Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into security-book-24

windows/client-management/mdm/index.yml

@@ -9,7 +9,7 @@ metadata:
   ms.topic: landing-page
   ms.collection:
     - tier1
-  ms.date: 10/25/2023
+  ms.date: 10/07/2024
   ms.localizationpriority: medium
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -27,8 +27,8 @@ landingContent:
             url: configuration-service-provider-support.md
           - text: Device description framework (DDF) files
             url: configuration-service-provider-ddf.md
-          - text: BitLocker CSP
-            url: bitlocker-csp.md
+          - text: Contribute to CSP reference
+            url: contribute-csp-reference.md
           - text: Declared Configuration protocol
             url: ../declared-configuration.md
 
@@ -42,8 +42,8 @@ landingContent:
             url: policy-configuration-service-provider.md
           - text: Policy DDF file
             url: configuration-service-provider-ddf.md
-          - text: Policy CSP - Start
-            url: policy-csp-start.md
+          - text: Policy CSP - Defender
+            url: policy-csp-defender.md
           - text: Policy CSP - Update
             url: policy-csp-update.md
 

windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md

@@ -1454,6 +1454,8 @@ Interactive logon: Message text for users attempting to log on This security set
 
 <!-- InteractiveLogon_MessageTextForUsersAttemptingToLogOn-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!IMPORTANT]
+> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. For more information, see [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot).
 <!-- InteractiveLogon_MessageTextForUsersAttemptingToLogOn-Editable-End -->
 
 <!-- InteractiveLogon_MessageTextForUsersAttemptingToLogOn-DFProperties-Begin -->
@@ -1503,6 +1505,8 @@ Interactive logon: Message title for users attempting to log on This security se
 
 <!-- InteractiveLogon_MessageTitleForUsersAttemptingToLogOn-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!IMPORTANT]
+> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. For more information, see [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot).
 <!-- InteractiveLogon_MessageTitleForUsersAttemptingToLogOn-Editable-End -->
 
 <!-- InteractiveLogon_MessageTitleForUsersAttemptingToLogOn-DFProperties-Begin -->

windows/deployment/do/whats-new-do.md

@@ -43,8 +43,8 @@ There are two different versions:
 
 ### Windows 11 22H2
 
-- New setting: Customize vpn detection by choosing custom keywords. Now, you don't have to rely on Delivery Optimization keywords to detect your Vpn. By using the new VpnKeywords configuration you can add keywords for Delivery Optimization to use when detecting a Vpn when in use. You can find this configuration **[VPN Keywords](waas-delivery-optimization-reference.md#vpn-keywords)** in Group Policy or MDM under **DOVpnKeywords**.
-- New setting: Use the disallow downloads from a connected cache server, when a Vpn is detected and you want to prevent the download from the connected cache server. You can find this configuration **[Disallow download from MCC over VPN](waas-delivery-optimization-reference.md#disallow-cache-server-downloads-on-vpn) in Group Policy or MDM under **DODisallowCacheServerDownloadsOnVPN**.
+- New setting: Customize VPN detection by choosing custom keywords. Now, you don't have to rely on Delivery Optimization keywords to detect your VPN. By using the new VpnKeywords setting, you can add keywords for Delivery Optimization to use to detect when a VPN is in use. You can find this configuration **[VPN Keywords](waas-delivery-optimization-reference.md#vpn-keywords)** in Group Policy or MDM under **DOVpnKeywords**.
+- New setting: Use the disallow downloads from a connected cache server, when a VPN is detected and you want to prevent the download from the connected cache server. You can find this configuration **[Disallow download from MCC over VPN](waas-delivery-optimization-reference.md#disallow-cache-server-downloads-on-vpn)** in Group Policy or MDM under **DODisallowCacheServerDownloadsOnVPN**.
 - Delivery Optimization introduced support for receiver side ledbat (rLEDBAT).
 - New setting: Local Peer Discovery, a new option for **[Restrict Peer Selection By](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection)** in Group Policy or MDM **DORestrictPeerSelectionBy**. This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization restricts peer selection to peers that are locally discovered (using DNS-SD).
 

windows/deployment/usmt/usmt-recognized-environment-variables.md

@@ -66,8 +66,8 @@ These variables can be used within sections in the **.xml** files with `context=
 |*CSIDL_DEFAULT_TEMPLATES*|Refers to the Templates folder inside `%DEFAULTUSERPROFILE%`.|
 |*CSIDL_DEFAULT_QUICKLAUNCH*|Refers to the Quick Launch folder inside `%DEFAULTUSERPROFILE%`.|
 |*CSIDL_FONTS*|A virtual folder containing fonts. A typical path is `C:\Windows\Fonts`.|
-|*CSIDL_PROGRAM_FILESX86*|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files(86)`.|
-|*CSIDL_PROGRAM_FILES_COMMONX86*|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files(86)\Common`.|
+|*CSIDL_PROGRAM_FILESX86*|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files (x86)`.|
+|*CSIDL_PROGRAM_FILES_COMMONX86*|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files (x86)\Common`.|
 |*CSIDL_PROGRAM_FILES*|The Program Files folder. A typical path is `C:\Program Files`.|
 |*CSIDL_PROGRAM_FILES_COMMON*|A folder for components that are shared across applications. A typical path is `C:\Program Files\Common`.|
 |*CSIDL_RESOURCES*|The file-system directory that contains resource data. A typical path is `C:\Windows\Resources`.|

windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md

@@ -41,7 +41,7 @@ The overall device registration process is as follows:
 :::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
 
 1. IT admin reviews [Windows Autopatch device registration prerequisites](#prerequisites-for-device-registration) before registering devices with Windows Autopatch.
-2. IT admin identifies and adds devices or nests other Microsoft Entra device groups into any Microsoft Entra group used with an Autopatch group, imported (WUfB) policies, or direct membership to the **Modern Workplace Devices-Windows-Autopatch-X-groups**.
+2. IT admin identifies and adds devices, or nests other Microsoft Entra device groups when you [create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group), [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group), or import Windows Update for Business (WUfB) policies.
 3. Windows Autopatch then:
     1. Performs device readiness prior registration (prerequisite checks).
     2. Calculates the deployment ring distribution.
@@ -77,7 +77,7 @@ The deployment ring distribution is designed to release software update deployme
 
 ### Device record and deployment ring assignment
 
-Registering your devices with Windows Autopatch does the following:
+When you register your devices, Windows Autopatch:
 
 1. Makes a record of devices in the service.
 2. Assign devices to the [deployment ring set](#default-deployment-ring-calculation-logic) and other groups required for software update management.

windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md

@@ -1,7 +1,7 @@
 ---
 title: Windows quality update end user experience
 description: This article explains the Windows quality update end user experience
-ms.date: 09/16/2024
+ms.date: 10/07/2024
 ms.service: windows-client
 ms.subservice: autopatch
 ms.topic: conceptual
@@ -32,9 +32,7 @@ In this section we review what an end user would see in the following three scen
 
 ### Typical update experience
 
-The Windows quality update is published and devices in the Broad ring have a deferral period of nine days. Devices wait nine days before downloading the latest quality update.
-
-In the following example, the user:
+In the following example, the Windows quality update is published and devices in the Broad ring have a deferral period of seven days. Devices wait seven days before downloading the latest quality update.
 
 | Day | Description |
 | --- | --- |
@@ -46,7 +44,7 @@ In the following example, the user:
 
 ### Quality update deadline forces an update
 
-In the following example, the user:
+In the following example:
 
 | Day | Description |
 | --- | --- |
@@ -58,7 +56,7 @@ In the following example, the user:
 
 ### Quality update grace period
 
-In the following example, the user:
+In the following example:
 
 | Day | Description |
 | --- | --- |

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md

@@ -1,7 +1,7 @@
 ---
 title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 12/14/2023
+ms.date: 10/07/2024
 ms.service: windows-client
 ms.subservice: autopatch
 ms.topic: whats-new

windows/privacy/required-windows-11-diagnostic-events-and-fields.md

@@ -7,7 +7,7 @@ ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: laurawi
-ms.date: 10/01/2024
+ms.date: 10/08/2024
 ms.collection: privacy-windows
 ms.topic: reference
 ---
@@ -19,6 +19,8 @@ ms.topic: reference
 
 - Windows 11, version 21H2
 
+> [!IMPORTANT]
+> This version of Windows 11 has reached its end of servicing date. For more information, see [Microsoft Product Lifecyle](/lifecycle/products).
 
 Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
 
@@ -1947,7 +1949,7 @@ Fires at the beginning and end of the HVCI auto-enablement process in sysprep.
 
 The following fields are available:
 
-- **wilActivity**  Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure.
+- **wilActivity**  Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating success or failure.
 
 
 ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled
@@ -5187,7 +5189,7 @@ The following fields are available:
 
 ### Update360Telemetry.UpdateAgentMitigationSummary
 
-This event sends a summary of all the update agent mitigations available for an this update. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends a summary of all the update agent mitigations available for an update. The data collected with this event is used to help keep Windows secure and up to date.
 
 The following fields are available:
 
@@ -5620,7 +5622,7 @@ The following fields are available:
 - **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
 - **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
 - **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
 - **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
@@ -5667,7 +5669,7 @@ The following fields are available:
 - **pluginFailureCount**  The number of plugins that have failed.
 - **pluginsCount**  The number of plugins.
 - **qualityAssessmentImpact**  WaaS Assessment impact for quality updates.
-- **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
+- **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn it back on.
 - **usingBackupFeatureAssessment**  Relying on backup feature assessment.
 - **usingBackupQualityAssessment**  Relying on backup quality assessment.
 - **usingCachedFeatureAssessment**  WaaS Medic run didn't get OS build age from the network on the previous run.
@@ -5680,7 +5682,7 @@ The following fields are available:
 
 ### Microsoft.Windows.WERVertical.OSCrash
 
-This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
+This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. This is the OneCore version of this event.
 
 The following fields are available:
 
@@ -6110,7 +6112,7 @@ The following fields are available:
 
 - **CatalogId**  The Store Catalog ID for the product being installed.
 - **ProductId**  The Store Product ID for the product being installed.
-- **SkuId**  Specfic edition of the app being updated.
+- **SkuId**  Specific edition of the app being updated.
 
 
 ### Microsoft.Windows.StoreAgent.Telemetry.StateTransition

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md

@@ -87,7 +87,7 @@ An array of folders, each representing a location on the host machine that is sh
 ```xml
 <MappedFolders>
   <MappedFolder>
-    <HostFolder>absolute path to the host folder</HostFolder>
+    <HostFolder>absolute or relative path to the host folder</HostFolder>
     <SandboxFolder>absolute path to the sandbox folder</SandboxFolder>
     <ReadOnly>value</ReadOnly>
   </MappedFolder>