Merge branch 'main' into release-win11-2309

windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md

@@ -225,10 +225,10 @@ Any policies, scripts or settings that create or edit values in the following re
 
 | Key | Description |
 | ----- | ----- |
-| `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState` (Intune MDM only cloud managed)<br><br>`HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate` (If GPO/WSUS/Configuration Manager is deployed) | This key contains general settings for Windows Update, such as the update source, the service branch, and the deferral periods for feature and quality updates. |
-| `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU` (If GPO/WSUS/Configuration Manager is deployed) | This key contains settings for Automatic Updates, such as the schedule, the user interface, and the detection frequency. |
-| `HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update` (GPO/WSUS/Configuration Manager/Intune MDM Managed) | This key contains settings for update policies that are managed by Mobile Device Management (MDM) or Group Policy, such as pausing updates, excluding drivers, or configuring delivery optimization. |
-| `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration` (GPO/Configuration Manager/Intune MDM Managed) | This key contains the registry keys for the Update Channel. This is a dynamic key that changes (depending on the configured settings) and the CDNBaseUrl (set when Microsoft 365 installs on the device).<br><br>Look at the `UpdateChannel` value. The value tells you how frequently Office is updated.<br><br>For more information, see [Manage Microsoft 365 Apps with Configuration Manager](/mem/configmgr/sum/deploy-use/manage-office-365-proplus-updates#bkmk_channel) to review the values, and what they're set to. Windows Autopatch currently supports the Monthly Enterprise Channel. If you opt into Office updates, it should be set to the Monthly Enterprise channel. |
+| `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`<br>(Intune MDM only cloud managed)<br><br>`HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`<br>(If GPO/WSUS/Configuration Manager is deployed) | This key contains general settings for Windows Update, such as the update source, the service branch, and the deferral periods for feature and quality updates. |
+| `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU`<br>(If GPO/WSUS/Configuration Manager is deployed) | This key contains settings for Automatic Updates, such as the schedule, the user interface, and the detection frequency. |
+| `HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update`<br>(GPO/WSUS/Configuration Manager/Intune MDM Managed) | This key contains settings for update policies that are managed by Mobile Device Management (MDM) or Group Policy, such as pausing updates, excluding drivers, or configuring delivery optimization. |
+| `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration`<br>(GPO/Configuration Manager/Intune MDM Managed) | This key contains the registry keys for the Update Channel. This is a dynamic key that changes (depending on the configured settings) and the CDNBaseUrl (set when Microsoft 365 installs on the device).<br><br>Look at the `UpdateChannel` value. The value tells you how frequently Office is updated.<br><br>For more information, see [Manage Microsoft 365 Apps with Configuration Manager](/mem/configmgr/sum/deploy-use/manage-office-365-proplus-updates#bkmk_channel) to review the values, and what they're set to. Windows Autopatch currently supports the Monthly Enterprise Channel. If you opt into Office updates, it should be set to the Monthly Enterprise channel. |
 
 > [!NOTE]
 > For more information about Windows Update Settings for Group Policy and Mobile Device Management (MDM), see [Manage additional Windows Update settings](/windows/deployment/update/waas-wu-settings).

windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md

@@ -68,7 +68,9 @@ To register the applications, follow these steps:
 :::row-end:::
 :::row:::
   :::column span="3":::
-  3. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to confirm consent to both applications to access your organization
+  3. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to confirm consent to both applications to access your organization.
+  >[!NOTE]
+  >After accepance, the redirect page will show a blank page. This is a known behavior.
   :::column-end:::
   :::column span="1":::
     :::image type="content" alt-text="Screenshot showing the PIN reset service permissions final page." source="images/pinreset/pin-reset-service-prompt-2.png" lightbox="images/pinreset/pin-reset-service-prompt-2.png" border="true":::
@@ -178,7 +180,7 @@ The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/a
 
 **Applies to:** Azure AD joined devices
 
-PIN reset on Azure AD-joined devices uses a flow called *web sign-in* to authenticate users in the lock screen. Web sign-in only allows navigation to specific domains. If web sign-in attempts to navigate to a domain that isn't allowed, it displays a page with the error message: *We can't open that page right now*.\
+PIN reset on Azure AD-joined devices uses a flow called *web sign-in* to authenticate users in the lock screen. Web sign-in only allows navigation to specific domains. If web sign-in attempts to navigate to a domain that isn't allowed, it displays a page with the error message: *"We can't open that page right now"*.\
 If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, then you must configure your devices with a policy to allow a list of domains that can be reached during PIN reset flows. When set, it ensures that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
 
 [!INCLUDE [intune-settings-catalog-1](../../../../includes/configure/intune-settings-catalog-1.md)]
@@ -196,7 +198,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
 | <li> OMA-URI: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls` </li><li>Data type: String </li><li>Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com**</li>|
 
 > [!NOTE]
-> For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, "We can't open that page right now." The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy.
+> For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, *"We can't open that page right now"*. The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy.
 
 ## Use PIN reset
 

windows/whats-new/deprecated-features.md

@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
-ms.date: 08/01/2023
+ms.date: 08/17/2023
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
@@ -50,6 +50,7 @@ The features in this article are no longer being actively developed, and might b
 | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
 | Companion Device Framework | The [Companion Device Framework](/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
 | Dynamic Disks | The [Dynamic Disks](/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |
+| Microsoft BitLocker Administration and Monitoring (MBAM)| [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/), part of the [Microsoft Desktop Optimization Pack (MDOP)](/lifecycle/announcements/mdop-extended) is is no longer being developed. | September, 2019 |
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |
 | Package State Roaming (PSR) |  PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user. <br>&nbsp;<br>The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. <br>&nbsp;<br>PSR was removed in Windows 11.| 1909 |