Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into tempctrl-sept-8092554

.openpublishing.redirection.windows-security.json

@@ -80,6 +80,11 @@
       "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/apps.md",
       "redirect_url": "/windows/security/application-security",

includes/licensing/_edition-requirements.md

@@ -1,18 +1,21 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
 |:---|:---:|:---:|:---:|:---:|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
+|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
 |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
+|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
+|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|
 |**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
 |**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes|
 |**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
@@ -28,21 +31,24 @@ ms.topic: include
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](../../windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](../../windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md)**|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
-|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)**|❌|Yes|❌|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|❌|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes|
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
+|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|
+|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|
+|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|
+|**OneFuzz service**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
@@ -50,31 +56,32 @@ ms.topic: include
 |**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
 |**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
 |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
+|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
-|**[Security baselines](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
 |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
+|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|
 |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
+|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
 |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|
+|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](../../windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
 |**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](../../windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)**|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
+|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|

includes/licensing/_licensing-requirements.md

@@ -1,18 +1,21 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---|:---:|:---:|:---:|:---:|:---:|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
 |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
+|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|❌|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
+|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes|
 |**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
@@ -28,21 +31,24 @@ ms.topic: include
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](../../windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**|Yes|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](../../windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md)**|Yes|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
-|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
+|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
@@ -50,31 +56,32 @@ ms.topic: include
 |**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
 |**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
-|**[Security baselines](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
 |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
+|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|Yes|
 |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
 |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](../../windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](../../windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|

includes/licensing/access-control-aclsacl.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Access Control (ACL/SACL):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Access Control (ACL/SACL) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/access-control-aclsscals.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/account-lockout-policy.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/always-on-vpn-device-tunnel.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/app-containers.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support App containers:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+App containers license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/applocker.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support AppLocker:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+AppLocker license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/assigned-access-kiosk-mode.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/attack-surface-reduction-asr.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/azure-code-signing.md

@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Windows containers:
+The following table lists the Windows editions that support Azure Code Signing:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Windows containers license entitlements are granted by the following licenses:
+Azure Code Signing license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

includes/licensing/bitlocker-enablement.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/bitlocker-management.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/bluetooth-pairing-and-connection-protection.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/common-criteria-certifications.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/controlled-folder-access.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/device-health-attestation-service.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/direct-access.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/email-encryption-smime.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/encrypted-hard-drive.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/enhanced-phishing-protection-with-smartscreen.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/exploit-protection.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/fast-identity-online-fido2-security-key.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/federal-information-processing-standard-fips-140-validation.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/federated-sign-in.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
@@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|No|No|Yes|Yes|
+|No|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/hardware-enforced-stack-protection.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/hypervisor-protected-code-integrity-hvci.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/kernel-direct-memory-access-dma-protection.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/local-security-authority-lsa-protection.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md

@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/measured-boot.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-antivirus.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-for-endpoint.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-defender-smartscreen.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/microsoft-pluton.md

@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Microsoft Pluton security processor:
+The following table lists the Windows editions that support Microsoft Pluton:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Microsoft Pluton security processor license entitlements are granted by the following licenses:
+Microsoft Pluton license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

includes/licensing/microsoft-security-development-lifecycle-sdl.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Security Development Lifecycle (SDL):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Security Development Lifecycle (SDL) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-vulnerable-driver-blocklist.md

@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist:
+The following table lists the Windows editions that support Microsoft vulnerable driver blocklist:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses:
+Microsoft vulnerable driver blocklist license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

includes/licensing/microsoft-windows-insider-preview-bounty-program.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Windows Insider Preview bounty program:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Windows Insider Preview bounty program license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/modern-device-management-through-mdm.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Modern device management through (MDM):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Modern device management through (MDM) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/onefuzz-service.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support OneFuzz service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+OneFuzz service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/opportunistic-wireless-encryption-owe.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/personal-data-encryption-pde.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/privacy-resource-usage.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/privacy-transparency-and-controls.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/remote-wipe.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/secure-boot-and-trusted-boot.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/secured-core-configuration-lock.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/secured-core-pc-firmware-protection.md

@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Secured-core PC:
+The following table lists the Windows editions that support Secured-core PC firmware protection:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Secured-core PC license entitlements are granted by the following licenses:
+Secured-core PC firmware protection license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

includes/licensing/security-baselines.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/server-message-block-direct-smb-direct.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/server-message-block-smb-file-service.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/smart-app-control.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/smart-cards-for-windows-service.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/software-bill-of-materials-sbom.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Software Bill of Materials (SBOM):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Software Bill of Materials (SBOM) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/tamper-protection-settings-for-mde.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/transport-layer-security-tls.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/trusted-platform-module-tpm.md

@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0:
+The following table lists the Windows editions that support Trusted Platform Module (TPM):
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses:
+Trusted Platform Module (TPM) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

includes/licensing/universal-print.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/user-account-control-uac.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/virtual-private-network-vpn.md

@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Virtual Private Network (VPN):
+The following table lists the Windows editions that support Virtual private network (VPN):
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Virtual Private Network (VPN) license entitlements are granted by the following licenses:
+Virtual private network (VPN) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

includes/licensing/virtualization-based-security-vbs.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/wifi-security.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-application-software-development-kit-sdk.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows application software development kit (SDK):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows application software development kit (SDK) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-autopatch.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-autopilot.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-defender-application-control-wdac.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-defender-credential-guard.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-defender-remote-credential-guard.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-defender-system-guard.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-firewall.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-hello-for-business.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-laps.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-presence-sensing.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-sandbox.md

@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 

includes/licensing/windows-security-policy-settings-and-auditing.md

@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Windows Security policy settings and auditing:
+The following table lists the Windows editions that support Windows security policy settings and auditing:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Windows Security policy settings and auditing license entitlements are granted by the following licenses:
+Windows security policy settings and auditing license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

windows/client-management/mdm-overview.md

@@ -56,7 +56,7 @@ For more information about the MDM policies defined in the MDM security baseline
 
 For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
-[!INCLUDE [manage-by-mobile-device-management-mdm-and-group-policy](../../includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md)]
+[!INCLUDE [modern-device-management-through-mdm](../../includes/licensing/modern-device-management-through-mdm.md)]
 
 ## Frequently Asked Questions
 

windows/client-management/mdm/policy-csp-applicationdefaults.md

@@ -4,7 +4,7 @@ description: Learn more about the ApplicationDefaults Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -36,20 +36,8 @@ ms.topic: reference
 <!-- DefaultAssociationsConfiguration-OmaUri-End -->
 
 <!-- DefaultAssociationsConfiguration-Description-Begin -->
-<!-- Description-Source-ADMX -->
+<!-- Description-Source-DDF-Forced -->
-This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol default application associations. This file can be created using the DISM tool.
+This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
-
-For example:
-
-Dism.exe /Online /Export-DefaultAppAssociations:C:\AppAssoc.txt.
-
-For more information, refer to the DISM documentation on TechNet.
-
-If this group policy is enabled and the client machine is domain-joined, the file will be processed and default associations will be applied at logon time.
-
-If the group policy isn't configured, disabled, or the client machine isn't domain-joined, no default associations will be applied at logon time.
-
-If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protocol associations.
 <!-- DefaultAssociationsConfiguration-Description-End -->
 
 <!-- DefaultAssociationsConfiguration-Editable-Begin -->
@@ -84,54 +72,69 @@ If the policy is enabled, disabled, or not configured, users will still be able
 **Example**:
 
 To create the SyncML, follow these steps:
-<ol>
-<li>Install a few apps and change your defaults.</li>
-<li>From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"</li>
-<li>Take the XML output and put it through your favorite base64 encoder app.</li>
-<li>Paste the base64 encoded XML into the SyncML</li>
-</ol>
 
-Here's an example output from the dism default association export command:
+1. Install a few apps and change your defaults.
-```xml
+1. From an elevated prompt, run `dism /online /export-defaultappassociations:C:\appassoc.xml`. Here's an example output from the dism default association export command:
-<?xml version="1.0" encoding="UTF-8"?>
-<DefaultAssociations>
-  <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
-  <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
-  <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
-  <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
-  <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
-</DefaultAssociations>
-```
 
-Here's the base64 encoded result:
+    ```xml
+    <?xml version="1.0" encoding="UTF-8"?>
+    <DefaultAssociations>
+      <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
+      <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
+      <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
+      <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
+      <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
+    </DefaultAssociations>
+    ```
 
-``` syntax
+    Starting in Windows 11, version 22H2, two new attributes are available for further customization of the policy. These attributes can be used to change how often the policy associations are applied.
-PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
-```
-Here's the SyncML example:
 
-```xml
+    - **Version** attribute for `DefaultAssociations`. This attribute is used to control when **Suggested** associations are applied. Whenever the **Version** value is incremented, a **Suggested** association is applied one time.
-<?xml version="1.0" encoding="utf-8"?>
+    - **Suggested** attribute for `Association`. The default value is false. If it's false, the **Association** is applied on every sign-in. If it's true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next sign-in.
-<SyncML xmlns="SYNCML:SYNCML1.1">
+
-<SyncBody>
+    In the following example, the **Association** for `.htm` is applied on first sign-in of the user, and all others are applied on every sign-in. If **Version** is incremented, and the updated file is deployed to the user, the **Association** for `.htm` is applied again:
-    <Replace>
+
-      <CmdID>101</CmdID>
+    ```xml
-      <Item>
+    <?xml version="1.0" encoding="UTF-8"?>
-        <Meta>
+    <DefaultAssociations Version="1" >
-          <Format>chr</Format>
+      <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" Suggested="true" />
-          <Type>text/plain</Type>
+      <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
-        </Meta>
+      <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
-        <Target>
+      <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
-          <LocURI>./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration</LocURI>
+      <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
-        </Target>
+    </DefaultAssociations>
-        <Data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
+    ```
-</Data>
+
-      </Item>
+1. Take the XML output and put it through your favorite base64 encoder app. Here's the base64 encoded result:
-    </Replace>
+
-  <Final/>
+    ```text
-  </SyncBody>
+    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
-</SyncML>
+    ```
-```
+
+1. Paste the base64 encoded XML into the SyncML. Here's the SyncML example:
+
+    ```xml
+    <?xml version="1.0" encoding="utf-8"?>
+    <SyncML xmlns="SYNCML:SYNCML1.1">
+    <SyncBody>
+        <Replace>
+          <CmdID>101</CmdID>
+          <Item>
+            <Meta>
+              <Format>chr</Format>
+              <Type>text/plain</Type>
+            </Meta>
+            <Target>
+              <LocURI>./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration</LocURI>
+            </Target>
+            <Data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
+            </Data>
+          </Item>
+        </Replace>
+      <Final/>
+      </SyncBody>
+    </SyncML>
+    ```
 <!-- DefaultAssociationsConfiguration-Examples-End -->
 
 <!-- DefaultAssociationsConfiguration-End -->

windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md

@@ -17,9 +17,9 @@ ms.collection:
 
 # Device alerts
 
-Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information will help you understand:
+Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information helps you understand:
 
-- The action(s) that have either been performed by Microsoft and/or Windows Autopatch to keep the device properly updated.
+- Microsoft and/or Windows Autopatch performs the action(s) to keep the device properly updated.
 - The actions you must perform so the device can properly be updated.
 
 > [!NOTE]
@@ -42,12 +42,12 @@ Windows Autopatch assigns alerts to either Microsoft Action or Customer Action.
 
 | Assignment | Description |
 | ----- | ----- |
-| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. The actions are performed by Windows Autopatch automatically. |
+| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. Windows Autopatch performs these actions automatically. |
 | Customer Action | Refers to your responsibility to carry out the appropriate action(s) to resolve the reported alert. |
 
 ## Alert resolutions
 
-Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md)
+Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md).
 
 | Alert message | Description | Windows Autopatch recommendation(s) |
 | ----- | ----- | ----- |
@@ -79,7 +79,7 @@ Alert resolutions are provided through the Windows Update service and provide th
 | `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might have been redirected to another drive. | The Windows Update service has reported that the Windows Update file location may be redirected to an invalid location. Check your Windows Installation, and retry the update.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service has reported that another update may have replaced the one you're trying to install. Check the update, and then try reinstalling it. |
 | `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service has reported the system doesn't have sufficient system memory to perform the update.<p>Restart Windows, then try the installation again.</p><p>If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefile(s). For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).</p> |
-| `InstallSetupBlock` | There is an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
+| `InstallSetupBlock` | There's an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
 | `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service has reported an error during installation.Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |

windows/security/application-security/application-control/windows-defender-application-control/TOC.yml

@@ -55,8 +55,8 @@
               href: design/create-wdac-policy-using-reference-computer.md
             - name: Create a WDAC deny list policy
               href: design/create-wdac-deny-policy.md
-            - name: Microsoft recommended block rules
+            - name: Applications that can bypass WDAC and how to block them
-              href: design/microsoft-recommended-block-rules.md
+              href: design/applications-that-can-bypass-wdac.md
             - name: Microsoft recommended driver block rules
               href: design/microsoft-recommended-driver-block-rules.md
         - name: Use the WDAC Wizard tool

windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md

@@ -1,15 +1,15 @@
 ---
-title: Microsoft recommended block rules
+title: Applications that can bypass WDAC and how to block them
 description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.
 ms.localizationpriority: medium
 ms.date: 06/14/2023
 ms.topic: reference
 ---
 
-# Microsoft recommended block rules
+# Applications that can bypass WDAC and how to block them
 
->[!NOTE]
+> [!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
 
 Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC.
 

windows/security/application-security/application-control/windows-defender-application-control/index.yml

@@ -33,8 +33,8 @@ landingContent:
         links:
           - text: Using code signing to simplify application control
             url: deployment/use-code-signing-for-better-control-and-protection.md
-          - text: Microsoft's Recommended Blocklist
+          - text: Applications that can bypass WDAC and how to block them
-            url: design/microsoft-recommended-block-rules.md
+            url: design/applications-that-can-bypass-wdac.md
           - text: Microsoft's Recommended Driver Blocklist
             url: design/microsoft-recommended-driver-block-rules.md
           - text: Example WDAC policies

windows/security/application-security/application-control/windows-defender-application-control/wdac.md

@@ -47,7 +47,7 @@ Smart App Control is only available on clean installation of Windows 11 version
 
 ### Smart App Control Enforced Blocks
 
-Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control:
+Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control:
 
 - Infdefaultinstall.exe
 - Microsoft.Build.dll

windows/security/application-security/index.md

@@ -1,18 +1,14 @@
 ---
 title: Windows application security
 description: Get an overview of application security in Windows
-ms.date: 03/09/2023
+ms.date: 08/02/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows application security
 
-Cyber-criminals regularly gain access to valuable data by hacking applications. This can include *code injection* attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows protects your valuable data with layers of application security.
+Cybercriminals can take advantage of poorly secured applications to access valuable resources. With Windows, IT admins can combat common application attacks from the moment a device is provisioned. For example, IT can remove local admin rights from user accounts, so that PCs run with least privilege to prevent malicious applications from accessing sensitive resources.
 
-The following table summarizes the Windows security features and capabilities for apps:
+Learn more about application security features in Windows.
 
-| Security Measures | Features & Capabilities |
+[!INCLUDE [application](../includes/sections/application.md)]
-|:---|:---|
-| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](application-control/windows-defender-application-control/wdac.md) |
-| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md). |
-| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](application-isolation/windows-sandbox/windows-sandbox-overview.md) |

windows/security/cloud-security/index.md

@@ -0,0 +1,18 @@
+---
+title: Windows and cloud security
+description: Get an overview of cloud security features in Windows
+ms.date: 08/02/2023
+ms.topic: conceptual
+author: paolomatarazzo
+ms.author: paoloma
+---
+
+# Windows and cloud security
+
+Today's workforce has more freedom and mobility than ever before, and the risk of data exposure is also at its highest. We are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats.
+
+From identity and device management to Office apps and data storage, Windows and integrated cloud services can help improve productivity, security, and resilience anywhere.
+
+Learn more about cloud security features in Windows.
+
+[!INCLUDE [cloud-services](../includes/sections/cloud-services.md)]

windows/security/cloud-security/toc.yml

@@ -1,4 +1,6 @@
 items:
+- name: Overview
+  href: index.md
 - name: Join Active Directory and Azure AD with single sign-on (SSO) 🔗
   href: /azure/active-directory/devices/concept-azure-ad-join
 - name: Security baselines with Intune 🔗

windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md

@@ -37,7 +37,7 @@ When the system boots, Pluton hardware initialization is performed by loading th
 
 ![Diagram showing the Microsoft Pluton Firmware load flow](../images/pluton/pluton-firmware-load.png)
 
-[!INCLUDE [microsoft-pluton-security-processor](../../../../includes/licensing/microsoft-pluton-security-processor.md)]
+[!INCLUDE [microsoft-pluton](../../../../includes/licensing/microsoft-pluton.md)]
 
 ## Related topics
 

windows/security/hardware-security/tpm/trusted-platform-module-overview.md

@@ -42,7 +42,7 @@ Anti-malware software can use the boot measurements of the operating system star
 
 The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
 
-[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm-20.md)]
+[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm.md)]
 
 ## New and changed functionality
 

windows/security/includes/sections/application-application-control-overview.md

@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 06/02/2023
-ms.topic: include
----
-
-The following table lists the edition applicability for all Application Control features.
-
-|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:-:|:-:|:-:|:-:|:-:|
-|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes|
-|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|
-|[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|
-
-The following table lists the licensing applicability for all Application Control features.
-
-|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:-:|:-:|:-:|:-:|:-:|:-:|
-|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes|Yes|
-|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes|
-|[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes|

windows/security/includes/sections/application-application-isolation-overview.md

@@ -1,30 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 06/02/2023
-ms.topic: include
----
-
-The following table lists the edition applicability for all Application Isolation features.
-
-|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:-:|:-:|:-:|:-:|:-:|
-|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)|Yes|Yes|Yes|Yes|
-|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)|❌|Yes|❌|Yes|
-|Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|❌|Yes|
-|[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|Yes|❌|Yes|
-|[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|❌|Yes|
-|[Windows containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes|
-|[Windows Sandbox](../../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)|Yes|Yes|Yes|Yes|
-
-The following table lists the licensing applicability for all Application Isolation features.
-
-|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:-:|:-:|:-:|:-:|:-:|:-:|
-|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)|Yes|Yes|Yes|Yes|Yes|
-|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)|❌|Yes|Yes|Yes|Yes|
-|Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|Yes|Yes|Yes|
-|[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|❌|❌|❌|❌|
-|[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|Yes|Yes|Yes|
-|[Windows containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes|Yes|
-|[Windows Sandbox](../../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)|Yes|Yes|Yes|Yes|Yes|

windows/security/includes/sections/application.md

@@ -1,26 +1,28 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 06/06/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
-## Application Control
+## Application and driver control
 
-| Security Measures | Features & Capabilities |
+| Feature name | Description |
 |:---|:---|
-| **[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)** | User Account Control (UAC) helps prevent malware from damaging a device. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevents inadvertent changes to system settings. Enabling UAC helps to prevent malware from altering device settings and potentially gaining access to networks and sensitive data. UAC can also block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings. |
-| **[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.<br><br>Windows 10 and above include Windows Defender Application Control (WDAC) and AppLocker. WDAC is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to WDAC for the stronger protection. |
 | **[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Smart App Control prevents users from running malicious applications on Windows devices by blocking untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections, by adding another layer of security that is woven directly into the core of the OS at the process level. Using AI, our new Smart App Control only allows processes to run that are predicted to be safe based on existing and new intelligence processed daily. Smart App Control builds on top of the same cloud-based AI used in Windows Defender Application Control (WDAC) to predict the safety of an application, so people can be confident they're using safe and reliable applications on their new Windows 11 devices, or Windows 11 devices that have been reset. |
+| **[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)** |  |
+| **[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.<br><br>Windows 10 and above include Windows Defender Application Control (WDAC) and AppLocker. WDAC is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to WDAC for the stronger protection. |
+| **[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)** | User Account Control (UAC) helps prevent malware from damaging a device. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevents inadvertent changes to system settings. Enabling UAC helps to prevent malware from altering device settings and potentially gaining access to networks and sensitive data. UAC can also block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings. |
+| **[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)** | The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Microsoft works with the ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers.<br><br>Prior to Windows 11, version 22H2, the operating system enforced a block policy when HVCI is enabled to prevent vulnerable versions of drivers from running. Starting in Windows 11, version 22H2, the block policy is enabled by default for all new Windows devices, and users can opt-in to enforce the policy from the Windows Security app. |
 
-## Application Isolation
+## Application isolation
 
-| Security Measures | Features & Capabilities |
+| Feature name | Description |
 |:---|:---|
-| **[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)** | Standalone mode allows Windows users to use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, user must manually start Microsoft Edge in Application Guard from Edge menu for browsing untrusted sites. |
+| **[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)** | Standalone mode allows Windows users to use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, user must manually start Microsoft Edge in Application Guard from Edge menu for browsing untrusted sites. |
-| **[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)** | Microsoft Defender Application Guard protects users' desktop while they browse the Internet using Microsoft Edge browser. Application Guard in enterprise mode automatically redirects untrusted website navigation in an anonymous and isolated Hyper-V based container, which is separate from the host operating system. With Enterprise mode, you can define your corporate boundaries by explicitly adding trusted domains and can customizing the Application Guard experience to meet and enforce your organization needs on Windows devices. |
+| **[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)** | Microsoft Defender Application Guard protects users' desktop while they browse the Internet using Microsoft Edge browser. Application Guard in enterprise mode automatically redirects untrusted website navigation in an anonymous and isolated Hyper-V based container, which is separate from the host operating system. With Enterprise mode, you can define your corporate boundaries by explicitly adding trusted domains and can customizing the Application Guard experience to meet and enforce your organization needs on Windows devices. |
 | **Microsoft Defender Application Guard (MDAG) public APIs** | Enable applications using them to be isolated Hyper-V based container, which is separate from the host operating system. |
 | **[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)** | Application Guard protects Office files including Word, PowerPoint, and Excel. Application icons have a small shield if Application Guard has been enabled and they are under protection. |
 | **[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)** | The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. |
-| **[Windows containers](/virtualization/windowscontainers/about/)** | Universal Windows Platform (UWP) applications run in Windows containers known as app containers. Processes that run in app containers operate with low integrity level, meaning they have limited access to resources they don't own. Because the default integrity level of most resources is medium integrity level, the UWP app can access only a subset of the filesystem, registry, and other resources. The app container also enforces restrictions on network connectivity; for example, access to a local host isn't allowed. As a result, malware or infected apps have limited footprint for escape. |
+| **[App containers](/virtualization/windowscontainers/about/)** | Universal Windows Platform (UWP) applications run in Windows containers known as app containers. Processes that run in app containers operate with low integrity level, meaning they have limited access to resources they don't own. Because the default integrity level of most resources is medium integrity level, the UWP app can access only a subset of the filesystem, registry, and other resources. The app container also enforces restrictions on network connectivity; for example, access to a local host isn't allowed. As a result, malware or infected apps have limited footprint for escape. |
-| **[Windows Sandbox](../../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)** | Windows Sandbox provides a lightweight desktop environment to safely run untrusted Win32 applications in isolation, using the same hardware-based Hyper-V virtualization technology to isolate apps without fear of lasting impact to your PC. |
+| **[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)** | Windows Sandbox provides a lightweight desktop environment to safely run untrusted Win32 applications in isolation, using the same hardware-based Hyper-V virtualization technology to isolate apps without fear of lasting impact to your PC. |

windows/security/includes/sections/cloud-services-protecting-your-work-information-overview.md

@@ -1,26 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 06/02/2023
-ms.topic: include
----
-
-The following table lists the edition applicability for all Protecting Your Work Information features.
-
-|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:-:|:-:|:-:|:-:|:-:|
-|[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes|
-|[Security baselines](/mem/intune/protect/security-baselines)|Yes|Yes|Yes|Yes|
-|[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes|
-|[Manage by Mobile Device Management (MDM) and group policy](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)|Yes|Yes|Yes|Yes|
-|[Universal Print](/universal-print/)|Yes|Yes|Yes|Yes|
-
-The following table lists the licensing applicability for all Protecting Your Work Information features.
-
-|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:-:|:-:|:-:|:-:|:-:|:-:|
-|[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes|Yes|
-|[Security baselines](/mem/intune/protect/security-baselines)|Yes|Yes|Yes|Yes|Yes|
-|[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes|Yes|
-|[Manage by Mobile Device Management (MDM) and group policy](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)|Yes|Yes|Yes|Yes|Yes|
-|[Universal Print](/universal-print/)|❌|Yes|Yes|Yes|Yes|

windows/security/includes/sections/cloud-services-update-overview.md

@@ -1,20 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 06/02/2023
-ms.topic: include
----
-
-The following table lists the edition applicability for all Update features.
-
-|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:-:|:-:|:-:|:-:|:-:|
-|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|❌|Yes|
-|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes|
-
-The following table lists the licensing applicability for all Update features.
-
-|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:-:|:-:|:-:|:-:|:-:|:-:|
-|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|Yes|❌|❌|
-|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes|Yes|