - [Response orchestration](/microsoft-365/security/defender-endpoint/respond-machine-alerts)
 - [Forensic collection](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)
 - [Threat intelligence](/microsoft-365/security/defender-endpoint/threat-indicator-concepts)
 - [Advanced detonation and analysis service](/microsoft-365/security/defender-endpoint/respond-file-alerts#deep-analysis)
 - [Advanced hunting](/microsoft-365/security/defender-endpoint/advanced-hunting-overview)
    - [Custom detections](/microsoft-365/security/defender-endpoint/overview-custom-detections)
 <a name="ai"></a>
 **[Automated investigation and remediation](/microsoft-365/security/defender-endpoint/automated-investigations)**<br>
 In addition to quickly responding to advanced attacks, Microsoft Defender for Endpoint offers automated investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
 - [Get an overview of automated investigation and remediation](/microsoft-365/security/defender-endpoint/automated-investigations)
 - [Learn about automation levels](/microsoft-365/security/defender-endpoint/automation-levels)
 - [Configure automated investigation and remediation in Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation)
 - [Visit the Action center to see remediation actions](/microsoft-365/security/defender-endpoint/auto-investigation-action-center)
 - [Review remediation actions following an automated investigation](/microsoft-365/security/defender-endpoint/manage-auto-investigation)
 <a name="mte"></a>
 **[Microsoft Threat Experts](/microsoft-365/security/defender-endpoint/microsoft-threat-experts)**<br>
 Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights. Microsoft Threat Experts further empowers Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately.
 - [Targeted attack notification](/microsoft-365/security/defender-endpoint/microsoft-threat-experts)
 - [Experts-on-demand](/microsoft-365/security/defender-endpoint/microsoft-threat-experts)
 - [Configure your Microsoft 365 Defender managed hunting service](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts)
 <a name="apis"></a>
 **[Centralized configuration and administration, APIs](/microsoft-365/security/defender-endpoint/management-apis)**<br>
 Integrate Microsoft Defender for Endpoint into your existing workflows.
 - [Onboarding](/microsoft-365/security/defender-endpoint/onboard-configure)
 - [API and SIEM integration](/microsoft-365/security/defender-endpoint/configure-siem)
 - [Exposed APIs](/microsoft-365/security/defender-endpoint/apis-intro)
 - [Role-based access control (RBAC)](/microsoft-365/security/defender-endpoint/rbac)
 - [Reporting and trends](/microsoft-365/security/defender-endpoint/threat-protection-reports)
 <a name="integration"></a>
 **[Integration with Microsoft solutions](/microsoft-365/security/defender-endpoint/threat-protection-integration)** <br>
 Microsoft Defender for Endpoint directly integrates with various Microsoft solutions, including:
 - Intune
 - Microsoft Defender for Office 365
 - Microsoft Defender for Identity
 - Azure Defender
 - Skype for Business
 - Microsoft Cloud App Security
 <a name="mtp"></a>
 **[Microsoft 365 Defender](/microsoft-365/security/mtp/microsoft-threat-protection)**<br>
 With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
--- a/windows/security/threat-protection/intelligence/TOC.yml
+++ b/windows/security/threat-protection/intelligence/TOC.yml
@ -1,60 +0,0 @@
 - name: Security intelligence
  href: index.md
  items: 
    - name: Understand malware & other threats
      href: understanding-malware.md
      items: 
        - name: Coin miners
          href: coinminer-malware.md
        - name: Exploits and exploit kits
          href: exploits-malware.md
        - name: Fileless threats
          href: fileless-threats.md
        - name: Macro malware
          href: macro-malware.md
        - name: Phishing attacks
          href: phishing.md
          items: 
            - name: Phishing trends and techniques
              href: phishing-trends.md
        - name: Ransomware
          href: /security/compass/human-operated-ransomware
        - name: Rootkits
          href: rootkits-malware.md
        - name: Supply chain attacks
          href: supply-chain-malware.md
        - name: Tech support scams
          href: support-scams.md
        - name: Trojans
          href: trojans-malware.md
        - name: Unwanted software
          href: unwanted-software.md
        - name: Worms
          href: worms-malware.md
    - name: Prevent malware infection
      href: prevent-malware-infection.md
    - name: Malware naming convention
      href: malware-naming.md
    - name: How Microsoft identifies malware and PUA
      href: criteria.md
    - name: Submit files for analysis
      href: submission-guide.md
    - name: Troubleshoot malware submission
      href: portal-submission-troubleshooting.md
    - name: Safety Scanner download
      href: safety-scanner-download.md
    - name: Industry collaboration programs
      href: cybersecurity-industry-partners.md
      items: 
        - name: Virus information alliance
          href: virus-information-alliance-criteria.md
        - name: Microsoft virus initiative
          href: virus-initiative-criteria.md
        - name: Coordinated malware eradication
          href: coordinated-malware-eradication.md
    - name: Information for developers
      items: 
        - name: Software developer FAQ
          href: developer-faq.yml
        - name: Software developer resources
          href: developer-resources.md
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@ -9,7 +9,7 @@ ms.author: dansimp
 author: dansimp
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: other
 ---
 # What is Microsoft Baseline Security Analyzer and its uses?
--- a/windows/security/threat-protection/microsoft-bug-bounty-program.md
+++ b/windows/security/threat-protection/microsoft-bug-bounty-program.md
@ -0,0 +1,22 @@
 ---
 title: About the Microsoft Bug Bounty Program
 description: If you are a security researcher, you can get a reward for reporting a vulnerability in a Microsoft product, service, or device.
 ms.prod: m365-security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
 ms.technology: other
 ---
 # About the Microsoft Bug Bounty Program
 Are you a security researcher? Did you find a vulnerability in a Microsoft product, service, or device? If so, we want to hear from you!
 If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.
 Visit the [Microsoft Bug Bounty Program site](https://www.microsoft.com/en-us/msrc/bounty?rtc=1) for all the details!
--- a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml
@ -3,13 +3,16 @@
  items: 
    - name: System requirements
      href: reqs-md-app-guard.md
-    - name: Install WDAG
+    - name: Install Application Guard
      href: install-md-app-guard.md
-    - name: Configure WDAG policies
+    - name: Configure Application Guard policies
      href: configure-md-app-guard.md
    - name: Test scenarios
      href: test-scenarios-md-app-guard.md
    - name: Microsoft Defender Application Guard Extension
      href: md-app-guard-browser-extension.md
-    - name: FAQ
+    - name: Application Guard FAQ
      href: faq-md-app-guard.yml
 - name: Windows security
  href: /windows/security/
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
@ -9,7 +9,7 @@ metadata:
  ms.localizationpriority: medium
  author: denisebmsft
  ms.author: deniseb
-  ms.date: 07/23/2021
+  ms.date: 09/29/2021
  ms.reviewer:
  manager: dansimp
  ms.custom: asr
@ -217,6 +217,16 @@ sections:
          Policy: Allow installation of devices using drivers that match these device setup classes
          - `{71a27cdd-812a-11d0-bec7-08002be2092f}`
      - question: |
          I'm encountering TCP fragmentation issues, and cannot enable my VPN connection. How do I fix this?
        answer: |
          WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix by following these steps:
          1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: `\Registry\Machine\SYSTEM\CurrentControlSet\Services\Winnat`.
          2. Reboot the device.
 additionalContent: |
  ## See also
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@ -0,0 +1,31 @@
 ---
 title: Microsoft Security Development Lifecycle
 description: Download the Microsoft Security Development Lifecycle white paper which covers a security assurance process focused on software development.
 ms.prod: m365-security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
 ms.technology: other
 ---
 # Microsoft Security Development Lifecycle
 The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. As a Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in software and culture at Microsoft. 
 [:::image type="content" source="images/simplified-sdl.png" alt-text="Simplified secure development lifecycle":::](https://www.microsoft.com/en-us/securityengineering/sdl)
 Combining a holistic and practical approach, the SDL aims to reduce the number and severity of vulnerabilities in software. The SDL introduces security and privacy throughout all phases of the development process. 
 The Microsoft SDL is based on three core concepts:
 - Education
 - Continuous process improvement
 - Accountability
 To learn more about the SDL, visit the [Security Engineering site](https://www.microsoft.com/en-us/securityengineering/sdl).
 And, download the [Simplified Implementation of the Microsoft SDL whitepaper](https://go.microsoft.com/?linkid=9708425).
--- a/windows/security/threat-protection/security-policy-settings/TOC.yml
+++ b/windows/security/threat-protection/security-policy-settings/TOC.yml
@ -0,0 +1,351 @@
        - name: Security policy settings
          href: security-policy-settings.md
          items: 
            - name: Administer security policy settings
              href: administer-security-policy-settings.md
              items: 
                - name: Network List Manager policies
                  href: network-list-manager-policies.md
            - name: Configure security policy settings
              href: how-to-configure-security-policy-settings.md
            - name: Security policy settings reference
              href: security-policy-settings-reference.md
              items: 
                - name: Account Policies
                  href: account-policies.md
                  items: 
                    - name: Password Policy
                      href: password-policy.md
                      items: 
                        - name: Enforce password history
                          href: enforce-password-history.md
                        - name: Maximum password age
                          href: maximum-password-age.md
                        - name: Minimum password age
                          href: minimum-password-age.md
                        - name: Minimum password length
                          href: minimum-password-length.md
                        - name: Password must meet complexity requirements
                          href: password-must-meet-complexity-requirements.md
                        - name: Store passwords using reversible encryption
                          href: store-passwords-using-reversible-encryption.md
                    - name: Account Lockout Policy
                      href: account-lockout-policy.md
                      items: 
                        - name: Account lockout duration
                          href: account-lockout-duration.md
                        - name: Account lockout threshold
                          href: account-lockout-threshold.md
                        - name: Reset account lockout counter after
                          href: reset-account-lockout-counter-after.md
                    - name: Kerberos Policy
                      href: kerberos-policy.md
                      items: 
                        - name: Enforce user logon restrictions
                          href: enforce-user-logon-restrictions.md
                        - name: Maximum lifetime for service ticket
                          href: maximum-lifetime-for-service-ticket.md
                        - name: Maximum lifetime for user ticket
                          href: maximum-lifetime-for-user-ticket.md
                        - name: Maximum lifetime for user ticket renewal
                          href: maximum-lifetime-for-user-ticket-renewal.md
                        - name: Maximum tolerance for computer clock synchronization
                          href: maximum-tolerance-for-computer-clock-synchronization.md
                - name: Audit Policy
                  href: audit-policy.md
                - name: Security Options
                  href: security-options.md
                  items: 
                    - name: "Accounts: Administrator account status"
                      href: accounts-administrator-account-status.md
                    - name: "Accounts: Block Microsoft accounts"
                      href: accounts-block-microsoft-accounts.md
                    - name: "Accounts: Guest account status"
                      href: accounts-guest-account-status.md
                    - name: "Accounts: Limit local account use of blank passwords to console logon only"
                      href: accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
                    - name: "Accounts: Rename administrator account"
                      href: accounts-rename-administrator-account.md
                    - name: "Accounts: Rename guest account"
                      href: accounts-rename-guest-account.md
                    - name: "Audit: Audit the access of global system objects"
                      href: audit-audit-the-access-of-global-system-objects.md
                    - name: "Audit: Audit the use of Backup and Restore privilege"
                      href: audit-audit-the-use-of-backup-and-restore-privilege.md
                    - name: "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings"
                      href: audit-force-audit-policy-subcategory-settings-to-override.md
                    - name: "Audit: Shut down system immediately if unable to log security audits"
                      href: audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
                    - name: "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"
                      href: dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
                    - name: "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax"
                      href: dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
                    - name: "Devices: Allow undock without having to log on"
                      href: devices-allow-undock-without-having-to-log-on.md
                    - name: "Devices: Allowed to format and eject removable media"
                      href: devices-allowed-to-format-and-eject-removable-media.md
                    - name: "Devices: Prevent users from installing printer drivers"
                      href: devices-prevent-users-from-installing-printer-drivers.md
                    - name: "Devices: Restrict CD-ROM access to locally logged-on user only"
                      href: devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
                    - name: "Devices: Restrict floppy access to locally logged-on user only"
                      href: devices-restrict-floppy-access-to-locally-logged-on-user-only.md
                    - name: "Domain controller: Allow server operators to schedule tasks"
                      href: domain-controller-allow-server-operators-to-schedule-tasks.md
                    - name: "Domain controller: LDAP server signing requirements"
                      href: domain-controller-ldap-server-signing-requirements.md
                    - name: "Domain controller: Refuse machine account password changes"
                      href: domain-controller-refuse-machine-account-password-changes.md
                    - name: "Domain member: Digitally encrypt or sign secure channel data (always)"
                      href: domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
                    - name: "Domain member: Digitally encrypt secure channel data (when possible)"
                      href: domain-member-digitally-encrypt-secure-channel-data-when-possible.md
                    - name: "Domain member: Digitally sign secure channel data (when possible)"
                      href: domain-member-digitally-sign-secure-channel-data-when-possible.md
                    - name: "Domain member: Disable machine account password changes"
                      href: domain-member-disable-machine-account-password-changes.md
                    - name: "Domain member: Maximum machine account password age"
                      href: domain-member-maximum-machine-account-password-age.md
                    - name: "Domain member: Require strong (Windows 2000 or later) session key"
                      href: domain-member-require-strong-windows-2000-or-later-session-key.md
                    - name: "Interactive logon: Display user information when the session is locked"
                      href: interactive-logon-display-user-information-when-the-session-is-locked.md
                    - name: "Interactive logon: Don't display last signed-in"
                      href: interactive-logon-do-not-display-last-user-name.md
                    - name: "Interactive logon: Don't display username at sign-in"
                      href: interactive-logon-dont-display-username-at-sign-in.md
                    - name: "Interactive logon: Do not require CTRL+ALT+DEL"
                      href: interactive-logon-do-not-require-ctrl-alt-del.md
                    - name: "Interactive logon: Machine account lockout threshold"
                      href: interactive-logon-machine-account-lockout-threshold.md
                    - name: "Interactive logon: Machine inactivity limit"
                      href: interactive-logon-machine-inactivity-limit.md
                    - name: "Interactive logon: Message text for users attempting to log on"
                      href: interactive-logon-message-text-for-users-attempting-to-log-on.md
                    - name: "Interactive logon: Message title for users attempting to log on"
                      href: interactive-logon-message-title-for-users-attempting-to-log-on.md
                    - name: "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
                      href: interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
                    - name: "Interactive logon: Prompt user to change password before expiration"
                      href: interactive-logon-prompt-user-to-change-password-before-expiration.md
                    - name: "Interactive logon: Require Domain Controller authentication to unlock workstation"
                      href: interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
                    - name: "Interactive logon: Require smart card"
                      href: interactive-logon-require-smart-card.md
                    - name: "Interactive logon: Smart card removal behavior"
                      href: interactive-logon-smart-card-removal-behavior.md
                    - name: "Microsoft network client: Digitally sign communications (always)"
                      href: microsoft-network-client-digitally-sign-communications-always.md
                    - name: "SMBv1 Microsoft network client: Digitally sign communications (always)"
                      href: smbv1-microsoft-network-client-digitally-sign-communications-always.md
                    - name: "SMBv1 Microsoft network client: Digitally sign communications (if server agrees)"
                      href: smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
                    - name: "Microsoft network client: Send unencrypted password to third-party SMB servers"
                      href: microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
                    - name: "Microsoft network server: Amount of idle time required before suspending session"
                      href: microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
                    - name: "Microsoft network server: Attempt S4U2Self to obtain claim information"
                      href: microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
                    - name: "Microsoft network server: Digitally sign communications (always)"
                      href: microsoft-network-server-digitally-sign-communications-always.md
                    - name: "SMBv1 Microsoft network server: Digitally sign communications (always)"
                      href: smbv1-microsoft-network-server-digitally-sign-communications-always.md
                    - name: "SMBv1 Microsoft network server: Digitally sign communications (if client agrees)"
                      href: smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
                    - name: "Microsoft network server: Disconnect clients when logon hours expire"
                      href: microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
                    - name: "Microsoft network server: Server SPN target name validation level"
                      href: microsoft-network-server-server-spn-target-name-validation-level.md
                    - name: "Network access: Allow anonymous SID/Name translation"
                      href: network-access-allow-anonymous-sidname-translation.md
                    - name: "Network access: Do not allow anonymous enumeration of SAM accounts"
                      href: network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
                    - name: "Network access: Do not allow anonymous enumeration of SAM accounts and shares"
                      href: network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
                    - name: "Network access: Do not allow storage of passwords and credentials for network authentication"
                      href: network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
                    - name: "Network access: Let Everyone permissions apply to anonymous users"
                      href: network-access-let-everyone-permissions-apply-to-anonymous-users.md
                    - name: "Network access: Named Pipes that can be accessed anonymously"
                      href: network-access-named-pipes-that-can-be-accessed-anonymously.md
                    - name: "Network access: Remotely accessible registry paths"
                      href: network-access-remotely-accessible-registry-paths.md
                    - name: "Network access: Remotely accessible registry paths and subpaths"
                      href: network-access-remotely-accessible-registry-paths-and-subpaths.md
                    - name: "Network access: Restrict anonymous access to Named Pipes and Shares"
                      href: network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
                    - name: "Network access: Restrict clients allowed to make remote calls to SAM"
                      href: network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
                    - name: "Network access: Shares that can be accessed anonymously"
                      href: network-access-shares-that-can-be-accessed-anonymously.md
                    - name: "Network access: Sharing and security model for local accounts"
                      href: network-access-sharing-and-security-model-for-local-accounts.md
                    - name: "Network security: Allow Local System to use computer identity for NTLM"
                      href: network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
                    - name: "Network security: Allow LocalSystem NULL session fallback"
                      href: network-security-allow-localsystem-null-session-fallback.md
                    - name: "Network security: Allow PKU2U authentication requests to this computer to use online identities"
                      href: network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
                    - name: "Network security: Configure encryption types allowed for Kerberos"
                      href: network-security-configure-encryption-types-allowed-for-kerberos.md
                    - name: "Network security: Do not store LAN Manager hash value on next password change"
                      href: network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
                    - name: "Network security: Force logoff when logon hours expire"
                      href: network-security-force-logoff-when-logon-hours-expire.md
                    - name: "Network security: LAN Manager authentication level"
                      href: network-security-lan-manager-authentication-level.md
                    - name: "Network security: LDAP client signing requirements"
                      href: network-security-ldap-client-signing-requirements.md
                    - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
                      href: network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
                    - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
                      href: network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
                    - name: "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication"
                      href: network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
                    - name: "Network security: Restrict NTLM: Add server exceptions in this domain"
                      href: network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
                    - name: "Network security: Restrict NTLM: Audit incoming NTLM traffic"
                      href: network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
                    - name: "Network security: Restrict NTLM: Audit NTLM authentication in this domain"
                      href: network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
                    - name: "Network security: Restrict NTLM: Incoming NTLM traffic"
                      href: network-security-restrict-ntlm-incoming-ntlm-traffic.md
                    - name: "Network security: Restrict NTLM: NTLM authentication in this domain"
                      href: network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
                    - name: "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers"
                      href: network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
                    - name: "Recovery console: Allow automatic administrative logon"
                      href: recovery-console-allow-automatic-administrative-logon.md
                    - name: "Recovery console: Allow floppy copy and access to all drives and folders"
                      href: recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
                    - name: "Shutdown: Allow system to be shut down without having to log on"
                      href: shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
                    - name: "Shutdown: Clear virtual memory pagefile"
                      href: shutdown-clear-virtual-memory-pagefile.md
                    - name: "System cryptography: Force strong key protection for user keys stored on the computer"
                      href: system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
                    - name: "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"
                      href: system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
                    - name: "System objects: Require case insensitivity for non-Windows subsystems"
                      href: system-objects-require-case-insensitivity-for-non-windows-subsystems.md
                    - name: "System objects: Strengthen default permissions of internal system objects (Symbolic Links)"
                      href: system-objects-strengthen-default-permissions-of-internal-system-objects.md
                    - name: "System settings: Optional subsystems"
                      href: system-settings-optional-subsystems.md
                    - name: "System settings: Use certificate rules on Windows executables for Software Restriction Policies"
                      href: system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
                    - name: "User Account Control: Admin Approval Mode for the Built-in Administrator account"
                      href: user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
                    - name: "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop"
                      href: user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
                    - name: "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"
                      href: user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
                    - name: "User Account Control: Behavior of the elevation prompt for standard users"
                      href: user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
                    - name: "User Account Control: Detect application installations and prompt for elevation"
                      href: user-account-control-detect-application-installations-and-prompt-for-elevation.md
                    - name: "User Account Control: Only elevate executables that are signed and validated"
                      href: user-account-control-only-elevate-executables-that-are-signed-and-validated.md
                    - name: "User Account Control: Only elevate UIAccess applications that are installed in secure locations"
                      href: user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
                    - name: "User Account Control: Run all administrators in Admin Approval Mode"
                      href: user-account-control-run-all-administrators-in-admin-approval-mode.md
                    - name: "User Account Control: Switch to the secure desktop when prompting for elevation"
                      href: user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
                    - name: "User Account Control: Virtualize file and registry write failures to per-user locations"
                      href: user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
                - name: Advanced security audit policy settings
                  href: secpol-advanced-security-audit-policy-settings.md
                - name: User Rights Assignment
                  href: user-rights-assignment.md
                  items: 
                    - name: Access Credential Manager as a trusted caller
                      href: access-credential-manager-as-a-trusted-caller.md
                    - name: Access this computer from the network
                      href: access-this-computer-from-the-network.md
                    - name: Act as part of the operating system
                      href: act-as-part-of-the-operating-system.md
                    - name: Add workstations to domain
                      href: add-workstations-to-domain.md
                    - name: Adjust memory quotas for a process
                      href: adjust-memory-quotas-for-a-process.md
                    - name: Allow log on locally
                      href: allow-log-on-locally.md
                    - name: Allow log on through Remote Desktop Services
                      href: allow-log-on-through-remote-desktop-services.md
                    - name: Back up files and directories
                      href: back-up-files-and-directories.md
                    - name: Bypass traverse checking
                      href: bypass-traverse-checking.md
                    - name: Change the system time
                      href: change-the-system-time.md
                    - name: Change the time zone
                      href: change-the-time-zone.md
                    - name: Create a pagefile
                      href: create-a-pagefile.md
                    - name: Create a token object
                      href: create-a-token-object.md
                    - name: Create global objects
                      href: create-global-objects.md
                    - name: Create permanent shared objects
                      href: create-permanent-shared-objects.md
                    - name: Create symbolic links
                      href: create-symbolic-links.md
                    - name: Debug programs
                      href: debug-programs.md
                    - name: Deny access to this computer from the network
                      href: deny-access-to-this-computer-from-the-network.md
                    - name: Deny log on as a batch job
                      href: deny-log-on-as-a-batch-job.md
                    - name: Deny log on as a service
                      href: deny-log-on-as-a-service.md
                    - name: Deny log on locally
                      href: deny-log-on-locally.md
                    - name: Deny log on through Remote Desktop Services
                      href: deny-log-on-through-remote-desktop-services.md
                    - name: Enable computer and user accounts to be trusted for delegation
                      href: enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
                    - name: Force shutdown from a remote system
                      href: force-shutdown-from-a-remote-system.md
                    - name: Generate security audits
                      href: generate-security-audits.md
                    - name: Impersonate a client after authentication
                      href: impersonate-a-client-after-authentication.md
                    - name: Increase a process working set
                      href: increase-a-process-working-set.md
                    - name: Increase scheduling priority
                      href: increase-scheduling-priority.md
                    - name: Load and unload device drivers
                      href: load-and-unload-device-drivers.md
                    - name: Lock pages in memory
                      href: lock-pages-in-memory.md
                    - name: Log on as a batch job
                      href: log-on-as-a-batch-job.md
                    - name: Log on as a service
                      href: log-on-as-a-service.md
                    - name: Manage auditing and security log
                      href: manage-auditing-and-security-log.md
                    - name: Modify an object label
                      href: modify-an-object-label.md
                    - name: Modify firmware environment values
                      href: modify-firmware-environment-values.md
                    - name: Perform volume maintenance tasks
                      href: perform-volume-maintenance-tasks.md
                    - name: Profile single process
                      href: profile-single-process.md
                    - name: Profile system performance
                      href: profile-system-performance.md
                    - name: Remove computer from docking station
                      href: remove-computer-from-docking-station.md
                    - name: Replace a process level token
                      href: replace-a-process-level-token.md
                    - name: Restore files and directories
                      href: restore-files-and-directories.md
                    - name: Shut down the system
                      href: shut-down-the-system.md
                    - name: Synchronize directory service data
                      href: synchronize-directory-service-data.md
                    - name: Take ownership of files or other objects
                      href: take-ownership-of-files-or-other-objects.md
        - name: Windows security
          href: /windows/security/
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@ -1,5 +1,8 @@
 - name: Application Control for Windows
  href: index.yml
 - name: About application control for Windows
  href: windows-defender-application-control.md
  expanded: true
  items: 
    - name: WDAC and AppLocker Overview
      href: wdac-and-applocker-overview.md
@ -292,3 +295,6 @@
                  href: applocker\using-event-viewer-with-applocker.md
            - name: AppLocker Settings
              href: applocker\applocker-settings.md
 - name: Windows security
  href: /windows/security/
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml
@ -1,186 +0,0 @@
 - name: AppLocker
  href: applocker-overview.md
  items: 
    - name: Administer AppLocker
      href: administer-applocker.md
      items: 
        - name: Maintain AppLocker policies
          href: maintain-applocker-policies.md
        - name: Edit an AppLocker policy
          href: edit-an-applocker-policy.md
        - name: Test and update an AppLocker policy
          href: test-and-update-an-applocker-policy.md
        - name: Deploy AppLocker policies by using the enforce rules setting
          href: deploy-applocker-policies-by-using-the-enforce-rules-setting.md
        - name: Use the AppLocker Windows PowerShell cmdlets
          href: use-the-applocker-windows-powershell-cmdlets.md
        - name: Use AppLocker and Software Restriction Policies in the same domain
          href: use-applocker-and-software-restriction-policies-in-the-same-domain.md
        - name: Optimize AppLocker performance
          href: optimize-applocker-performance.md
        - name: Monitor app usage with AppLocker
          href: monitor-application-usage-with-applocker.md
        - name: Manage packaged apps with AppLocker
          href: manage-packaged-apps-with-applocker.md
        - name: Working with AppLocker rules
          href: working-with-applocker-rules.md
          items: 
            - name: Create a rule that uses a file hash condition
              href: create-a-rule-that-uses-a-file-hash-condition.md
            - name: Create a rule that uses a path condition
              href: create-a-rule-that-uses-a-path-condition.md
            - name: Create a rule that uses a publisher condition
              href: create-a-rule-that-uses-a-publisher-condition.md
            - name: Create AppLocker default rules
              href: create-applocker-default-rules.md
            - name: Add exceptions for an AppLocker rule
              href: configure-exceptions-for-an-applocker-rule.md
            - name: Create a rule for packaged apps
              href: create-a-rule-for-packaged-apps.md
            - name: Delete an AppLocker rule
              href: delete-an-applocker-rule.md
            - name: Edit AppLocker rules
              href: edit-applocker-rules.md
            - name: Enable the DLL rule collection
              href: enable-the-dll-rule-collection.md
            - name: Enforce AppLocker rules
              href: enforce-applocker-rules.md
            - name: Run the Automatically Generate Rules wizard
              href: run-the-automatically-generate-rules-wizard.md
        - name: Working with AppLocker policies
          href: working-with-applocker-policies.md
          items: 
            - name: Configure the Application Identity service
              href: configure-the-application-identity-service.md
            - name: Configure an AppLocker policy for audit only
              href: configure-an-applocker-policy-for-audit-only.md
            - name: Configure an AppLocker policy for enforce rules
              href: configure-an-applocker-policy-for-enforce-rules.md
            - name: Display a custom URL message when users try to run a blocked app
              href: display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
            - name: Export an AppLocker policy from a GPO
              href: export-an-applocker-policy-from-a-gpo.md
            - name: Export an AppLocker policy to an XML file
              href: export-an-applocker-policy-to-an-xml-file.md
            - name: Import an AppLocker policy from another computer
              href: import-an-applocker-policy-from-another-computer.md
            - name: Import an AppLocker policy into a GPO
              href: import-an-applocker-policy-into-a-gpo.md
            - name: Add rules for packaged apps to existing AppLocker rule-set
              href: add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
            - name: Merge AppLocker policies by using Set-ApplockerPolicy
              href: merge-applocker-policies-by-using-set-applockerpolicy.md
            - name: Merge AppLocker policies manually
              href: merge-applocker-policies-manually.md
            - name: Refresh an AppLocker policy
              href: refresh-an-applocker-policy.md
            - name: Test an AppLocker policy by using Test-AppLockerPolicy
              href: test-an-applocker-policy-by-using-test-applockerpolicy.md
    - name: AppLocker design guide
      href: applocker-policies-design-guide.md
      items: 
        - name: Understand AppLocker policy design decisions
          href: understand-applocker-policy-design-decisions.md
        - name: Determine your application control objectives
          href: determine-your-application-control-objectives.md
        - name: Create a list of apps deployed to each business group
          href: create-list-of-applications-deployed-to-each-business-group.md
          items: 
            - name: Document your app list
              href: document-your-application-list.md
        - name: Select the types of rules to create
          href: select-types-of-rules-to-create.md
          items: 
            - name: Document your AppLocker rules
              href: document-your-applocker-rules.md
        - name: Determine the Group Policy structure and rule enforcement
          href: determine-group-policy-structure-and-rule-enforcement.md
          items: 
            - name: Understand AppLocker enforcement settings
              href: understand-applocker-enforcement-settings.md
            - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy
              href: understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
            - name: Document the Group Policy structure and AppLocker rule enforcement
              href: document-group-policy-structure-and-applocker-rule-enforcement.md
        - name: Plan for AppLocker policy management
          href: plan-for-applocker-policy-management.md
    - name: AppLocker deployment guide
      href: applocker-policies-deployment-guide.md
      items: 
        - name: Understand the AppLocker policy deployment process
          href: understand-the-applocker-policy-deployment-process.md
        - name: Requirements for Deploying AppLocker Policies
          href: requirements-for-deploying-applocker-policies.md
        - name: Use Software Restriction Policies and AppLocker policies
          href: using-software-restriction-policies-and-applocker-policies.md
        - name: Create Your AppLocker policies
          href: create-your-applocker-policies.md
          items: 
            - name: Create Your AppLocker rules
              href: create-your-applocker-rules.md
        - name: Deploy the AppLocker policy into production
          href: deploy-the-applocker-policy-into-production.md
          items: 
            - name: Use a reference device to create and maintain AppLocker policies
              href: use-a-reference-computer-to-create-and-maintain-applocker-policies.md
            - name: Determine which apps are digitally signed on a reference device
              href: determine-which-applications-are-digitally-signed-on-a-reference-computer.md
        - name: Configure the AppLocker reference device
          href: configure-the-appLocker-reference-device.md
    - name: AppLocker technical reference
      href: applocker-technical-reference.md
      items: 
        - name: What Is AppLocker?
          href: what-is-applocker.md
        - name: Requirements to use AppLocker
          href: requirements-to-use-applocker.md
        - name: AppLocker policy use scenarios
          href: applocker-policy-use-scenarios.md
        - name: How AppLocker works
          href: how-applocker-works-techref.md
          items: 
            - name: Understanding AppLocker rule behavior
              href: understanding-applocker-rule-behavior.md
            - name: Understanding AppLocker rule exceptions
              href: understanding-applocker-rule-exceptions.md
            - name: Understanding AppLocker rule collections
              href: understanding-applocker-rule-collections.md
            - name: Understanding AppLocker allow and deny actions on rules
              href: understanding-applocker-allow-and-deny-actions-on-rules.md
            - name: Understanding AppLocker rule condition types
              href: understanding-applocker-rule-condition-types.md
              items: 
                - name: Understanding the publisher rule condition in AppLocker
                  href: understanding-the-publisher-rule-condition-in-applocker.md
                - name: Understanding the path rule condition in AppLocker
                  href: understanding-the-path-rule-condition-in-applocker.md
                - name: Understanding the file hash rule condition in AppLocker
                  href: understanding-the-file-hash-rule-condition-in-applocker.md
            - name: Understanding AppLocker default rules
              href: understanding-applocker-default-rules.md
              items: 
                - name: Executable rules in AppLocker
                  href: executable-rules-in-applocker.md
                - name: Windows Installer rules in AppLocker
                  href: windows-installer-rules-in-applocker.md
                - name: Script rules in AppLocker
                  href: script-rules-in-applocker.md
                - name: DLL rules in AppLocker
                  href: dll-rules-in-applocker.md
                - name: Packaged apps and packaged app installer rules in AppLocker
                  href: packaged-apps-and-packaged-app-installer-rules-in-applocker.md
        - name: AppLocker architecture and components
          href: applocker-architecture-and-components.md
        - name: AppLocker processes and interactions
          href: applocker-processes-and-interactions.md
        - name: AppLocker functions
          href: applocker-functions.md
        - name: Security considerations for AppLocker
          href: security-considerations-for-applocker.md
        - name: Tools to Use with AppLocker
          href: tools-to-use-with-applocker.md
          items: 
            - name: Using Event Viewer with AppLocker
              href: using-event-viewer-with-applocker.md
        - name: AppLocker Settings
          href: applocker-settings.md
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@ -0,0 +1,117 @@
 ### YamlMime:Landing
 title: Application Control for Windows
 metadata:
  title: Application Control for Windows
  description: Landing page for Windows Defender Application Control
 # services: service
 # ms.service: microsoft-WDAC-AppLocker
 # ms.subservice: Application-Control
 # ms.topic: landing-page
 # author: Kim Klein
 # ms.author: Jordan Geurten 
 # manager: Jeffrey Sutherland
 # ms.update: 04/30/2021
 # linkListType: overview | how-to-guide | tutorial | video
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card
  - title: Learn about Application Control
    linkLists:
      - linkListType: overview
        links:
          - text: What is Windows Defender Application Control (WDAC)?
            url: wdac-and-applocker-overview.md
          - text: What is AppLocker?
            url: applocker\applocker-overview.md
          - text: WDAC and AppLocker feature availability
            url: feature-availability.md  
  # Card               
  - title: Learn about Policy Design
    linkLists:
      - linkListType: overview
        links:
          - text: Using code signing to simplify application control
            url: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
          - text: Microsoft's Recommended Blocklist
            url: microsoft-recommended-block-rules.md
          - text: Microsoft's Recommended Driver Blocklist
            url: microsoft-recommended-driver-block-rules.md
          - text: Example WDAC policies
            url: example-wdac-base-policies.md
          - text: LOB Win32 apps on S Mode
            url: LOB-win32-apps-on-s.md
          - text: Managing multiple policies
            url: deploy-multiple-windows-defender-application-control-policies.md
      - linkListType: how-to-guide
        links:
          - text: Create a WDAC policy for a lightly managed device
            url: create-wdac-policy-for-lightly-managed-devices.md
          - text: Create a WDAC policy for a fully managed device
            url: create-wdac-policy-for-fully-managed-devices.md
          - text: Create a WDAC policy for a fixed-workload
            url: create-initial-default-policy.md
          - text: Deploying catalog files for WDAC management
            url: deploy-catalog-files-to-support-windows-defender-application-control.md
          - text: Using the WDAC Wizard
            url: wdac-wizard.md
      #- linkListType: Tutorial (videos)
      #  links:
      #    - text: Using the WDAC Wizard
      #      url:  video md
      #    - text: Specifying custom values
      #      url:  video md
  # Card
  - title: Learn about Policy Configuration
    linkLists:
      - linkListType: overview
        links:
          - text: Understanding policy and file rules
            url: select-types-of-rules-to-create.md
      - linkListType: how-to-guide
        links:
          - text: Allow managed installer and configure managed installer rules
            url: configure-authorized-apps-deployed-with-a-managed-installer.md
          - text: Allow reputable apps with ISG
            url: use-windows-defender-application-control-with-intelligent-security-graph.md
          - text: Managed MSIX and Appx Packaged Apps
            url: manage-packaged-apps-with-windows-defender-application-control.md
          - text: Allow com object registration
            url: allow-com-object-registration-in-windows-defender-application-control-policy.md
          - text: Manage plug-ins, add-ins and modules
            url: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
  # Card
  - title: Learn how to deploy WDAC Policies
    linkLists:
      - linkListType: overview
        links:
          - text: Using signed policies to protect against tampering
            url: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
          - text: Audit and enforce policies
            url: audit-and-enforce-windows-defender-application-control-policies.md
          - text: Disabling WDAC policies
            url: disable-windows-defender-application-control-policies.md
      - linkListType: tutorial
        links:
          - text: Deployment with MDM
            url: deploy-windows-defender-application-control-policies-using-intune.md
          - text: Deployment with MEMCM
            url: deployment/deploy-wdac-policies-with-memcm.md
          - text: Deployment with script and refresh policy
            url: deployment/deploy-wdac-policies-with-script.md
          - text: Deployment with Group Policy
            url: deploy-windows-defender-application-control-policies-using-group-policy.md
  # Card
  - title: Learn how to monitor WDAC events
    linkLists:
      - linkListType: overview
        links:
          - text: Understanding event IDs
            url: event-id-explanations.md
          - text: Understanding event Tags
            url: event-tag-explanations.md
      - linkListType: how-to-guide
        links:
          - text: Querying events using advanced hunting
            url: querying-application-control-events-centrally-using-advanced-hunting.md
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
@ -10,10 +10,10 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date:
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
@ -21,36 +21,36 @@ ms.technology: mde
 **Applies to**
- Windows 10, version 1803 and later
+- Windows 10
 - Windows 11
-
+The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list: 
 The **Account protection** section contains information and settings for account protection and sign in. IT administrators and IT pros can get more information and documentation about configuration from the following:
 - [Microsoft Account](https://account.microsoft.com/account/faq)
 - [Windows Hello for Business](../../identity-protection/hello-for-business/hello-identity-verification.md)
 - [Lock your Windows 10 PC automatically when you step away from it](https://support.microsoft.com/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from)
-You can also choose to hide the section from users of the machine. This can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+You can also choose to hide the section from users of the device. This is useful if you don't want your employees to access or view user-configured options for these features.
 ## Hide the Account protection section
-You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigiation bar on the side of the app.
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
-This can only be done in Group Policy.
+You can only configure these settings by using Group Policy.
 >[!IMPORTANT]
 >### Requirements
 >
 >You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
+1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select  **Edit**.
-3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
 5.  Expand the tree to **Windows components > Windows Security > Account protection**.
-6.  Open the **Hide the Account protection area** setting and set it to **Enabled**. Click **OK**.
+6.  Open the **Hide the Account protection area** setting and set it to **Enabled**. Select **OK**.
 7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@ -11,17 +11,18 @@ ms.localizationpriority: medium
 audience: ITPro
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 # App and browser control
 **Applies to**
- Windows 10, version 1703 and later
+- Windows 10
 - Windows 11
 The **App and browser control** section contains information and settings for Windows Defender SmartScreen. IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview).
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@ -10,25 +10,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 09/13/2021
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 # Customize the Windows Security app for your organization
 **Applies to**
- Windows 10, version 1709 and later
+- Windows 10
-
+- Windows 11
 **Audience**
 - Enterprise security administrators
 **Manageability available with**
 - Group Policy
 You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
@ -10,10 +10,10 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
@ -21,7 +21,8 @@ ms.technology: mde
 **Applies to**
- Windows 10, version 1703 and later
+- Windows 10
 - Windows 11
 The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they are seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Endpoint Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
@ -10,17 +10,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 10/02/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 # Device security
 **Applies to**
- Windows 10, version 1803 and later
+- Windows 10
 - Windows 11
 The **Device security** section contains information and settings for built-in device security.
@ -28,7 +29,7 @@ You can choose to hide the section from users of the machine. This can be useful
 ## Hide the Device security section
-You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigiation bar on the side of the app.
+You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigation bar on the side of the app.
 This can only be done in Group Policy.
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
@ -10,10 +10,10 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
@ -21,8 +21,8 @@ ms.technology: mde
 **Applies to**
- Windows 10, version 1703 and later
+- Windows 10
-
+- Windows 11
 The **Family options** section contains links to settings and further information for parents of a Windows 10 PC. It is not generally intended for enterprise or business environments.
@ -33,7 +33,7 @@ In Windows 10, version 1709, the section can be hidden from users of the machine
 ## Hide the Family options section
-You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigiation bar on the side of the app.
+You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigation bar on the side of the app.
 This can only be done in Group Policy.
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
@ -9,10 +9,10 @@ ms.sitesec: library
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date:
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
@ -20,8 +20,8 @@ ms.technology: mde
 **Applies to**
- Windows 10, version 1703 and later
+- Windows 10
-
+- Windows 11
 The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Defender Firewall and any other third-party firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](../windows-firewall/windows-firewall-with-advanced-security.md).
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@ -10,25 +10,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 07/23/2020
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 # Hide Windows Security app notifications
 **Applies to**
- Windows 10, version 1809 and above
+- Windows 10
-
+- Windows 11
 **Audience**
 - Enterprise security administrators
 **Manageability available with**
 - Group Policy
 The Windows Security app is used by a number of Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@ -12,16 +12,15 @@ author: dansimp
 ms.author: dansimp
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 # Virus and threat protection
 **Applies to**
- Windows 10, version 1703 and later
+- Windows 10
-
+- Windows 11
 The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products.
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@ -22,19 +22,11 @@ ms.technology: mde
 - Windows 10 in S mode, version 1803
 **Audience**
 - Enterprise security administrators
 **Manageability available with**
 - Microsoft Intune
 Windows 10 in S mode is streamlined for tighter security and superior performance. With Windows 10 in S mode, users can only use apps from the Microsoft Store, ensuring Microsoft-verified security so you can minimize malware attacks. In addition, using Microsoft Edge provides a more secure browser experience, with extra protections against phishing and malicious software.
 The Windows Security interface is a little different in Windows 10 in S mode. The **Virus & threat protection** area has fewer options, because the built-in security of Windows 10 in S mode prevents viruses and other threats from running on devices in your organization. In addition, devices running Windows 10 in S mode receive security updates automatically.
-![Screen shot of the Windows Security app Virus & threat protection area in Windows 10 in S mode.](images/security-center-virus-and-threat-protection-windows-10-in-s-mode.png)
+:::image type="content" alt-text="Screen shot of the Windows Security app Virus & threat protection area in Windows 10 in S mode." source="images/security-center-virus-and-threat-protection-windows-10-in-s-mode.png":::
 For more information about Windows 10 in S mode, including how to switch out of S mode, see [Windows 10 Pro/Enterprise in S mode](/windows/deployment/windows-10-pro-in-s-mode).
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@ -11,14 +11,15 @@ author: dansimp
 ms.author: dansimp
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 # The Windows Security app
 **Applies to**
- Windows 10, version 1703 and later
+- Windows 10
 - Windows 11
 This library describes the Windows Security app, and provides information on configuring certain features, including:
--- a/windows/security/threat-protection/windows-firewall/TOC.yml
+++ b/windows/security/threat-protection/windows-firewall/TOC.yml
@ -250,3 +250,5 @@
          href: quarantine.md
        - name: Firewall settings lost on upgrade
          href: firewall-settings-lost-on-upgrade.md
 - name: Windows security
  href: /windows/security/
--- a/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml
+++ b/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml
@ -1,9 +0,0 @@
 - name: Windows security guidance for enterprises
  items: 
    - name: Windows security baselines
      href: windows-security-baselines.md
      items: 
        - name: Security Compliance Toolkit
          href: security-compliance-toolkit-10.md
        - name: Get support
          href: get-support-for-security-baselines.md
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@ -11,22 +11,17 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 06/25/2018
+ms.date: 
 ms.reviewer: 
 ms.technology: mde
 ---
 # Windows security baselines
 **Applies to**  
 -   Windows 10
 -   Windows Server 2016 
 -   Office 2016 
 ## Using security baselines in your organization 
-Microsoft is dedicated to providing its customers with secure operating systems, such as Windows 10 and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities. 
+Microsoft is dedicated to providing its customers with secure operating systems, such as Windows and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities. 
 Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security configurations. To navigate the large number of controls, organizations need guidance on configuring various security features. Microsoft provides this guidance in the form of security baselines.
@ -56,12 +51,13 @@ You can use security baselines to:
 ## Where can I get the security baselines? 
-You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing  baselines in addition to the security baselines.
+There are several ways to get and use security baselines:
-The security baselines are included in the [Security Compliance Toolkit (SCT)](security-compliance-toolkit-10.md), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines. 
+1. You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing  baselines in addition to the security baselines. The security baselines are included in the [Security Compliance Toolkit (SCT)](security-compliance-toolkit-10.md), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines. You can also [Get Support for the security baselines](get-support-for-security-baselines.md) 
-[![Security Compliance Toolkit.](./../images/security-compliance-toolkit-1.png)](security-compliance-toolkit-10.md) 
+2. [MDM (Mobile Device Management) security baselines](/windows/client-management/mdm/#mdm-security-baseline.md) function like the Microsoft group policy-based security baselines and can easily integrate this into an existing MDM management tool. 
-[![Get Support.](./../images/get-support.png)](get-support-for-security-baselines.md) 
+
 3. MDM Security baselines can easily be configures in Microsoft Endpoint Manager on devices that run Windows 10 and 11. The following article provides the detail steps: [Windows MDM (Mobile Device Management) baselines](/mem/intune/protect/security-baseline-settings-mdm-all.md).
 ## Community
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@ -0,0 +1,40 @@
 ---
 title: Secure Boot and Trusted Boot
 description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
 search.appverid: MET150 
 author: denisebmsft
 ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2021
 ms.prod: m365-security
 ms.technology: windows-sec
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
 ms.reviewer: jsuther
 f1.keywords: NOCSH  
 ---
 # Secure Boot and Trusted Boot
 *This article describes Secure Boot and Trusted Boot, security measures built into Windows 11.*
 Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 ## Secure Boot
 The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
 As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader’s digital signature to ensure that it is trusted by the Secure Boot policy and hasn’t been tampered with. 
 ## Trusted Boot
 Trusted Boot picks up the process that started with Secure Boot. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
 Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
 ## See also
 [Secure the Windows boot process](information-protection/secure-the-windows-10-boot-process.md)
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@ -0,0 +1,71 @@
 ---
 title: Zero Trust and Windows device health 
 description: Describes the process of Windows device health attestation
 ms.reviewer: 
 ms.topic: article
 manager: dansimp
 ms.author: dansimp
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
 ---
 # Zero Trust and Windows device health
 Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps addresses today's complex environments.
 The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) principles are:
 - **Verify explicitly**. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and monitor anomalies.
 - **Use least-privileged access**. Limit user access with just-in-time and just-enough-access, risk-based adaptive policies, and data protection to help secure data and maintain productivity.
 - **Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
 The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows enables **device health attestation** and **conditional access** capabilities, which are used to grant access to corporate resources. 
 [Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they are granted access to corporate resources. 
 Windows 11 supports device health attestation, helping to confirm that devices are in a good state and have not been tampered with. This capability helps users access corporate resources whether they’re in the office, at home, or when they’re traveling.
 Attestation helps verify the identity and status of essential components and that the device, firmware, and boot process have not been altered. Information about the firmware, boot process, and software, is used to validate the security state of the device. This information is cryptographically stored in the security co-processor Trusted Platform Module (TPM). Once the device is attested, it can be granted access to resources.
 ## Device health attestation on Windows
 Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
 - If the device can be trusted
 - If the operating system booted correctly
 - If the OS has the right set of security features enabled
 These determinations are made with the help of a secure root of trust using the Trusted Platform Module (TPM). Devices can attest that the TPM is enabled, and that the device has not been tampered with.
 Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, Early-launch antimalware (ELAM), Dynamic Root of Trust for Measurement (DRTM), Trusted Boot, and other low-level hardware and firmware security features. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configuration to help keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your system's boot, allowing specific entities to trust the device.
 A summary of the steps involved in attestation and Zero Trust on the device side are as follows:
 1. During each step of the boot process, such as a file load, update of special variables, and more, information such as file hashes and signature are measured in the TPM PCRs. The measurements are bound by a [Trusted Computing Group specification](https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/) (TCG) that dictates what events can be recorded and the format of each event.
 2. Once Windows has booted, the attestor/verifier requests the TPM to fetch the measurements stored in its Platform Configuration Register (PCR) alongside a TCG log. Both of these together form the attestation evidence that is then sent to the attestation service.
 3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation).
 4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manger (MEM) integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with AAD conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device.
 5. The attestation service does the following:
    - Verify the integrity of the evidence. This is done by validating the PCRs that match the values recomputed by replaying the TCG log.
    - Verify that the TPM has a valid Attestation Identity Key issued by the authenticated TPM.
    - Verify that the security features are in the expected states.
 6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service.
 7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
 8. Conditional access, along with device-compliance state then decides to allow or deny access.
 ## Other Resources
 Learn more about Microsoft Zero Trust solutions in the [Zero Trust Guidance Center](/security/zero-trust/).