diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 243b2d34c9..decbbc3864 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -20259,6 +20259,41 @@
       "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md",
       "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/prepare/index.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/deploy/index.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/index.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md",
+      "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md",
+      "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
+      "redirect_document_id": false
     }
   ]
 }
diff --git a/README.md b/README.md
index 824a7c6d56..98c771d56d 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,67 @@
+# Overview
+
+## Learn how to contribute
+
+Anyone who is interested can contribute to the topics. When you contribute, your work will go directly into the content set after being merged. It will then be published to [Microsoft Learn](https://learn.microsoft.com/) and you will be listed as a contributor at: <https://github.com/MicrosoftDocs/windows-docs-pr/graphs/contributors>.
+
+### Quickly update an article using GitHub.com
+
+Contributors who only make infrequent or small updates can edit the file directly on GitHub.com without having to install any additional software. This article shows you how. [This two-minute video](https://www.microsoft.com/videoplayer/embed/RE1XQTG) also covers how to contribute.
+
+1. Make sure you're signed in to GitHub.com with your GitHub account.
+2. Browse to the page you want to edit on Microsoft Learn.
+3. On the right-hand side of the page, click **Edit** (pencil icon).
+
+   ![Edit button on Microsoft Learn.](https://learn.microsoft.com/compliance/media/quick-update-edit.png)
+
+4. The corresponding topic file on GitHub opens, where you need to click the **Edit this file** pencil icon.
+
+   ![Edit button on github.com.](https://learn.microsoft.com/compliance/media/quick-update-github.png)
+
+5. The topic opens in a line-numbered editing page where you can make changes to the file. Files in GitHub are written and edited using Markdown language. For help on using Markdown, see [Mastering Markdown](https://guides.github.com/features/mastering-markdown/). Select the **Preview changes** tab to view your changes as you go.
+
+6. When you're finished making changes, go to the **Propose file change** section at the bottom of the page:
+
+   - A brief title is required. By default, the title is the name of the file, but you can change it.
+   - Optionally, you can enter more details in the **Add an optional extended description** box.
+
+   When you're ready, click the green **Propose file change** button.
+
+   ![Propose file change section.](https://learn.microsoft.com/compliance/media/propose-file-change.png)
+
+7. On the **Comparing changes** page that appears, click the green **Create pull request** button.
+
+   ![Comparing changes page.](https://learn.microsoft.com/compliance/media/comparing-changes-page.png)
+
+8. On the **Open a pull request** page that appears, click the green **Create pull request** button.
+
+   ![Open a pull request page.](https://learn.microsoft.com/compliance/media/open-a-pull-request-page.png)
+
+> [!NOTE]
+> Your permissions in the repo determine what you see in the last several steps. People with no special privileges will see the **Propose file change** section and subsequent confirmation pages as described. People with permissions to create and approve their own pull requests will see a similar **Commit changes** section with extra options for creating a new branch and fewer confirmation pages.<br/><br/>The point is: click any green buttons that are presented to you until there are no more.
+
+The writer identified in the metadata of the topic will be notified and will eventually review and approve your changes so the topic will be updated on Microsoft Learn. If there are questions or issues with the updates, the writer will contact you.
+
 ## Microsoft Open Source Code of Conduct
+
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
\ No newline at end of file
+
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+### Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit <https://cla.microsoft.com>.
+
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
+
+### Legal Notices
+
+Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/legalcode), see the [LICENSE](LICENSE) file, and grant you a license to any code in the repository under the [MIT License](https://opensource.org/licenses/MIT), see the [LICENSE-CODE](LICENSE-CODE) file.
+
+Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries.
+
+The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at <https://go.microsoft.com/fwlink/?LinkID=254653>.
+
+Privacy information can be found at <https://privacy.microsoft.com/>
+
+Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents, or trademarks, whether by implication, estoppel or otherwise.
diff --git a/browsers/edge/breadcrumb/toc.yml b/browsers/edge/breadcrumb/toc.yml
index f417737985..83065b36a9 100644
--- a/browsers/edge/breadcrumb/toc.yml
+++ b/browsers/edge/breadcrumb/toc.yml
@@ -1,7 +1,3 @@
-- name: Docs
-  tocHref: /
-  topicHref: /
-  items:
-    - name: Microsoft Edge deployment
-      tocHref: /microsoft-edge/deploy
-      topicHref: /microsoft-edge/deploy/index
\ No newline at end of file
+- name: Microsoft Edge 
+  tocHref: /microsoft-edge/
+  topicHref: /microsoft-edge/index
diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json
index d786e0bbfb..d36533a87e 100644
--- a/browsers/edge/docfx.json
+++ b/browsers/edge/docfx.json
@@ -28,7 +28,7 @@
     ],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json",
+      "breadcrumb_path": "/microsoft-edge/breadcrumbs/toc.json",
       "ROBOTS": "INDEX, FOLLOW",
       "ms.technology": "microsoft-edge",
       "audience": "ITPro",
diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
index 1a51b8977a..912ce707bd 100644
--- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
+++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
@@ -1,7 +1,7 @@
 ---
 author: aczechowski
 ms.author: aaroncz
-ms.date: 10/27/2022
+ms.date: 12/16/2022
 ms.reviewer: cathask
 manager: aaroncz
 ms.prod: ie11
@@ -9,6 +9,8 @@ ms.topic: include
 ---
 
 > [!WARNING]
-> The retired, out-of-support Internet Explorer 11 (IE11) desktop application will be permanently disabled on certain versions of Windows 10 as part of the February 2023 Windows security update ("B") release scheduled for February 14, 2023.  We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization doesn't experience business disruption.
+> **Update:** The retired, out-of-support Internet Explorer 11 desktop application is scheduled to be permanently disabled through a Microsoft Edge update on certain versions of Windows 10 on February 14, 2023.
 >
-> For more information, see [aka.ms/iemodefaq](https://aka.ms/iemodefaq).
+> We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization does not experience business disruption.
+>
+> For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).
diff --git a/education/images/EDU-FindHelp.svg b/education/images/EDU-FindHelp.svg
deleted file mode 100644
index fea3109134..0000000000
--- a/education/images/EDU-FindHelp.svg
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 23.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 50 50" style="enable-background:new 0 0 50 50;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:#E6E6E6;}
-	.st1{fill:#C2C2C2;}
-	.st2{fill:#0078D4;}
-</style>
-<title>EDUAdmins-50px</title>
-<path class="st0" d="M25.2,47.2c-12.3,0-22.3-10-22.3-22.3s10-22.3,22.3-22.3s22.3,10,22.3,22.3l0,0C47.6,37.2,37.6,47.2,25.2,47.2
-	C25.3,47.2,25.2,47.2,25.2,47.2z"/>
-<path class="st1" d="M25.2,3.7c11.7,0,21.1,9.5,21.1,21.1S36.9,46,25.2,46S4.1,36.5,4.1,24.9l0,0C4.1,13.2,13.6,3.7,25.2,3.7
-	L25.2,3.7 M25.2,1.4c-13,0-23.5,10.5-23.5,23.5s10.5,23.5,23.5,23.5s23.5-10.5,23.5-23.5l0,0C48.7,11.9,38.2,1.4,25.2,1.4L25.2,1.4z
-	"/>
-<g>
-	<title>toolbox</title>
-	<g>
-		<g id="SYMBOLS_1_">
-			<g id="toolbox_1_">
-				<g id="_Utility_-_Maintain_1_">
-					<path class="st2" d="M32.7,24.7c0.8,0,1.6-0.2,2.3-0.5c1.4-0.6,2.6-1.8,3.2-3.2c0.3-0.7,0.5-1.5,0.5-2.3c0-0.6-0.1-1.3-0.3-1.9
-						l-4.8,4.8l-3.8-3.8l4.8-4.8c-0.6-0.2-1.2-0.3-1.9-0.3c-0.8,0-1.6,0.2-2.3,0.5c-0.7,0.3-1.4,0.7-1.9,1.3c-0.5,0.5-1,1.2-1.3,1.9
-						s-0.5,1.5-0.5,2.3c0,0.3,0,0.6,0.1,0.9s0.1,0.6,0.2,0.9L15.5,31.9c-0.3,0.3-0.5,0.6-0.6,0.9c-0.3,0.7-0.3,1.5,0,2.1
-						c0.1,0.3,0.3,0.6,0.6,0.9c0.3,0.3,0.6,0.5,0.9,0.6s0.7,0.2,1.1,0.2s0.7-0.1,1.1-0.2c0.3-0.1,0.6-0.3,0.9-0.6L31,24.4
-						c0.3,0.1,0.6,0.1,0.9,0.2C32,24.6,32.4,24.7,32.7,24.7"/>
-				</g>
-			</g>
-		</g>
-	</g>
-</g>
-</svg>
diff --git a/education/images/EDUAdmins.svg b/education/images/EDUAdmins.svg
deleted file mode 100644
index d512fb942f..0000000000
--- a/education/images/EDUAdmins.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><defs><style>.cls-1{fill:#0078d4;}.cls-2{fill:#c2c2c2;}.cls-3{fill:#fff;}</style></defs><title>EDUAdmins-50px</title><path class="cls-1" d="M25.23,47.17A22.32,22.32,0,1,1,47.55,24.85,22.3,22.3,0,0,1,25.23,47.17Z"/><path class="cls-2" d="M25.23,3.71A21.14,21.14,0,1,1,4.09,24.85h0A21.2,21.2,0,0,1,25.23,3.71h0m0-2.36a23.5,23.5,0,1,0,23.5,23.5h0A23.5,23.5,0,0,0,25.23,1.35Z"/><g id="administrator"><g id="_Utility_-_Maintain" data-name=" Utility - Maintain"><path class="cls-3" d="M38.09,29.06a3.81,3.81,0,0,0,1.56-.33,3.85,3.85,0,0,0,1.28-.86,3.69,3.69,0,0,0,.85-1.27A4.22,4.22,0,0,0,42.11,25a3.86,3.86,0,0,0-.24-1.28l-3.21,3.17-2.51-2.51,3.17-3.21a3.57,3.57,0,0,0-2.79.09,4.25,4.25,0,0,0-2.13,2.13A4.36,4.36,0,0,0,34.07,25a2.47,2.47,0,0,0,0,.61l.14.57L26.7,33.78a1.74,1.74,0,0,0-.43.62,1.87,1.87,0,0,0,0,1.42,2,2,0,0,0,.95,1,1.82,1.82,0,0,0,1.41,0,2.58,2.58,0,0,0,.62-.38l7.61-7.56.57.14a3.36,3.36,0,0,0,.66,0"/></g><path class="cls-3" d="M25,25a7.15,7.15,0,0,0,7.42-6.9,6.93,6.93,0,0,0-4.35-6.29,7.71,7.71,0,0,0-6.14,0,6.87,6.87,0,0,0-4.35,6.29A7.15,7.15,0,0,0,25,25Z"/><path class="cls-3" d="M25,26.64c-6.15,0-11.16,4.64-11.16,10.36H25.23S23,35.11,25,33.12l5.25-5.29A17.65,17.65,0,0,0,25,26.64Z"/></g></svg>
\ No newline at end of file
diff --git a/education/images/EDUDevelopers.svg b/education/images/EDUDevelopers.svg
deleted file mode 100644
index 900159699a..0000000000
--- a/education/images/EDUDevelopers.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><defs><style>.cls-1{fill:#2f2f2f;}.cls-2{fill:#fff;}.cls-3{fill:#7f7f7f;}.cls-4{fill:#0078d4;}.cls-5{fill:#c2c2c2;}</style></defs><title>EDUDevelopers-50px</title><circle class="cls-1" cx="31.67" cy="25.49" r="17.06"/><g id="user"><path class="cls-2" d="M31.67,26.54a6.49,6.49,0,1,0-6-9.18A6.75,6.75,0,0,0,25.15,20a6.55,6.55,0,0,0,6.52,6.52Z"/><path class="cls-2" d="M31.67,28.11a9.72,9.72,0,0,0-9.74,9.74H41.41A9.72,9.72,0,0,0,31.67,28.11Z"/></g><polygon class="cls-3" points="42.41 45.61 20.92 45.61 19.72 32.57 43.62 32.57 42.41 45.61"/><rect class="cls-1" x="20.84" y="46.05" width="21.49" height="0.64"/><path class="cls-4" d="M12,23a9.26,9.26,0,1,1,9.26-9.26A9.26,9.26,0,0,1,12,23Z"/><path class="cls-5" d="M12,5.45A8.25,8.25,0,1,1,3.74,13.7,8.26,8.26,0,0,1,12,5.45h0m0-2A10.26,10.26,0,1,0,22.25,13.7,10.26,10.26,0,0,0,12,3.44Z"/><polygon class="cls-2" points="6.72 10 6.72 10.8 17.26 10.88 17.14 10 6.72 10"/><path class="cls-2" d="M9.94,13.1l.32.32L9.05,14.63l1.21,1.2-.32.33L8.41,14.63Zm.84,4.3,1.85-5.51h.49L11.27,17.4Zm3.14-4.3,1.53,1.53-1.53,1.53-.32-.33,1.21-1.2L13.6,13.42Z"/></svg>
\ No newline at end of file
diff --git a/education/images/EDUPartners.svg b/education/images/EDUPartners.svg
deleted file mode 100644
index 01b80c9a42..0000000000
--- a/education/images/EDUPartners.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><defs><style>.cls-1{fill:#0078d4;}.cls-2{fill:#c2c2c2;}.cls-3{fill:#fff;}</style></defs><title>EDUPartners-50px</title><path class="cls-1" d="M25.23,47.39A22.32,22.32,0,1,1,47.55,25.07,22.3,22.3,0,0,1,25.23,47.39Z"/><path class="cls-2" d="M25.23,3.93A21.14,21.14,0,1,1,4.09,25.07h0A21.2,21.2,0,0,1,25.23,3.93h0m0-2.36a23.5,23.5,0,1,0,23.5,23.5h0A23.5,23.5,0,0,0,25.23,1.57Z"/><g id="SYMBOLS"><g id="users_people" data-name="users people"><path class="cls-2" d="M31.14,24.69a7.07,7.07,0,1,0-7.09-7.09,7.08,7.08,0,0,0,7.09,7.09Z"/><path class="cls-2" d="M31.14,26.39A10.58,10.58,0,0,0,20.55,37H41.73A10.58,10.58,0,0,0,31.14,26.39Z"/><path class="cls-3" d="M9.06,37.08h8.27a13.9,13.9,0,0,1,1.56-6.43,7,7,0,0,0-9.26,3.69A6.73,6.73,0,0,0,9.06,37.08Z"/><path class="cls-3" d="M16.1,17.65a5.3,5.3,0,0,0-.28,10.59h.61a5.3,5.3,0,0,0,5-5.58A5.38,5.38,0,0,0,16.1,17.65Z"/></g></g></svg>
\ No newline at end of file
diff --git a/education/images/M365-education.svg b/education/images/M365-education.svg
deleted file mode 100644
index 9591f90f68..0000000000
--- a/education/images/M365-education.svg
+++ /dev/null
@@ -1,171 +0,0 @@
-<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
-  <defs>
-    <style>
-      .cls-1 {
-        fill: #80def9;
-      }
-
-      .cls-14, .cls-2 {
-        fill: none;
-      }
-
-      .cls-3 {
-        fill: #556a8a;
-      }
-
-      .cls-4 {
-        fill: #868787;
-      }
-
-      .cls-5 {
-        fill: #e5e5e5;
-      }
-
-      .cls-6 {
-        fill: #b72b2b;
-      }
-
-      .cls-7 {
-        fill: #a80000;
-      }
-
-      .cls-15, .cls-8, .cls-9 {
-        fill: #fff;
-      }
-
-      .cls-9 {
-        stroke: #5b7484;
-      }
-
-      .cls-14, .cls-15, .cls-9 {
-        stroke-miterlimit: 10;
-        stroke-width: 2px;
-      }
-
-      .cls-10 {
-        fill: #e6e6e6;
-      }
-
-      .cls-11 {
-        fill: #b8c1ce;
-      }
-
-      .cls-12 {
-        fill: #ccc;
-      }
-
-      .cls-13 {
-        fill: #5b7484;
-      }
-
-      .cls-14 {
-        stroke: #556a8a;
-      }
-
-      .cls-15 {
-        stroke: #00bcf2;
-      }
-
-      .cls-16 {
-        fill: #008272;
-      }
-
-      .cls-17 {
-        fill: #bad80a;
-      }
-    </style>
-  </defs>
-  <title>M365-education</title>
-  <g>
-    <g>
-      <g>
-        <path class="cls-1" d="M113.2,39.53v-.35a13.84,13.84,0,0,0-.29-3.47,12.49,12.49,0,0,0-20.56-8.94A14.53,14.53,0,0,0,80.18,21C71,21,64,29,63.88,38.09c0,.62.16,1.09.16,1.72-4.84,2.34-7.64,6.4-7.64,11.55,0,7.36,5.79,13.26,13.46,13.69.71,5.11,5.29,9.86,13.14,9.86,6.62,0,10.57.54,15.4-4.9a16.27,16.27,0,0,0,7.7,2.1c9.28,0,16.64-8.22,16.64-17.5A16.19,16.19,0,0,0,113.2,39.53Z"/>
-        <path class="cls-1" d="M293,56.2a15.9,15.9,0,0,1,8.13,2.24A21,21,0,0,1,340,56.25c.34,0,.68-.05,1-.05a17.91,17.91,0,0,1,18,17.9C359,84,350.94,91,341,91H297c-8.84,0-20-3.9-20-18.9A15.91,15.91,0,0,1,293,56.2Z"/>
-        <rect class="cls-2" x="64.2" y="3" width="271" height="148"/>
-        <g>
-          <polygon class="cls-3" points="264.39 25 129.4 25 79 53 313 53 264.39 25"/>
-          <polygon class="cls-4" points="86.72 52 129.92 27 263.85 27 305.52 52 86.72 52"/>
-          <rect class="cls-3" x="79" y="53" width="234" height="68"/>
-          <rect class="cls-5" x="163.5" y="-28.5" width="65" height="230" transform="translate(282.5 -109.5) rotate(90)"/>
-          <polygon class="cls-3" points="196.5 16.5 195.5 16.5 145 53 145 121 247 121 247 53 196.5 16.5"/>
-          <polygon class="cls-6" points="147 121 147 54.03 196 18.6 245 53 245 121 147 121"/>
-          <rect class="cls-7" x="185.2" y="91" width="22" height="30"/>
-          <rect class="cls-8" x="187" y="93" width="18" height="28"/>
-          <circle class="cls-9" cx="195.9" cy="35" r="11"/>
-        </g>
-        <rect class="cls-3" x="89" y="61" width="19" height="22"/>
-        <rect class="cls-10" x="89.5" y="64.5" width="18" height="15" transform="translate(170.5 -26.5) rotate(90)"/>
-        <rect class="cls-11" x="91" y="63" width="15" height="4"/>
-        <rect class="cls-11" x="91" y="72" width="15" height="4"/>
-        <rect class="cls-7" x="154" y="61" width="22" height="32"/>
-        <rect class="cls-12" x="151" y="68" width="28" height="18" transform="translate(242 -88) rotate(90)"/>
-        <rect class="cls-3" x="91" y="71" width="15" height="2"/>
-        <g>
-          <rect class="cls-3" x="118" y="61" width="19" height="22"/>
-          <rect class="cls-10" x="118.5" y="64.5" width="18" height="15" transform="translate(199.5 -55.5) rotate(90)"/>
-          <rect class="cls-11" x="120" y="63" width="15" height="4"/>
-          <rect class="cls-11" x="120" y="72" width="15" height="4"/>
-          <rect class="cls-3" x="120" y="71" width="15" height="2"/>
-        </g>
-        <rect class="cls-3" x="89" y="88" width="19" height="22"/>
-        <rect class="cls-10" x="89.5" y="91.5" width="18" height="15" transform="translate(197.5 0.5) rotate(90)"/>
-        <rect class="cls-11" x="91" y="90" width="15" height="4"/>
-        <rect class="cls-11" x="91" y="99" width="15" height="4"/>
-        <rect class="cls-3" x="91" y="98" width="15" height="2"/>
-        <g>
-          <rect class="cls-3" x="118" y="88" width="19" height="22"/>
-          <rect class="cls-10" x="118.5" y="91.5" width="18" height="15" transform="translate(226.5 -28.5) rotate(90)"/>
-          <rect class="cls-11" x="120" y="90" width="15" height="4"/>
-          <rect class="cls-11" x="120" y="99" width="15" height="4"/>
-          <rect class="cls-3" x="120" y="98" width="15" height="2"/>
-        </g>
-        <rect class="cls-13" x="255" y="61" width="19" height="22"/>
-        <rect class="cls-10" x="255.5" y="64.5" width="18" height="15" transform="translate(336.5 -192.5) rotate(90)"/>
-        <rect class="cls-11" x="257" y="63" width="15" height="4"/>
-        <rect class="cls-11" x="257" y="72" width="15" height="4"/>
-        <rect class="cls-13" x="257" y="71" width="15" height="2"/>
-        <g>
-          <rect class="cls-13" x="284" y="61" width="19" height="22"/>
-          <rect class="cls-10" x="284.5" y="64.5" width="18" height="15" transform="translate(365.5 -221.5) rotate(90)"/>
-          <rect class="cls-11" x="286" y="63" width="15" height="4"/>
-          <rect class="cls-11" x="286" y="73" width="15" height="4"/>
-          <rect class="cls-13" x="286" y="71" width="15" height="2"/>
-        </g>
-        <rect class="cls-13" x="255" y="88" width="19" height="22"/>
-        <rect class="cls-10" x="255.5" y="91.5" width="18" height="15" transform="translate(363.5 -165.5) rotate(90)"/>
-        <rect class="cls-11" x="257" y="90" width="15" height="4"/>
-        <rect class="cls-11" x="257" y="99" width="15" height="4"/>
-        <rect class="cls-13" x="257" y="98" width="15" height="2"/>
-        <g>
-          <rect class="cls-13" x="284" y="88" width="19" height="22"/>
-          <rect class="cls-10" x="284.5" y="91.5" width="18" height="15" transform="translate(392.5 -194.5) rotate(90)"/>
-          <rect class="cls-11" x="286" y="90" width="15" height="4"/>
-          <rect class="cls-11" x="286" y="99" width="15" height="4"/>
-          <rect class="cls-13" x="286" y="98" width="15" height="2"/>
-        </g>
-        <rect class="cls-7" x="156" y="66" width="18" height="2"/>
-        <rect class="cls-7" x="156.2" y="86" width="18" height="2"/>
-        <rect class="cls-7" x="164" y="68" width="2" height="19"/>
-        <rect class="cls-8" x="156" y="88" width="18" height="3"/>
-        <rect class="cls-8" x="156" y="63" width="18" height="3"/>
-        <rect class="cls-7" x="185" y="61" width="22" height="26"/>
-        <rect class="cls-12" x="185" y="65" width="22" height="18" transform="translate(270 -122) rotate(90)"/>
-        <rect class="cls-7" x="187" y="66" width="18" height="2"/>
-        <rect class="cls-7" x="195" y="67" width="2" height="19"/>
-        <rect class="cls-8" x="187" y="63" width="18" height="3"/>
-        <rect class="cls-7" x="217" y="61" width="22" height="32"/>
-        <rect class="cls-12" x="214" y="68" width="28" height="18" transform="translate(305 -151) rotate(90)"/>
-        <rect class="cls-7" x="219" y="66" width="18" height="2"/>
-        <rect class="cls-7" x="219" y="86" width="18" height="2"/>
-        <rect class="cls-7" x="227" y="68" width="2" height="19"/>
-        <rect class="cls-8" x="219" y="88" width="18" height="3"/>
-        <rect class="cls-8" x="219" y="63" width="18" height="3"/>
-        <rect class="cls-11" x="187" y="93" width="18" height="5"/>
-        <polyline class="cls-14" points="203 35 196 35 196 28"/>
-      </g>
-      <path class="cls-15" d="M342.2,80.16v-.22a9,9,0,0,0-.4-2.19,8,8,0,0,0-13.15-5.64,9.23,9.23,0,0,0-7.71-3.64c-5.82,0-10.21,5.07-10.31,10.79,0,.39.1.69.1,1.08a7.89,7.89,0,0,0-4.83,7.29,8.74,8.74,0,0,0,8.5,8.65c.45,3.23,3.34,6.23,8.3,6.23,4.18,0,6.68.34,9.73-3.09a10.28,10.28,0,0,0,4.86,1.33c5.86,0,10.72-5.19,10.72-11.05A11.52,11.52,0,0,0,342.2,80.16Z"/>
-    </g>
-    <path class="cls-16" d="M102.69,111.2a7.84,7.84,0,0,0,1.31-4.37,7.4,7.4,0,0,0-5.64-7.37A9.1,9.1,0,0,0,99,96.1c0-4.74-3.58-8.59-8-8.59a7.5,7.5,0,0,0-3.27.76A10.17,10.17,0,0,0,78,80c-5.52,0-10,4.8-10,10.73,0,.39,0,.77.06,1.15A7.35,7.35,0,0,0,62,99.32a7.87,7.87,0,0,0,1.09,4c-4.74,1.6-8.09,5.44-8.09,9.93C55,119.2,60.82,124,68,124H99c3,0,6.85-4.3,6.85-7.51A5.86,5.86,0,0,0,102.69,111.2Z"/>
-    <path class="cls-17" d="M83.64,107A6,6,0,0,0,76,99.36a6,6,0,0,0-11.83-.61,7,7,0,0,0-9.81,8.36A8.94,8.94,0,0,0,44,116c0,5,4,8,9,8H82c4.42,0,9-4.58,9-9A8,8,0,0,0,83.64,107Z"/>
-  </g>
-</svg>
diff --git a/education/images/MSC17_cloud_005.png b/education/images/MSC17_cloud_005.png
deleted file mode 100644
index dfda08109c..0000000000
Binary files a/education/images/MSC17_cloud_005.png and /dev/null differ
diff --git a/education/images/MSC17_cloud_012_merged.png b/education/images/MSC17_cloud_012_merged.png
deleted file mode 100644
index 4defcaa59c..0000000000
Binary files a/education/images/MSC17_cloud_012_merged.png and /dev/null differ
diff --git a/education/images/data-streamer.png b/education/images/data-streamer.png
deleted file mode 100644
index 6473d9da33..0000000000
Binary files a/education/images/data-streamer.png and /dev/null differ
diff --git a/education/images/education-ms-teams.svg b/education/images/education-ms-teams.svg
deleted file mode 100644
index 2d1396b3f7..0000000000
--- a/education/images/education-ms-teams.svg
+++ /dev/null
@@ -1,258 +0,0 @@
-<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
-  <defs>
-    <style>
-      .cls-1 {
-        fill: #5c2d91;
-      }
-
-      .cls-2, .cls-20 {
-        fill: none;
-        stroke-miterlimit: 10;
-        stroke-width: 2px;
-      }
-
-      .cls-2 {
-        stroke: #808285;
-      }
-
-      .cls-3 {
-        fill: #2a6dcf;
-      }
-
-      .cls-4 {
-        fill: #6d6e71;
-      }
-
-      .cls-5 {
-        fill: #414042;
-      }
-
-      .cls-6 {
-        fill: #fff;
-      }
-
-      .cls-7 {
-        fill: #808285;
-      }
-
-      .cls-8 {
-        fill: #bad80a;
-      }
-
-      .cls-9 {
-        fill: #556a8a;
-      }
-
-      .cls-10 {
-        fill: gray;
-      }
-
-      .cls-11 {
-        fill: #2e2e2e;
-      }
-
-      .cls-12 {
-        fill: #1a1a1a;
-      }
-
-      .cls-13 {
-        fill: #221f1f;
-      }
-
-      .cls-14 {
-        fill: #80bceb;
-      }
-
-      .cls-15 {
-        fill: #b62a2a;
-      }
-
-      .cls-16 {
-        fill: #f0d4d4;
-      }
-
-      .cls-17 {
-        fill: #d1d3d4;
-      }
-
-      .cls-18 {
-        fill: #e6e7e8;
-      }
-
-      .cls-19 {
-        fill: #939598;
-      }
-
-      .cls-20 {
-        stroke: #414042;
-      }
-
-      .cls-21 {
-        fill: #f1f2f2;
-      }
-
-      .cls-22 {
-        fill: #2b978a;
-      }
-
-      .cls-23 {
-        fill: #008272;
-      }
-
-      .cls-24 {
-        fill: #558ad8;
-      }
-
-      .cls-25 {
-        fill: #aad2f2;
-      }
-    </style>
-  </defs>
-  <title>education-pro-usb copy</title>
-  <g>
-    <ellipse class="cls-1" cx="66.48" cy="32.04" rx="11.52" ry="12.96"/>
-    <line class="cls-2" x1="81" y1="57" x2="165" y2="57"/>
-    <path class="cls-1" d="M89.7,65.67A3.44,3.44,0,0,1,86.24,69H46.76a3.44,3.44,0,0,1-3.47-3.33c-.38-7.33-1.22-16.17,3.87-21.1a12.82,12.82,0,0,1,6.11-3.2,16.51,16.51,0,0,0,12.89,6.32,13.08,13.08,0,0,0,1.52-.08,16.55,16.55,0,0,0,11.47-6.38C91.5,43.83,90.2,56.06,89.7,65.67Z"/>
-  </g>
-  <polyline class="cls-2" points="102 113 142 113 142 88"/>
-  <line class="cls-2" x1="267.21" y1="64" x2="351.21" y2="64"/>
-  <g>
-    <ellipse class="cls-3" cx="338.69" cy="38.34" rx="12.67" ry="14.26"/>
-    <path class="cls-3" d="M364.24,75.33A3.78,3.78,0,0,1,360.42,79H317a3.78,3.78,0,0,1-3.81-3.67c-.41-8.06-1.34-17.79,4.25-23.21a14.1,14.1,0,0,1,6.72-3.52,18.16,18.16,0,0,0,14.18,7,14.39,14.39,0,0,0,1.67-.09,18.2,18.2,0,0,0,12.61-7C366.21,51.31,364.78,64.77,364.24,75.33Z"/>
-  </g>
-  <g>
-    <path class="cls-4" d="M328.21,61.12V89.88a.63.63,0,0,1-.64.62H304.85a.63.63,0,0,1-.64-.62V61.12a.63.63,0,0,1,.64-.62h22.72A.63.63,0,0,1,328.21,61.12Z"/>
-    <g>
-      <rect class="cls-5" x="302.21" y="63.5" width="2" height="2"/>
-      <rect class="cls-6" x="304.21" y="63.5" width="2" height="2"/>
-    </g>
-    <g>
-      <rect class="cls-5" x="302.21" y="70.5" width="2" height="2"/>
-      <rect class="cls-6" x="304.21" y="70.5" width="2" height="2"/>
-    </g>
-    <g>
-      <rect class="cls-5" x="302.21" y="77.5" width="2" height="2"/>
-      <rect class="cls-6" x="304.21" y="77.5" width="2" height="2"/>
-    </g>
-    <g>
-      <rect class="cls-5" x="302.21" y="84.5" width="2" height="2"/>
-      <rect class="cls-6" x="304.21" y="84.5" width="2" height="2"/>
-    </g>
-    <path class="cls-7" d="M328.21,61.12V76.5l-16-16h15.36A.63.63,0,0,1,328.21,61.12Z"/>
-    <rect class="cls-6" x="309.21" y="64.5" width="14" height="4"/>
-  </g>
-  <g>
-    <ellipse class="cls-8" cx="90.48" cy="89.04" rx="11.52" ry="12.96"/>
-    <path class="cls-8" d="M113.7,122.67a3.44,3.44,0,0,1-3.47,3.33H70.76a3.44,3.44,0,0,1-3.47-3.33c-.38-7.33-1.22-16.17,3.87-21.1a12.82,12.82,0,0,1,6.11-3.2,16.51,16.51,0,0,0,12.89,6.32,13.08,13.08,0,0,0,1.52-.08,16.55,16.55,0,0,0,11.47-6.38C115.5,100.83,114.2,113.06,113.7,122.67Z"/>
-  </g>
-  <g>
-    <rect class="cls-3" x="89.97" y="110.03" width="30" height="8" transform="translate(-49.89 107.62) rotate(-45)"/>
-    <polygon class="cls-9" points="90.12 123.22 88 131 95.78 128.88 90.12 123.22"/>
-    <path class="cls-9" d="M119.11,105.54l1.41-1.41a3,3,0,0,0,0-4.24l-1.41-1.41a3,3,0,0,0-4.24,0l-1.41,1.41Z"/>
-    <rect class="cls-6" x="113.31" y="101.19" width="1" height="8" transform="translate(-41.05 111.29) rotate(-45)"/>
-  </g>
-  <g>
-    <g>
-      <polygon class="cls-10" points="265 126 148 126 155.32 118 258.15 118 265 126"/>
-      <polygon class="cls-11" points="254 124 159 124 162.34 119 250.76 119 254 124"/>
-      <path class="cls-12" d="M260.37,129H153.3c-4.95,0-5-2.91-5-2.91H265S265.58,129,260.37,129Z"/>
-    </g>
-    <polygon class="cls-12" points="216 112 196 112 198 98 214 98 214.14 99 216 112"/>
-    <polygon class="cls-11" points="216 112 206 112 206 99 214.14 99 216 112"/>
-    <rect class="cls-13" x="130" y="16" width="153" height="84" rx="4" ry="4"/>
-    <rect class="cls-14" x="134" y="20" width="145" height="76"/>
-    <path class="cls-11" d="M235.79,116H177.21a2.12,2.12,0,0,1-2.21-2s3.74-3,3.92-3h54.16c2.25,0,4.92,3,4.92,3A2.12,2.12,0,0,1,235.79,116Z"/>
-  </g>
-  <g>
-    <polygon class="cls-5" points="244.11 36 176.62 36 151.67 50 268.17 50 244.11 36"/>
-    <rect class="cls-4" x="152" y="50" width="116" height="34"/>
-    <polygon class="cls-15" points="210.25 31 209.75 31 184 49.69 184 84 236 84 236 49.69 210.25 31"/>
-    <g>
-      <rect class="cls-16" x="227" y="59" width="4" height="4"/>
-      <rect class="cls-16" x="227" y="54" width="4" height="4"/>
-      <rect class="cls-16" x="222" y="59" width="4" height="4"/>
-      <rect class="cls-16" x="222" y="54" width="4" height="4"/>
-      <rect class="cls-16" x="194" y="59" width="4" height="4"/>
-      <rect class="cls-16" x="194" y="54" width="4" height="4"/>
-      <rect class="cls-16" x="189" y="59" width="4" height="4"/>
-      <rect class="cls-16" x="189" y="54" width="4" height="4"/>
-      <rect class="cls-16" x="194" y="72" width="4" height="4"/>
-      <rect class="cls-16" x="194" y="67" width="4" height="4"/>
-      <rect class="cls-16" x="189" y="72" width="4" height="4"/>
-      <rect class="cls-16" x="189" y="67" width="4" height="4"/>
-      <rect class="cls-16" x="227" y="72" width="4" height="4"/>
-      <rect class="cls-16" x="227" y="67" width="4" height="4"/>
-      <rect class="cls-16" x="222" y="72" width="4" height="4"/>
-      <rect class="cls-16" x="222" y="67" width="4" height="4"/>
-      <rect class="cls-16" x="210" y="59" width="4" height="4"/>
-      <rect class="cls-16" x="210" y="54" width="4" height="4"/>
-      <rect class="cls-16" x="205" y="59" width="4" height="4"/>
-      <rect class="cls-16" x="205" y="54" width="4" height="4"/>
-    </g>
-    <rect class="cls-5" x="204" y="70" width="12" height="14"/>
-    <rect class="cls-17" x="205" y="71" width="10" height="13"/>
-    <g>
-      <rect class="cls-18" x="162" y="59" width="3" height="4"/>
-      <rect class="cls-18" x="162" y="54" width="3" height="4"/>
-      <rect class="cls-18" x="158" y="54" width="3" height="4"/>
-      <rect class="cls-18" x="158" y="59" width="3" height="4"/>
-    </g>
-    <g>
-      <rect class="cls-18" x="162" y="72" width="3" height="4"/>
-      <rect class="cls-18" x="162" y="67" width="3" height="4"/>
-      <rect class="cls-18" x="158" y="67" width="3" height="4"/>
-      <rect class="cls-18" x="158" y="72" width="3" height="4"/>
-    </g>
-    <g>
-      <rect class="cls-18" x="175" y="59" width="3" height="4"/>
-      <rect class="cls-18" x="175" y="54" width="3" height="4"/>
-      <rect class="cls-18" x="171" y="59" width="3" height="4"/>
-      <rect class="cls-18" x="171" y="54" width="3" height="4"/>
-    </g>
-    <g>
-      <rect class="cls-18" x="175" y="72" width="3" height="4"/>
-      <rect class="cls-18" x="175" y="67" width="3" height="4"/>
-      <rect class="cls-18" x="171" y="72" width="3" height="4"/>
-      <rect class="cls-18" x="171" y="67" width="3" height="4"/>
-    </g>
-    <g>
-      <rect class="cls-18" x="246" y="59" width="3" height="4"/>
-      <rect class="cls-18" x="246" y="54" width="3" height="4"/>
-      <rect class="cls-18" x="242" y="59" width="3" height="4"/>
-      <rect class="cls-18" x="242" y="54" width="3" height="4"/>
-      <g>
-        <rect class="cls-18" x="259" y="59" width="3" height="4"/>
-        <rect class="cls-18" x="259" y="54" width="3" height="4"/>
-        <rect class="cls-18" x="255" y="59" width="3" height="4"/>
-        <rect class="cls-18" x="255" y="54" width="3" height="4"/>
-      </g>
-    </g>
-    <g>
-      <rect class="cls-18" x="246" y="72" width="3" height="4"/>
-      <rect class="cls-18" x="246" y="67" width="3" height="4"/>
-      <rect class="cls-18" x="242" y="72" width="3" height="4"/>
-      <rect class="cls-18" x="242" y="67" width="3" height="4"/>
-      <g>
-        <rect class="cls-18" x="259" y="72" width="3" height="4"/>
-        <rect class="cls-18" x="259" y="67" width="3" height="4"/>
-        <rect class="cls-18" x="255" y="72" width="3" height="4"/>
-        <rect class="cls-18" x="255" y="67" width="3" height="4"/>
-      </g>
-    </g>
-    <path class="cls-19" d="M214.24,37.76a6,6,0,1,1-8.49,0A6,6,0,0,1,214.24,37.76Z"/>
-    <polyline class="cls-20" points="214.5 43 210 43 210 38"/>
-    <polygon class="cls-21" points="215 71 215 77 209 71 215 71"/>
-    <path class="cls-22" d="M162.67,80.42a3.3,3.3,0,0,1-.8,2.2,5,5,0,0,1-2.14,1.4l-.27.1a9.78,9.78,0,0,1-1.29.3c-1.33.22-6.55,0-8.25,0-3.73,0-6.75-2.12-6.75-4.75a4.46,4.46,0,0,1,2.65-3.77,2.75,2.75,0,0,1-1.15-2.23,1.79,1.79,0,0,1,0-.24,2.67,2.67,0,0,1,.67-1.58,2.72,2.72,0,0,1,2.06-.93,2.9,2.9,0,0,1,.76.1,9,9,0,0,1,.23-1.87,7.58,7.58,0,0,1,.6-1.7,4,4,0,0,1,3.42-2.53c1.81,0,3.35,1.66,4,4,2.11.09,3.79,1.51,3.79,3.24a2.81,2.81,0,0,1-.65,1.77,3.42,3.42,0,0,1,2.15,3,2.79,2.79,0,0,1-.29,1.21A2.94,2.94,0,0,1,162.67,80.42Z"/>
-    <path class="cls-23" d="M159.73,84l-.27.1a9.78,9.78,0,0,1-1.29.3h-8.25c-3.73,0-6.75-2.12-6.75-4.75a4.46,4.46,0,0,1,2.65-3.77,2.75,2.75,0,0,1-1.15-2.23,1.79,1.79,0,0,1,0-.24,2.65,2.65,0,0,1,.49.09,9,9,0,0,1,.18-1.67,2.72,2.72,0,0,1,2.06-.93,2.9,2.9,0,0,1,.76.1,9,9,0,0,1,.23-1.87,7.58,7.58,0,0,1,.6-1.7,2.84,2.84,0,0,1,.42,0c1.81,0,3.75,1,3.75,4,2.79-1,4.5.76,4.5,2.5a3.38,3.38,0,0,1-1.15,2.52c1.65,0,2.65.72,2.65,2a3.14,3.14,0,0,1-.79,2.21,2.94,2.94,0,0,1,1.29,2.29C159.67,83.21,159.74,83.65,159.73,84Z"/>
-  </g>
-  <g>
-    <g>
-      <polygon class="cls-3" points="93 36 93 50 109.5 33.5 93 36"/>
-      <rect class="cls-3" x="87" y="15" width="34" height="27" rx="3" ry="3"/>
-    </g>
-    <path class="cls-24" d="M121,18V31L105,15h13A3,3,0,0,1,121,18Z"/>
-    <rect class="cls-25" x="96" y="24" width="16" height="1"/>
-    <rect class="cls-25" x="96" y="28" width="16" height="1"/>
-    <rect class="cls-25" x="96" y="32" width="9" height="1"/>
-  </g>
-</svg>
diff --git a/education/images/education-partner-aep-2.svg b/education/images/education-partner-aep-2.svg
deleted file mode 100644
index 6bf0c2c3ac..0000000000
--- a/education/images/education-partner-aep-2.svg
+++ /dev/null
@@ -1,84 +0,0 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
-  <defs>
-    <style>
-      .cls-1 {
-        fill: #55a5e4;
-        opacity: 0.2;
-      }
-
-      .cls-2 {
-        fill: #fff;
-        stroke: #55a5e4;
-        stroke-miterlimit: 10;
-        stroke-width: 2px;
-      }
-
-      .cls-3 {
-        fill: #7750a3;
-      }
-
-      .cls-4 {
-        fill: #4d4e4e;
-      }
-
-      .cls-5 {
-        fill: #0078d7;
-      }
-
-      .cls-6 {
-        fill: #2b8fde;
-      }
-
-      .cls-7 {
-        fill: #0050c5;
-      }
-
-      .cls-8 {
-        fill: #b4a0ff;
-        opacity: 0.5;
-      }
-
-      .cls-9 {
-        fill: #bad80a;
-      }
-
-      .cls-10 {
-        fill: #ddec85;
-      }
-
-      .cls-11 {
-        fill: #80bceb;
-      }
-    </style>
-  </defs>
-  <title>education-partner-aep-2</title>
-  <g>
-    <path class="cls-1" d="M119.51,50.32a35.43,35.43,0,0,1,69.94-1.11,24.11,24.11,0,0,1,38.72,12.26,21.07,21.07,0,1,1,5,41.54H114.58c-12-2.44-21.08-13.6-21.08-26.35A26.34,26.34,0,0,1,119.51,50.32Z"/>
-    <g>
-      <path class="cls-2" d="M124.38,65.52a37.39,37.39,0,0,1,74-1.19,25.21,25.21,0,0,1,16.34-6,25.57,25.57,0,0,1,24.62,19.14,22,22,0,0,1,5.29-.67,22.61,22.61,0,0,1,0,45.21H119.17c-12.72-2.62-22.3-14.59-22.3-28.25A28.06,28.06,0,0,1,124.38,65.52Z"/>
-      <g>
-        <ellipse class="cls-3" cx="163" cy="69.36" rx="14.5" ry="16.5"/>
-        <path class="cls-3" d="M192.13,111.64a4.49,4.49,0,0,1-3.68,4.31,3.81,3.81,0,0,1-.59,0H139.14a4.46,4.46,0,0,1-4.28-4.36c-.46-9.16-1.5-20.22,4.78-26.38a15.69,15.69,0,0,1,7.53-4,20.35,20.35,0,0,0,14.42,7.84,14.71,14.71,0,0,0,1.49.07,16.36,16.36,0,0,0,1.87-.1,20.39,20.39,0,0,0,14.15-8C194.35,84.33,192.74,99.63,192.13,111.64Z"/>
-      </g>
-      <g>
-        <rect class="cls-4" x="142.5" y="49" width="3" height="18.75" rx="1.5" ry="1.5"/>
-        <path class="cls-5" d="M185.87,50l-8.37,3V63c0,4.17-6.83,8-14.62,8s-14.38-3.83-14.38-8V53l-8.63-3,23-8Z"/>
-        <path class="cls-6" d="M177.5,54v9c0,4.17-6.83,8-14.62,8s-14.38-3.83-14.38-8V54l14,7Z"/>
-        <polygon class="cls-7" points="163.5 63 177.5 58.05 177.5 53 163.5 58 148.5 53 148.5 58.05 163.5 63"/>
-        <path class="cls-4" d="M141.5,72V67.5c0-1.65.9-3,2-3h1c1.1,0,2,1.35,2,3V72Z"/>
-      </g>
-      <path class="cls-8" d="M192.13,111.64a4.49,4.49,0,0,1-3.68,4.31L161.59,89.09a14.71,14.71,0,0,0,1.49.07,16.36,16.36,0,0,0,1.87-.1,20.39,20.39,0,0,0,14.15-8C194.35,84.33,192.74,99.63,192.13,111.64Z"/>
-      <circle class="cls-9" cx="253.5" cy="78" r="53" transform="translate(19.09 202.1) rotate(-45)"/>
-      <path class="cls-10" d="M291,40.52a53,53,0,0,1,0,75l-75-75A53,53,0,0,1,291,40.52Z"/>
-      <polygon class="cls-5" points="118.5 81 121.16 87.85 128.5 88.27 122.81 92.92 124.68 100.02 118.5 96.05 112.32 100.02 114.19 92.92 108.5 88.27 115.84 87.85 118.5 81"/>
-      <g>
-        <polygon class="cls-5" points="258.49 70.32 256.48 78.17 247.28 114 241.48 104.19 237.54 106.53 231.68 109.99 242.88 66.31 258.49 70.32"/>
-        <polygon class="cls-6" points="256.48 78.17 247.28 114 241.48 104.19 237.54 106.53 245.54 75.35 256.48 78.17"/>
-        <polygon class="cls-5" points="276.04 106.88 268.44 104.11 265.33 102.98 261.44 113.68 242.92 73.93 242.38 72.8 256.98 66.01 276.04 106.88"/>
-        <polygon class="cls-6" points="268.44 104.11 265.33 102.98 261.44 113.68 242.92 73.93 252.32 69.55 268.44 104.11"/>
-        <polygon class="cls-7" points="252.05 47.01 258.09 43.14 261.38 49.51 268.55 49.18 268.22 56.35 274.6 59.64 270.72 65.69 274.6 71.73 268.22 75.02 268.55 82.19 261.38 81.86 258.09 88.23 252.05 84.36 246.01 88.23 242.71 81.86 235.54 82.19 235.88 75.02 229.5 71.73 233.37 65.69 229.5 59.64 235.88 56.35 235.54 49.18 242.71 49.51 246.01 43.14 252.05 47.01"/>
-        <path class="cls-11" d="M261,65.68a9,9,0,1,1-9-9A8.93,8.93,0,0,1,261,65.68Z"/>
-      </g>
-    </g>
-  </g>
-</svg>
diff --git a/education/images/education-partner-directory-3.svg b/education/images/education-partner-directory-3.svg
deleted file mode 100644
index ba8f644949..0000000000
--- a/education/images/education-partner-directory-3.svg
+++ /dev/null
@@ -1,95 +0,0 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
-  <defs>
-    <style>
-      .cls-1 {
-        fill: #55a5e4;
-      }
-
-      .cls-11, .cls-2, .cls-3 {
-        fill: #fff;
-      }
-
-      .cls-2, .cls-5, .cls-9 {
-        stroke: #556a8a;
-        stroke-width: 2px;
-      }
-
-      .cls-2, .cls-5 {
-        stroke-linecap: round;
-        stroke-linejoin: round;
-      }
-
-      .cls-4 {
-        fill: #556a8a;
-      }
-
-      .cls-10, .cls-5, .cls-7, .cls-9 {
-        fill: none;
-      }
-
-      .cls-6 {
-        fill: #e5e5e5;
-      }
-
-      .cls-7 {
-        stroke: #a7a9ac;
-      }
-
-      .cls-7, .cls-9 {
-        stroke-miterlimit: 10;
-      }
-
-      .cls-8 {
-        fill: #d4e2f5;
-      }
-
-      .cls-11 {
-        opacity: 0.1;
-      }
-
-      .cls-12 {
-        fill: #e4edf1;
-        opacity: 0.34;
-      }
-    </style>
-  </defs>
-  <title>education-partner-directory-3</title>
-  <g>
-    <path class="cls-1" d="M117,66.32a35.43,35.43,0,0,1,69.94-1.11,24.11,24.11,0,0,1,38.72,12.26,21.07,21.07,0,1,1,5,41.54H112.08c-12-2.44-21.08-13.6-21.08-26.35A26.34,26.34,0,0,1,117,66.32Z"/>
-    <rect class="cls-2" x="185" y="29" width="124" height="97"/>
-    <path class="cls-3" d="M247,124a13.75,13.75,0,0,0-9-4H196V23h43c7,0,8,10,8,10s1-10,8-10h43v97H256a13.75,13.75,0,0,0-9,4"/>
-    <rect class="cls-4" x="246" y="30" width="2" height="93.32"/>
-    <path class="cls-5" d="M247,124a13.75,13.75,0,0,0-9-4H196V23h43c7,0,8,10,8,10s1-10,8-10h43v97H256a13.75,13.75,0,0,0-9,4"/>
-    <rect class="cls-6" x="197" y="24" width="15" height="95"/>
-    <rect class="cls-6" x="282" y="24" width="15" height="95"/>
-    <g>
-      <line class="cls-7" x1="216" y1="42" x2="240" y2="42"/>
-      <line class="cls-7" x1="216" y1="53" x2="240" y2="53"/>
-      <line class="cls-7" x1="216" y1="64" x2="240" y2="64"/>
-      <line class="cls-7" x1="216" y1="75" x2="240" y2="75"/>
-      <line class="cls-7" x1="216" y1="86" x2="240" y2="86"/>
-      <line class="cls-7" x1="216" y1="97" x2="240" y2="97"/>
-    </g>
-    <g>
-      <circle class="cls-3" cx="192" cy="42" r="32"/>
-      <path class="cls-3" d="M222.5,41.75a2.09,2.09,0,0,1,0,.25A30.24,30.24,0,0,1,162,42a2.09,2.09,0,0,1,0-.25,30.25,30.25,0,0,1,60.5,0Z"/>
-      <path class="cls-8" d="M192.25,72.5A30.82,30.82,0,0,1,161.51,42v-.5H223V42A30.82,30.82,0,0,1,192.25,72.5Z"/>
-      <path class="cls-4" d="M192,12a30,30,0,1,1-30,30,30,30,0,0,1,30-30m0-2a32,32,0,1,0,32,32,32,32,0,0,0-32-32Z"/>
-      <path class="cls-4" d="M192,12c5.71,0,12.08,12.32,12.08,30S197.71,72,192,72s-12.08-12.32-12.08-30S186.29,12,192,12m0-2c-7.78,0-14.08,14.33-14.08,32s6.3,32,14.08,32,14.08-14.33,14.08-32S199.78,10,192,10Z"/>
-      <path class="cls-9" d="M217.88,25c-4.63,1.39-14.57,2.36-26.09,2.36s-21.67-1-26.23-2.4"/>
-      <path class="cls-9" d="M165.55,58.32c4.34-1.41,14.49-2.4,26.33-2.4,11.54,0,21.49.94,26,2.3"/>
-      <line class="cls-9" x1="160.94" y1="42" x2="223.33" y2="42"/>
-      <rect class="cls-10" x="160" y="10" width="64" height="64"/>
-    </g>
-    <g>
-      <line class="cls-7" x1="254" y1="42" x2="278" y2="42"/>
-      <line class="cls-7" x1="254" y1="53" x2="278" y2="53"/>
-      <line class="cls-7" x1="254" y1="64" x2="278" y2="64"/>
-      <line class="cls-7" x1="254" y1="75" x2="278" y2="75"/>
-      <line class="cls-7" x1="254" y1="86" x2="278" y2="86"/>
-      <line class="cls-7" x1="254" y1="97" x2="278" y2="97"/>
-    </g>
-    <path class="cls-11" d="M124.22,73a31.49,31.49,0,0,1,62.17-1,21.43,21.43,0,0,1,34.42,10.89,18.73,18.73,0,1,1,4.45,36.93H119.84c-10.69-2.17-18.74-12.09-18.74-23.43A23.42,23.42,0,0,1,124.22,73Z"/>
-    <path class="cls-12" d="M161.43,74.55a15.53,15.53,0,1,0-5.55,7.23v5.07h4.92v5.67h6.48V99H177V89.56Zm-18.61-7.11a4,4,0,1,1,4-4A4,4,0,0,1,142.82,67.44Z"/>
-  </g>
-</svg>
diff --git a/education/images/education-partner-mepn-1.svg b/education/images/education-partner-mepn-1.svg
deleted file mode 100644
index b2585e2969..0000000000
--- a/education/images/education-partner-mepn-1.svg
+++ /dev/null
@@ -1,103 +0,0 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
-  <defs>
-    <style>
-      .cls-1 {
-        fill: #0078d7;
-        isolation: isolate;
-      }
-
-      .cls-2 {
-        fill: #2dbceb;
-        opacity: 0.41;
-      }
-
-      .cls-3 {
-        fill: #556a8a;
-      }
-
-      .cls-4 {
-        fill: #bad80a;
-      }
-
-      .cls-14, .cls-5 {
-        fill: none;
-      }
-
-      .cls-5 {
-        stroke: #556a8a;
-      }
-
-      .cls-5, .cls-8 {
-        stroke-miterlimit: 10;
-        stroke-width: 2px;
-      }
-
-      .cls-6, .cls-8 {
-        fill: #fff;
-      }
-
-      .cls-7 {
-        fill: #e5e5e5;
-      }
-
-      .cls-8 {
-        stroke: #55a5e4;
-      }
-
-      .cls-9 {
-        fill: #55a5e4;
-        opacity: 0.3;
-      }
-
-      .cls-10 {
-        fill: #2b6dcf;
-      }
-
-      .cls-11 {
-        fill: #558ad8;
-      }
-
-      .cls-12 {
-        fill: #939598;
-      }
-
-      .cls-13 {
-        fill: #4d4d4d;
-      }
-    </style>
-  </defs>
-  <title>education-partner-mepn-1</title>
-  <g>
-    <ellipse class="cls-1" cx="104.5" cy="29.46" rx="10" ry="12.46"/>
-    <path class="cls-1" d="M87.5,101.43V140H98.58c1.54-13.16,3.6-30.57,3.94-32.83.43-2.76,4.7-2.76,5.12,0,.35,2.26,2.74,19.67,4.45,32.83h10.4V99h6l-.33-12.33-.67-25.2,8.42,2.19a4.54,4.54,0,0,0,1.93.25,4.49,4.49,0,0,0,1.48-.38l19-9.45a4.54,4.54,0,1,0-3.75-8.27L138,52.64,122.08,48c-.93-.28-1.91-.57-2.94-.86l0,0c-2.06-.58-4.18-1.16-5.79-1.59l-2.7-.72-6,12.48h-.1l-6-12.48s-5.77,1.3-9.89,2.39L87,47.6A8.84,8.84,0,0,0,81.48,52,11.43,11.43,0,0,0,80.2,56.4c-.61,6.36-.6,20.59-1.12,26.31-.19,2-.2,8.56,2.07,11.48A88.76,88.76,0,0,0,87.5,101.43Z"/>
-    <path class="cls-2" d="M158.36,54.08l-19,9.45a4.49,4.49,0,0,1-1.48.38,4.54,4.54,0,0,1-1.93-.25l-8.42-2.19.67,25.2L128.5,99l-47-47A8.84,8.84,0,0,1,87,47.6l1.63-.44c4.12-1.09,9.89-2.39,9.89-2.39l6,12.48h.1l6-12.48,2.7.72c1.61.43,3.73,1,5.79,1.59l0,0c1,.29,2,.58,2.94.86L138,52.64l16.63-6.83a4.54,4.54,0,1,1,3.75,8.27Z"/>
-  </g>
-  <g>
-    <path class="cls-3" d="M136.66,40.43h3.41l-.09-18h-3.32c-2.2,0-4.65,4.35-4.62,9S134.46,40.45,136.66,40.43Z"/>
-    <path class="cls-4" d="M134.62,31.53c0-5,1.74-9,3.94-9a14,14,0,0,1,1.76,0c1.91.67,2.25,4.46,2.27,8.93s.22,8.36-1.72,9c-.17.05-2,0-2.22,0C136.45,40.5,134.65,36.49,134.62,31.53Z"/>
-    <path class="cls-5" d="M158.39,35.18h-2.7a7.65,7.65,0,1,0,0,15.3h2.7a7.65,7.65,0,1,0,0-15.3Z"/>
-    <path class="cls-6" d="M179.06,31.52v-.08c0-8.74,1-15.81,3-19-3.7,1.91-12.29,4.88-22.83,7.61-5,1.3-19.12,3.36-19.17,3.39-1.53,1.53-1.9,5.59-2,7.37,0,.27,0,.48,0,.63,0,1.13.24,6.24,2,8,0,0,14.21,2.09,19.17,3.39,10.54,2.73,19.13,5.7,22.83,7.61-1.6-2.54-2.56-7.62-2.87-14.07C179.1,34.85,179.06,33.22,179.06,31.52Z"/>
-    <path class="cls-7" d="M182,50.48c-3.7-1.91-12.29-4.88-22.83-7.61-5-1.3-19.12-3.36-19.17-3.39-1.76-1.76-2-8.36-1.65-7.8,0,0,12,1.55,18.65,2.8s22,6,22,6C179,46.1,180.44,47.94,182,50.48Z"/>
-    <path class="cls-5" d="M179.06,31.48v0c0-8,.83-14.61,2.5-18.08.15-.32-.38,0-.21-.3-.47.24.81-.56.19-.28a168.81,168.81,0,0,1-22.33,7.31c-5,1.3-19.12,3.36-19.17,3.39-1.76,1.76-2,6.87-2,8s.24,6.24,2,8c.05,0,14.21,2.09,19.17,3.39,10.54,2.73,17.5,5.11,21.2,7-.25-.39,1,.61.75.09-1.52-3.58-2.1-10.83-2.1-18.47Z"/>
-    <path class="cls-4" d="M190.57,31.5c0,8.33-2.32,15.48-4.24,18.7-.68,1.15-1.45,1.8-2.25,1.8a2.59,2.59,0,0,1-2-1.36c-1.58-2.27-2.81-7.18-3.29-13.28-.15-1.86-.23-3.82-.23-5.86s.08-4,.23-5.9c.49-6.08,1.71-11,3.29-13.23a2.58,2.58,0,0,1,2-1.37c.8,0,1.57.64,2.25,1.81C188.25,16,190.57,23.19,190.57,31.5Z"/>
-    <path class="cls-3" d="M186,31.48a6,6,0,0,1-6,6,6.09,6.09,0,0,1-1.22-.12c-.15-1.86-.23-3.82-.23-5.86s.08-4,.23-5.9a6.08,6.08,0,0,1,1.22-.12A6,6,0,0,1,186,31.48Z"/>
-    <path class="cls-5" d="M190.57,31.5c0,8.33-2.32,15.48-4.24,18.7-.68,1.15-1.45,1.8-2.25,1.8a2.57,2.57,0,0,1-2-1.36c-2.06-3-3.52-10.4-3.52-19.14s1.46-16.17,3.52-19.13a2.59,2.59,0,0,1,2-1.37c.8,0,1.57.65,2.25,1.81C188.25,16,190.57,23.19,190.57,31.5Z"/>
-  </g>
-  <line class="cls-5" x1="194" y1="31" x2="215" y2="31"/>
-  <line class="cls-5" x1="194" y1="27" x2="206.5" y2="14.5"/>
-  <line class="cls-5" x1="206" y1="48" x2="194" y2="36"/>
-  <path class="cls-8" d="M205,119.49a25.36,25.36,0,0,1-.21-49.42c1.86-11.89,12-21,23.91-21A24,24,0,0,1,249.1,60.55,24.2,24.2,0,0,1,259.85,58c10.36,0,33.33-3.63,30.34,8.46,1.56-.33-4,7.57-2.39,7.57a22.89,22.89,0,0,1,9.69,43.64l-.35.15a21.08,21.08,0,0,1-6.77,1.85l-.57.06c-3,.26-7,.31-13.37.31H209.83A20.74,20.74,0,0,1,205,119.49Z"/>
-  <path class="cls-9" d="M174.53,84.54a28.34,28.34,0,0,1,56-.89,19.29,19.29,0,0,1,31,9.8,16.86,16.86,0,1,1,4,33.23H170.59a21.56,21.56,0,0,1-16.87-21.08A21.08,21.08,0,0,1,174.53,84.54Z"/>
-  <g>
-    <path class="cls-10" d="M314.4,68.17A45.49,45.49,0,1,1,301.08,36,45.41,45.41,0,0,1,314.4,68.17Z"/>
-    <path class="cls-11" d="M314.4,68.17a45.41,45.41,0,0,1-12.61,31.47L237.44,35.28a45.51,45.51,0,0,1,77,32.89Z"/>
-    <polygon class="cls-12" points="242.76 42.03 260.86 76.21 295.04 94.31 273.17 62.48 242.76 42.03"/>
-    <rect class="cls-6" x="267.48" y="26.94" width="2.84" height="12.8"/>
-    <rect class="cls-6" x="267.48" y="96.61" width="2.84" height="12.8"/>
-    <rect class="cls-6" x="232.65" y="61.77" width="2.84" height="12.8" transform="translate(165.9 302.24) rotate(-90)"/>
-    <rect class="cls-6" x="302.32" y="61.77" width="2.84" height="12.8" transform="translate(235.57 371.91) rotate(-90)"/>
-    <polygon class="cls-13" points="242.76 42.03 295.04 94.31 276.95 60.13 242.76 42.03"/>
-    <circle class="cls-6" cx="268.9" cy="68.17" r="4.27" transform="translate(30.56 210.11) rotate(-45)"/>
-    <rect class="cls-14" x="223.4" y="22.67" width="91" height="91"/>
-  </g>
-</svg>
diff --git a/education/images/education-partner-yammer.svg b/education/images/education-partner-yammer.svg
deleted file mode 100644
index c92245652e..0000000000
--- a/education/images/education-partner-yammer.svg
+++ /dev/null
@@ -1,19 +0,0 @@
-<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
-  <defs>
-    <style>
-      .cls-1 {
-        fill: #0072c6;
-      }
-    </style>
-  </defs>
-  <title>education-partner-yammer</title>
-  <g>
-    <path class="cls-1" d="M350,57.16a2.71,2.71,0,0,1-2.7,2.7c-1.49,0-16-1-16-2.54s14.53-2.87,16-2.87A2.7,2.7,0,0,1,350,57.16Zm-6.5-16.23a2.7,2.7,0,0,1-1,3.68c-1.3.73-14.48,6.95-15.21,5.64s11.26-9.63,12.56-10.36A2.7,2.7,0,0,1,343.5,40.94ZM339.82,74.8c-1.3-.73-13.29-9.06-12.56-10.36s13.91,4.91,15.21,5.64a2.7,2.7,0,0,1-2.65,4.71Z"/>
-    <path class="cls-1" d="M182.3,91.73a3.38,3.38,0,0,0,6.73.36V70.9C189,60.46,187.13,54,175.56,54c-6.13,0-9.84,2.93-12.77,7.68C161.5,58.91,158.74,54,150,54c-6.65,0-9.76,3.71-11.57,7.68h-.17c0-1.26,0-2.52-.1-3.77a3.21,3.21,0,0,0-6.34.55c.1,1.86.22,3.9.22,6.15V91.8a3.38,3.38,0,0,0,6.74.34V75.73c0-9.23,1.91-15.54,10.62-15.54,5.52,0,7.76,3.45,7.76,12.34V91.81a3.38,3.38,0,0,0,6.73.33v-20c0-7.25,4.75-11.91,10.44-11.91,7.85,0,7.94,5.44,7.94,11Z"/>
-    <path class="cls-1" d="M245,91.73a3.38,3.38,0,0,0,6.73.36V70.9c0-10.44-1.91-16.91-13.47-16.91-6.13,0-9.84,2.93-12.77,7.68C224.2,58.91,221.44,54,212.73,54c-6.65,0-9.76,3.71-11.58,7.68H201c0-1.26,0-2.52-.1-3.77a3.21,3.21,0,0,0-6.34.55c.1,1.86.22,3.9.22,6.15V91.8a3.38,3.38,0,0,0,6.74.34V75.73c0-9.23,1.91-15.54,10.62-15.54,5.52,0,7.76,3.45,7.76,12.34V91.81a3.38,3.38,0,0,0,6.73.33v-20c0-7.25,4.75-11.91,10.44-11.91,7.85,0,7.94,5.44,7.94,11Z"/>
-    <path class="cls-1" d="M70.05,86.22c-2.07,5.84-4,8.57-8.38,8.57-.43,0-1.9-.09-2-.1a3.07,3.07,0,0,0-1,6,20.2,20.2,0,0,0,3.44.28c8.1,0,10.78-4.67,13.46-11.48L91.38,50.08A3.39,3.39,0,0,0,85,47.88L73.85,77.24h-.17L62,47.66a3.59,3.59,0,0,0-6.66,2.65Z"/>
-    <path class="cls-1" d="M126.07,91.54c-.08-1-.14-2.15-.14-3.12V71.07c0-11.39-5-17.08-16.91-17.08A23.52,23.52,0,0,0,95.5,58.07a3.13,3.13,0,0,0,4,4.79,19.12,19.12,0,0,1,9.69-2.66c6.3,0,10,3,10,8.89V70.3h-2.59c-9.92,0-25.46.77-25.46,14.15,0,7.85,6.82,12,15,12a15.26,15.26,0,0,0,13.29-7.07h.18c0,.91,0,2,.08,3.18a3.22,3.22,0,0,0,6.35-1Zm-6.87-13c-.17,6.56-4.14,12.17-11.91,12.17-5.09,0-8.89-1.9-8.89-7,0-5.44,5.52-7.77,14.07-7.77h6.73Z"/>
-    <path class="cls-1" d="M308.24,58a3.24,3.24,0,0,0-6.37-.12c.1,2,.25,4.27.25,6.75V92.08a3.37,3.37,0,0,0,6.73-.36v-16c0-9.23,3.62-15,11.82-15,.39,0,.93,0,1.33.07a3.4,3.4,0,0,0,.09-6.81h0c-6.9.08-11.8,3.77-13.58,7.69h-.17c0-1.24,0-2.48-.1-3.7"/>
-    <path class="cls-1" d="M296.91,72.48c-.91-11.84-8.4-18.65-19.06-18.65-11.91,0-20.71,8.71-20.71,21.23,0,11.73,7.76,21.23,20.45,21.23,6.06,0,10.93-1.49,15.09-5.29a3.14,3.14,0,0,0-3.94-4.83,15.27,15.27,0,0,1-10.82,4c-8.54,0-13.71-5.19-14-13l29.76,0a3.6,3.6,0,0,0,1.68-.3,2.72,2.72,0,0,0,1.52-2A21.05,21.05,0,0,0,296.91,72.48Zm-32.94-1c1-7.08,5.81-11.79,13.59-11.79s12.56,4.72,13,11.79Z"/>
-  </g>
-</svg>
diff --git a/education/images/education-pro-usb.svg b/education/images/education-pro-usb.svg
deleted file mode 100644
index fa714e3b69..0000000000
--- a/education/images/education-pro-usb.svg
+++ /dev/null
@@ -1,111 +0,0 @@
-<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
-  <defs>
-    <style>
-      .cls-1 {
-        fill: #2b6dcf;
-      }
-
-      .cls-2 {
-        fill: #9273b6;
-        fill-rule: evenodd;
-      }
-
-      .cls-3 {
-        fill: #221f1f;
-      }
-
-      .cls-4 {
-        fill: #80bceb;
-      }
-
-      .cls-5 {
-        fill: #939598;
-      }
-
-      .cls-6 {
-        fill: #414042;
-      }
-
-      .cls-7 {
-        fill: #6d6e71;
-      }
-
-      .cls-8 {
-        fill: #bcbec0;
-      }
-
-      .cls-9 {
-        fill: #bad80a;
-      }
-
-      .cls-10 {
-        fill: #aad2f2;
-      }
-
-      .cls-11, .cls-12 {
-        fill: none;
-        stroke-miterlimit: 10;
-        stroke-width: 2px;
-      }
-
-      .cls-11 {
-        stroke: #414042;
-        stroke-linecap: round;
-      }
-
-      .cls-12 {
-        stroke: #808285;
-      }
-
-      .cls-13 {
-        fill: #808285;
-      }
-
-      .cls-14 {
-        fill: #2b8fde;
-      }
-    </style>
-  </defs>
-  <title>education-pro-usb</title>
-  <path class="cls-1" d="M99.47,73.06A1.4,1.4,0,0,0,98,71.65l-5.79-.72A22.51,22.51,0,0,0,91.5,67l4.69-3.19A1.51,1.51,0,0,0,97,61.75l-1.51-3.49a1.3,1.3,0,0,0-1.87-.58L87.85,59,85.93,56l3.22-4.62a1.56,1.56,0,0,0-.05-2.06l-2.94-2.84a1.86,1.86,0,0,0-2.07.05L79.6,49.89c-1-.6-2.29-1.4-3.33-2l1.13-5.81a1.41,1.41,0,0,0-.85-1.64L73,39.07a1.32,1.32,0,0,0-1.86.65l-3,5.23a11.81,11.81,0,0,0-3.73-.76l-.93-5.76A1.42,1.42,0,0,0,62,37l-3.92.29c-.63-.19-1.24.44-1.43,1.06l-.92,6a12.34,12.34,0,0,0-3.7.89l-3.2-5.09A2.09,2.09,0,0,0,47,39.57L43.29,41.3a1.42,1.42,0,0,0-.8,1.66L44,48.51c-1,.64-2,1.69-3.05,2.34l-4.82-3.42a1.26,1.26,0,0,0-1.66.08,1,1,0,0,0-.19.16l-1.69,1.75-.94,1,0,0a1.33,1.33,0,0,0-.15,1.83l3.6,4.68a17.53,17.53,0,0,0-2.21,3.56L27.09,59A1.82,1.82,0,0,0,25.25,60l-1.38,3.54a1.78,1.78,0,0,0,.87,2.05l5,2.79c-.4,1.25-.37,2.49-.77,3.74l-5.76.94A1.81,1.81,0,0,0,22,74.77l.07,3.71a1.8,1.8,0,0,0,1.27,1.64l6,.51a23.64,23.64,0,0,0,.89,4.11l-5.11,3.19a1.32,1.32,0,0,0-.58,1.88l1.51,3.48a1.94,1.94,0,0,0,1.89,1l5.75-1.76c.64,1,1.28,2,1.92,3.06l-3.43,4.82a2,2,0,0,0,.24,1.85l3,2.83a1.55,1.55,0,0,0,1.85.18l4.7-3.61c1,.61,2.29,1.41,3.33,2l-1.12,5.82a1.39,1.39,0,0,0,.86,1.63l3.74,1.58A1.75,1.75,0,0,0,50.6,112l2.79-5c1.25,0,2.5.36,3.73.34l.73,6a1.81,1.81,0,0,0,1.68,1.2l3.93.14a2.52,2.52,0,0,0,1.41-1.47l.73-5.81c1.44-.23,2.67-.67,4.11-.9l3,4.9a1.42,1.42,0,0,0,1.88.58L78,110.47a1.69,1.69,0,0,0,1-1.88L77.5,103a14.87,14.87,0,0,0,3.06-2.33l4.81,3.42a1.39,1.39,0,0,0,2.07,0l1.79-1.86.63-.66.22-.22a1.44,1.44,0,0,0,.43-1.08,1.39,1.39,0,0,0-.48-1l-3.6-4.7A10.18,10.18,0,0,0,88.64,91l5.82,1.55a1.41,1.41,0,0,0,1.63-.86L97.68,88A2.1,2.1,0,0,0,97,86.13l-5.22-3a10.36,10.36,0,0,0,.55-3.53l6-1.15c.61-.22,1.22-.85,1.22-1.27Zm-31.8,7.61a9,9,0,1,1,1.79-6A9,9,0,0,1,67.67,80.67Z"/>
-  <path class="cls-2" d="M130.63,34.53l-3-.43c-.22-.65-.22-1.3-.43-1.95l2.6-1.51a.79.79,0,0,0,.43-1.08l-.87-1.73c0-.43-.43-.65-.87-.65l-3,.87a4.71,4.71,0,0,0-1.08-1.73l1.73-2.6a.66.66,0,0,0,0-.87l-1.52-1.51a.66.66,0,0,0-.87,0l-2.6,1.73c-.43-.43-1.08-.65-1.52-1.08l.65-3c.22-.22,0-.65-.43-.87l-1.73-.65a1,1,0,0,0-1.08.22l-1.52,2.6c-.65-.22-1.3-.22-2.17-.43l-.43-3a.69.69,0,0,0-.65-.65h-2.17a.69.69,0,0,0-.65.65l-.43,3c-.65.22-1.3.22-1.95.43l-1.52-2.6c-.22-.43-.65-.43-1.08-.43l-1.95.87c-.22,0-.43.43-.43.87l.87,3a4.72,4.72,0,0,0-1.73,1.08l-2.6-1.73a.66.66,0,0,0-.87,0L96.2,22.85a.66.66,0,0,0,0,.87l1.73,2.6c-.43.43-.65,1.08-1.08,1.51l-3-.65c-.22-.22-.65,0-.87.43l-.87,1.73c0,.43,0,.87.43,1.08l2.6,1.51c-.22.65-.22,1.51-.43,2.16l-3,.43a.69.69,0,0,0-.65.65v2.16a.57.57,0,0,0,.65.65l3,.43a6.31,6.31,0,0,0,.43,1.95l-2.6,1.51A.79.79,0,0,0,92.08,43l.87,1.95c0,.22.43.43.87.43l3-.87a4.71,4.71,0,0,0,1.08,1.73l-1.73,2.6a1,1,0,0,0,0,1.08l1.52,1.3c.22.22.65.43.87.22l2.6-1.95a3.88,3.88,0,0,0,1.52,1.08l-.65,3c-.22.22,0,.65.43.87l1.73.87c.43,0,.87,0,1.08-.43l1.52-2.6a6.41,6.41,0,0,0,2.17.43l.43,3a.69.69,0,0,0,.65.65h2.17a.69.69,0,0,0,.65-.65l.43-3a6.33,6.33,0,0,0,1.95-.43l1.52,2.6a.79.79,0,0,0,1.08.43l1.95-.87c.22,0,.43-.43.43-.87l-.87-3a4.72,4.72,0,0,0,1.73-1.08l2.6,1.95c.22.22.65,0,.87-.22l1.52-1.3a1,1,0,0,0,0-1.08l-1.73-2.6a9.16,9.16,0,0,0,1.08-1.51l3,.87a1.16,1.16,0,0,0,.87-.65l.87-1.73c0-.43,0-.87-.43-1.08l-2.6-1.51c.22-.65.22-1.3.43-2.16l3-.43a.57.57,0,0,0,.65-.65V35.18a.69.69,0,0,0-.65-.65Zm-7.15,5a1,1,0,0,1-1.52.65l-5-3.24c-.65-.22-.65-.87,0-1.3l5-3.24a1.12,1.12,0,0,1,1.52.65,15.77,15.77,0,0,1,.43,3.24,13.25,13.25,0,0,1-.43,3.24Zm-1.3-9.73a1,1,0,0,1-.65,1.51l-5.85,1.3c-.65.22-1.08-.22-.87-.87l1.3-5.84c.22-.87.87-1.08,1.52-.65a14.3,14.3,0,0,1,2.6,1.95,14.29,14.29,0,0,1,1.95,2.6Zm-14.29-6.06a12.41,12.41,0,0,1,6.5,0,1,1,0,0,1,.65,1.51l-3.25,5.19c-.43.65-1.08.65-1.3,0l-3.25-5.19a1,1,0,0,1,.65-1.51Zm6.5,12.55a3.25,3.25,0,0,1-6.5,0,3.26,3.26,0,0,1,6.5,0ZM104.64,25a1,1,0,0,1,1.52.65l1.3,5.84c.22.65-.22,1.08-1.08,1.08l-5.63-1.51c-.87-.22-1.08-.87-.65-1.51A7.81,7.81,0,0,1,102,27a14.3,14.3,0,0,1,2.6-1.95ZM98.58,39.29A13.25,13.25,0,0,1,98.15,36a15.77,15.77,0,0,1,.43-3.24.93.93,0,0,1,1.52-.43l5.2,3a.83.83,0,0,1,0,1.51l-5.2,3c-.65.43-1.3.22-1.52-.65Zm1.3,3.46a1,1,0,0,1,.65-1.51l5.85-1.51c.65-.22,1.08.22,1.08,1.08l-1.52,5.84a1.12,1.12,0,0,1-1.52.65,14.3,14.3,0,0,1-2.6-1.95c-1.08-1.3-1.95-2.6-1.95-2.6Zm14.29,5.84a13.29,13.29,0,0,1-3.25.43,15.82,15.82,0,0,1-3.25-.43,1.12,1.12,0,0,1-.65-1.51l3.25-5c.43-.65,1.08-.65,1.3,0l3.25,5c.43.65.22,1.3-.65,1.51Zm3.25-1.3c-.65.43-1.3.22-1.52-.65l-1.3-5.84c-.22-.65.22-1.08,1.08-.87l5.85,1.3a1.12,1.12,0,0,1,.65,1.51,14.29,14.29,0,0,1-1.95,2.6,22.45,22.45,0,0,1-2.82,1.95Z"/>
-  <g>
-    <path class="cls-3" d="M380,125H236.81c-4.71,0-5.81-3-5.81-3H385A5.43,5.43,0,0,1,380,125Z"/>
-    <g>
-      <path class="cls-3" d="M367,120H249a3,3,0,0,1-3-3V19a3,3,0,0,1,3-3H367a3,3,0,0,1,3,3v98A3,3,0,0,1,367,120Z"/>
-      <rect class="cls-4" x="250" y="20" width="116" height="96"/>
-    </g>
-    <polygon class="cls-5" points="385 122 370 107 245.94 107 231 122 385 122"/>
-  </g>
-  <polygon class="cls-3" points="323 119 293 119 294 116 322 116 323 119"/>
-  <g>
-    <polygon class="cls-6" points="217.1 60.08 199.2 42.82 180.82 61.2 200.62 81 217.13 64.49 217.1 60.08"/>
-    <g>
-      <path class="cls-7" d="M197.32,79.89,176.11,58.68l19.8-19.8L217.12,60.1Z"/>
-      <rect class="cls-8" x="184.61" y="46.39" width="24" height="26" transform="translate(15.59 156.42) rotate(-45)"/>
-    </g>
-    <rect class="cls-6" x="193.2" y="48.32" width="4" height="8" transform="translate(94.17 -122.7) rotate(45)"/>
-    <rect class="cls-6" x="201.68" y="56.8" width="4" height="8" transform="translate(102.65 -126.22) rotate(45)"/>
-    <path class="cls-6" d="M209,75,180.35,51.37,140.75,91a6,6,0,0,0,0,8.49l19.8,19.8a6,6,0,0,0,8.49,0L209,80Z"/>
-    <path class="cls-7" d="M181,47,140.75,87a6,6,0,0,0,0,8.49l19.8,19.8a6,6,0,0,0,8.49,0L209,75Z"/>
-    <rect class="cls-9" x="144.07" y="96.43" width="28" height="3" transform="translate(115.54 -83.09) rotate(45)"/>
-    <rect class="cls-9" x="149.73" y="90.77" width="28" height="3" transform="translate(113.2 -88.75) rotate(45)"/>
-  </g>
-  <polygon class="cls-10" points="366 20 366 62 324 20 366 20"/>
-  <rect class="cls-3" x="246" y="104" width="124" height="3"/>
-  <g>
-    <line class="cls-11" x1="220" y1="76" x2="275.66" y2="76"/>
-    <polygon class="cls-6" points="270.02 82.95 268.86 81.71 275 76 268.86 70.29 270.02 69.05 277.5 76 270.02 82.95"/>
-  </g>
-  <g>
-    <path class="cls-12" d="M12,101.14c23.68,36.51,76.75,33.09,105.28-2.29"/>
-    <polygon class="cls-13" points="118.93 107.61 117.23 107.69 116.82 99.32 108.5 100.34 108.29 98.66 118.42 97.41 118.93 107.61"/>
-  </g>
-  <g>
-    <rect class="cls-10" x="280" y="36" width="56" height="2"/>
-    <rect class="cls-10" x="280" y="46" width="56" height="2"/>
-    <rect class="cls-10" x="280" y="56" width="56" height="2"/>
-    <rect class="cls-10" x="280" y="66" width="33" height="2"/>
-  </g>
-  <path class="cls-14" d="M99.47,73.06A1.4,1.4,0,0,0,98,71.65l-5.79-.72A22.51,22.51,0,0,0,91.5,67l4.69-3.19A1.51,1.51,0,0,0,97,61.75l-1.51-3.49a1.3,1.3,0,0,0-1.87-.58L87.85,59,85.93,56l3.22-4.62a1.56,1.56,0,0,0-.05-2.06l-2.94-2.84a1.86,1.86,0,0,0-2.07.05L79.6,49.89c-1-.6-2.29-1.4-3.33-2l1.13-5.81a1.41,1.41,0,0,0-.85-1.64L73,39.07a1.32,1.32,0,0,0-1.86.65l-3,5.23a11.81,11.81,0,0,0-3.73-.76l-.93-5.76A1.42,1.42,0,0,0,62,37l-3.92.29c-.63-.19-1.24.44-1.43,1.06l-.92,6a12.34,12.34,0,0,0-3.7.89l-3.2-5.09A2.09,2.09,0,0,0,47,39.57L43.29,41.3a1.42,1.42,0,0,0-.8,1.66L44,48.51c-1,.64-2,1.69-3.05,2.34l-4.82-3.42a1.26,1.26,0,0,0-1.66.08L55.07,68.07a9,9,0,0,1,12.6,12.6h0l21.56,21.56.63-.66.22-.22a1.44,1.44,0,0,0,.43-1.08,1.39,1.39,0,0,0-.48-1l-3.6-4.7A10.18,10.18,0,0,0,88.64,91l5.82,1.55a1.41,1.41,0,0,0,1.63-.86L97.68,88A2.1,2.1,0,0,0,97,86.13l-5.22-3a10.36,10.36,0,0,0,.55-3.53l6-1.15c.61-.22,1.22-.85,1.22-1.27Z"/>
-</svg>
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
deleted file mode 100644
index c0a273e836..0000000000
--- a/education/includes/education-content-updates.md
+++ /dev/null
@@ -1,52 +0,0 @@
-<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
-

-
-
-## Week of September 19, 2022
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 9/20/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
-
-
-## Week of September 12, 2022
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 9/13/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
-| 9/14/2022 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
-| 9/14/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
-
-
-## Week of September 05, 2022
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 9/8/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
-| 9/8/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
-| 9/8/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
-| 9/9/2022 | [Take tests in Windows](/education/windows/take-tests-in-windows-10) | modified |
-
-
-## Week of August 29, 2022
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 8/31/2022 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | added |
-| 8/31/2022 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | added |
-| 8/31/2022 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | added |
-| 8/31/2022 | [Enrollment in Intune with standard out-of-box experience (OOBE)](/education/windows/tutorial-school-deployment/enroll-aadj) | added |
-| 8/31/2022 | [Enrollment in Intune with Windows Autopilot](/education/windows/tutorial-school-deployment/enroll-autopilot) | added |
-| 8/31/2022 | [Device enrollment overview](/education/windows/tutorial-school-deployment/enroll-overview) | added |
-| 8/31/2022 | [Enrollment of Windows devices with provisioning packages](/education/windows/tutorial-school-deployment/enroll-package) | added |
-| 8/31/2022 | [Introduction](/education/windows/tutorial-school-deployment/index) | added |
-| 8/31/2022 | [Manage devices with Microsoft Intune](/education/windows/tutorial-school-deployment/manage-overview) | added |
-| 8/31/2022 | [Management functionalities for Surface devices](/education/windows/tutorial-school-deployment/manage-surface-devices) | added |
-| 8/31/2022 | [Reset and wipe Windows devices](/education/windows/tutorial-school-deployment/reset-wipe) | added |
-| 8/31/2022 | [Set up Azure Active Directory](/education/windows/tutorial-school-deployment/set-up-azure-ad) | added |
-| 8/31/2022 | [Set up device management](/education/windows/tutorial-school-deployment/set-up-microsoft-intune) | added |
-| 8/31/2022 | [Troubleshoot Windows devices](/education/windows/tutorial-school-deployment/troubleshoot-overview) | added |
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index 17302ec0a3..392497fa7d 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -1,7 +1,7 @@
 ---
 title: Deployment recommendations for school IT administrators
 description: Provides guidance on ways to customize the OS privacy settings, and some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
-ms.topic: guide
+ms.topic: conceptual
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md
index dc25c4e817..023393a04f 100644
--- a/education/windows/edu-stickers.md
+++ b/education/windows/edu-stickers.md
@@ -14,7 +14,7 @@ ms.collection:
 
 Starting in **Windows 11 SE, version 22H2**, *Stickers* is a new feature that allows students to decorate their desktop with digital stickers. Students can choose from over 500 cheerful, education-friendly digital stickers. Stickers can be arranged, resized, and customized on top of the desktop background. Each student's stickers remain, even when the background changes.
 
-Similar to the [education theme packs](edu-themes.md), Stickers is a personalization feature that helps the device feel like it was designed for students.
+Similar to the [education theme packs](edu-themes.md "my tooltip example that opens in a new tab"), Stickers is a personalization feature that helps the device feel like it was designed for students.
 
 :::image type="content" source="./images/win-11-se-stickers.png" alt-text="Windows 11 SE desktop with 3 stickers" border="true":::
 
@@ -41,6 +41,18 @@ Stickers aren't enabled by default. Follow the instructions below to configure y
 [!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
 [!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
 
+> [!TIP]
+> Use the following Graph call to automatically create the custom policy in your tenant without assignments nor scope tags. <sup>[1](#footnote1)</sup>
+
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
+Content-Type: application/json
+
+{"id":"00-0000-0000-0000-000000000000","displayName":"_MSLearn_Stickers","roleScopeTagIds":["0"],"@odata.type":"#microsoft.graph.windows10CustomConfiguration","omaSettings":[{"omaUri":"./Vendor/MSFT/Policy/Config/Stickers/EnableStickers","displayName":"EnableStickers","@odata.type":"#microsoft.graph.omaSettingInteger","value":1}]}
+```
+
+<sup><a name="footnote1"></a>1</sup> When using this call, authenticate to your tenant in the Graph Explorer window. If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires *DeviceManagementConfiguration.ReadWrite.All* permissions.
+
 #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
 
 To configure devices using a provisioning package, [create a provisioning package][WIN-1] using Windows Configuration Designer (WCD) with the following settings:
@@ -68,8 +80,6 @@ Multiple stickers can be added from the picker by selecting them. The stickers c
 
 Select the *X button* at the top of the screen to save your progress and close the sticker editor.
 
------------
-
 [MEM-1]: /mem/intune/configuration/custom-settings-windows-10
 
 [WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
diff --git a/education/windows/images/choose-package.png b/education/windows/images/choose-package.png
deleted file mode 100644
index 868407df56..0000000000
Binary files a/education/windows/images/choose-package.png and /dev/null differ
diff --git a/education/windows/images/icons/group-policy.svg b/education/windows/images/icons/group-policy.svg
deleted file mode 100644
index ace95add6b..0000000000
--- a/education/windows/images/icons/group-policy.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 2048 2048">
-  <path d="M1792 0q53 0 99 20t82 55 55 81 20 100q0 53-20 99t-55 82-81 55-100 20h-128v1280q0 53-20 99t-55 82-81 55-100 20H256q-53 0-99-20t-82-55-55-81-20-100q0-53 20-99t55-82 81-55 100-20V256q0-53 20-99t55-82 81-55T512 0h1280zM128 1792q0 27 10 50t27 40 41 28 50 10h930q-34-60-34-128t34-128H256q-27 0-50 10t-40 27-28 41-10 50zm1280 128q27 0 50-10t40-27 28-41 10-50V256q0-68 34-128H512q-27 0-50 10t-40 27-28 41-10 50v1280h1024q26 0 45 19t19 45q0 26-19 45t-45 19q-25 0-49 9t-42 28q-18 18-27 42t-10 49q0 27 10 50t27 40 41 28 50 10zm384-1536q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10q-27 0-50 10t-40 27-28 41-10 50v128h128zm-1280 0h896v128H512V384zm0 256h256v128H512V640zm0 256h256v128H512V896zm0 256h256v128H512v-128zm640-512q53 0 99 20t82 55 55 81 20 100q0 17-4 33t-4 31v539l-248-124-248 124V960q0-14-4-30t-4-34q0-53 20-99t55-82 81-55 100-20zm0 128q-27 0-50 10t-40 27-28 41-10 50q0 27 10 50t27 40 41 28 50 10q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10zm136 549v-204q-30 20-65 29t-71 10q-36 0-71-9t-65-30v204l136-68 136 68z" fill="#0078D4" />
-</svg>
\ No newline at end of file
diff --git a/education/windows/images/icons/registry.svg b/education/windows/images/icons/registry.svg
deleted file mode 100644
index 06ab4c09d7..0000000000
--- a/education/windows/images/icons/registry.svg
+++ /dev/null
@@ -1,22 +0,0 @@
-<svg id="b9b1f1bd-1131-4ac5-b607-ad500ee51398" data-name="fluent_icons" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="18" height="18" viewBox="0 0 18 18">
-  <defs>
-    <linearGradient id="b0b22e7a-bfc7-4dec-91e9-5f981ed97407" x1="8.55" y1="0.41" x2="8.48" y2="18.62" gradientUnits="userSpaceOnUse">
-      <stop offset="0" stop-color="#76bc2d" />
-      <stop offset="0.32" stop-color="#73b82c" />
-      <stop offset="0.65" stop-color="#6cab29" />
-      <stop offset="0.99" stop-color="#5e9724" />
-      <stop offset="1" stop-color="#5e9624" />
-    </linearGradient>
-    <linearGradient id="e827adc5-7c19-488a-9b2c-abb70d46ae5e" x1="14.75" y1="5.9" x2="14.75" y2="1.1" gradientTransform="translate(18.1 -11.21) rotate(90)" gradientUnits="userSpaceOnUse">
-      <stop offset="0" stop-color="#0078d4" />
-      <stop offset="0.17" stop-color="#1c84dc" />
-      <stop offset="0.38" stop-color="#3990e4" />
-      <stop offset="0.59" stop-color="#4d99ea" />
-      <stop offset="0.8" stop-color="#5a9eee" />
-      <stop offset="1" stop-color="#5ea0ef" />
-    </linearGradient>
-  </defs>
-  <title>Icon-general-18</title>
-  <path d="M6.27,13.29h4.49v4.49H6.27ZM1,3.43V7.3h4.5V2.81H1.65A.63.63,0,0,0,1,3.43ZM1,17.16a.63.63,0,0,0,.63.62H5.52V13.29H1Zm0-4.62h4.5V8.05H1Zm10.49,5.24h3.87a.62.62,0,0,0,.62-.62V13.29H11.51ZM6.27,12.54h4.49V8.05H6.27Zm5.24-4.49v4.49H16V8.05ZM6.27,7.3h4.49V2.81H6.27Z" fill="url(#b0b22e7a-bfc7-4dec-91e9-5f981ed97407)" />
-  <rect x="12.2" y="1.14" width="4.8" height="4.8" rx="0.25" transform="translate(5.14 15.21) rotate(-64.59)" fill="url(#e827adc5-7c19-488a-9b2c-abb70d46ae5e)" />
-</svg>
\ No newline at end of file
diff --git a/education/windows/images/minecraft/mcee-add-payment-method.png b/education/windows/images/minecraft/mcee-add-payment-method.png
deleted file mode 100644
index e583b4eccc..0000000000
Binary files a/education/windows/images/minecraft/mcee-add-payment-method.png and /dev/null differ
diff --git a/education/windows/images/minecraft/mcee-auto-assign-bd.png b/education/windows/images/minecraft/mcee-auto-assign-bd.png
deleted file mode 100644
index b14990583f..0000000000
Binary files a/education/windows/images/minecraft/mcee-auto-assign-bd.png and /dev/null differ
diff --git a/education/windows/images/minecraft/mcee-auto-assign-legacy.png b/education/windows/images/minecraft/mcee-auto-assign-legacy.png
deleted file mode 100644
index 866b37395e..0000000000
Binary files a/education/windows/images/minecraft/mcee-auto-assign-legacy.png and /dev/null differ
diff --git a/education/windows/images/minecraft/mcee-benefits.png b/education/windows/images/minecraft/mcee-benefits.png
deleted file mode 100644
index 96d0287718..0000000000
Binary files a/education/windows/images/minecraft/mcee-benefits.png and /dev/null differ
diff --git a/education/windows/images/minecraft/mcee-icon.png b/education/windows/images/minecraft/mcee-icon.png
deleted file mode 100644
index 32ed1cf134..0000000000
Binary files a/education/windows/images/minecraft/mcee-icon.png and /dev/null differ
diff --git a/education/windows/images/minecraft/mcee-invoice-bills.PNG b/education/windows/images/minecraft/mcee-invoice-bills.PNG
deleted file mode 100644
index 1a07ac3f01..0000000000
Binary files a/education/windows/images/minecraft/mcee-invoice-bills.PNG and /dev/null differ
diff --git a/education/windows/images/minecraft/mcee-view-bills.png b/education/windows/images/minecraft/mcee-view-bills.png
deleted file mode 100644
index 5aeff48109..0000000000
Binary files a/education/windows/images/minecraft/mcee-view-bills.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-admin-permissions.png b/education/windows/images/minecraft/minecraft-admin-permissions.png
deleted file mode 100644
index 3051c3dd84..0000000000
Binary files a/education/windows/images/minecraft/minecraft-admin-permissions.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-assign-roles-2.png b/education/windows/images/minecraft/minecraft-assign-roles-2.png
deleted file mode 100644
index 3ab1d6e072..0000000000
Binary files a/education/windows/images/minecraft/minecraft-assign-roles-2.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-assign-roles.png b/education/windows/images/minecraft/minecraft-assign-roles.png
deleted file mode 100644
index 5dc396155c..0000000000
Binary files a/education/windows/images/minecraft/minecraft-assign-roles.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-assign-to-others.png b/education/windows/images/minecraft/minecraft-assign-to-others.png
deleted file mode 100644
index 4e8fba6126..0000000000
Binary files a/education/windows/images/minecraft/minecraft-assign-to-others.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-assign-to-people-name.png b/education/windows/images/minecraft/minecraft-assign-to-people-name.png
deleted file mode 100644
index 38994cc58f..0000000000
Binary files a/education/windows/images/minecraft/minecraft-assign-to-people-name.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-assign-to-people.png b/education/windows/images/minecraft/minecraft-assign-to-people.png
deleted file mode 100644
index 0f0e3dcdff..0000000000
Binary files a/education/windows/images/minecraft/minecraft-assign-to-people.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-get-the-app.png b/education/windows/images/minecraft/minecraft-get-the-app.png
deleted file mode 100644
index 47024aab6c..0000000000
Binary files a/education/windows/images/minecraft/minecraft-get-the-app.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-in-windows-store-app.png b/education/windows/images/minecraft/minecraft-in-windows-store-app.png
deleted file mode 100644
index e25f2b4df3..0000000000
Binary files a/education/windows/images/minecraft/minecraft-in-windows-store-app.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-my-library.png b/education/windows/images/minecraft/minecraft-my-library.png
deleted file mode 100644
index 1be1660adb..0000000000
Binary files a/education/windows/images/minecraft/minecraft-my-library.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-perms.PNG b/education/windows/images/minecraft/minecraft-perms.PNG
deleted file mode 100644
index 1788d6b593..0000000000
Binary files a/education/windows/images/minecraft/minecraft-perms.PNG and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-private-store.png b/education/windows/images/minecraft/minecraft-private-store.png
deleted file mode 100644
index 0194d4b955..0000000000
Binary files a/education/windows/images/minecraft/minecraft-private-store.png and /dev/null differ
diff --git a/education/windows/images/minecraft/minecraft-student-install-email.png b/education/windows/images/minecraft/minecraft-student-install-email.png
deleted file mode 100644
index 225e8d899e..0000000000
Binary files a/education/windows/images/minecraft/minecraft-student-install-email.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_Insert_USB.png b/education/windows/images/suspcs/1810_SUSPC_Insert_USB.png
deleted file mode 100644
index c3fdd47011..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_Insert_USB.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_add_apps.png b/education/windows/images/suspcs/1810_SUSPC_add_apps.png
deleted file mode 100644
index d7a296722f..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_add_apps.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1810_SUSPC_app_error.png b/education/windows/images/suspcs/1810_SUSPC_app_error.png
deleted file mode 100644
index a2d3a35e34..0000000000
Binary files a/education/windows/images/suspcs/1810_SUSPC_app_error.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-add-recommended-apps-1807.png b/education/windows/images/suspcs/suspc-add-recommended-apps-1807.png
deleted file mode 100644
index 61a674e363..0000000000
Binary files a/education/windows/images/suspcs/suspc-add-recommended-apps-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-assessment-url-1807.png b/education/windows/images/suspcs/suspc-assessment-url-1807.png
deleted file mode 100644
index c799e26271..0000000000
Binary files a/education/windows/images/suspcs/suspc-assessment-url-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-available-student-settings-1807.png b/education/windows/images/suspcs/suspc-available-student-settings-1807.png
deleted file mode 100644
index d39fc2ceba..0000000000
Binary files a/education/windows/images/suspcs/suspc-available-student-settings-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-configure-student-settings-1807.png b/education/windows/images/suspcs/suspc-configure-student-settings-1807.png
deleted file mode 100644
index 553fb4d689..0000000000
Binary files a/education/windows/images/suspcs/suspc-configure-student-settings-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-createpackage-signin-1807.png b/education/windows/images/suspcs/suspc-createpackage-signin-1807.png
deleted file mode 100644
index 7a80f5c751..0000000000
Binary files a/education/windows/images/suspcs/suspc-createpackage-signin-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-createpackage-summary-1807.png b/education/windows/images/suspcs/suspc-createpackage-summary-1807.png
deleted file mode 100644
index e78ac67856..0000000000
Binary files a/education/windows/images/suspcs/suspc-createpackage-summary-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-current-os-version-1807.png b/education/windows/images/suspcs/suspc-current-os-version-1807.png
deleted file mode 100644
index bc2ba6a08d..0000000000
Binary files a/education/windows/images/suspcs/suspc-current-os-version-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-current-os-version-next-1807.png b/education/windows/images/suspcs/suspc-current-os-version-next-1807.png
deleted file mode 100644
index a0b6632bd3..0000000000
Binary files a/education/windows/images/suspcs/suspc-current-os-version-next-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-device-names-1807.png b/education/windows/images/suspcs/suspc-device-names-1807.png
deleted file mode 100644
index f3ad674b99..0000000000
Binary files a/education/windows/images/suspcs/suspc-device-names-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-savepackage-insertusb-1807.png b/education/windows/images/suspcs/suspc-savepackage-insertusb-1807.png
deleted file mode 100644
index cd75795863..0000000000
Binary files a/education/windows/images/suspcs/suspc-savepackage-insertusb-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-savepackage-ppkgisready-1807.png b/education/windows/images/suspcs/suspc-savepackage-ppkgisready-1807.png
deleted file mode 100644
index fd82b1e50b..0000000000
Binary files a/education/windows/images/suspcs/suspc-savepackage-ppkgisready-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-select-wifi-1807.png b/education/windows/images/suspcs/suspc-select-wifi-1807.png
deleted file mode 100644
index c8b94d6aad..0000000000
Binary files a/education/windows/images/suspcs/suspc-select-wifi-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-select-wifi-network-1807.png b/education/windows/images/suspcs/suspc-select-wifi-network-1807.png
deleted file mode 100644
index 5a362daaa0..0000000000
Binary files a/education/windows/images/suspcs/suspc-select-wifi-network-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-sign-in-select-1807.png b/education/windows/images/suspcs/suspc-sign-in-select-1807.png
deleted file mode 100644
index abffbec690..0000000000
Binary files a/education/windows/images/suspcs/suspc-sign-in-select-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-take-a-test-1807.png b/education/windows/images/suspcs/suspc-take-a-test-1807.png
deleted file mode 100644
index ea6295658f..0000000000
Binary files a/education/windows/images/suspcs/suspc-take-a-test-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-take-a-test-app-1807.png b/education/windows/images/suspcs/suspc-take-a-test-app-1807.png
deleted file mode 100644
index 9d6c503f3c..0000000000
Binary files a/education/windows/images/suspcs/suspc-take-a-test-app-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-time-zone-1807.png b/education/windows/images/suspcs/suspc-time-zone-1807.png
deleted file mode 100644
index 274e411a4d..0000000000
Binary files a/education/windows/images/suspcs/suspc-time-zone-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc-wifi-network-1807.png b/education/windows/images/suspcs/suspc-wifi-network-1807.png
deleted file mode 100644
index 6e03d35363..0000000000
Binary files a/education/windows/images/suspcs/suspc-wifi-network-1807.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_account_signin.PNG b/education/windows/images/suspcs/suspc_account_signin.PNG
deleted file mode 100644
index d045cff914..0000000000
Binary files a/education/windows/images/suspcs/suspc_account_signin.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_and_wcd_comparison.png b/education/windows/images/suspcs/suspc_and_wcd_comparison.png
deleted file mode 100644
index cff874ceb8..0000000000
Binary files a/education/windows/images/suspcs/suspc_and_wcd_comparison.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_choosesettings_apps.PNG b/education/windows/images/suspcs/suspc_choosesettings_apps.PNG
deleted file mode 100644
index babb55a445..0000000000
Binary files a/education/windows/images/suspcs/suspc_choosesettings_apps.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_choosesettings_settings.PNG b/education/windows/images/suspcs/suspc_choosesettings_settings.PNG
deleted file mode 100644
index bd556c0892..0000000000
Binary files a/education/windows/images/suspcs/suspc_choosesettings_settings.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_choosesettings_settings_updated.PNG b/education/windows/images/suspcs/suspc_choosesettings_settings_updated.PNG
deleted file mode 100644
index c62b4fa86f..0000000000
Binary files a/education/windows/images/suspcs/suspc_choosesettings_settings_updated.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_choosesettings_signin.PNG b/education/windows/images/suspcs/suspc_choosesettings_signin.PNG
deleted file mode 100644
index a45a12fbf5..0000000000
Binary files a/education/windows/images/suspcs/suspc_choosesettings_signin.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_choosesettings_signin_final.PNG b/education/windows/images/suspcs/suspc_choosesettings_signin_final.PNG
deleted file mode 100644
index 3ec997cb73..0000000000
Binary files a/education/windows/images/suspcs/suspc_choosesettings_signin_final.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_choosesettings_summary.PNG b/education/windows/images/suspcs/suspc_choosesettings_summary.PNG
deleted file mode 100644
index c659a579e4..0000000000
Binary files a/education/windows/images/suspcs/suspc_choosesettings_summary.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings.png b/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings.png
deleted file mode 100644
index 99a4f8c5fd..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings_121117.PNG b/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings_121117.PNG
deleted file mode 100644
index 7f8bb1722b..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings_121117.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_recommendedapps.png b/education/windows/images/suspcs/suspc_createpackage_recommendedapps.png
deleted file mode 100644
index e1e2fdaa46..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_recommendedapps.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_recommendedapps_073117.PNG b/education/windows/images/suspcs/suspc_createpackage_recommendedapps_073117.PNG
deleted file mode 100644
index 22df144bdc..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_recommendedapps_073117.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_recommendedapps_office061217.png b/education/windows/images/suspcs/suspc_createpackage_recommendedapps_office061217.png
deleted file mode 100644
index ac2ccbe4eb..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_recommendedapps_office061217.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_settingspage.PNG b/education/windows/images/suspcs/suspc_createpackage_settingspage.PNG
deleted file mode 100644
index 2e5af10917..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_settingspage.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_signin.png b/education/windows/images/suspcs/suspc_createpackage_signin.png
deleted file mode 100644
index 1d05636ed6..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_signin.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_skipwifi_modaldialog.png b/education/windows/images/suspcs/suspc_createpackage_skipwifi_modaldialog.png
deleted file mode 100644
index 294c970e85..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_skipwifi_modaldialog.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_summary.PNG b/education/windows/images/suspcs/suspc_createpackage_summary.PNG
deleted file mode 100644
index 2699f6e222..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_summary.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_createpackage_summary_073117.PNG b/education/windows/images/suspcs/suspc_createpackage_summary_073117.PNG
deleted file mode 100644
index c0e4b04723..0000000000
Binary files a/education/windows/images/suspcs/suspc_createpackage_summary_073117.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getpcsready.PNG b/education/windows/images/suspcs/suspc_getpcsready.PNG
deleted file mode 100644
index 1e2bfae0ff..0000000000
Binary files a/education/windows/images/suspcs/suspc_getpcsready.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getpcsready_getpcsready.PNG b/education/windows/images/suspcs/suspc_getpcsready_getpcsready.PNG
deleted file mode 100644
index 6bb9ec078b..0000000000
Binary files a/education/windows/images/suspcs/suspc_getpcsready_getpcsready.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getpcsready_installpackage.PNG b/education/windows/images/suspcs/suspc_getpcsready_installpackage.PNG
deleted file mode 100644
index c12bbe4de9..0000000000
Binary files a/education/windows/images/suspcs/suspc_getpcsready_installpackage.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getstarted.PNG b/education/windows/images/suspcs/suspc_getstarted.PNG
deleted file mode 100644
index cbb3d4977c..0000000000
Binary files a/education/windows/images/suspcs/suspc_getstarted.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getstarted_final.PNG b/education/windows/images/suspcs/suspc_getstarted_final.PNG
deleted file mode 100644
index d533536ad1..0000000000
Binary files a/education/windows/images/suspcs/suspc_getstarted_final.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getstarted_resized.png b/education/windows/images/suspcs/suspc_getstarted_resized.png
deleted file mode 100644
index c9c99d8555..0000000000
Binary files a/education/windows/images/suspcs/suspc_getstarted_resized.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_installsetupfile.PNG b/education/windows/images/suspcs/suspc_installsetupfile.PNG
deleted file mode 100644
index 61d0d9a3ad..0000000000
Binary files a/education/windows/images/suspcs/suspc_installsetupfile.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_ppkg_isready.PNG b/education/windows/images/suspcs/suspc_ppkg_isready.PNG
deleted file mode 100644
index e601a05a0f..0000000000
Binary files a/education/windows/images/suspcs/suspc_ppkg_isready.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_ppkgisready_050817.PNG b/education/windows/images/suspcs/suspc_ppkgisready_050817.PNG
deleted file mode 100644
index 7bee1ead44..0000000000
Binary files a/education/windows/images/suspcs/suspc_ppkgisready_050817.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_ppkgready.PNG b/education/windows/images/suspcs/suspc_ppkgready.PNG
deleted file mode 100644
index e285acdaee..0000000000
Binary files a/education/windows/images/suspcs/suspc_ppkgready.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_reviewsettings.PNG b/education/windows/images/suspcs/suspc_reviewsettings.PNG
deleted file mode 100644
index 0948dbccb1..0000000000
Binary files a/education/windows/images/suspcs/suspc_reviewsettings.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_reviewsettings_bluelinks.png b/education/windows/images/suspcs/suspc_reviewsettings_bluelinks.png
deleted file mode 100644
index 46c07c7a1a..0000000000
Binary files a/education/windows/images/suspcs/suspc_reviewsettings_bluelinks.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_runpackage_installpackage.PNG b/education/windows/images/suspcs/suspc_runpackage_installpackage.PNG
deleted file mode 100644
index 4745ceb5a7..0000000000
Binary files a/education/windows/images/suspcs/suspc_runpackage_installpackage.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_savepackage_insertusb.PNG b/education/windows/images/suspcs/suspc_savepackage_insertusb.PNG
deleted file mode 100644
index 6c36d04e88..0000000000
Binary files a/education/windows/images/suspcs/suspc_savepackage_insertusb.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_savepackage_insertusb_050817.PNG b/education/windows/images/suspcs/suspc_savepackage_insertusb_050817.PNG
deleted file mode 100644
index e0f8ceab7a..0000000000
Binary files a/education/windows/images/suspcs/suspc_savepackage_insertusb_050817.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_savepackage_ppkgisready.png b/education/windows/images/suspcs/suspc_savepackage_ppkgisready.png
deleted file mode 100644
index 7f8ca446f5..0000000000
Binary files a/education/windows/images/suspcs/suspc_savepackage_ppkgisready.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_savesettings.PNG b/education/windows/images/suspcs/suspc_savesettings.PNG
deleted file mode 100644
index f8338d3dec..0000000000
Binary files a/education/windows/images/suspcs/suspc_savesettings.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_setupfile_reviewsettings.PNG b/education/windows/images/suspcs/suspc_setupfile_reviewsettings.PNG
deleted file mode 100644
index c5f3425ff5..0000000000
Binary files a/education/windows/images/suspcs/suspc_setupfile_reviewsettings.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_setupfile_savesettings.PNG b/education/windows/images/suspcs/suspc_setupfile_savesettings.PNG
deleted file mode 100644
index 97ba234b8e..0000000000
Binary files a/education/windows/images/suspcs/suspc_setupfile_savesettings.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_setupfileready.PNG b/education/windows/images/suspcs/suspc_setupfileready.PNG
deleted file mode 100644
index 349acbaf9d..0000000000
Binary files a/education/windows/images/suspcs/suspc_setupfileready.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_signin_account.PNG b/education/windows/images/suspcs/suspc_signin_account.PNG
deleted file mode 100644
index 3f8b040f45..0000000000
Binary files a/education/windows/images/suspcs/suspc_signin_account.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_signin_addapps.PNG b/education/windows/images/suspcs/suspc_signin_addapps.PNG
deleted file mode 100644
index 93e572a043..0000000000
Binary files a/education/windows/images/suspcs/suspc_signin_addapps.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_signin_allowguests.PNG b/education/windows/images/suspcs/suspc_signin_allowguests.PNG
deleted file mode 100644
index 0bd0f69680..0000000000
Binary files a/education/windows/images/suspcs/suspc_signin_allowguests.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_signin_setuptakeatest.PNG b/education/windows/images/suspcs/suspc_signin_setuptakeatest.PNG
deleted file mode 100644
index 6c8ba1799b..0000000000
Binary files a/education/windows/images/suspcs/suspc_signin_setuptakeatest.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_start.PNG b/education/windows/images/suspcs/suspc_start.PNG
deleted file mode 100644
index ab34f99a6b..0000000000
Binary files a/education/windows/images/suspcs/suspc_start.PNG and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_wcd_sidebyside.png b/education/windows/images/suspcs/suspc_wcd_sidebyside.png
deleted file mode 100644
index 7fc108133e..0000000000
Binary files a/education/windows/images/suspcs/suspc_wcd_sidebyside.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_win10v1703_getstarted.PNG b/education/windows/images/suspcs/suspc_win10v1703_getstarted.PNG
deleted file mode 100644
index 2777edfef9..0000000000
Binary files a/education/windows/images/suspcs/suspc_win10v1703_getstarted.PNG and /dev/null differ
diff --git a/education/windows/images/wcd/wcd_accountmanagement.PNG b/education/windows/images/wcd/wcd_accountmanagement.PNG
deleted file mode 100644
index 071522f906..0000000000
Binary files a/education/windows/images/wcd/wcd_accountmanagement.PNG and /dev/null differ
diff --git a/education/windows/images/wcd/wcd_exportpackage.PNG b/education/windows/images/wcd/wcd_exportpackage.PNG
deleted file mode 100644
index 19a1c89703..0000000000
Binary files a/education/windows/images/wcd/wcd_exportpackage.PNG and /dev/null differ
diff --git a/education/windows/images/wcd/wcd_setupdevice.PNG b/education/windows/images/wcd/wcd_setupdevice.PNG
deleted file mode 100644
index 01422870d4..0000000000
Binary files a/education/windows/images/wcd/wcd_setupdevice.PNG and /dev/null differ
diff --git a/education/windows/images/wcd/wcd_setupnetwork.PNG b/education/windows/images/wcd/wcd_setupnetwork.PNG
deleted file mode 100644
index f0be6908f5..0000000000
Binary files a/education/windows/images/wcd/wcd_setupnetwork.PNG and /dev/null differ
diff --git a/education/windows/images/wcd/wcd_win10v1703_start_newdesktopproject.PNG b/education/windows/images/wcd/wcd_win10v1703_start_newdesktopproject.PNG
deleted file mode 100644
index f0ce8f6b93..0000000000
Binary files a/education/windows/images/wcd/wcd_win10v1703_start_newdesktopproject.PNG and /dev/null differ
diff --git a/education/windows/images/win-10-activated-enterprise-subscription-active.png b/education/windows/images/win-10-activated-enterprise-subscription-active.png
deleted file mode 100644
index eb888b23b5..0000000000
Binary files a/education/windows/images/win-10-activated-enterprise-subscription-active.png and /dev/null differ
diff --git a/education/windows/images/win-10-activated-enterprise-subscription-not-active.png b/education/windows/images/win-10-activated-enterprise-subscription-not-active.png
deleted file mode 100644
index e4ac7398be..0000000000
Binary files a/education/windows/images/win-10-activated-enterprise-subscription-not-active.png and /dev/null differ
diff --git a/education/windows/images/win-10-not-activated-enterprise-subscription-active.png b/education/windows/images/win-10-not-activated-enterprise-subscription-active.png
deleted file mode 100644
index 5fedfe5d06..0000000000
Binary files a/education/windows/images/win-10-not-activated-enterprise-subscription-active.png and /dev/null differ
diff --git a/education/windows/images/win-10-not-activated-enterprise-subscription-not-active.png b/education/windows/images/win-10-not-activated-enterprise-subscription-not-active.png
deleted file mode 100644
index 84e39071db..0000000000
Binary files a/education/windows/images/win-10-not-activated-enterprise-subscription-not-active.png and /dev/null differ
diff --git a/education/windows/images/win-11-se-stickers-picker.png b/education/windows/images/win-11-se-stickers-picker.png
deleted file mode 100644
index 44fad2a725..0000000000
Binary files a/education/windows/images/win-11-se-stickers-picker.png and /dev/null differ
diff --git a/education/windows/includes/intune-custom-settings-1.md b/education/windows/includes/intune-custom-settings-1.md
index fa7811c9eb..a8d82dfea6 100644
--- a/education/windows/includes/intune-custom-settings-1.md
+++ b/education/windows/includes/intune-custom-settings-1.md
@@ -7,9 +7,6 @@ ms.topic: include
 
 To configure devices with Microsoft Intune, use a custom policy:
 
-  > [!TIP]
-  > If you're browsing with an account that can create Intune policies, you can skip to step 5 by using this direct link to <a href="https://go.microsoft.com/fwlink/?linkid=2109431#view/Microsoft_Intune_DeviceSettings/CreatePolicyFullScreenBlade/policyId/00000000-0000-0000-0000-000000000000/policyType/Windows10Custom/policyJourneyState~/0" target="_blank"><b>create a custom policy</b></a> (opens in a new tab).
-
 1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
 2. Select **Devices > Configuration profiles > Create profile**
 3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom**
diff --git a/education/windows/includes/intune-custom-settings-alternative.md b/education/windows/includes/intune-custom-settings-alternative.md
deleted file mode 100644
index 955dc080cc..0000000000
--- a/education/windows/includes/intune-custom-settings-alternative.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 11/08/2022
-ms.topic: include
----
-
-Alternatively, <a href="https://go.microsoft.com/fwlink/?linkid=2109431#view/Microsoft_Intune_DeviceSettings/CreatePolicyFullScreenBlade/policyId/00000000-0000-0000-0000-000000000000/policyType/Windows10Custom/policyJourneyState~/0" target="_blank"><b>create a custom policy</b></a> with the following settings:
\ No newline at end of file
diff --git a/education/windows/includes/intune-settings-catalog-1.md b/education/windows/includes/intune-settings-catalog-1.md
deleted file mode 100644
index 6031492031..0000000000
--- a/education/windows/includes/intune-settings-catalog-1.md
+++ /dev/null
@@ -1,18 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 11/08/2022
-ms.topic: include
----
-
-To configure devices with Microsoft Intune, use the settings catalog:
-
-  > [!TIP]
-  > If you're browsing with an account that can create Intune policies, you can skip to step 5 by using this direct link to <a href="https://go.microsoft.com/fwlink/?linkid=2109431#view/Microsoft_Intune_Workflows/SettingsCatalogWizardBlade/mode/create/platform/Windows%2010%20and%20later/policyType/SettingsCatalogWindows10" target="_blank"><b>create a Settings catalog policy</b></a> (opens in a new tab).
-
-1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
-2. Select **Devices > Configuration profiles > Create profile**
-3. Select **Platform > Windows 10 and later** and **Profile type > Settings catalog**
-4. Select **Create**
-5. Specify a **Name** and, optionally, a **Description** > **Next**
-6. In the settings picker, add the following settings:
\ No newline at end of file
diff --git a/education/windows/includes/intune-settings-catalog-2.md b/education/windows/includes/intune-settings-catalog-2.md
deleted file mode 100644
index 41d840b9c8..0000000000
--- a/education/windows/includes/intune-settings-catalog-2.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 11/08/2022
-ms.topic: include
----
-
-7. Select **Next**
-8. Optionally, add *scope tags* > **Next**
-9. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
-10. Review the policy configuration and select **Create**
\ No newline at end of file
diff --git a/education/windows/includes/intune-settings-catalog-info.md b/education/windows/includes/intune-settings-catalog-info.md
deleted file mode 100644
index c2f3b6495b..0000000000
--- a/education/windows/includes/intune-settings-catalog-info.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 11/08/2022
-ms.topic: include
----
-
-For more information about how to create policies with the Intune settings catalog, see [Use the settings catalog to configure settings](/mem/intune/configuration/settings-catalog).
\ No newline at end of file
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index 09f9301130..06e17f21da 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -1,7 +1,7 @@
 ---
 title: Test Windows 10 in S mode on existing Windows 10 education devices
 description: Provides guidance on downloading and testing Windows 10 in S mode for existing Windows 10 education devices.
-ms.topic: guide
+ms.topic: conceptual
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -228,4 +228,4 @@ For help with activation issues, select the appropriate link below for support o
 <a name="footnote1"></a><sup>1</sup> <small>Internet access fees may apply.</small><br/>
 <a name="footnote2"></a><sup>2</sup> <small>Devices must be configured for educational use by applying <strong><a href="/education/windows/configure-windows-for-education#setedupolicies" data-raw-source="[SetEduPolicies](./configure-windows-for-education.md#setedupolicies)">SetEduPolicies</a></strong> using the Setup School PCs app.</small><br/>
 
-</p>
\ No newline at end of file
+</p>
diff --git a/education/windows/tutorial-school-deployment/images/configure.png b/education/windows/tutorial-school-deployment/images/configure.png
deleted file mode 100644
index 6e3219a7cb..0000000000
Binary files a/education/windows/tutorial-school-deployment/images/configure.png and /dev/null differ
diff --git a/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png b/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png
deleted file mode 100644
index 69f9fb188a..0000000000
Binary files a/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png and /dev/null differ
diff --git a/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png b/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png
deleted file mode 100644
index 5c1215f6d8..0000000000
Binary files a/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png and /dev/null differ
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 654b8d7eca..41a3aec43a 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -79,69 +79,71 @@ The following table lists all the applications included in Windows 11 SE and the
 
 The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1]
 
-| Application                             | Supported version | App Type | Vendor                       |
-|-----------------------------------------|-------------------|----------|------------------------------|
-| 3d builder                              | 15.2.10821.1070   | Win32    | Microsoft                    |
-| AirSecure                               | 8.0.0             | Win32    | AIR                          |
-| Alertus Desktop                         | 5.4.44.0          | Win32    | Alertus technologies         |
-| Brave Browser                           | 106.0.5249.65     | Win32    | Brave                        |
-| Bulb Digital Portfolio                  | 0.0.7.0           | Store    | Bulb                         |
-| CA Secure Browser                       | 14.0.0            | Win32    | Cambium Development          |
-| Cisco Umbrella                          | 3.0.110.0         | Win32    | Cisco                        |
-| CKAuthenticator                         | 3.6+              | Win32    | Content Keeper               |
-| Class Policy                            | 114.0.0           | Win32    | Class Policy                 |
-| Classroom.cloud                         | 1.40.0004         | Win32    | NetSupport                   |
-| CoGat Secure Browser                    | 11.0.0.19         | Win32    | Riverside Insights           |
-| Dragon Professional Individual          | 15.00.100         | Win32    | Nuance Communications        |
-| DRC INSIGHT Online Assessments          | 12.0.0.0          | Store    | Data recognition Corporation |
-| Duo from Cisco                          | 2.25.0            | Win32    | Cisco                        |
-| e-Speaking Voice and Speech recognition | 4.4.0.8           | Win32    | e-speaking                   |
-|Epson iProjection                        |	3.31              | Win32    | Epson                        |
-| eTests                                  | 4.0.25            | Win32    | CASAS                        |
-| FortiClient                             | 7.2.0.4034+       | Win32    | Fortinet                     |
-| Free NaturalReader                      | 16.1.2            | Win32    | Natural Soft                 |
-| Ghotit Real Writer & Reader             | 10.14.2.3         | Win32    | Ghotit Ltd                   |
-| GoGuardian                              | 1.4.4             | Win32    | GoGuardian                   |
-| Google Chrome                           | 102.0.5005.115    | Win32    | Google                       |
-| Illuminate Lockdown Browser             | 2.0.5             | Win32    | Illuminate Education         |
-| Immunet                                 | 7.5.0.20795       | Win32    | Immunet                      |
-| Impero Backdrop Client                  | 4.4.86            | Win32    | Impero Software              |
-| Inspiration 10                          | 10.11             | Win32    | Inspiration Software, Inc.   |
-| JAWS for Windows                        | 2022.2112.24      | Win32    | Freedom Scientific           |
-| Kite Student Portal                     | 8.0.3.0           | Win32    | Dynamic Learning Maps        |
-| Kortext                                 | 2.3.433.0         | Store    | Kortext                      |
-| Kurzweil 3000 Assistive Learning        | 20.13.0000        | Win32    | Kurzweil Educational Systems |
-| LanSchool Classic                       | 9.1.0.46          | Win32    | Stoneware, Inc.              |
-| LanSchool Air                           | 2.0.13312         | Win32    | Stoneware, Inc.              |
-| Lightspeed Smart Agent                  | 1.9.1             | Win32    | Lightspeed Systems           |
-| MetaMoJi ClassRoom                      | 3.12.4.0          | Store    | MetaMoJi Corporation         |
-| Microsoft Connect                       | 10.0.22000.1      | Store    | Microsoft                    |
-| Mozilla Firefox                         | 99.0.1            | Win32    | Mozilla                      |
-| NAPLAN                                  | 2.5.0             | Win32    | NAP                          |
-| Netref Student                          | 22.2.0            | Win32    | NetRef                       |
-| NetSupport Manager                      | 12.01.0014        | Win32    | NetSupport                   |
-| NetSupport Notify                       | 5.10.1.215        | Win32    | NetSupport                   |
-| NetSupport School                       | 14.00.0011        | Win32    | NetSupport                   |
-| NextUp Talker                           | 1.0.49            | Win32    | NextUp Technologies          |
-| NonVisual Desktop Access                | 2021.3.1          | Win32    | NV Access                    |
-| NWEA Secure Testing Browser             | 5.4.356.0         | Win32    | NWEA                         |
-| PaperCut                                | 22.0.6            | Win32    | PaperCut Software International Pty Ltd |
-| Pearson TestNav                         | 1.10.2.0          | Store    | Pearson                      |
-| Questar Secure Browser                  | 4.8.3.376         | Win32    | Questar, Inc                 |
-| ReadAndWriteForWindows                  | 12.0.60.0         | Win32    | Texthelp Ltd.                |
-| Remote Desktop client (MSRDC)           | 1.2.3213.0        | Win32    | Microsoft                    |
-| Remote Help                             | 3.8.0.12          | Win32    | Microsoft                    |
-| Respondus Lockdown Browser              | 2.0.9.00          | Win32    | Respondus                    |
-| Safe Exam Browser                       | 3.3.2.413         | Win32    | Safe Exam Browser            |
-| Senso.Cloud                             | 2021.11.15.0      | Win32    | Senso.Cloud                  |
-| SuperNova Magnifier & Screen Reader     | 21.02             | Win32    | Dolphin Computer Access      |
-| SuperNova Magnifier & Speech            | 21.02             | Win32    | Dolphin Computer Access      |  
-| VitalSourceBookShelf 	                  | 10.2.26.0         | Win32    | VitalSource Technologies Inc | 
-| Winbird                                 |	19                | Win32    | Winbird Co., Ltd.            |           
-| WordQ 	                                | 5.4.23            | Win32    | Mathetmots                   |
-| Zoom                                    | 5.9.1 (2581)      | Win32    | Zoom                         |
-| ZoomText Fusion                         | 2022.2109.10      | Win32    | Freedom Scientific           |
-| ZoomText Magnifier/Reader               | 2022.2109.25      | Win32    | Freedom Scientific           |
+| Application                               | Supported version | App Type | Vendor                                    |
+|-------------------------------------------|-------------------|----------|-------------------------------------------|
+| `3d builder`                              | `18.0.1931.0`     | Win32    | `Microsoft`                               |
+| `Absolute Software Endpoint Agent`        | 7.20.0.1          | Win32    | `Absolute Software Corporation`           |
+| `AirSecure`                               | 8.0.0             | Win32    | `AIR`                                     |
+| `Alertus Desktop`                         | 5.4.48.0          | Win32    | `Alertus technologies`                    |
+| `Brave Browser`                           | 106.0.5249.119    | Win32    | `Brave`                                   |
+| `Bulb Digital Portfolio`                  | 0.0.7.0           | `Store`  | `Bulb`                                    |
+| `CA Secure Browser`                       | 14.0.0            | Win32    | `Cambium Development`                     |
+| `Cisco Umbrella`                          | 3.0.110.0         | Win32    | `Cisco`                                   |
+| `CKAuthenticator`                         | 3.6+              | Win32    | `Content Keeper`                          |
+| `Class Policy`                            | 114.0.0           | Win32    | `Class Policy`                            |
+| `Classroom.cloud`                         | 1.40.0004         | Win32    | `NetSupport`                              |
+| `CoGat Secure Browser`                    | 11.0.0.19         | Win32    | `Riverside Insights`                      |
+| `Dragon Professional Individual`          | 15.00.100         | Win32    | `Nuance Communications`                   |
+| `DRC INSIGHT Online Assessments`          | 12.0.0.0          | `Store`  | `Data recognition Corporation`            |
+| `Duo from Cisco`                          | 3.0.0             | Win32    | `Cisco`                                   |
+| `e-Speaking Voice and Speech recognition` | 4.4.0.8           | Win32    | `e-speaking`                              |
+| `Epson iProjection`                       | 3.31              | Win32    | `Epson`                                   |
+| `eTests`                                  | 4.0.25            | Win32    | `CASAS`                                   |
+| `FortiClient`                             | 7.2.0.4034+       | Win32    | `Fortinet`                                |
+| `Free NaturalReader`                      | 16.1.2            | Win32    | `Natural Soft`                            |
+| `Ghotit Real Writer & Reader`             | 10.14.2.3         | Win32    | `Ghotit Ltd`                              |
+| `GoGuardian`                              | 1.4.4             | Win32    | `GoGuardian`                              |
+| `Google Chrome`                           | 102.0.5005.115    | Win32    | `Google`                                  |
+| `Illuminate Lockdown Browser`             | 2.0.5             | Win32    | `Illuminate Education`                    |
+| `Immunet`                                 | 7.5.8.21178       | Win32    | `Immunet`                                 |
+| `Impero Backdrop Client`                  | 4.4.86            | Win32    | `Impero Software`                         |
+| `Inspiration 10`                          | 10.11             | Win32    | `TechEdology Ltd`                         |
+| `JAWS for Windows`                        | 2022.2112.24      | Win32    | `Freedom Scientific`                      |
+| `Kite Student Portal`                     | 9.0.0.0           | Win32    | `Dynamic Learning Maps`                   |
+| `Kortext`                                 | 2.3.433.0         | `Store`  | `Kortext`                                 |
+| `Kurzweil 3000 Assistive Learning`        | 20.13.0000        | Win32    | `Kurzweil Educational Systems`            |
+| `LanSchool Classic`                       | 9.1.0.46          | Win32    | `Stoneware, Inc.`                         |
+| `LanSchool Air`                           | 2.0.13312         | Win32    | `Stoneware, Inc.`                         |
+| `Lightspeed Smart Agent`                  | 1.9.1             | Win32    | `Lightspeed Systems`                      |
+| `MetaMoJi ClassRoom`                      | 3.12.4.0          | `Store`  | `MetaMoJi Corporation`                    |
+| `Microsoft Connect`                       | 10.0.22000.1      | `Store`  | `Microsoft`                               |
+| `Mozilla Firefox`                         | 105.0.0           | Win32    | `Mozilla`                                 |
+| `NAPLAN`                                  | 2.5.0             | Win32    | `NAP`                                     |
+| `Netref Student`                          | 22.2.0            | Win32    | `NetRef`                                  |
+| `NetSupport Manager`                      | 12.01.0014        | Win32    | `NetSupport`                              |
+| `NetSupport Notify`                       | 5.10.1.215        | Win32    | `NetSupport`                              |
+| `NetSupport School`                       | 14.00.0012        | Win32    | `NetSupport`                              |
+| `NextUp Talker`                           | 1.0.49            | Win32    | `NextUp Technologies`                     |
+| `NonVisual Desktop Access`                | 2021.3.1          | Win32    | `NV Access`                               |
+| `NWEA Secure Testing Browser`             | 5.4.356.0         | Win32    | `NWEA`                                    |
+| `PaperCut`                                | 22.0.6            | Win32    | `PaperCut Software International Pty Ltd` |
+| `Pearson TestNav`                         | 1.10.2.0          | `Store`  | `Pearson`                                 |
+| `Questar Secure Browser`                  | 5.0.1.456         | Win32    | `Questar, Inc`                            |
+| `ReadAndWriteForWindows`                  | 12.0.74           | Win32    | `Texthelp Ltd.`                           |
+| `Remote Desktop client (MSRDC)`           | 1.2.3213.0        | Win32    | `Microsoft`                               |
+| `Remote Help`                             | 4.0.1.13          | Win32    | `Microsoft`                               |
+| `Respondus Lockdown Browser`              | 2.0.9.03          | Win32    | `Respondus`                               |
+| `Safe Exam Browser`                       | 3.3.2.413         | Win32    | `Safe Exam Browser`                       |
+| `Senso.Cloud`                             | 2021.11.15.0      | Win32    | `Senso.Cloud`                             |
+| `Smoothwall Monitor`                      | 2.8.0             | Win32    | `Smoothwall Ltd`                          |
+| `SuperNova Magnifier & Screen Reader`     | 21.02             | Win32    | `Dolphin Computer Access`                 |
+| `SuperNova Magnifier & Speech`            | 21.02             | Win32    | `Dolphin Computer Access`                 |
+| `VitalSourceBookShelf`                    | 10.2.26.0         | Win32    | `VitalSource Technologies Inc`            |
+| `Winbird`                                 | 19                | Win32    | `Winbird Co., Ltd.`                       |
+| `WordQ`                                   | 5.4.23            | Win32    | `Mathetmots`                              |
+| `Zoom`                                    | 5.12.8 (10232)    | Win32    | `Zoom`                                    |
+| `ZoomText Fusion`                         | 2022.2109.10      | Win32    | `Freedom Scientific`                      |
+| `ZoomText Magnifier/Reader`               | 2022.2109.25      | Win32    | `Freedom Scientific`                      |
 
 ## Add your own applications
 
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 425e703738..506b43cbea 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
+ms.date: 12/07/2017
 ms.reviewer: 
 ms.localizationpriority: medium
 ms.topic: article
@@ -82,6 +83,10 @@ For more information, see:
 
 When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options.
 
+> [!NOTE]
+> Microsoft Store for Business and Microsoft Store for Education will be retired on March 31, 2023. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
+>Visit [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution) for more information about the new Microsoft Store experience for both Windows 11 and Windows 10, and learn about other options for getting and managing apps.
+
 - **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.
 
   If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows client device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10).
diff --git a/windows/application-management/images/Createpackage.PNG b/windows/application-management/images/Createpackage.PNG
deleted file mode 100644
index 4ae246a743..0000000000
Binary files a/windows/application-management/images/Createpackage.PNG and /dev/null differ
diff --git a/windows/application-management/images/Installation.PNG b/windows/application-management/images/Installation.PNG
deleted file mode 100644
index 9c3197ada5..0000000000
Binary files a/windows/application-management/images/Installation.PNG and /dev/null differ
diff --git a/windows/application-management/images/Managefirstlaunchtasks.PNG b/windows/application-management/images/Managefirstlaunchtasks.PNG
deleted file mode 100644
index edcf1a23e8..0000000000
Binary files a/windows/application-management/images/Managefirstlaunchtasks.PNG and /dev/null differ
diff --git a/windows/application-management/images/PackageSupport.PNG b/windows/application-management/images/PackageSupport.PNG
deleted file mode 100644
index 1bbca6865a..0000000000
Binary files a/windows/application-management/images/PackageSupport.PNG and /dev/null differ
diff --git a/windows/application-management/images/Packageinfo.PNG b/windows/application-management/images/Packageinfo.PNG
deleted file mode 100644
index be3b9b98dd..0000000000
Binary files a/windows/application-management/images/Packageinfo.PNG and /dev/null differ
diff --git a/windows/application-management/images/Selectinstaller.PNG b/windows/application-management/images/Selectinstaller.PNG
deleted file mode 100644
index 7ffd984bed..0000000000
Binary files a/windows/application-management/images/Selectinstaller.PNG and /dev/null differ
diff --git a/windows/application-management/images/donemonitoring..PNG b/windows/application-management/images/donemonitoring..PNG
deleted file mode 100644
index d39102b961..0000000000
Binary files a/windows/application-management/images/donemonitoring..PNG and /dev/null differ
diff --git a/windows/application-management/images/preparecomputer.PNG b/windows/application-management/images/preparecomputer.PNG
deleted file mode 100644
index 43b2e3e965..0000000000
Binary files a/windows/application-management/images/preparecomputer.PNG and /dev/null differ
diff --git a/windows/application-management/images/preparingpackagestep.PNG b/windows/application-management/images/preparingpackagestep.PNG
deleted file mode 100644
index 5b06e11d0d..0000000000
Binary files a/windows/application-management/images/preparingpackagestep.PNG and /dev/null differ
diff --git a/windows/application-management/images/selectEnvironmentThiscomputer.PNG b/windows/application-management/images/selectEnvironmentThiscomputer.PNG
deleted file mode 100644
index bf6f3b4bf0..0000000000
Binary files a/windows/application-management/images/selectEnvironmentThiscomputer.PNG and /dev/null differ
diff --git a/windows/application-management/images/selectEnvironmentVM.PNG b/windows/application-management/images/selectEnvironmentVM.PNG
deleted file mode 100644
index dd6e1f9168..0000000000
Binary files a/windows/application-management/images/selectEnvironmentVM.PNG and /dev/null differ
diff --git a/windows/application-management/images/welcomescreen.PNG b/windows/application-management/images/welcomescreen.PNG
deleted file mode 100644
index cd551740a8..0000000000
Binary files a/windows/application-management/images/welcomescreen.PNG and /dev/null differ
diff --git a/windows/application-management/media/app-upgrade-cm-console.png b/windows/application-management/media/app-upgrade-cm-console.png
deleted file mode 100644
index 2ce9cd411e..0000000000
Binary files a/windows/application-management/media/app-upgrade-cm-console.png and /dev/null differ
diff --git a/windows/application-management/media/app-upgrade-no-supersedence.png b/windows/application-management/media/app-upgrade-no-supersedence.png
deleted file mode 100644
index 9a9bb9bb53..0000000000
Binary files a/windows/application-management/media/app-upgrade-no-supersedence.png and /dev/null differ
diff --git a/windows/application-management/media/app-upgrade-old-version.png b/windows/application-management/media/app-upgrade-old-version.png
deleted file mode 100644
index e430be170e..0000000000
Binary files a/windows/application-management/media/app-upgrade-old-version.png and /dev/null differ
diff --git a/windows/application-management/media/app-upgrade-supersede-deploy-type.png b/windows/application-management/media/app-upgrade-supersede-deploy-type.png
deleted file mode 100644
index 24a45c5939..0000000000
Binary files a/windows/application-management/media/app-upgrade-supersede-deploy-type.png and /dev/null differ
diff --git a/windows/application-management/media/icon_hyperlink.png b/windows/application-management/media/icon_hyperlink.png
deleted file mode 100644
index 847e8f62ad..0000000000
Binary files a/windows/application-management/media/icon_hyperlink.png and /dev/null differ
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
index 515bf87aeb..ec5b20af6b 100644
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ b/windows/application-management/provisioned-apps-windows-client-os.md
@@ -4,6 +4,7 @@ ms.reviewer:
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
+ms.date: 12/07/2017
 description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
 ms.prod: windows-client
 ms.localizationpriority: medium
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index baeae78bd8..f4ab632036 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -5,9 +5,11 @@ ms.reviewer:
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
+ms.date: 12/07/2017
 ms.prod: windows-client
 ms.localizationpriority: medium
 ms.technology: itpro-apps
+ms.topic: article
 ---
 
 # Sideload line of business (LOB) apps in Windows client devices
diff --git a/windows/application-management/system-apps-windows-client-os.md b/windows/application-management/system-apps-windows-client-os.md
index 0788b793d8..1e692a53a0 100644
--- a/windows/application-management/system-apps-windows-client-os.md
+++ b/windows/application-management/system-apps-windows-client-os.md
@@ -4,6 +4,7 @@ ms.reviewer:
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
+ms.date: 12/07/2017
 description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
 ms.prod: windows-client
 ms.localizationpriority: medium
diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml
index 4be6d524af..395cecb920 100644
--- a/windows/application-management/toc.yml
+++ b/windows/application-management/toc.yml
@@ -20,7 +20,7 @@ items:
     - name: Remove background task resource restrictions
       href: enterprise-background-activity-controls.md
     - name: Enable or block Windows Mixed Reality apps in the enterprise
-      href: manage-windows-mixed-reality.md
+      href: /windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality
 - name: Application Virtualization (App-V)
   items: 
     - name: App-V for Windows overview
diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md
index 7e49be291f..f2c906993c 100644
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@@ -1,6 +1,6 @@
 ---
 title: Azure Active Directory integration with MDM
-description: Azure Active Directory is the world largest enterprise cloud identity management service.
+description: Azure Active Directory is the world's largest enterprise cloud identity management service.
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
@@ -9,11 +9,12 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.collection: highpri
+ms.date: 12/31/2017
 ---
 
 # Azure Active Directory integration with MDM
 
-Azure Active Directory is the world largest enterprise cloud identity management service. It’s used by organizations to access Office 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows integrates with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in an integrated flow.
+Azure Active Directory is the world's largest enterprise cloud identity management service. It’s used by organizations to access Office 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows integrates with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in an integrated flow.
 
 Once a device is enrolled in MDM, the MDM:
 
diff --git a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
index a27bb4a05a..ec40469278 100644
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -125,7 +125,7 @@ Requirements:
 
     > [!NOTE]
     > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. The default behavior for older releases is to revert to **User Credential**.
-    > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop because the Intune subscription is user centric.
+    > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or [Azure Virtual Desktop multi-session host pools](/mem/intune/fundamentals/azure-virtual-desktop-multi-session) because the Intune subscription is user centric. User credentials are supported for [Azure Virtual Desktop personal host pools](/mem/intune/fundamentals/azure-virtual-desktop).
 
     When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from Azure Active Directory."
 
diff --git a/windows/client-management/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md
index be730b8fd9..5acabf7ab8 100644
--- a/windows/client-management/esim-enterprise-management.md
+++ b/windows/client-management/esim-enterprise-management.md
@@ -7,6 +7,7 @@ ms.localizationpriority: medium
 ms.author: vinpa
 ms.topic: conceptual
 ms.technology: itpro-manage
+ms.date: 12/31/2017
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
diff --git a/windows/client-management/images/NPS_sidepacket_capture_data.png b/windows/client-management/images/NPS_sidepacket_capture_data.png
deleted file mode 100644
index 9d43a3ebed..0000000000
Binary files a/windows/client-management/images/NPS_sidepacket_capture_data.png and /dev/null differ
diff --git a/windows/client-management/images/auditfailure.png b/windows/client-management/images/auditfailure.png
deleted file mode 100644
index f235ad8148..0000000000
Binary files a/windows/client-management/images/auditfailure.png and /dev/null differ
diff --git a/windows/client-management/images/auditsuccess.png b/windows/client-management/images/auditsuccess.png
deleted file mode 100644
index 66ce98acb1..0000000000
Binary files a/windows/client-management/images/auditsuccess.png and /dev/null differ
diff --git a/windows/client-management/images/authenticator_flow_chart.png b/windows/client-management/images/authenticator_flow_chart.png
deleted file mode 100644
index 729895e60e..0000000000
Binary files a/windows/client-management/images/authenticator_flow_chart.png and /dev/null differ
diff --git a/windows/client-management/images/boot-sequence-thumb.png b/windows/client-management/images/boot-sequence-thumb.png
deleted file mode 100644
index 164f9f9848..0000000000
Binary files a/windows/client-management/images/boot-sequence-thumb.png and /dev/null differ
diff --git a/windows/client-management/images/boot-sequence.png b/windows/client-management/images/boot-sequence.png
deleted file mode 100644
index 31e6dc34c9..0000000000
Binary files a/windows/client-management/images/boot-sequence.png and /dev/null differ
diff --git a/windows/client-management/images/bugcheck-analysis.png b/windows/client-management/images/bugcheck-analysis.png
deleted file mode 100644
index e4b4f033f8..0000000000
Binary files a/windows/client-management/images/bugcheck-analysis.png and /dev/null differ
diff --git a/windows/client-management/images/capi.png b/windows/client-management/images/capi.png
deleted file mode 100644
index 76bbcd0650..0000000000
Binary files a/windows/client-management/images/capi.png and /dev/null differ
diff --git a/windows/client-management/images/check-disk.png b/windows/client-management/images/check-disk.png
deleted file mode 100644
index 2c5859470e..0000000000
Binary files a/windows/client-management/images/check-disk.png and /dev/null differ
diff --git a/windows/client-management/images/clientsidepacket_cap_data.png b/windows/client-management/images/clientsidepacket_cap_data.png
deleted file mode 100644
index b162d2e285..0000000000
Binary files a/windows/client-management/images/clientsidepacket_cap_data.png and /dev/null differ
diff --git a/windows/client-management/images/comparisontable.png b/windows/client-management/images/comparisontable.png
deleted file mode 100644
index 0f6781d93e..0000000000
Binary files a/windows/client-management/images/comparisontable.png and /dev/null differ
diff --git a/windows/client-management/images/controlset.png b/windows/client-management/images/controlset.png
deleted file mode 100644
index fe9d3c8820..0000000000
Binary files a/windows/client-management/images/controlset.png and /dev/null differ
diff --git a/windows/client-management/images/eappropertymenu.png b/windows/client-management/images/eappropertymenu.png
deleted file mode 100644
index 127d7a7e49..0000000000
Binary files a/windows/client-management/images/eappropertymenu.png and /dev/null differ
diff --git a/windows/client-management/images/etl.png b/windows/client-management/images/etl.png
deleted file mode 100644
index 14a62c6450..0000000000
Binary files a/windows/client-management/images/etl.png and /dev/null differ
diff --git a/windows/client-management/images/eventviewer.png b/windows/client-management/images/eventviewer.png
deleted file mode 100644
index e0aa5d1721..0000000000
Binary files a/windows/client-management/images/eventviewer.png and /dev/null differ
diff --git a/windows/client-management/images/loadhive.png b/windows/client-management/images/loadhive.png
deleted file mode 100644
index 62c6643140..0000000000
Binary files a/windows/client-management/images/loadhive.png and /dev/null differ
diff --git a/windows/client-management/images/miniport.png b/windows/client-management/images/miniport.png
deleted file mode 100644
index ba1b2fed2d..0000000000
Binary files a/windows/client-management/images/miniport.png and /dev/null differ
diff --git a/windows/client-management/images/msm.png b/windows/client-management/images/msm.png
deleted file mode 100644
index 397df3e350..0000000000
Binary files a/windows/client-management/images/msm.png and /dev/null differ
diff --git a/windows/client-management/images/msmdetails.png b/windows/client-management/images/msmdetails.png
deleted file mode 100644
index cbcf20e114..0000000000
Binary files a/windows/client-management/images/msmdetails.png and /dev/null differ
diff --git a/windows/client-management/images/nm-adapters.png b/windows/client-management/images/nm-adapters.png
deleted file mode 100644
index f4e25fdbc8..0000000000
Binary files a/windows/client-management/images/nm-adapters.png and /dev/null differ
diff --git a/windows/client-management/images/nm-start.png b/windows/client-management/images/nm-start.png
deleted file mode 100644
index ec92f013a2..0000000000
Binary files a/windows/client-management/images/nm-start.png and /dev/null differ
diff --git a/windows/client-management/images/out-of-memory.png b/windows/client-management/images/out-of-memory.png
deleted file mode 100644
index c377389128..0000000000
Binary files a/windows/client-management/images/out-of-memory.png and /dev/null differ
diff --git a/windows/client-management/images/pendingupdate.png b/windows/client-management/images/pendingupdate.png
deleted file mode 100644
index 19d8c9dec4..0000000000
Binary files a/windows/client-management/images/pendingupdate.png and /dev/null differ
diff --git a/windows/client-management/images/revertpending.png b/windows/client-management/images/revertpending.png
deleted file mode 100644
index 7b60c6446d..0000000000
Binary files a/windows/client-management/images/revertpending.png and /dev/null differ
diff --git a/windows/client-management/images/rpc-error.png b/windows/client-management/images/rpc-error.png
deleted file mode 100644
index 0e0828522b..0000000000
Binary files a/windows/client-management/images/rpc-error.png and /dev/null differ
diff --git a/windows/client-management/images/rpc-flow.png b/windows/client-management/images/rpc-flow.png
deleted file mode 100644
index a3d9c13030..0000000000
Binary files a/windows/client-management/images/rpc-flow.png and /dev/null differ
diff --git a/windows/client-management/images/screenshot1.png b/windows/client-management/images/screenshot1.png
deleted file mode 100644
index 5138b41016..0000000000
Binary files a/windows/client-management/images/screenshot1.png and /dev/null differ
diff --git a/windows/client-management/images/sfc-scannow.png b/windows/client-management/images/sfc-scannow.png
deleted file mode 100644
index 1c079288a8..0000000000
Binary files a/windows/client-management/images/sfc-scannow.png and /dev/null differ
diff --git a/windows/client-management/images/task-manager-commit.png b/windows/client-management/images/task-manager-commit.png
deleted file mode 100644
index 86d289eebe..0000000000
Binary files a/windows/client-management/images/task-manager-commit.png and /dev/null differ
diff --git a/windows/client-management/images/task-manager.png b/windows/client-management/images/task-manager.png
deleted file mode 100644
index c52163f46e..0000000000
Binary files a/windows/client-management/images/task-manager.png and /dev/null differ
diff --git a/windows/client-management/images/tat.png b/windows/client-management/images/tat.png
deleted file mode 100644
index 90eb328c38..0000000000
Binary files a/windows/client-management/images/tat.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-10.png b/windows/client-management/images/tcp-ts-10.png
deleted file mode 100644
index 7bf332b57a..0000000000
Binary files a/windows/client-management/images/tcp-ts-10.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-11.png b/windows/client-management/images/tcp-ts-11.png
deleted file mode 100644
index 75b0361f89..0000000000
Binary files a/windows/client-management/images/tcp-ts-11.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-12.png b/windows/client-management/images/tcp-ts-12.png
deleted file mode 100644
index 592ccf0e76..0000000000
Binary files a/windows/client-management/images/tcp-ts-12.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-13.png b/windows/client-management/images/tcp-ts-13.png
deleted file mode 100644
index da6157c72a..0000000000
Binary files a/windows/client-management/images/tcp-ts-13.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-14.png b/windows/client-management/images/tcp-ts-14.png
deleted file mode 100644
index b1db37cd1a..0000000000
Binary files a/windows/client-management/images/tcp-ts-14.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-15.png b/windows/client-management/images/tcp-ts-15.png
deleted file mode 100644
index e3e161317f..0000000000
Binary files a/windows/client-management/images/tcp-ts-15.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-16.png b/windows/client-management/images/tcp-ts-16.png
deleted file mode 100644
index 52a5e24e2b..0000000000
Binary files a/windows/client-management/images/tcp-ts-16.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-17.png b/windows/client-management/images/tcp-ts-17.png
deleted file mode 100644
index e690bbdf1c..0000000000
Binary files a/windows/client-management/images/tcp-ts-17.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-18.png b/windows/client-management/images/tcp-ts-18.png
deleted file mode 100644
index 95cf36dbe7..0000000000
Binary files a/windows/client-management/images/tcp-ts-18.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-19.png b/windows/client-management/images/tcp-ts-19.png
deleted file mode 100644
index 4f2d239e57..0000000000
Binary files a/windows/client-management/images/tcp-ts-19.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-20.png b/windows/client-management/images/tcp-ts-20.png
deleted file mode 100644
index 9b3c573f7e..0000000000
Binary files a/windows/client-management/images/tcp-ts-20.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-21.png b/windows/client-management/images/tcp-ts-21.png
deleted file mode 100644
index 1e29a2061e..0000000000
Binary files a/windows/client-management/images/tcp-ts-21.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-22.png b/windows/client-management/images/tcp-ts-22.png
deleted file mode 100644
index c49dcd72ee..0000000000
Binary files a/windows/client-management/images/tcp-ts-22.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-23.png b/windows/client-management/images/tcp-ts-23.png
deleted file mode 100644
index 16ef4604c1..0000000000
Binary files a/windows/client-management/images/tcp-ts-23.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-24.png b/windows/client-management/images/tcp-ts-24.png
deleted file mode 100644
index 14ae950076..0000000000
Binary files a/windows/client-management/images/tcp-ts-24.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-25.png b/windows/client-management/images/tcp-ts-25.png
deleted file mode 100644
index 21e8b97a08..0000000000
Binary files a/windows/client-management/images/tcp-ts-25.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-4.png b/windows/client-management/images/tcp-ts-4.png
deleted file mode 100644
index 73bc5f90be..0000000000
Binary files a/windows/client-management/images/tcp-ts-4.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-5.png b/windows/client-management/images/tcp-ts-5.png
deleted file mode 100644
index ee64c96da0..0000000000
Binary files a/windows/client-management/images/tcp-ts-5.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-6.png b/windows/client-management/images/tcp-ts-6.png
deleted file mode 100644
index 8db75fdb08..0000000000
Binary files a/windows/client-management/images/tcp-ts-6.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-7.png b/windows/client-management/images/tcp-ts-7.png
deleted file mode 100644
index 4b61bf7e36..0000000000
Binary files a/windows/client-management/images/tcp-ts-7.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-8.png b/windows/client-management/images/tcp-ts-8.png
deleted file mode 100644
index f0ef8300ba..0000000000
Binary files a/windows/client-management/images/tcp-ts-8.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-9.png b/windows/client-management/images/tcp-ts-9.png
deleted file mode 100644
index dba375fd65..0000000000
Binary files a/windows/client-management/images/tcp-ts-9.png and /dev/null differ
diff --git a/windows/client-management/images/unloadhive.png b/windows/client-management/images/unloadhive.png
deleted file mode 100644
index e8eb2f859e..0000000000
Binary files a/windows/client-management/images/unloadhive.png and /dev/null differ
diff --git a/windows/client-management/images/unloadhive1.png b/windows/client-management/images/unloadhive1.png
deleted file mode 100644
index 3b269f294c..0000000000
Binary files a/windows/client-management/images/unloadhive1.png and /dev/null differ
diff --git a/windows/client-management/images/wcm.png b/windows/client-management/images/wcm.png
deleted file mode 100644
index 6c26a3aeb7..0000000000
Binary files a/windows/client-management/images/wcm.png and /dev/null differ
diff --git a/windows/client-management/images/wifi-stack.png b/windows/client-management/images/wifi-stack.png
deleted file mode 100644
index cf94f491c4..0000000000
Binary files a/windows/client-management/images/wifi-stack.png and /dev/null differ
diff --git a/windows/client-management/images/windbg.png b/windows/client-management/images/windbg.png
deleted file mode 100644
index 2f489e81a7..0000000000
Binary files a/windows/client-management/images/windbg.png and /dev/null differ
diff --git a/windows/client-management/images/wlan.png b/windows/client-management/images/wlan.png
deleted file mode 100644
index fea20f7272..0000000000
Binary files a/windows/client-management/images/wlan.png and /dev/null differ
diff --git a/windows/client-management/includes/allow-cortana-shortdesc.md b/windows/client-management/includes/allow-cortana-shortdesc.md
deleted file mode 100644
index 234b73f7d2..0000000000
--- a/windows/client-management/includes/allow-cortana-shortdesc.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.
diff --git a/windows/client-management/includes/configure-favorites-shortdesc.md b/windows/client-management/includes/configure-favorites-shortdesc.md
deleted file mode 100644
index 34e0cded8f..0000000000
--- a/windows/client-management/includes/configure-favorites-shortdesc.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Discontinued in Windows 10, version 1809.  Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. 
diff --git a/windows/client-management/includes/do-not-sync-shortdesc.md b/windows/client-management/includes/do-not-sync-shortdesc.md
deleted file mode 100644
index 2fe09c0260..0000000000
--- a/windows/client-management/includes/do-not-sync-shortdesc.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. 
diff --git a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md b/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
deleted file mode 100644
index 2b26624e8c..0000000000
--- a/windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  04/23/2020
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-[Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy):
-This article describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content these browsers display. Techniques that aren't explicitly listed in this article are considered to be **unsupported**.
\ No newline at end of file
diff --git a/windows/client-management/includes/search-provider-discovery-shortdesc.md b/windows/client-management/includes/search-provider-discovery-shortdesc.md
deleted file mode 100644
index 8524933996..0000000000
--- a/windows/client-management/includes/search-provider-discovery-shortdesc.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
diff --git a/windows/client-management/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm-enrollment-of-windows-devices.md
index 368defcb39..eba080fea2 100644
--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@@ -12,6 +12,7 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.collection: highpri
+ms.date: 12/31/2017
 ---
 
 # MDM enrollment of Windows 10-based devices
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index ae2d0aca3b..a425989761 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -8,6 +8,7 @@ ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.reviewer: 
 manager: aaroncz
+ms.date: 12/31/2017
 ---
 
 # Firewall configuration service provider (CSP)
@@ -51,6 +52,11 @@ Firewall
 ------------DisableStealthMode
 ------------Shielded
 ------------DisableUnicastResponsesToMulticastBroadcast
+------------EnableLogDroppedPackets
+------------EnableLogSuccessConnections
+------------EnableLogIgnoredRules
+------------LogMaxFileSize
+------------LogFilePath
 ------------DisableInboundNotifications
 ------------AuthAppsAllowUserPrefMerge
 ------------GlobalPortsAllowUserPrefMerge
@@ -64,6 +70,11 @@ Firewall
 ------------DisableStealthMode
 ------------Shielded
 ------------DisableUnicastResponsesToMulticastBroadcast
+------------EnableLogDroppedPackets
+------------EnableLogSuccessConnections
+------------EnableLogIgnoredRules
+------------LogMaxFileSize
+------------LogFilePath
 ------------DisableInboundNotifications
 ------------AuthAppsAllowUserPrefMerge
 ------------GlobalPortsAllowUserPrefMerge
@@ -77,6 +88,11 @@ Firewall
 ------------DisableStealthMode
 ------------Shielded
 ------------DisableUnicastResponsesToMulticastBroadcast
+------------EnableLogDroppedPackets
+------------EnableLogSuccessConnections
+------------EnableLogIgnoredRules
+------------LogMaxFileSize
+------------LogFilePath
 ------------DisableInboundNotifications
 ------------AuthAppsAllowUserPrefMerge
 ------------GlobalPortsAllowUserPrefMerge
@@ -222,6 +238,25 @@ Boolean value. If it's true, unicast responses to multicast broadcast traffic ar
 Default value is false.
 Value type is bool. Supported operations are Add, Get and Replace.
 
+<a href="" id="enablelogdroppedpackets"></a>**/EnableLogDroppedPackets**
+Boolean value. If this value is true, firewall will log all dropped packets. The merge law for this option is to let "on" values win.
+Default value is false. Supported operations are Get and Replace.
+
+<a href="" id="enablelogsuccessconnections"></a>**/EnableLogSuccessConnections**
+Boolean value. If this value is true, firewall will log all successful inbound connections. The merge law for this option is to let "on" values win.
+Default value is false. Supported operations are Get and Replace.
+
+<a href="" id="enablelogignoredrules"></a>**/EnableLogIgnoredRules**
+Boolean value. If this value is true, firewall will log ignored firewall rules. The merge law for this option is to let "on" values win.
+Default value is false. Supported operations are Get and Replace.
+
+<a href="" id="logmaxfilesize"></a>**/LogMaxFileSize**
+Integer value that specifies the size, in kilobytes, of the log file where dropped packets, successful connections and ignored rules are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+Default value is 1024. Supported operations are Get and Replace
+
+<a href="" id="logfilepath"></a>**/LogFilePath**
+String value that represents the file path to the log where firewall logs dropped packets, successful connections and ignored rules. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. Default value is "%systemroot%\system32\LogFiles\Firewall\pfirewall.log". Supported operations are Get and Replace
+
 <a href="" id="disableinboundnotifications"></a>**/DisableInboundNotifications**
 Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port.  If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
 Default value is false.
@@ -348,7 +383,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 <a href="" id="icmptypesandcodes"></a>**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes**
-ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
+Comma separated list of ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
 If not specified, the default is All.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
@@ -430,6 +465,7 @@ Comma separated list of interface types. Valid values:
 - RemoteAccess
 - Wireless
 - Lan
+- MBB (i.e. Mobile Broadband)
 
 If not specified, the default is All.
 Value type is string. Supported operations are Get and Replace.
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index ef26f2ef61..63c5843f83 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -8,7 +8,7 @@ ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.date: 
+ms.date: 4/5/2022
 ---
 
 # Device HealthAttestation CSP
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 00aeb772d0..62ead15ae0 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -18,6 +18,7 @@ ms.date: 08/01/2022
 - [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
 - [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
 - [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
+- [ApplicationManagement/RequirePrivateStoreOnly](policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly) <sup>11</sup>
 - [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
 - [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#authentication-preferredaadtenantdomainname)
 - [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 9507fbe7e9..df32a610d3 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -9,6 +9,7 @@ author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.reviewer: bobgil
 manager: aaroncz
+ms.date: 12/31/2017
 ---
 
 # Policy CSP - Authentication
diff --git a/windows/client-management/mdm/policy-csp-clouddesktop.md b/windows/client-management/mdm/policy-csp-clouddesktop.md
index c0907eacb8..f8bcc48c1b 100644
--- a/windows/client-management/mdm/policy-csp-clouddesktop.md
+++ b/windows/client-management/mdm/policy-csp-clouddesktop.md
@@ -4,7 +4,7 @@ description: Learn more about the CloudDesktop Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 11/22/2022
+ms.date: 12/09/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -36,7 +36,13 @@ ms.topic: reference
 <!-- BootToCloudMode-OmaUri-End -->
 
 <!-- BootToCloudMode-Description-Begin -->
-This policy is used by IT admin to set the configuration mode of cloud PC.
+<!-- Description-Source-DDF -->
+This policy allows the user to configure the boot to cloud mode. Boot to Cloud mode enables users to seamlessly sign-in to a Cloud PC that is provisioned for them by an IT Admin. For using boot to cloud mode, users need to install and configure a Cloud Provider application (eg: Win365) on their PC and need to have a Cloud PC provisioned to them. For successful use of this policy, OverrideShellProgram policy needs to be configured as well.
+
+This policy supports the below options:
+
+1. Not Configured: Machine will not trigger the Cloud PC connection automatically.
+2. Enable Boot to Cloud Desktop: The user will see that configured Cloud PC Provider application launches automatically. Once the sign-in operation finishes, the user is seamlessly connected to a provisioned Cloud PC.
 <!-- BootToCloudMode-Description-End -->
 
 <!-- BootToCloudMode-Editable-Begin -->
@@ -51,7 +57,6 @@ This policy is used by IT admin to set the configuration mode of cloud PC.
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
-| Dependency [OverrideShellProgramDependencyGroup] | Dependency Type: `DependsOn` <br> Dependency URI: `Device/Vendor/MSFT/Policy/Config/WindowsLogon/OverrideShellProgram` <br> Dependency Allowed Value: `[1]` <br> Dependency Allowed Value Type: `Range` <br>  |
 <!-- BootToCloudMode-DFProperties-End -->
 
 <!-- BootToCloudMode-AllowedValues-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 98923c408a..e8769b8986 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -9,6 +9,7 @@ author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.reviewer: 
 manager: aaroncz
+ms.date: 12/31/2017
 ---
 
 # Policy CSP - ControlPolicyConflict
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 828657eada..95f4178efd 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -702,11 +702,7 @@ ADMX Info:
 <!--Description-->
 Set this policy to restrict peer selection to a specific source. Available options are: 1 = Active Directory Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = Azure Active Directory.
 
-When set, the Group ID will be assigned automatically from the selected source.
-
-If you set this policy, the GroupID policy will be ignored.
-
-The options set in this policy only apply to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored.
+When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy will be ignored. The default behavior, when neither the GroupID or GroupIDSource policies are set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.  
 
 For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
 
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index ee0b9dac66..275de06fef 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -9,6 +9,7 @@ author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.reviewer: 
 manager: aaroncz
+ms.date: 12/31/2017
 ---
 
 # Policy CSP - InternetExplorer
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 7f72869d59..dc083daf3c 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -9,6 +9,7 @@ ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.reviewer: 
 manager: aaroncz
+ms.date: 12/31/2017
 ---
 
 # Policy CSP - MixedReality
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 33e709f97a..15d68c57a4 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsLogon Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 11/29/2022
+ms.date: 12/09/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -43,6 +43,7 @@ ms.topic: reference
 <!-- AllowAutomaticRestartSignOn-OmaUri-End -->
 
 <!-- AllowAutomaticRestartSignOn-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.
 
 This only occurs if the last interactive user didn’t sign out before the restart or shutdown.​
@@ -70,6 +71,9 @@ If you disable this policy setting, the device does not configure automatic sign
 <!-- AllowAutomaticRestartSignOn-DFProperties-End -->
 
 <!-- AllowAutomaticRestartSignOn-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
 **ADMX mapping**:
 
 | Name | Value |
@@ -105,6 +109,7 @@ If you disable this policy setting, the device does not configure automatic sign
 <!-- ConfigAutomaticRestartSignOn-OmaUri-End -->
 
 <!-- ConfigAutomaticRestartSignOn-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose “Disabled” in the “Sign-in and lock last interactive user automatically after a restart” policy, then automatic sign on will not occur and this policy does not need to be configured.
 
 If you enable this policy setting, you can choose one of the following two options:
@@ -132,6 +137,9 @@ If you disable or don’t configure this setting, automatic sign on will default
 <!-- ConfigAutomaticRestartSignOn-DFProperties-End -->
 
 <!-- ConfigAutomaticRestartSignOn-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
 **ADMX mapping**:
 
 | Name | Value |
@@ -166,6 +174,7 @@ If you disable or don’t configure this setting, automatic sign on will default
 <!-- DisableLockScreenAppNotifications-OmaUri-End -->
 
 <!-- DisableLockScreenAppNotifications-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to prevent app notifications from appearing on the lock screen.
 
 If you enable this policy setting, no app notifications are displayed on the lock screen.
@@ -187,6 +196,9 @@ If you disable or do not configure this policy setting, users can choose which a
 <!-- DisableLockScreenAppNotifications-DFProperties-End -->
 
 <!-- DisableLockScreenAppNotifications-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
 **ADMX mapping**:
 
 | Name | Value |
@@ -222,6 +234,7 @@ If you disable or do not configure this policy setting, users can choose which a
 <!-- DontDisplayNetworkSelectionUI-OmaUri-End -->
 
 <!-- DontDisplayNetworkSelectionUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
 
 If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.
@@ -243,6 +256,9 @@ If you disable or don't configure this policy setting, any user can disconnect t
 <!-- DontDisplayNetworkSelectionUI-DFProperties-End -->
 
 <!-- DontDisplayNetworkSelectionUI-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
 **ADMX mapping**:
 
 | Name | Value |
@@ -304,7 +320,8 @@ Here's an example to enable this policy:
 <!-- EnableFirstLogonAnimation-OmaUri-End -->
 
 <!-- EnableFirstLogonAnimation-Description-Begin -->
-This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time.  This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later.  It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in.
+<!-- Description-Source-ADMX -->
+This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in.
 
 If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation.
 
@@ -374,6 +391,7 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi
 <!-- EnableMPRNotifications-OmaUri-End -->
 
 <!-- EnableMPRNotifications-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy controls the configuration under which winlogon sends MPR notifications in the system.
 
 If you enable this setting or do not configure it, winlogon sends MPR notifications if a credential manager is configured.
@@ -395,6 +413,9 @@ If you disable this setting, winlogon does not send MPR notifications.
 <!-- EnableMPRNotifications-DFProperties-End -->
 
 <!-- EnableMPRNotifications-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
 **ADMX mapping**:
 
 | Name | Value |
@@ -430,6 +451,7 @@ If you disable this setting, winlogon does not send MPR notifications.
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-OmaUri-End -->
 
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows local users to be enumerated on domain-joined computers.
 
 If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.
@@ -451,6 +473,9 @@ If you disable or do not configure this policy setting, the Logon UI will not en
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-DFProperties-End -->
 
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
 **ADMX mapping**:
 
 | Name | Value |
@@ -486,6 +511,7 @@ If you disable or do not configure this policy setting, the Logon UI will not en
 <!-- HideFastUserSwitching-OmaUri-End -->
 
 <!-- HideFastUserSwitching-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager.
 
 If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied.
@@ -554,7 +580,15 @@ If you disable or do not configure this policy setting, the Switch User interfac
 <!-- OverrideShellProgram-OmaUri-End -->
 
 <!-- OverrideShellProgram-Description-Begin -->
-This policy is used by IT admin to override the registry based shell program.
+<!-- Description-Source-DDF -->
+OverrideShellProgram policy allows IT admin to configure the shell program for Windows OS on a device. This policy has the highest precedence over other ways of configuring the shell program.
+
+The policy currently supports below options:
+
+1. Not Configured: Default shell will be launched.
+2. Apply Lightweight Shell: Lightweight shell does not have a user interface and helps the device to achieve better performance as the shell consumes limited resources over default shell. Lightweight shell contains a limited set of features which could be consumed by applications. This configuration can be useful if the device needs to have a continuous running user interface application which would consume features offered by Lightweight shell.
+
+If you disable or do not configure this policy setting, then the default shell will be launched.
 <!-- OverrideShellProgram-Description-End -->
 
 <!-- OverrideShellProgram-Editable-Begin -->
@@ -569,6 +603,7 @@ This policy is used by IT admin to override the registry based shell program.
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
+| Dependency [BootToCloudModeDependencyGroup] | Dependency Type: `DependsOn` <br> Dependency URI: `Device/Vendor/MSFT/Policy/Config/CloudDesktop/BootToCloudMode` <br> Dependency Allowed Value: `[1]` <br> Dependency Allowed Value Type: `Range` <br>  |
 <!-- OverrideShellProgram-DFProperties-End -->
 
 <!-- OverrideShellProgram-AllowedValues-Begin -->
diff --git a/windows/client-management/understanding-admx-backed-policies.md b/windows/client-management/understanding-admx-backed-policies.md
index 4a730f6508..344d0eb5a7 100644
--- a/windows/client-management/understanding-admx-backed-policies.md
+++ b/windows/client-management/understanding-admx-backed-policies.md
@@ -1,6 +1,6 @@
 ---
 title: Understanding ADMX policies
-description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
+description: You can use ADMX policies for Windows mobile device management (MDM) across Windows devices.
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
@@ -237,7 +237,7 @@ Below is the internal OS mapping of a Group Policy to an MDM area and name. This
 
 `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]/<area>/<policy>`
 
-The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii)
+The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and decoding the policy data [Coder's Toolbox](https://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii).
 
 **Snippet of manifest for AppVirtualization area:**
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index f19e425791..39e709ad20 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -8,6 +8,8 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Configure Cortana in Windows 10 and Windows 11
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 479f178665..90543d9202 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -8,6 +8,8 @@ ms.author: aaroncz
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index 9d10404c6d..71800954eb 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -8,6 +8,8 @@ ms.author: aaroncz
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index 53ab837468..9f38750042 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -8,6 +8,8 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Set up and test Cortana in Windows 10, version 2004 and later
diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index 00570b40da..f043da3ecb 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -1,14 +1,16 @@
 ---
-title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
+title: Add or remove pinned apps on the Start menu in Windows 11
 description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 manager: aaroncz
+author: lizgt2000
 ms.author: lizlong
 ms.reviewer: ericpapa
 ms.prod: windows-client
-author: lizgt2000
 ms.localizationpriority: medium
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 01/10/2023
+ms.topic: article
 ---
 
 # Customize the Start menu layout on Windows 11
@@ -29,9 +31,11 @@ This article shows you how to export an existing Start menu layout, and use the
 
 ## Before you begin
 
-- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from changing the layout.
+- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. When a user signs in or Explorer restarts, Windows reapplies the MDM policy. This action restores the specified layout and doesn't retain any user changes.
 
-- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+  To prevent users from making any changes to the Start menu layout, see the [NoChangeStartMenu](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu) policy.
+
+- It's recommended to use a mobile device management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
 
   In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
 
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 9b5dec303f..a630b2ac0b 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -9,6 +9,8 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Customize the Taskbar on Windows 11
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 7752ed29fa..baffd2a688 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -10,6 +10,7 @@ ms.author: lizlong
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Customize Windows 10 Start and taskbar with Group Policy
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index a853a65ee5..904afc2d16 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -9,6 +9,7 @@ ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Customize Windows 10 Start and taskbar with provisioning packages
diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
index 89cfab1cba..2eda1c13b6 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
 ms.prod: windows-client
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 # Find the Application User Model ID of an installed app
 
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index a5150fcdcb..48abdda3c1 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -13,6 +13,7 @@ ms.reviewer: sybruckm
 manager: aaroncz
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index fd0756d5ca..91f7ece2cf 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -9,6 +9,7 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: reference
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # More kiosk methods and reference information
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 3e6444f439..57f6e8b22d 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -9,6 +9,7 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Use MDM Bridge WMI Provider to create a Windows client kiosk
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 00f8c0181b..fca2b5ab94 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 author: lizgt2000
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Configure kiosks and digital signs on Windows desktop editions
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index 32f8c08e76..7891caf75d 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Policies enforced on kiosk devices
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 5ac71f90ec..0443a3047c 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -9,6 +9,7 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Prepare a device for kiosk configuration
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 5987383d91..fc9e86e27c 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -9,6 +9,7 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Use Shell Launcher to create a Windows client kiosk
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 8fe9c59229..3724425208 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Set up a single-app kiosk on Windows 10/11
@@ -336,7 +337,7 @@ To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then si
 
 If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 
-`HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI`
+`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI`
 
 To change the default time for assigned access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal.
 
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 0d457a1715..7ab28c7741 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -9,6 +9,7 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Validate kiosk configuration
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index d2d862af7b..2229eb5af7 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Assigned Access configuration (kiosk) XML reference
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 4173a48861..5e74a0ca9d 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -10,6 +10,7 @@ ms.reviewer: sybruckm
 ms.localizationpriority: medium
 ms.topic: how-to
 ms.collection: highpri
+ms.date: 12/31/2017
 ---
 
 # Set up a multi-app kiosk on Windows 10 devices
diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md
index dab9d24432..9a32f053b2 100644
--- a/windows/configuration/lockdown-features-windows-10.md
+++ b/windows/configuration/lockdown-features-windows-10.md
@@ -9,6 +9,7 @@ ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Lockdown features from Windows Embedded 8.1 Industry
diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md
index 8df16b0bf1..f5ee82e15a 100644
--- a/windows/configuration/manage-wifi-sense-in-enterprise.md
+++ b/windows/configuration/manage-wifi-sense-in-enterprise.md
@@ -9,6 +9,7 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Manage Wi-Fi Sense in your company
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index f6230ee388..e6fe7659b1 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -9,6 +9,7 @@ ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Configuration service providers for IT pros
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 12383a7586..4ea1962aa4 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -9,6 +9,7 @@ ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Provision PCs with common settings for initial deployment (desktop wizard)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index dd404266a8..8efef893cd 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Provision PCs with apps 
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 34e5609b63..400e2a7863 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Apply a provisioning package
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index cebf8679f9..05e6a1da83 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Windows Configuration Designer command-line interface (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 6e8bd7a6fb..62d2d239ae 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Create a provisioning package
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index f06f67b436..4f93bfc292 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # How provisioning works in Windows
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index a18e5b29ce..c77e2f658e 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -10,6 +10,7 @@ ms.reviewer: gkomatsu
 manager: aaroncz
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Install Windows Configuration Designer, and learn about any limitations
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 45a99e20e8..a22a2e2dc5 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -9,6 +9,7 @@ ms.reviewer: gkomatsu
 manager: aaroncz
 ms.author: lizlong
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Create a provisioning package with multivariant settings
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 5c61eb922b..4f0004d334 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.collection: highpri
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Provisioning packages for Windows
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 9b347a6304..074f0168f1 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # PowerShell cmdlets for provisioning Windows client (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index ae5b559aae..00a55c6d95 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Use a script to install a desktop app in provisioning packages
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 2784db5f1e..1ae2f42140 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Settings changed when you uninstall a provisioning package
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index 8ff898fb1d..874a5657cc 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: aaroncz
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Add image for secondary Microsoft Edge tiles 
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 684b35d6f3..d079399d4b 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -8,6 +8,8 @@ ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.technology: itpro-configure
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Supported configuration service provider (CSP) policies for Windows 11 Start menu
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index c094fb12f9..b51d7becb9 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -8,6 +8,8 @@ ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.technology: itpro-configure
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Supported configuration service provider (CSP) policies for Windows 11 taskbar
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index 0f7cbab6bd..7b97d13b21 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Cellular (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
index b826e3cbbe..a4f21e84f9 100644
--- a/windows/configuration/wcd/wcd-changes.md
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Changes to settings in Windows Configuration Designer
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
index 716237d02e..9d0ab9779d 100644
--- a/windows/configuration/wcd/wcd-deviceupdatecenter.md
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # DeviceUpdateCenter (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index fe920d9f7c..9b1e501fec 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Location (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index 1f30e55191..37b93da96d 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Maps (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index 92226ac222..0b8561c8cf 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # NetworkProxy (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index 50a9d20da9..2be6c377ba 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # NetworkQoSPolicy (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 589cf36452..df4078b569 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # OOBE (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index 69693eeb45..249dc446a7 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Personalization (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index c76f9e2459..b2ac514b17 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Policies (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index 73836d589b..df2b29c1ff 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Privacy (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 6a133d5a59..61f8c30b69 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 ms.topic: article
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # StorageD3InModernStandby (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index f7017ef138..659eef75c7 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Time
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index d402e1ceb6..55abb9002a 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # UnifiedWriteFilter (reference)
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index cb622f51e2..bbd3749ad5 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # UniversalAppInstall (reference)
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 45e82deba6..ab0005120f 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # UniversalAppUninstall (reference)
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index de2cdfc24b..3a53cca460 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # UsbErrorsOEMOverride (reference)
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index dfd1c1ee93..2270de3845 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # WeakCharger (reference)
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index 5abe841a5c..8c42614eca 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # WindowsHelloForBusiness (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index 9255158400..9db59248ff 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # WindowsTeamSettings (reference)
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index c6df66ef0f..c691224077 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # WLAN (reference)
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 0cd1afaa90..c982e45ca3 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.reviewer: 
 manager: dougeby
 ms.technology: itpro-configure
+ms.date: 12/31/2017
 ---
 
 # Windows Configuration Designer provisioning settings (reference)
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index ace17b1b9f..6ec6b46d6c 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -8,7 +8,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
-ms.collection: M365-modern-desktop
 ms.custom: seo-marvel-apr2020
 ms.date: 11/23/2022
 ms.technology: itpro-deploy
diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index 07805dc6fb..6c21a68819 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -1,4 +1,4 @@
-- name: Delivery Optimization for Windows client and Microsoft Connected Cache
+- name: Delivery Optimization for Windows and Microsoft Connected Cache
   href: index.yml
 - name: What's new
   href: whats-new-do.md
@@ -9,9 +9,9 @@
     href: waas-delivery-optimization.md
   - name: Delivery Optimization Frequently Asked Questions
     href: waas-delivery-optimization-faq.yml    
-  - name: Configure Delivery Optimization for Windows clients
+  - name: Configure Delivery Optimization for Windows
     items:
-    - name: Windows client Delivery Optimization settings
+    - name: Windows Delivery Optimization settings
       href: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings
     - name: Configure Delivery Optimization settings using Microsoft Intune
       href: /mem/intune/configuration/delivery-optimization-windows
diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md
index de59da66d7..ef06dbd00a 100644
--- a/windows/deployment/do/delivery-optimization-proxy.md
+++ b/windows/deployment/do/delivery-optimization-proxy.md
@@ -6,9 +6,9 @@ ms.prod: windows-client
 author: carmenf
 ms.localizationpriority: medium
 ms.author: carmenf
-ms.collection: M365-modern-desktop
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Using a proxy with Delivery Optimization
diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md
index e5513df9f2..6d8accfe59 100644
--- a/windows/deployment/do/delivery-optimization-workflow.md
+++ b/windows/deployment/do/delivery-optimization-workflow.md
@@ -6,9 +6,9 @@ ms.prod: windows-client
 author: carmenf
 ms.localizationpriority: medium
 ms.author: carmenf
-ms.collection: M365-modern-desktop
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Delivery Optimization client-service communication explained
diff --git a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
index f97aed1785..5d80bf89fd 100644
--- a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
+++ b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
@@ -2,15 +2,14 @@
 title: Don't Remove images under do/images/elixir_ux - used by Azure portal Diagnose/Solve feature UI
 manager: aaroncz
 description: Elixir images read me file
-keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: nidos
-ms.localizationpriority: medium
 ms.author: nidos
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Read Me
diff --git a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
index 2828da9932..5f75f6344a 100644
--- a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
+++ b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
@@ -28,15 +28,15 @@ ms.localizationpriority: medium
 | TotalBytesDownloaded | The number of bytes from any source downloaded so far |
 | PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
 | BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
-| BytesfromHTTP | Total number of bytes received over HTTP |
+| BytesfromHTTP | Total number of bytes received over HTTP. This represents all HTTP sources, which includes BytesFromCacheServer |
 | Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
 | Priority | Priority of the download; values are **foreground** or **background** |
-| BytesFromCacheServer | Total number of bytes received from cache server |
+| BytesFromCacheServer | Total number of bytes received from cache server (MCC) |
 | BytesFromLanPeers | Total number of bytes received from peers found on the LAN |
-| BytesFromGroupPeers | Total number of bytes received from peers found in the group |
+| BytesFromGroupPeers | Total number of bytes received from peers found in the group. (Note: Group mode is LAN + Group. If peers are found on the LAN, those bytes will be registered in 'BytesFromLANPeers'.)  |
 | BytesFromInternetPeers | Total number of bytes received from internet peers |
 | BytesToLanPeers | Total number of bytes delivered from peers found on the LAN |
-| BytesToGroupPeers | Total number of bytes delivered from peers found in the group  |
+| BytesToGroupPeers | Total number of bytes delivered from peers found in the group |
 | BytesToInternetPeers | Total number of bytes delivered from peers found on the LAN  |
 | DownloadDuration | Total download time in seconds |
 | HttpConnectionCount |  |
diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml
index 654cd9f309..5cbe1535a0 100644
--- a/windows/deployment/do/index.yml
+++ b/windows/deployment/do/index.yml
@@ -1,7 +1,7 @@
 ### YamlMime:Landing
 
 title: Delivery Optimization # < 60 chars
-summary: Set up peer to peer downloads for Windows Updates and learn about Microsoft Connected Cache.  # < 160 chars
+summary: Set up peer to peer downloads for Microsoft content supported by Delivery Optimization and learn about Microsoft Connected Cache.  # < 160 chars
 
 metadata:
   title: Delivery Optimization # Required; page title displayed in search results. Include the brand. < 60 chars.
@@ -36,7 +36,7 @@ landingContent:
 
 
   # Card (optional)
-  - title: Configure Delivery Optimization on Windows clients
+  - title: Configure Delivery Optimization on Windows
     linkLists:
       - linkListType: how-to-guide
         links:
diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md
index ef710a3929..11915236a8 100644
--- a/windows/deployment/do/mcc-enterprise-appendix.md
+++ b/windows/deployment/do/mcc-enterprise-appendix.md
@@ -2,12 +2,12 @@
 title: Appendix
 manager: aaroncz
 description: Appendix on Microsoft Connected Cache (MCC) for Enterprise and Education.
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
 ms.author: amyzhou
-ms.localizationpriority: medium
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Appendix
diff --git a/windows/deployment/do/mcc-enterprise-deploy.md b/windows/deployment/do/mcc-enterprise-deploy.md
index 74ef198811..c39e4b5a84 100644
--- a/windows/deployment/do/mcc-enterprise-deploy.md
+++ b/windows/deployment/do/mcc-enterprise-deploy.md
@@ -2,12 +2,12 @@
 title: Deploying your cache node
 manager: dougeby
 description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
-ms.localizationpriority: medium
 ms.author: amyzhou
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Deploying your cache node
diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md
index 84faf8d670..fac81254f0 100644
--- a/windows/deployment/do/mcc-enterprise-prerequisites.md
+++ b/windows/deployment/do/mcc-enterprise-prerequisites.md
@@ -2,12 +2,12 @@
 title: Requirements for Microsoft Connected Cache (MCC) for Enterprise and Education
 manager: dougeby
 description: Overview of requirements for Microsoft Connected Cache (MCC) for Enterprise and Education.
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
-ms.localizationpriority: medium
 ms.author: amyzhou
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Requirements of Microsoft Connected Cache for Enterprise and Education (early preview)
diff --git a/windows/deployment/do/mcc-enterprise-update-uninstall.md b/windows/deployment/do/mcc-enterprise-update-uninstall.md
index 60d0df68e3..83882c952c 100644
--- a/windows/deployment/do/mcc-enterprise-update-uninstall.md
+++ b/windows/deployment/do/mcc-enterprise-update-uninstall.md
@@ -2,12 +2,12 @@
 title: Update or uninstall Microsoft Connected Cache for Enterprise and Education
 manager: dougeby
 description: Details on updating or uninstalling Microsoft Connected Cache (MCC) for Enterprise and Education.
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
-ms.localizationpriority: medium
 ms.author: amyzhou
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 # Update or uninstall Microsoft Connected Cache for Enterprise and Education
 
diff --git a/windows/deployment/do/mcc-isp-cache-node-configuration.md b/windows/deployment/do/mcc-isp-cache-node-configuration.md
index ae5404b2ae..8d8bc76577 100644
--- a/windows/deployment/do/mcc-isp-cache-node-configuration.md
+++ b/windows/deployment/do/mcc-isp-cache-node-configuration.md
@@ -2,15 +2,12 @@
 title: Cache node configuration
 manager: aaroncz
 description: Configuring a cache node on Azure portal
-keywords: updates, downloads, network, bandwidth
-ms.prod: w10
-ms.mktglfcycl: deploy
-audience: itpro
+ms.prod: windows-client
 author: amyzhou
-ms.localizationpriority: medium
 ms.author: amyzhou
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Cache node configuration
diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index 7ef7e28969..aa7180c750 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -2,15 +2,12 @@
 title: Create, provision, and deploy the cache node in Azure portal
 manager: aaroncz
 description: Instructions for creating, provisioning, and deploying Microsoft Connected Cache for ISP on Azure portal
-keywords: updates, downloads, network, bandwidth
-ms.prod: w10
-ms.mktglfcycl: deploy
-audience: itpro
+ms.prod: windows-client
 author: nidos
-ms.localizationpriority: medium
 ms.author: nidos
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Create, Configure, provision, and deploy the cache node in Azure portal
diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml
index 19f6da7226..74688ffae3 100644
--- a/windows/deployment/do/mcc-isp-faq.yml
+++ b/windows/deployment/do/mcc-isp-faq.yml
@@ -2,24 +2,19 @@
 metadata:
   title: Microsoft Connected Cache Frequently Asked Questions
   description: The following article is a list of frequently asked questions for Microsoft Connected Cache.
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: amymzhou
   ms.author: amymzhou
   manager: aaroncz
-  audience: ITPro
   ms.collection:
-    - M365-security-compliance
     - highpri
   ms.topic: faq
   ms.date: 09/30/2022
-  ms.custom: seo-marvel-apr2020
+  ms.prod: windows-client
+  ms.technology: itpro-updates
 title: Microsoft Connected Cache Frequently Asked Questions
 summary: |
   **Applies to**
-  -   Windows 10
-  -   Windows 11
+  -   Windows 10 and later
   
 sections:
   - name: Ignored
@@ -33,12 +28,18 @@ sections:
       - question: What are the prerequisites and hardware requirements?
         answer: | 
          - Azure subscription  
-         - Hardware to host Microsoft Connected Cache:   
+         - Hardware to host Microsoft Connected Cache
+         - Ubuntu 20.04 LTS on a physical server or VM of your choice. 
+         
+         > [!NOTE]
+         > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 20.04 is an [Azure IoT Edge Tier 1 operating system](/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. 
+         
+         The following are recommended hardware configurations:   
           
           <!--Using include file, mcc-prerequisites.md, for shared content on DO monitoring-->
           [!INCLUDE [Microsoft Connected Cache Prerequisites](includes/mcc-prerequisites.md)]
 
-         We have one customer who is able to achieve 40-Gbps egress rate using the following hardware specification:  
+         We have one customer who is able to achieve mid-30s Gbps egress rate using the following hardware specification:  
           - Dell PowerEdge R330  
           - 2 x Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40 GHz, total 32 core  
           - 48 GB, Micron Technology 18ASF1G72PDZ-2G1A1, Speed: 2133 MT/s  
diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md
index 291a69a7ab..e53324e321 100644
--- a/windows/deployment/do/mcc-isp-signup.md
+++ b/windows/deployment/do/mcc-isp-signup.md
@@ -2,15 +2,14 @@
 title: Operator sign up and service onboarding
 manager: aaroncz
 description: Service onboarding for Microsoft Connected Cache for ISP
-keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: nidos
-ms.localizationpriority: medium
 ms.author: nidos
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Operator sign up and service onboarding for Microsoft Connected Cache
diff --git a/windows/deployment/do/mcc-isp-support.md b/windows/deployment/do/mcc-isp-support.md
index a321ac671c..a10e0f5a63 100644
--- a/windows/deployment/do/mcc-isp-support.md
+++ b/windows/deployment/do/mcc-isp-support.md
@@ -2,14 +2,13 @@
 title: Support and troubleshooting
 manager: aaroncz
 description: Troubleshooting issues for Microsoft Connected Cache for ISP
-keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 audience: itpro
 author: nidos
-ms.localizationpriority: medium
 ms.author: nidos
-ms.collection: M365-modern-desktop
 ms.topic: reference
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Support and troubleshooting
diff --git a/windows/deployment/do/mcc-isp-update.md b/windows/deployment/do/mcc-isp-update.md
index c6bdfe27c8..2e74cc5a44 100644
--- a/windows/deployment/do/mcc-isp-update.md
+++ b/windows/deployment/do/mcc-isp-update.md
@@ -2,15 +2,14 @@
 title: Update or uninstall your cache node
 manager: aaroncz
 description: How to update or uninstall your cache node
-keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: amyzhou
-ms.localizationpriority: medium
 ms.author: amyzhou
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Update or uninstall your cache node
diff --git a/windows/deployment/do/mcc-isp-verify-cache-node.md b/windows/deployment/do/mcc-isp-verify-cache-node.md
index 22f8b3de86..da0003c24f 100644
--- a/windows/deployment/do/mcc-isp-verify-cache-node.md
+++ b/windows/deployment/do/mcc-isp-verify-cache-node.md
@@ -3,14 +3,13 @@ title: Verify cache node functionality and monitor health and performance
 manager: aaroncz
 description: How to verify the functionality of a cache node
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
-ms.mktglfcycl: deploy
+ms.prod: windows-client
 audience: itpro
 author: amyzhou
-ms.localizationpriority: medium
 ms.author: amyzhou
-ms.collection: M365-modern-desktop
 ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
 ---
 
 # Verify cache node functionality and monitor health and performance
diff --git a/windows/deployment/do/mcc-isp-vm-performance.md b/windows/deployment/do/mcc-isp-vm-performance.md
index 6cb5ab9b45..9316c9a5af 100644
--- a/windows/deployment/do/mcc-isp-vm-performance.md
+++ b/windows/deployment/do/mcc-isp-vm-performance.md
@@ -2,15 +2,12 @@
 title: Enhancing VM performance
 manager: aaroncz
 description: How to enhance performance on a virtual machine used with Microsoft Connected Cache for ISPs
-keywords: updates, downloads, network, bandwidth
-ms.prod: w10
-ms.mktglfcycl: deploy
-audience: itpro
+ms.prod: windows-client
 author: amyzhou
-ms.localizationpriority: medium
 ms.author: amyzhou
-ms.collection: M365-modern-desktop
 ms.topic: reference
+ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Enhancing virtual machine performance
diff --git a/windows/deployment/do/mcc-isp.md b/windows/deployment/do/mcc-isp.md
index 055f86b888..34b12c0d9b 100644
--- a/windows/deployment/do/mcc-isp.md
+++ b/windows/deployment/do/mcc-isp.md
@@ -8,7 +8,6 @@ author: amymzhou
 ms.author: amyzhou
 ms.reviewer: carmenf
 manager: aaroncz
-ms.collection: M365-modern-desktop
 ms.topic: how-to
 ms.date: 05/20/2022
 ---
diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml
index 0fe613a87a..0827ee5979 100644
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@@ -2,28 +2,20 @@
 metadata:
   title: Delivery Optimization Frequently Asked Questions
   description: The following is a list of frequently asked questions for Delivery Optimization.
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.reviewer: aaroncz
-  ms.prod: m365-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
+  ms.prod: windows-client
   author: carmenf
   ms.author: carmenf
   manager: dougeby
-  audience: ITPro
+  ms.technology: itpro-updates
   ms.collection:
-    - M365-security-compliance
     - highpri
   ms.topic: faq
   ms.date: 08/04/2022
-  ms.custom: seo-marvel-apr2020
 title: Delivery Optimization Frequently Asked Questions
 summary: |
   **Applies to**
-  -   Windows 10
-  -   Windows 11
+  -   Windows 10 and later
   
 
 sections:
diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md
index 22dff75ed5..6564dcd26e 100644
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@@ -7,10 +7,10 @@ ms.prod: windows-client
 author: carmenf
 ms.localizationpriority: medium
 ms.author: carmenf
-ms.collection: M365-modern-desktop
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Delivery Optimization reference
@@ -64,7 +64,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 |
 | [Delay background download cache server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 |
 | [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809  |
-| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 1809  |
+| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 |
 | [Maximum Foreground Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs)         | DOMaxForegroundDownloadBandwidth | 2004 |
 | [Maximum Background Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxBackgroundDownloadBandwidth | 2004 |
 
@@ -146,7 +146,7 @@ Starting in Windows 10, version 1803, set this policy to restrict peer selection
 - 4 = DNS Suffix
 - 5 = Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
 
-When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy will be ignored. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.  
+When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy will be ignored. The default behavior, when neither the GroupID or GroupIDSource policies are set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.  
 
 ### Minimum RAM (inclusive) allowed to use Peer Caching  
 
diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md
index ff28a0815c..8b49d9f487 100644
--- a/windows/deployment/do/waas-delivery-optimization-setup.md
+++ b/windows/deployment/do/waas-delivery-optimization-setup.md
@@ -1,16 +1,15 @@
 ---
 title: Set up Delivery Optimization
-ms.reviewer: 
-manager: dougeby
 description: In this article, learn how to set up Delivery Optimization.
-ms.prod: windows-client
 author: carmenf
-ms.localizationpriority: medium
 ms.author: carmenf
-ms.collection: M365-modern-desktop
-ms.topic: article
-ms.custom: seo-marvel-apr2020
+ms.reviewer: mstewart
+manager: aaroncz
+ms.prod: windows-client
 ms.technology: itpro-updates
+ms.localizationpriority: medium
+ms.topic: how-to
+ms.date: 12/19/2022
 ---
 
 # Set up Delivery Optimization for Windows
@@ -28,7 +27,7 @@ You can use Group Policy or an MDM solution like Intune to configure Delivery Op
 
 You will find the Delivery Optimization settings in Group Policy under **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization**.
 
-Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](/intune/delivery-optimization-windows).
+Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](/mem/intune/configuration/delivery-optimization-windows).
 
 **Starting with Windows 10, version 1903**, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
 
@@ -68,7 +67,7 @@ For this scenario, grouping devices by domain allows devices to be included in p
 
 To do this in Group Policy go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
 
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DODownloadMode to 1 or 2.
+To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to 1 or 2.
 
 ### Hub and spoke topology with boundary groups
 
@@ -76,10 +75,10 @@ The default download mode setting is **1**; this means all devices breaking out
 
 To do this in Group Policy go to ****Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
 
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DODownloadMode** to **2**.
+To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to **2**.
 
 > [!NOTE]
-> For more about using Delivery Optimization with Configuration Manager boundary groups, see [Delivery Optmization](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization).
+> For more information about using Delivery Optimization with Configuration Manager boundary groups, see [Delivery Optmization](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization).
 
 ### Large number of mobile devices
 
@@ -87,17 +86,15 @@ If you have a mobile workforce with a great many mobile devices, set Delivery Op
 
 To do this in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Allow uploads while the device is on battery while under set Battery level** to 60.
 
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DOMinBatteryPercentageAllowedToUpload** to 60.
+To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominbatterypercentageallowedtoupload) to 60.
 
 ### Plentiful free space and large numbers of devices
 
 Many devices now come with large internal drives. You can set Delivery Optimization to take better advantage of this space (especially if you have large numbers of devices) by changing the minimum file size to cache. If you have more than 30 devices in your local network or group, change it from the default 50 MB to 10 MB. If you have more than 100 devices (and are running Windows 10, version 1803 or later), set this value to 1 MB.
 
-[//]: # (default of 50 aimed at consumer)
-
 To do this in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Minimum Peer Caching Content File Size** to 10 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
 
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DOMinFileSizeToCache** to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
+To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinFileSizeToCache](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominfilesizetocache) to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
 
 ### Lab scenario
 
@@ -105,7 +102,7 @@ In a lab situation, you typically have a large number of devices that are plugge
 
 To do this in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Max Cache Age** to **604800** (7 days) or more (up to 30 days).
 
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DOMaxCacheAge to 7 or more (up to 30 days).
+To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMaxCacheAge](/windows/client-management/mdm/policy-csp-deliveryoptimization#domaxcacheage) to 7 or more (up to 30 days).
 
 
 <!--Using include file, waas-delivery-optimization-monitor.md, for shared content on DO monitoring-->
diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md
index d22068202b..149bfe398d 100644
--- a/windows/deployment/do/waas-delivery-optimization.md
+++ b/windows/deployment/do/waas-delivery-optimization.md
@@ -7,12 +7,11 @@ author: carmenf
 ms.localizationpriority: medium
 ms.author: carmenf
 ms.collection: 
-  - M365-modern-desktop
-  - m365initiative-coredeploy
   - highpri
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # What is Delivery Optimization?
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index 8888c9ec94..bc0d6223b6 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -6,12 +6,10 @@ ms.prod: windows-client
 author: carmenf
 ms.localizationpriority: medium
 ms.author: carmenf
-ms.collection: 
-  - M365-modern-desktop
-  - m365initiative-coredeploy
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Microsoft Connected Cache overview
diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md
index 75f5fb76b3..5d39e69f91 100644
--- a/windows/deployment/do/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/do/waas-optimize-windows-10-updates.md
@@ -9,6 +9,7 @@ ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Optimize Windows update delivery
diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md
index 35b2652d61..3239c88eeb 100644
--- a/windows/deployment/do/whats-new-do.md
+++ b/windows/deployment/do/whats-new-do.md
@@ -6,12 +6,10 @@ ms.prod: windows-client
 author: carmenf
 ms.localizationpriority: medium
 ms.author: carmenf
-ms.collection: 
-  - M365-modern-desktop
-  - m365initiative-coredeploy
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # What's new in Delivery Optimization 
diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
index f99d187140..6eeb930f19 100644
--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
@@ -8,6 +8,7 @@ ms.prod: windows-client
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 12/31/2017
 ---
 
 # Security and data protection considerations for Windows To Go
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index 3fc8a55190..6263da1c9b 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -51,4 +51,4 @@ The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-too
 - [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
 - [S mode devices](https://www.microsoft.com/windows/view-all-devices)
 - [Windows Defender Application Control deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
-- [Microsoft Defender for Endpoint](/microsoft-365/windows/microsoft-defender-atp)
+- [Microsoft Defender for Endpoint documentation](/microsoft-365/security/defender-endpoint/)
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 7d41b154fe..0e62430e64 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -10,6 +10,7 @@ manager: dougeby
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Windows Updates using forward and reverse differentials
diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
index 97cc22efe7..9671062faf 100644
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -9,6 +9,7 @@ manager: dougeby
 ms.reviewer: 
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Introduction to the Windows Insider Program for Business
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index 007cd09674..d60d4df294 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -16,9 +16,6 @@ ms.custom:
   - 'O365E_ViewStatusServices'
   - 'O365E_ServiceHealthModern'
   - 'seo-marvel-apr2020'
-ms.collection: 
-  - Ent_O365
-  - M365-subscription-management
 search.appverid: 
   - MET150
   - MOE150
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index 5263372cb3..9db3fb6b10 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -5,10 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.collection: m365initiative-coredeploy
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Create a deployment plan
diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md
index a7aa23afba..e15dae5bcc 100644
--- a/windows/deployment/update/deploy-updates-configmgr.md
+++ b/windows/deployment/update/deploy-updates-configmgr.md
@@ -9,6 +9,7 @@ ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Deploy Windows 10 updates with Configuration Manager
diff --git a/windows/deployment/update/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md
index 31deefe3f5..f81e158e4b 100644
--- a/windows/deployment/update/deploy-updates-intune.md
+++ b/windows/deployment/update/deploy-updates-intune.md
@@ -11,6 +11,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.collection: 
   - highpri
+ms.date: 12/31/2017
 ---
 
 # Deploy Windows 10 updates with Intune
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 538331acaa..b04b472ad9 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -10,6 +10,7 @@ ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index cf7599e9c8..8d974c72fe 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -10,6 +10,7 @@ ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 29d681f691..29557c5e99 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -7,8 +7,8 @@ ms.author: aaroncz
 manager: dougeby
 ms.localizationpriority: medium
 ms.topic: article
-ms.collection: m365initiative-coredeploy
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Evaluate infrastructure and tools
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index de573530ce..019f4f5331 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -8,7 +8,6 @@ ms.author: aaroncz
 ms.date: 07/10/2018
 ms.reviewer: 
 manager: dougeby
-ms.collection: M365-modern-desktop
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index d53be32342..777e52fd68 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Windows client updates, channels, and tools
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index 492051959d..4a82f9dda6 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -6,11 +6,10 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 manager: dougeby
-ms.collection: 
-  - M365-modern-desktop
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # How Windows Update works
diff --git a/windows/deployment/update/includes/wufb-reports-recommend.md b/windows/deployment/update/includes/wufb-reports-recommend.md
index 6011c4c7e8..94e46ac38f 100644
--- a/windows/deployment/update/includes/wufb-reports-recommend.md
+++ b/windows/deployment/update/includes/wufb-reports-recommend.md
@@ -11,4 +11,4 @@ ms.localizationpriority: medium
 <!--This file is shared by all Update Compliance v1 articles.  -->
 
 > [!Important]
-> Update Compliance no longer accepts new onboarding requests and new requests will fail. Instead, use [Windows Update for Business reports](..\wufb-reports-overview.md) to monitor compliance for updates. If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`.
+> Update Compliance is [deprecated](/windows/whats-new/deprecated-features) and is no longer accepting new onboarding requests. Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md). If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`. Support for Update Compliance will end on March 31, 2023 when the service will be [retired](/windows/whats-new/feature-lifecycle#terminology).
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index 20901707ab..a9e7a9592a 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -8,6 +8,7 @@ ms.localizationpriority: high
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Update Windows client in enterprise deployments
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 7470c798bc..83136ce4d4 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -6,10 +6,9 @@ author: SteveDiAcetis
 ms.localizationpriority: medium
 ms.author: aaroncz
 manager: dougeby
-ms.collection: 
-  - M365-modern-desktop
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Update Windows installation media with Dynamic Update
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index a200aba260..d9091e373e 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -8,6 +8,7 @@ author: lizgt2000
 ms.reviewer: 
 manager: aaroncz
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Olympia Corp
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index 6dc355433f..b362518be7 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -6,9 +6,9 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 manager: dougeby
-ms.collection: M365-modern-desktop
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Migrating and acquiring optional Windows content during updates
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index e0740e7232..e3399f0279 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -7,8 +7,8 @@ ms.author: aaroncz
 manager: dougeby
 ms.localizationpriority: medium
 ms.topic: article
-ms.collection: m365initiative-coredeploy
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Define readiness criteria
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index cacb1535bc..32d063dab3 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -7,8 +7,8 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 manager: dougeby
 ms.topic: article
-ms.collection: m365initiative-coredeploy
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Define update strategy with a calendar
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index d2bbbc7d48..8d7abb8429 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -5,10 +5,10 @@ description: How to test your apps to know which need attention prior to deployi
 ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: article
-ms.collection: m365initiative-coredeploy
 ms.author: aaroncz
 author: aczechowski
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Determine application readiness
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index 6e5fbbe148..e88bc01c45 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -8,8 +8,8 @@ ms.author: aaroncz
 ms.reviewer: 
 manager: dougeby
 ms.topic: article
-ms.collection: m365initiative-coredeploy
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Prepare to deploy Windows
diff --git a/windows/deployment/update/quality-updates.md b/windows/deployment/update/quality-updates.md
index c7c30db293..2f3003eef4 100644
--- a/windows/deployment/update/quality-updates.md
+++ b/windows/deployment/update/quality-updates.md
@@ -9,6 +9,7 @@ ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Monthly quality updates
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 258308e290..7287acbcc1 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.collection: 
   - highpri
+ms.date: 12/31/2017
 ---
 
 # Safeguard holds
diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md
index b8da300767..d5e7feb5f0 100644
--- a/windows/deployment/update/safeguard-opt-out.md
+++ b/windows/deployment/update/safeguard-opt-out.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Opt out of safeguard holds
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 69b46485fc..f7d7f2d1b8 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -7,11 +7,11 @@ ms.localizationpriority: high
 ms.author: aaroncz
 manager: dougeby
 ms.collection: 
-  - M365-modern-desktop
   - highpri
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Servicing stack updates
@@ -21,6 +21,7 @@ ms.technology: itpro-updates
 
 -   Windows 10
 -   Windows 11
+-   Windows Server
 
 ## What is a servicing stack update?
 Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
@@ -61,3 +62,5 @@ Typically, the improvements are reliability and performance improvements that do
 ## Simplifying on-premises deployment of servicing stack updates
 
 With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.
+
+
diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index a943c5f47b..e860aa2cbb 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Update Baseline
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index 14b086ba49..56aabc0f35 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -7,9 +7,9 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Manually Configuring Devices for Update Compliance
diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index c43640a133..2a40c16a2a 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -7,9 +7,9 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Configuring Microsoft Intune devices for Update Compliance
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index 5895bd3235..bcae3d1cce 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 06/16/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index d58e554f1e..d4189f5d1b 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -7,10 +7,10 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Delivery Optimization in Update Compliance
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 8fdb433a95..6144ffaf3a 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -6,10 +6,10 @@ description: Learn how the Feature Update Status report provides information abo
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Feature Update Status
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 7adaefb575..1b4b422507 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -7,7 +7,6 @@ author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: 
-  - M365-analytics
   - highpri
 ms.topic: article
 ms.date: 05/03/2022
@@ -50,8 +49,11 @@ Before you begin the process to add Update Compliance to your Azure subscription
 
 Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. For the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.
 
-Use the following steps:
-1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign in to your Azure subscription to access this page.
+> [!IMPORTANT]
+> Update Compliance is deprecated and no longer accepting any new onboarding requests. The instructions below are listed for verification and troubleshooting purposes only for existing Updates Compliance users. Update Compliance has been replaced by [Windows Update for Business reports](wufb-reports-overview.md) for monitoring compliance of updates.
+
+
+1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/). The solution was published by Microsoft and named **WaaSUpdateInsights**.
 2. Select **Get it now**.
 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
    - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance.
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index 699a32f76f..4e34f7828b 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -7,10 +7,10 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Monitor Windows Updates with Update Compliance
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index 328e1da5de..7ac31b890b 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -4,10 +4,10 @@ manager: aczechowski
 description: Learn how the Need attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Needs attention!
diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md
index 9c144da544..068ccd2f9a 100644
--- a/windows/deployment/update/update-compliance-privacy.md
+++ b/windows/deployment/update/update-compliance-privacy.md
@@ -6,9 +6,9 @@ description: an overview of the Feature Update Status report
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Privacy in Update Compliance
diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md
index 09af30da57..9974fa5753 100644
--- a/windows/deployment/update/update-compliance-safeguard-holds.md
+++ b/windows/deployment/update/update-compliance-safeguard-holds.md
@@ -6,10 +6,10 @@ description: Learn how the Safeguard Holds report provides information about saf
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Safeguard Holds
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
index 71b6715fcc..62ba2be862 100644
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@@ -6,9 +6,9 @@ description: WaaSDeploymentStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # WaaSDeploymentStatus
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
index 645fc9d551..b159c82ad4 100644
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -6,9 +6,9 @@ description: WaaSInsiderStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # WaaSInsiderStatus
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
index e6a798932f..762486f62f 100644
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -6,9 +6,9 @@ description: WaaSUpdateStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # WaaSUpdateStatus
diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
index 95e7fa7f84..066c38fee1 100644
--- a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
@@ -6,9 +6,9 @@ description: WUDOAggregatedStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # WUDOAggregatedStatus
diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md
index 5e944ba263..769508bbff 100644
--- a/windows/deployment/update/update-compliance-schema-wudostatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudostatus.md
@@ -6,9 +6,9 @@ description: WUDOStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # WUDOStatus
diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md
index af79627add..9f3340f361 100644
--- a/windows/deployment/update/update-compliance-schema.md
+++ b/windows/deployment/update/update-compliance-schema.md
@@ -6,9 +6,9 @@ description: an overview of Update Compliance data schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Update Compliance Schema
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index 308992e24d..e20fd18105 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -6,10 +6,10 @@ description: Learn how the Security Update Status section provides information a
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Security Update Status
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 89d56d1c49..6dbb018e21 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -7,10 +7,10 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Use Update Compliance
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index fd4fdeacb6..7b93908dff 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -8,8 +8,8 @@ ms.author: aaroncz
 manager: dougeby
 ms.localizationpriority: medium
 ms.topic: article
-ms.collection: M365-modern-desktop
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Policies for update compliance, activity, and user experience
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 9ab24e12bd..a0ce1d97fe 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -10,6 +10,7 @@ manager: dougeby
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Configure BranchCache for Windows client updates
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 0565315cf2..0dec620c52 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -3,13 +3,12 @@ title: Configure Windows Update for Business
 manager: dougeby
 description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
 ms.prod: windows-client
-ms.collection: 
-  - m365initiative-coredeploy
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Configure Windows Update for Business
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index 1018e89ac2..2cfbaa9a5d 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -5,10 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.collection: m365initiative-coredeploy
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Integrate Windows Update for Business with management solutions
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 3fbea85a1b..504427dbce 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -9,6 +9,7 @@ manager: dougeby
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Deploy Windows client updates using Windows Server Update Services (WSUS)
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index ce28b14f14..9adb25acae 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # What is Windows Update for Business?
diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md
index f9e1a3a00d..caa224c51d 100644
--- a/windows/deployment/update/waas-morenews.md
+++ b/windows/deployment/update/waas-morenews.md
@@ -10,6 +10,7 @@ ms.reviewer:
 manager: dougeby
 ms.localizationpriority: high
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 # Windows as a service - More news
 
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index f2ed2acdde..a254a031ee 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -9,6 +9,7 @@ manager: dougeby
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Overview of Windows as a service
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index baa37b5307..73aa593ccf 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -8,6 +8,7 @@ ms.author: aaroncz
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Quick guide to Windows as a service
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 41ea13a0b3..83911247af 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -12,6 +12,7 @@ ms.custom:
 ms.collection: highpri
 date: 09/22/2022
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Manage device restarts after updates
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index c5bc2f6f23..150ffc53ab 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -11,6 +11,7 @@ ms.topic: article
 ms.custom: 
   - seo-marvel-apr2020
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Assign devices to servicing channels for Windows 10 updates
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index b5be3068c1..08636638a2 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -8,8 +8,8 @@ ms.author: aaroncz
 ms.reviewer: 
 manager: dougeby
 ms.topic: article
-ms.collection: m365initiative-coredeploy
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Prepare a servicing strategy for Windows client updates
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index 35f4f7a60a..6bcdbc9cde 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.collection: highpri
 date: 09/22/2022
 ms.technology: itpro-updates
+ms.date: 01/06/2023
 ---
 
 # Manage additional Windows Update settings
@@ -155,7 +156,7 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 
 #### Configuring Automatic Updates by using Group Policy
 
-Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the four options:
+Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the following options:
 
 **2 - Notify for download and auto install** -  When Windows finds updates that apply to this device, users will be notified that updates are ready to be downloaded. After going to **Settings > Update & security > Windows Update**, users can download and install any available updates.
 
@@ -163,11 +164,13 @@ Under **Computer Configuration\Administrative Templates\Windows Components\Windo
 
 **4 - Auto download and schedule the install** - Specify the schedule using the options in the Group Policy Setting. For more information about this setting, see [Schedule update installation](waas-restart.md#schedule-update-installation).
 
-**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates.
+**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. This option is not available in any Windows 10 or later versions. 
 
-If this setting is set to *Disabled*, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**.
+**7 - Notify for install and notify for restart** (Windows Server 2016 and later only) - With this option, when Windows finds updates that apply to this device, they will be downloaded, then users will be notified that updates are ready to be installed. Once updates are installed, a notification will be displayed to users to restart the device. 
 
-If this setting is set to *Not Configured*, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**.
+If this setting is set to **Disabled**, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**.
+
+If this setting is set to **Not Configured**, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**.
 
 #### Configuring Automatic Updates by editing the registry
 
@@ -204,6 +207,10 @@ To do this, follow these steps:
 
      * **4**: Automatically download and scheduled installation.
 
+     * **5**: Allow local admin to select the configuration mode. This option is not available for Windows 10 or later versions.
+
+     * **7**:  Notify for install and notify for restart. (Windows Server 2016 and later only)
+
    * ScheduledInstallDay (REG_DWORD):
 
      * **0**: Every day.
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index 5841a5e312..fb55c40664 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -9,6 +9,7 @@ ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index a3167e3d42..fc123bcbb6 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -6,11 +6,11 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.collection: 
-  - m365initiative-coredeploy
   - highpri
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Walkthrough: Use Group Policy to configure Windows Update for Business
diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md
index f77d24dd02..4781231061 100644
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@@ -9,8 +9,8 @@ description: Discover the latest news articles, videos, and podcasts about Windo
 ms.reviewer: 
 manager: dougeby
 ms.localizationpriority: high
-ms.collection: M365-modern-desktop
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Windows as a service
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index b6b6d5fe17..c2bc7fce94 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Windows Update log files
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
index 333be3151a..0ad5f772c7 100644
--- a/windows/deployment/update/windows-update-security.md
+++ b/windows/deployment/update/windows-update-security.md
@@ -6,7 +6,6 @@ description: Overview of the security for Windows Update.
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 10/25/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 1d5e88dec2..05d34805c3 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -10,6 +10,7 @@ ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 # Enforcing compliance deadlines for updates
 
diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md
index aff23a1e5b..a59cc0511f 100644
--- a/windows/deployment/update/wufb-reports-admin-center.md
+++ b/windows/deployment/update/wufb-reports-admin-center.md
@@ -6,8 +6,6 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: 
-  - M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 3b785a552a..5f07d75c3e 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -7,9 +7,8 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
-ms.date: 12/05/2022
+ms.date: 12/22/2022
 ms.technology: itpro-updates
 ---
 
@@ -28,7 +27,7 @@ This article is targeted at configuring devices enrolled to [Microsoft Intune](/
 
 ## Create a configuration profile
 
-Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports:
+Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports (select one):
 - The [settings catalog](#settings-catalog)
 - [Template](#custom-oma-uri-based-profile) for a custom OMA URI-based profile
 
@@ -46,9 +45,12 @@ Create a configuration profile that will set the required policies for Windows U
         - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*)
         - **Setting**: Allow Update Compliance Processing
         - **Value**: Enabled
+    1. Recommended settings, but not required:
+        - **Setting**: Configure Telemetry Opt In Settings Ux
+        - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
         - **Setting**: Configure Telemetry Opt In Change Notification
-    1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports:
-        - **Setting**: Allow device name to be sent in Windows diagnostic data
+        - **Value**: Disabled (*By turning this setting on you are disabling notifications of diagnostic data changes*)
+        - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports*)
         - **Value**: Allowed
 
 1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
index c6e2de995b..d2e5f13df1 100644
--- a/windows/deployment/update/wufb-reports-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md
index 8b2c8fc543..c3213f8a7d 100644
--- a/windows/deployment/update/wufb-reports-configuration-script.md
+++ b/windows/deployment/update/wufb-reports-configuration-script.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
index 0da1af6746..7550754b01 100644
--- a/windows/deployment/update/wufb-reports-enable.md
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -6,7 +6,6 @@ description: How to enable Windows Update for Business reports through the Azure
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index 2016970ddf..982e826da1 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -6,7 +6,6 @@ description: Windows Update for Business reports support information.
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md
index f4206b0189..6653c0c587 100644
--- a/windows/deployment/update/wufb-reports-overview.md
+++ b/windows/deployment/update/wufb-reports-overview.md
@@ -6,7 +6,6 @@ description: Overview of Windows Update for Business reports to explain what it'
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
index d8b3d96e52..9159f0c74d 100644
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -6,7 +6,6 @@ description: Prerequisites for Windows Update for Business reports
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
index 4b3720677c..b3606b35cc 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -6,7 +6,6 @@ description: UCClient schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 06/06/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
index d625c2745e..3505563197 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
@@ -6,7 +6,6 @@ description: UCClientReadinessStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 06/06/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index 534dabde67..826add8c73 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -6,7 +6,6 @@ description: UCClientUpdateStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 06/06/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index 9c737aa85d..79f1a9ec5b 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -6,7 +6,6 @@ description: UCDeviceAlert schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 06/06/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
index 7fae5b9b00..796bbb75e2 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
@@ -6,7 +6,6 @@ description: UCDOAggregatedStatus schema
 ms.prod: windows-client
 author: cmknox
 ms.author: carmenf
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 11/17/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucdostatus.md b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
index 01ad6b186a..9eadfa7eb6 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdostatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
@@ -6,7 +6,6 @@ description: UCDOStatus schema
 ms.prod: windows-client
 author: cmknox
 ms.author: carmenf
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 11/17/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index 8f9c85e225..bc5677f9d8 100644
--- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -6,7 +6,6 @@ description: UCServiceUpdateStatus schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 06/06/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index 93487fbca2..fa14e12358 100644
--- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -6,7 +6,6 @@ description: UCUpdateAlert schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 06/06/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md
index 27d15d676a..1afd09b646 100644
--- a/windows/deployment/update/wufb-reports-schema.md
+++ b/windows/deployment/update/wufb-reports-schema.md
@@ -6,7 +6,6 @@ description: An overview of Windows Update for Business reports data schema
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: reference
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md
index 060f404688..eb4d607c10 100644
--- a/windows/deployment/update/wufb-reports-use.md
+++ b/windows/deployment/update/wufb-reports-use.md
@@ -6,7 +6,6 @@ description: How to use the Windows Update for Business reports data for custom
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
index cdaf2834c6..585d03adb9 100644
--- a/windows/deployment/update/wufb-reports-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -6,7 +6,6 @@ description: How to use the Windows Update for Business reports workbook.
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
-ms.collection: M365-analytics
 ms.topic: article
 ms.date: 11/15/2022
 ms.technology: itpro-updates
diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md
index 2e772ed3ce..2d25f4fcc0 100644
--- a/windows/deployment/update/wufb-wsus.md
+++ b/windows/deployment/update/wufb-wsus.md
@@ -5,11 +5,10 @@ ms.prod: windows-client
 author: arcarley
 ms.localizationpriority: medium
 ms.author: arcarley
-ms.collection: 
-  - m365initiative-coredeploy
 manager: dougeby
 ms.topic: article
 ms.technology: itpro-updates
+ms.date: 12/31/2017
 ---
 
 # Use Windows Update for Business and WSUS together
diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index e8fd16c69f..14b65a281f 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -203,6 +203,7 @@ The following table indicates which command-line options aren't compatible with
 |**/encrypt**|Required*|X|X||
 |**/keyfile**|N/A||X||
 |**/l**|||||
+|**/listfiles**|||X||
 |**/progress**|||X||
 |**/r**|||X||
 |**/w**|||X||
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index fbbf1013ee..cc4d7b7b90 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -10,7 +10,6 @@ ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
 ms.topic: how-to
-ms.collection: M365-modern-desktop
 ms.date: 11/23/2022
 ---
 
diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
index b5ccb893f4..b00e515b54 100644
--- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
@@ -2,6 +2,7 @@
 title: Activate by Proxy an Active Directory Forest (Windows 10)
 description: Learn how to use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md
index 70940f40ec..dc8833d2f8 100644
--- a/windows/deployment/volume-activation/activate-forest-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-vamt.md
@@ -2,6 +2,7 @@
 title: Activate an Active Directory Forest Online (Windows 10)
 description: Use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest online.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
index 3892da1105..73f32edf78 100644
--- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
+++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
@@ -1,6 +1,8 @@
 ---
 title: Activate using Active Directory-based activation
 description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects.
+ms.reviewer: 
+  - nganguly
 manager: aaroncz
 author: frankroj
 ms.author: frankroj
@@ -14,7 +16,7 @@ ms.collection: highpri
 
 # Activate using Active Directory-based activation
 
-*Applies to:*
+**Applies to:**
 
 - Windows
 - Windows Server
diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
index e136dd82b5..c9d04453fb 100644
--- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
+++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
@@ -1,8 +1,10 @@
 ---
 title: Activate using Key Management Service (Windows 10)
+description: Learn how to use Key Management Service (KMS) to activate Windows.
+ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
-description: How to activate using Key Management Service in Windows 10.
 ms.prod: windows-client
 author: frankroj
 ms.localizationpriority: medium
@@ -14,7 +16,7 @@ ms.technology: itpro-fundamentals
 
 # Activate using Key Management Service
 
-*Applies to:*
+**Applies to:**
 
 - Windows 10
 - Windows 8.1
diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
index 9be66de526..3166add837 100644
--- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
+++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
@@ -2,6 +2,7 @@
 title: Activate clients running Windows 10 (Windows 10)
 description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
@@ -14,7 +15,7 @@ ms.technology: itpro-fundamentals
 
 # Activate clients running Windows 10
 
-*Applies to:*
+**Applies to:**
 
 - Windows 10
 - Windows 8.1
diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
index 0fb8970234..48855f3afa 100644
--- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md
+++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
@@ -2,6 +2,7 @@
 title: Active Directory-Based Activation Overview (Windows 10)
 description: Enable your enterprise to activate its computers through a connection to their domain using Active Directory-Based Activation (ADBA).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index 5f9bfce03d..53a1f70b1b 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -2,6 +2,7 @@
 title: Add and Manage Products (Windows 10)
 description: Add client computers into the Volume Activation Management Tool (VAMT). After you add the computers, you can manage the products that are installed on your network.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md
index 95bad2b880..55297e1791 100644
--- a/windows/deployment/volume-activation/add-remove-computers-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md
@@ -2,6 +2,7 @@
 title: Add and Remove Computers (Windows 10)
 description: The Discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
index 0e37c178fc..5fa51a1c12 100644
--- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
@@ -2,6 +2,7 @@
 title: Add and Remove a Product Key (Windows 10)
 description: Add a product key to the Volume Activation Management Tool (VAMT) database. Also, learn how to remove the key from the database.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index bb61a1db81..0aa4fe2fb3 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -2,6 +2,7 @@
 title: Appendix Information sent to Microsoft during activation (Windows 10)
 description: Learn about the information sent to Microsoft during activation.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 author: frankroj
@@ -14,7 +15,7 @@ ms.topic: article
 
 # Appendix: Information sent to Microsoft during activation
 
-*Applies to:*
+**Applies to:**
 
 - Windows 10
 - Windows 8.1
diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md
index 382a9b53d3..189f8488ed 100644
--- a/windows/deployment/volume-activation/configure-client-computers-vamt.md
+++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md
@@ -2,6 +2,7 @@
 title: Configure Client Computers (Windows 10)
 description: Learn how to configure client computers to enable the Volume Activation Management Tool (VAMT) to function correctly.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 author: frankroj
 ms.author: frankroj
diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md
index 7a5aaa426b..63e839c6dd 100644
--- a/windows/deployment/volume-activation/import-export-vamt-data.md
+++ b/windows/deployment/volume-activation/import-export-vamt-data.md
@@ -2,6 +2,7 @@
 title: Import and export VAMT data
 description: Learn how to use the VAMT to import product-activation data from a file into SQL Server.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index b468f34546..833bc9a283 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -2,6 +2,7 @@
 title: Install and Configure VAMT (Windows 10)
 description: Learn how to install and configure the Volume Activation Management Tool (VAMT), and learn where to find information about the process.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
index eb28f3ff3a..ed311b84f5 100644
--- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md
+++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
@@ -2,6 +2,7 @@
 title: Install a KMS Client Key (Windows 10)
 description: Learn to use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md
index 350971254b..00ea59707d 100644
--- a/windows/deployment/volume-activation/install-product-key-vamt.md
+++ b/windows/deployment/volume-activation/install-product-key-vamt.md
@@ -2,6 +2,7 @@
 title: Install a Product Key (Windows 10)
 description: Learn to use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 8cb4d09f92..1ea051c4fe 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -1,6 +1,8 @@
 ---
 title: Install VAMT (Windows 10)
 description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
+ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 292a9965b1..1d5ba5f37c 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -2,6 +2,7 @@
 title: Introduction to VAMT (Windows 10)
 description: VAMT enables administrators to automate and centrally manage the Windows, Microsoft Office, and select other Microsoft products volume and retail activation process.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md
index 6cb46bb913..348a87ba6b 100644
--- a/windows/deployment/volume-activation/kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/kms-activation-vamt.md
@@ -2,6 +2,7 @@
 title: Perform KMS Activation (Windows 10)
 description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md
index e761c3c2f5..e189dd781a 100644
--- a/windows/deployment/volume-activation/local-reactivation-vamt.md
+++ b/windows/deployment/volume-activation/local-reactivation-vamt.md
@@ -2,6 +2,7 @@
 title: Perform Local Reactivation (Windows 10)
 description: An initially activated a computer using scenarios like MAK, retail, or CSLVK (KMS host), can be reactivated with Volume Activation Management Tool (VAMT).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index 80263f739c..17dfa9af6d 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -2,6 +2,7 @@
 title: Manage Activations (Windows 10)
 description: Learn how to manage activations and how to activate a client computer by using various activation methods.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index 423133a3b4..2b9594e4f6 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -2,6 +2,7 @@
 title: Manage Product Keys (Windows 10)
 description: In this article, learn how to add and remove a product key from the Volume Activation Management Tool (VAMT).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 5d61f42b3b..d2499a44f3 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -2,6 +2,7 @@
 title: Manage VAMT Data (Windows 10)
 description: Learn how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index d811b9bb87..7205e81894 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -1,6 +1,7 @@
 ---
 title: Monitor activation (Windows 10)
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 description: Understand the most common methods to monitor the success of the activation process for a computer running Windows.
@@ -14,7 +15,7 @@ ms.date: 11/07/2022
 
 # Monitor activation
 
-*Applies to:*
+**Applies to:**
 
 - Windows 10
 - Windows 8.1
diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md
index 4e3c76dae1..f1dcda98ce 100644
--- a/windows/deployment/volume-activation/online-activation-vamt.md
+++ b/windows/deployment/volume-activation/online-activation-vamt.md
@@ -2,6 +2,7 @@
 title: Perform Online Activation (Windows 10)
 description: Learn how to use the Volume Activation Management Tool (VAMT) to enable client products to be activated online.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
index 43a1c717d5..97cdedeb4f 100644
--- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md
+++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
@@ -2,6 +2,7 @@
 title: Plan for volume activation (Windows 10)
 description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
@@ -14,7 +15,7 @@ ms.date: 11/07/2022
 
 # Plan for volume activation
 
-*Applies to:*
+**Applies to:**
 
 - Windows 10
 - Windows 8.1
diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md
index 65f7e79d8d..2410bc8ba2 100644
--- a/windows/deployment/volume-activation/proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/proxy-activation-vamt.md
@@ -2,6 +2,7 @@
 title: Perform Proxy Activation (Windows 10)
 description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that don't have Internet access.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md
index 231f5081c2..b8118e73e2 100644
--- a/windows/deployment/volume-activation/remove-products-vamt.md
+++ b/windows/deployment/volume-activation/remove-products-vamt.md
@@ -2,6 +2,7 @@
 title: Remove Products (Windows 10)
 description: Learn how you must delete products from the product list view so you can remove products from the Volume Activation Management Tool (VAMT).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
index 2985a6bc04..85a3fe5222 100644
--- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
@@ -2,6 +2,7 @@
 title: Scenario 3 KMS Client Activation (Windows 10)
 description: Learn how to use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 68ca97def3..c234aa5c7d 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -2,6 +2,7 @@
 title: Scenario 1 Online Activation (Windows 10)
 description: Achieve network access by deploying the Volume Activation Management Tool (VAMT) in a Core Network environment.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
index ccb63b5311..223ef377b2 100644
--- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
@@ -2,6 +2,7 @@
 title: Scenario 2 Proxy Activation (Windows 10)
 description: Use the Volume Activation Management Tool (VAMT) to activate products that are installed on workgroup computers in an isolated lab environment.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md
index eb5553920d..be82deed6b 100644
--- a/windows/deployment/volume-activation/update-product-status-vamt.md
+++ b/windows/deployment/volume-activation/update-product-status-vamt.md
@@ -2,6 +2,7 @@
 title: Update Product Status (Windows 10)
 description: Learn how to use the Update license status function to add the products that are installed on the computers.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
index b733a5046e..a381b30b76 100644
--- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
+++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
@@ -2,6 +2,7 @@
 title: Use the Volume Activation Management Tool (Windows 10)
 description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
@@ -14,7 +15,7 @@ ms.technology: itpro-fundamentals
 
 # Use the Volume Activation Management Tool
 
-*Applies to:*
+**Applies to:**
 
 - Windows 10
 - Windows 8.1
diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
index 71e97c1a03..e965f4be1c 100644
--- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
+++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
@@ -2,6 +2,7 @@
 title: Use VAMT in Windows PowerShell (Windows 10)
 description: Learn how to use Volume Activation Management Tool (VAMT) PowerShell cmdlets to perform the same functions as the Vamt.exe command-line tool.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md
index 0507f060c7..4c29fd57a4 100644
--- a/windows/deployment/volume-activation/vamt-known-issues.md
+++ b/windows/deployment/volume-activation/vamt-known-issues.md
@@ -2,6 +2,7 @@
 title: VAMT known issues (Windows 10)
 description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md
index a304218987..47e54481c4 100644
--- a/windows/deployment/volume-activation/vamt-requirements.md
+++ b/windows/deployment/volume-activation/vamt-requirements.md
@@ -2,6 +2,7 @@
 title: VAMT Requirements (Windows 10)
 description: In this article, learn about the product key and system requierements for Volume Activation Management Tool (VAMT).
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index 880a8cf474..2378579069 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -2,6 +2,7 @@
 title: VAMT Step-by-Step Scenarios (Windows 10)
 description: Learn step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index 9771f187cd..3f9a5a7264 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -1,6 +1,8 @@
 ---
 title: VAMT technical reference
 description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation.
+ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
@@ -16,7 +18,7 @@ ms.custom: seo-marvel-apr2020
 The Volume Activation Management Tool (VAMT) lets you automate and centrally manage the Windows, Office, and select other Microsoft products volume and retail-activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in. VAMT can be installed on any computer that has a supported Windows OS version.
 
 > [!IMPORTANT]
-> VAMT is designed to manage volume activation for supported versions of Windows, Windows Server, and Office.
+> VAMT is designed to manage volume activation for all currently supported versions of Windows, Windows Server, and Office.
 
 VAMT is only available in an EN-US (x86) package.
 
diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md
index 3cc524e10f..3bc4621e7a 100644
--- a/windows/deployment/volume-activation/volume-activation-windows-10.md
+++ b/windows/deployment/volume-activation/volume-activation-windows-10.md
@@ -2,6 +2,7 @@
 title: Volume Activation for Windows 10
 description: Learn how to use volume activation to deploy & activate Windows 10. Includes details for orgs that have used volume activation for earlier versions of Windows.
 ms.reviewer: 
+  - nganguly
 manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
@@ -14,7 +15,7 @@ ms.technology: itpro-fundamentals
 
 # Volume Activation for Windows 10
 
-*Applies to:*
+**Applies to:**
 
 - Windows 10
 - Windows 8.1
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 972ef1adaf..5399593006 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -7,8 +7,6 @@ ms.date: 11/23/2022
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: 
-  - M365-modern-desktop
 ms.topic: article
 ms.technology: itpro-deploy
 ---
diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md
index 7bfe334519..d2bf8bb55d 100644
--- a/windows/deployment/windows-10-pro-in-s-mode.md
+++ b/windows/deployment/windows-10-pro-in-s-mode.md
@@ -6,8 +6,6 @@ ms.author: frankroj
 manager: aaroncz
 ms.localizationpriority: medium
 ms.prod: windows-client
-ms.collection: 
-  - M365-modern-desktop
 ms.topic: article
 ms.date: 11/23/2022
 ms.technology: itpro-deploy
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index af9938ad6a..c34e8342eb 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -8,7 +8,6 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.collection: 
-  - M365-modern-desktop
   - highpri
 search.appverid: 
   - MET150
@@ -40,6 +39,9 @@ This article covers the following information:
 
 For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
 
+> [!NOTE]
+> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy using **Select Excluded Cloud Apps**.
+
 ## Subscription activation for Enterprise
 
 Windows Enterprise E3 and E5 are available as online services via subscription. You can deploy Windows Enterprise in your organization without keys and reboots.
diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml
index 5d1978ac7a..8789fb10ba 100644
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@@ -6,10 +6,12 @@
       items:
         - name: What is Windows Autopatch?
           href: overview/windows-autopatch-overview.md
+        - name: Roles and responsibilities
+          href: overview/windows-autopatch-roles-responsibilities.md
         - name: FAQ
           href: overview/windows-autopatch-faq.yml
     - name: Prepare
-      href: prepare/index.md
+      href: 
       items: 
         - name: Prerequisites
           href: prepare/windows-autopatch-prerequisites.md
@@ -21,7 +23,7 @@
             - name: Fix issues found by the Readiness assessment tool
               href: prepare/windows-autopatch-fix-issues.md
     - name: Deploy
-      href: deploy/index.md
+      href: 
       items:
         - name: Add and verify admin contacts
           href: deploy/windows-autopatch-admin-contacts.md
@@ -35,7 +37,7 @@
             - name: Post-device registration readiness checks
               href: deploy/windows-autopatch-post-reg-readiness-checks.md
     - name: Operate
-      href: operate/index.md
+      href: 
       items:
         - name: Software update management
           href: operate/windows-autopatch-update-management.md
@@ -98,10 +100,10 @@
           href: references/windows-autopatch-changes-to-tenant.md
         - name: Privacy
           href: references/windows-autopatch-privacy.md
-        - name: Windows Autopatch preview addendum
-          href: references/windows-autopatch-preview-addendum.md
     - name: What's new
       href:
       items: 
+        - name: What's new 2023
+          href: whats-new/windows-autopatch-whats-new-2023.md
         - name: What's new 2022
           href: whats-new/windows-autopatch-whats-new-2022.md
\ No newline at end of file
diff --git a/windows/deployment/windows-autopatch/deploy/index.md b/windows/deployment/windows-autopatch/deploy/index.md
deleted file mode 100644
index 00fc06d01d..0000000000
--- a/windows/deployment/windows-autopatch/deploy/index.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-title: Deploying with Windows Autopatch
-description: Landing page for the deploy section
-ms.date: 05/30/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-msreviewer: hathind
----
-
-# Deploying with Windows Autopatch
-
-The following articles describe the steps you must take to deploy your devices with Windows Autopatch:
-
-1. [Add and verify admin contacts](windows-autopatch-admin-contacts.md)
-1. [Register devices](windows-autopatch-register-devices.md)
diff --git a/windows/deployment/windows-autopatch/index.yml b/windows/deployment/windows-autopatch/index.yml
index ee3fd80449..1f245af013 100644
--- a/windows/deployment/windows-autopatch/index.yml
+++ b/windows/deployment/windows-autopatch/index.yml
@@ -7,12 +7,13 @@ metadata:
   title: Windows Autopatch documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
   description: Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. # Required; article description that is displayed in search results. < 160 chars.
   keywords: device, app, update, management
-  ms.service: w11 #Required; service per approved list. service slug assigned to your service by ACOM.
   ms.topic: landing-page # Required
   author: tiaraquan #Required; your GitHub user alias, with correct capitalization.
   ms.author: tiaraquan #Required; microsoft alias of author; optional team alias.
   ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
   ms.custom: intro-hub-or-landing
+  ms.prod: windows-client
+  ms.technology: itpro-updates
   ms.collection:
   - highpri
 
diff --git a/windows/deployment/windows-autopatch/media/release-process-timeline.png b/windows/deployment/windows-autopatch/media/release-process-timeline.png
index 9aab1d73cf..693ad5ecf9 100644
Binary files a/windows/deployment/windows-autopatch/media/release-process-timeline.png and b/windows/deployment/windows-autopatch/media/release-process-timeline.png differ
diff --git a/windows/deployment/windows-autopatch/media/update-communications.png b/windows/deployment/windows-autopatch/media/update-communications.png
index e4eceeccd6..82e6b1fe78 100644
Binary files a/windows/deployment/windows-autopatch/media/update-communications.png and b/windows/deployment/windows-autopatch/media/update-communications.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-feature-force-update.png b/windows/deployment/windows-autopatch/media/windows-feature-force-update.png
index a1752b7996..2f0dd5f089 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-feature-force-update.png and b/windows/deployment/windows-autopatch/media/windows-feature-force-update.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-feature-release-process-timeline.png b/windows/deployment/windows-autopatch/media/windows-feature-release-process-timeline.png
index 0b926b62f6..17b51a71f8 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-feature-release-process-timeline.png and b/windows/deployment/windows-autopatch/media/windows-feature-release-process-timeline.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png b/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png
index f05268d372..a49f39ce2c 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png and b/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png b/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png
index a0899ccf6c..d0829576f6 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png and b/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-quality-force-update.png b/windows/deployment/windows-autopatch/media/windows-quality-force-update.png
index 147d61e752..70089da16b 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-quality-force-update.png and b/windows/deployment/windows-autopatch/media/windows-quality-force-update.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-quality-typical-update-experience.png b/windows/deployment/windows-autopatch/media/windows-quality-typical-update-experience.png
index 830f9f1428..f79a27747a 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-quality-typical-update-experience.png and b/windows/deployment/windows-autopatch/media/windows-quality-typical-update-experience.png differ
diff --git a/windows/deployment/windows-autopatch/media/windows-quality-update-grace-period.png b/windows/deployment/windows-autopatch/media/windows-quality-update-grace-period.png
index 4e347dc3cf..c6ab672cf7 100644
Binary files a/windows/deployment/windows-autopatch/media/windows-quality-update-grace-period.png and b/windows/deployment/windows-autopatch/media/windows-quality-update-grace-period.png differ
diff --git a/windows/deployment/windows-autopatch/operate/index.md b/windows/deployment/windows-autopatch/operate/index.md
deleted file mode 100644
index 125ddc43b1..0000000000
--- a/windows/deployment/windows-autopatch/operate/index.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Operating with Windows Autopatch
-description: Landing page for the operate section
-ms.date: 05/30/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-msreviewer: hathind
----
-
-# Operating with Windows Autopatch
-
-This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, maintaining your Windows Autopatch environment, how to contact the Windows Autopatch Service Engineering Team, and unenrolling your tenant:
-
-- [Update management](windows-autopatch-update-management.md)
-- [Windows quality updates](windows-autopatch-wqu-overview.md)
-- [Windows feature updates](windows-autopatch-fu-overview.md)
-- [Microsoft 365 Apps for enterprise updates](windows-autopatch-microsoft-365-apps-enterprise.md)
-- [Microsoft Edge updates](windows-autopatch-edge.md)
-- [Microsoft Teams updates](windows-autopatch-teams.md)
-- [Maintain the Windows Autopatch environment](windows-autopatch-maintain-environment.md)
-- [Deregister devices](windows-autopatch-deregister-devices.md)
-- [Submit a support request](windows-autopatch-support-request.md)
-- [Unenroll your tenant](windows-autopatch-unenroll-tenant.md)
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
index fbf827b7a7..020359528b 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
@@ -31,7 +31,7 @@ For a device to be eligible for Windows feature updates as a part of Windows Aut
 | Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
 | Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). |
-| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers) |
+| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers). |
 
 ## Windows feature update releases
 
@@ -63,10 +63,10 @@ When releasing a feature update, there are two policies that are configured by t
 
 | Ring | Target version (DSS) Policy | Feature update deferral | Feature update deadline | Feature update grace period |
 | ----- | ----- | ----- | ----- | ----- |
-| Test | 21H2 | 0 | 5 | 0 |
-| First | 21H2 | 0 | 5 | 2 |
-| Fast | 21H2 | 0 | 5 | 2 |
-| Broad | 21H2 | 0 | 5 | 2 |
+| Test | 20H2 | 0 | 5 | 0 |
+| First | 20H2 | 0 | 5 | 2 |
+| Fast | 20H2 | 0 | 5 | 2 |
+| Broad | 20H2 | 0 | 5 | 2 |
 
 > [!NOTE]
 > Customers are not able to select a target version for their tenant.
@@ -101,6 +101,6 @@ Windows Autopatch doesn't support the rollback of feature updates.
 
 ## Incidents and outages
 
-If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Windows feature updates, Autopatch will raise an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring those devices onto the latest version of Windows.
+If devices in your tenant don't meet the [service level objective](#service-level-objective) for Windows feature updates, Autopatch will raise an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring those devices onto the latest version of Windows.
 
 If you're experiencing other issues related to Windows feature updates, [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
index ab63a52ddf..f3b7d0a1ed 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
@@ -1,7 +1,7 @@
 ---
 title: Submit a support request
 description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
-ms.date: 05/30/2022
+ms.date: 01/06/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -19,6 +19,20 @@ msreviewer: hathind
 
 You can submit support tickets to Microsoft using the Windows Autopatch admin center. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team.
 
+## Premier and Unified support options
+
+As a customer with a **Premier** or **Unified** support contract, you can specify the severity of your issue, and schedule a support callback for a specific day and time. These options are available when you open or submit a new issue and when you edit an active support case.
+
+Depending on your support contract, the following severity options are available:
+
+| Support contract | Severity options |
+| ----- | ----- |
+| Premier | Severity A, B or C |
+| Unified | Critical or non-critical |
+
+> [!NOTE]
+> Selecting either severity **A** or **Critical** issue limits you to a phone support case. This is the fastest support option.
+
 ## Submit a new support request  
 
 Support requests are triaged and responded to as they're received.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
index ffb70992db..e0b5a5f133 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
@@ -12,7 +12,7 @@ manager: dougeby
 msreviewer: hathind
 ---
 
-# Windows quality update communications
+# Windows quality and feature update communications
 
 There are three categories of communication that are sent out during a Windows quality and feature update:
 
@@ -29,8 +29,8 @@ Communications are posted to Message center, Service health dashboard, and the W
 | Communication | Location | Timing | Description |
 | ----- | ----- |  ----- | ----- |
 | Release schedule | <ul><li>Message center</li><li>Messages blade</li><li>Email sent to your specified [admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><ul> | At least seven days prior to the second Tuesday of the month| Notification of the planned release window for each ring. |
-| Release start | Same as release schedule | The second Tuesday of every month | Notification that the update is now being released into your environment. |
-| Release summary | Same as release schedule | The fourth Tuesday of every month | Informs you of the percentage of eligible devices that were patched during the release. |
+| Release start | Same as release schedule | The second Tuesday of every month. | Notification that the update is now being released into your environment. |
+| Release summary | Same as release schedule | The fourth Tuesday of every month. | Informs you of the percentage of eligible devices that were patched during the release. |
 
 ## Communications during release
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
index f2d4f477af..2dbf3db0a5 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Windows quality updates
 description: This article explains how Windows quality updates are managed in Autopatch
-ms.date: 08/08/2022
+ms.date: 12/15/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -52,27 +52,72 @@ Windows Autopatch configures these policies differently across update rings to g
 
 :::image type="content" source="../media/release-process-timeline.png" alt-text="Release process timeline" lightbox="../media/release-process-timeline.png":::
 
-## Expedited releases
+## Release management
+
+In the Release management blade, you can:
+
+- Track the [Windows quality update schedule](#release-schedule) for devices in the [four deployment rings](windows-autopatch-update-management.md#windows-autopatch-deployment-rings).
+- [Turn off expedited Windows quality updates](#turn-off-service-driven-expedited-quality-update-releases).
+- Review release announcements and knowledge based articles for regular and [Out of Band (OOB) Windows quality updates](#out-of-band-releases).
+
+### Release schedule
+
+For each [deployment ring](windows-autopatch-update-management.md#windows-autopatch-deployment-rings), the **Release schedule** tab contains:
+
+- The status of the update. Releases will appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which have been configured on your behalf.
+- The date the update is available.
+- The target completion date of the update.
+- In the **Release schedule** tab, you can either [**Pause** and/or **Resume**](#pausing-and-resuming-a-release) a Windows quality update release.
+
+### Expedited releases
 
 Threat and vulnerability information about a new revision of Windows becomes available on the second Tuesday of each month. Windows Autopatch assesses that information shortly afterwards. If the service determines that it's critical to security, it may be expedited. The quality update is also evaluated on an ongoing basis throughout the release and Windows Autopatch may choose to expedite at any time during the release.
 
-When running an expedited release, the regular goal of 95% of devices in 21 days no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly. This approach requires an updated schedule for all devices outside of the Test ring since those devices are already getting the update as quickly.
+When running an expedited release, the regular goal of 95% of devices in 21 days no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly. This approach requires an updated schedule for all devices outside of the Test ring since those devices are already getting the update quickly.
 
 | Release type | Group | Deferral | Deadline | Grace period |
 | ----- | ----- | ----- | ----- | ----- |
 | Standard release | Test<p>First<p>Fast<p>Broad | 0<p>1<p>6<p>9 | 0<p>2<p>2<p>5 | 0<p>2<p>2<p>2 |
 | Expedited release | All devices | 0 | 1 | 1 |
 
+#### Turn off service-driven expedited quality update releases
+
+Windows Autopatch provides the option to turn off of service-driven expedited quality updates.
+
+By default, the service expedites quality updates as needed. For those organizations seeking greater control, you can disable expedited quality updates for Windows Autopatch-enrolled devices using Microsoft Intune.
+
+**To turn off service-driven expedited quality updates:**
+
+1. Go to **[Microsoft Endpoint Manager portal](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
+2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited Quality Updates** setting.
+
 > [!NOTE]
 > Windows Autopatch doesn't allow customers to request expedited releases.
 
-## Pausing and resuming a release
+### Out of Band releases
+
+Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.
+
+**To view deployed Out of Band quality updates:**
+
+1. Go to [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows Autopatch** > **Release management**.
+2. Under the **Release Announcements** tab, you can view the knowledge base (KB) articles corresponding to deployed OOB and regular Windows quality updates.
+
+> [!NOTE]
+> Announcements will be **removed** from the Release announcements tab when the next quality update is released. Further, if quality updates are paused for a deployment ring, the OOB updates will also be paused.
+
+### Pausing and resuming a release
 
 If Windows Autopatch detects a [significant issue with a release](../operate/windows-autopatch-wqu-signals.md), we may decide to pause that release.
 
-If we pause the release, a policy will be deployed which prevents devices from updating while the issue is investigated. Once the issue is resolved, the release will be resumed.
+In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Release management** > in the **Release schedule** tab, you can pause or resume a Windows quality update.
 
-You can pause or resume a Windows quality update from the Release management tab in the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+There are two statuses associated with paused quality updates, **Service Paused** and **Customer Paused**.
+
+| Status | Description |
+| ----- | ------ |
+| Service Paused | If the Windows Autopatch service has paused an update, the release will have the **Service Paused** status. You must [submit a support request](windows-autopatch-support-request.md) to resume the update. |
+| Customer Paused | If you've paused an update, the release will have the **Customer Paused** status. The Windows Autopatch service can't overwrite a customer-initiated pause. You must select **Resume** to resume the update. |
 
 ## Incidents and outages
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
index 739953b809..2e61770efe 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
@@ -98,9 +98,9 @@ Within each 24-hour reporting period, devices that are ineligible are updated wi
 | Low Connectivity | Devices must have a steady internet connection, and access to [Windows update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Out of Disk Space | Devices must have more than one GB (GigaBytes) of free storage space. |
 | Not Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
-| Not On Supported on Windows Edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [prerequisites](../prepare/windows-autopatch-prerequisites.md). |
+| Not On Supported Windows Edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [prerequisites](../prepare/windows-autopatch-prerequisites.md). |
 | Not On Supported Windows Build | Devices must be on a Windows build supported by Windows Autopatch. For more information, see [prerequisites](../prepare/windows-autopatch-prerequisites.md). |
-| Intune Sync Older Than 5 Days | Devices must have checked with Intune within the last five days. |
+| Intune Sync Older Than 5 Days | Devices must have checked in with Intune within the last five days. |
 
 ## Data export
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md
index be5becc700..2a4c33b67a 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md
@@ -22,7 +22,7 @@ If there's a scenario that is critical to your business, which isn't monitored b
 
 Before being released to the Test ring, Windows Autopatch reviews several data sources to determine if we need to send any customer advisories or need to pause the update. Situations where Windows Autopatch doesn't release an update to the Test ring are seldom occurrences.
 
-| Text | Text |
+| Pre-release signal | Description |
 | ----- | ----- |
 | Windows Payload Review | The contents of the B release are reviewed to help focus your update testing on areas that have changed. If any relevant changes are detected, a [customer advisory](../operate/windows-autopatch-wqu-communications.md#communications-during-release) will be sent out. |
 | C-Release Review - Internal Signals | Windows Autopatch reviews active incidents associated with the previous C release to understand potential risks in the B release. |
@@ -50,12 +50,12 @@ Autopatch monitors the following reliability signals:
 
 | Device reliability signal | Description |
 | ----- | ----- |
-| Blue screens | These events are highly disruptive to end users so are closely watched. |
+| Blue screens | These events are highly disruptive to end users. These events are closely monitored. |
 | Overall app reliability | Tracks the total number of app crashes and freezes on a device. A known limitation with this measure is that if one app becomes 10% more reliable and another becomes 10% less reliable then it shows up as a flat line in the measure. |
 | Microsoft Office reliability | Tracks the number of Office crashes and freezes per application per device. |
 | Microsoft Edge reliability | Tracks the number of Microsoft Edge crashes and freezes per device. |
 | Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. |
 
-When the update is released to the First ring, the service crosses the 500 device threshold. Therefore, Autopatch is able to detect regressions, which are common to all customers. At this point in the release, we'll decide if we need to change the release schedule or pause for all customers.
+When the update is released to the First ring, the service crosses the 500 device threshold. Therefore, Autopatch can to detect regressions, which are common to all customers. At this point in the release, we'll decide if we need to change the release schedule or pause for all customers.
 
 Once your tenant reaches 500 devices, Windows Autopatch starts generating recommendations specific to your devices. Based on this information, the service starts developing insights specific to your tenant allowing a customized response to what's happening in your environment.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index 7f5b4cf23e..fdb9b1f891 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -2,7 +2,7 @@
 metadata:
   title: Windows Autopatch - Frequently Asked Questions (FAQ)
   description: Answers to frequently asked questions about Windows Autopatch.
-  ms.prod: w11
+  ms.prod: windows-client
   ms.topic: faq
   ms.date: 08/26/2022
   audience: itpro
@@ -11,6 +11,7 @@ metadata:
   author: tiaraquan
   ms.author: tiaraquan
   ms.reviwer: hathind
+  ms.technology: itpro-updates
 title: Frequently Asked Questions about Windows Autopatch
 summary: This article answers frequently asked questions about Windows Autopatch.
 sections:
@@ -45,7 +46,9 @@ sections:
           - [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses)
           - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
           - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
-          Additional pre-requisites for devices managed by Configuration Manager: 
+          
+          Additional prerequisites for devices managed by Configuration Manager: 
+
           - [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements)
           - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions)
           - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.)
@@ -85,7 +88,7 @@ sections:
           - Microsoft Teams: Windows Autopatch allows eligible devices to benefit from the standard automatic update channels and will provide support for issues with Teams updates.
       - question: What does Windows Autopatch do to ensure updates are done successfully?
         answer: |
-          For Windows quality updates, updates are applied to devices in the Test ring first. The devices are evaluated, and then rolled out to the First, Fast then Broad rings. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.
+          For Windows quality and feature updates, updates are applied to devices in the Test ring first. The devices are evaluated, and then rolled out to the First, Fast then Broad rings. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.
       - question: What happens if there's an issue with an update?
         answer: |
           Autopatch relies on the following capabilities to help resolve update issues:
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
new file mode 100644
index 0000000000..ec8c9d7ece
--- /dev/null
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
@@ -0,0 +1,91 @@
+---
+title: Roles and responsibilities
+description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do
+ms.date: 12/12/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# Roles and responsibilities
+
+This article outlines your responsibilities and Windows Autopatch's responsibilities when:
+
+- [Preparing to enroll into the Windows Autopatch service](#prepare)
+- [Deploying the service](#deploy)
+- [Operating with the service](#operate)
+
+## Prepare
+
+| Task | Your responsibility | Windows Autopatch |
+| ----- | :-----: | :-----: |
+| Review the [prerequisites](../prepare/windows-autopatch-prerequisites.md) | :heavy_check_mark: | :x: |
+| [Review the service data platform and privacy compliance details](../references/windows-autopatch-privacy.md) | :heavy_check_mark: | :x: |
+| Ensure device [prerequisites](../prepare/windows-autopatch-prerequisites.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
+| Ensure [infrastructure and environment prerequisites](../prepare/windows-autopatch-configure-network.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
+| Prepare to remove your devices from existing unsupported [Windows update](../references/windows-autopatch-wqu-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
+| [Configure required network endpoints](../prepare/windows-autopatch-configure-network.md#required-microsoft-product-endpoints) | :heavy_check_mark: | :x: |
+| [Fix issues identified by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) | :heavy_check_mark: | :x: |
+| [Enroll tenant into the Windows Autopatch service](../prepare/windows-autopatch-enroll-tenant.md) | :heavy_check_mark: | :x: |
+| Identify stakeholders for deployment communications | :heavy_check_mark: | :x: |
+
+## Deploy
+
+| Task | Your responsibility | Windows Autopatch |
+| ----- | :-----: | :-----: |
+| [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Endpoint Manager |  :heavy_check_mark: | :x: |
+| [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: |
+| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-wqu-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-fu-end-user-exp.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
+| Remove your devices from existing unsupported [Windows update](../references/windows-autopatch-wqu-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies |  :heavy_check_mark: | :x: |
+| [Register devices/add devices to the Windows Autopatch Device Registration group](../deploy/windows-autopatch-register-devices.md#steps-to-register-devices) | :heavy_check_mark: | :x: |
+| [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-ready-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: |
+| [Automatically assign devices to First, Fast & Broad deployment rings at device registration](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :x: | :heavy_check_mark: |
+| [Manually override device assignments to First, Fast & Broad deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
+| [Remediate devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
+| [Remediate devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
+| [Populate the Test deployment ring membership](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :heavy_check_mark: | :x: |
+| [Ensure devices are only present in one deployment ring](../operate/windows-autopatch-update-management.md#automated-deployment-ring-remediation-functions) | :x: | :heavy_check_mark: |
+| Communicate to end-users, help desk and stakeholders | :heavy_check_mark: | :x: |
+
+## Operate
+
+| Task | Your responsibility | Windows Autopatch |
+| ----- | :-----: | :-----: |
+| [Maintain contacts in the Microsoft Endpoint Manager admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
+| [Maintain and manage the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
+| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) |  :heavy_check_mark: | :x: |
+| [Run on-going checks to ensure devices are only present in one deployment ring](../operate/windows-autopatch-update-management.md#automated-deployment-ring-remediation-functions) | :x: | :heavy_check_mark: |
+| [Maintain the Test deployment ring membership](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :heavy_check_mark: | :x: |
+| Monitor [Windows update signals](../operate/windows-autopatch-wqu-signals.md) for safe update release | :x: | :heavy_check_mark: |
+| Test specific [business update scenarios](../operate/windows-autopatch-wqu-signals.md) | :heavy_check_mark: | :x: |
+| [Define and implement release schedule](../operate/windows-autopatch-wqu-overview.md) | :x: | :heavy_check_mark: |
+| Communicate the update [release schedule](../operate/windows-autopatch-wqu-communications.md) | :x: | :heavy_check_mark: |
+| Release updates (as scheduled)<ul><li>[Windows quality updates](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md#update-release-schedule)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md#update-release-schedule)</li><ul>| :x: | :heavy_check_mark: |
+| [Release updates (expedited)](../operate/windows-autopatch-wqu-overview.md#expedited-releases) | :x: | :heavy_check_mark: |
+| [Deploy updates to devices](../operate/windows-autopatch-update-management.md) | :x: | :heavy_check_mark: |
+| Monitor [Windows quality](../operate/windows-autopatch-wqu-overview.md) or [feature updates](../operate/windows-autopatch-fu-overview.md) through the release cycle | :x: | :heavy_check_mark: |
+| Review [update reports](../operate/windows-autopatch-wqu-reports-overview.md) | :heavy_check_mark: | :x: |
+| [Pause updates (Windows Autopatch initiated)](../operate/windows-autopatch-wqu-signals.md) | :x: | :heavy_check_mark: |
+| [Pause updates (initiated by you)](../operate/windows-autopatch-wqu-overview.md#pausing-and-resuming-a-release) | :heavy_check_mark: | :x: |
+| Run [on-going post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: |
+| [Remediate devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
+| Resolve any conflicting and unsupported [Windows update](../references/windows-autopatch-wqu-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
+| [Investigate devices that aren't up to date within the service level objective (Microsoft action)](../operate/windows-autopatch-wqu-reports-overview.md#not-up-to-date-microsoft-action) | :x: | :heavy_check_mark: |
+| [Investigate and remediate devices that are marked as ineligible (Customer action)](../operate/windows-autopatch-wqu-reports-overview.md#ineligible-devices-customer-action) | :heavy_check_mark: | :x: |
+| [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: |
+| [Deregister devices](../operate/windows-autopatch-deregister-devices.md) | :heavy_check_mark: | :x: |
+| [Register a device that was previously deregistered (upon customers request)](../operate/windows-autopatch-deregister-devices.md#excluded-devices) | :x: | :heavy_check_mark: |
+| [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: |
+| [Remove Windows Autopatch data from the service and deregister devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: |
+| [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: |
+| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality and feature update communications](../operate/windows-autopatch-wqu-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
+| [Highlight Windows Autopatch Tenant management alerts that require customer action](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :x: | :heavy_check_mark: |
+| [Review and respond to Windows Autopatch Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :heavy_check_mark: | :x: |
+| [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: |
+| [Manage and respond to support requests](../operate/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: |
+| Review the [What’s new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: |
diff --git a/windows/deployment/windows-autopatch/prepare/index.md b/windows/deployment/windows-autopatch/prepare/index.md
deleted file mode 100644
index 49198d3b87..0000000000
--- a/windows/deployment/windows-autopatch/prepare/index.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-title: Preparing for Windows Autopatch
-description: Landing page for the prepare section
-ms.date: 05/30/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-msreviewer: hathind
----
-
-# Preparing for Windows Autopatch
-
-The following articles describe the steps you must take to onboard with Windows Autopatch:
-
-1. [Review the prerequisites](windows-autopatch-prerequisites.md)
-1. [Configure your network](windows-autopatch-configure-network.md)
-1. [Enroll your tenant](windows-autopatch-enroll-tenant.md)
-    1. [Fix issues found in the Readiness assessment tool](windows-autopatch-fix-issues.md)
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index f7420e1f3e..5ff4c62390 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -16,9 +16,6 @@ msreviewer: hathind
 
 Getting started with Windows Autopatch has been designed to be easy. This article outlines the infrastructure requirements you must meet to assure success with Windows Autopatch.
 
-> [!NOTE]
-> For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There is no additional action you have to take to continue using Windows Autopatch.
-
 | Area | Prerequisite details |
 | ----- | ----- |
 | Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).<p><p>For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).<p><p>For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). |
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md b/windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md
deleted file mode 100644
index d0f3e5acba..0000000000
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: Windows Autopatch Preview Addendum
-description: This article explains the Autopatch preview addendum
-ms.date: 05/30/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: reference
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-msreviewer: hathind
----
-
-# Windows Autopatch Preview Addendum
-
-**This Windows Autopatch - Preview Addendum ("Addendum") to the Microsoft Product Terms** (as provided at: <https://www.microsoft.com/licensing/terms> (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").
-
-## Background
-
-Microsoft desires to preview the Windows Autopatch service it is developing ("**Windows Autopatch Preview**") in order to evaluate it.  Customer would like to particulate this Windows Autopatch Preview under the terms of the Product Terms and this Addendum.  Windows Autopatch Preview consists of features and services that are in preview, beta, or other pre-release form.  Windows Autopatch Preview is subject to the "preview" terms set forth in the Online Service sections of Product Terms.
-
-For good and valuable consideration, the receipt and sufficiency of which is acknowledged, the parties agree as follows:
-
-## Agreement
-
-### Definitions
-
-Capitalized terms used but not defined herein have the meanings given in the Product Terms.
-
-### Data Handling
-
-Windows Autopatch Preview integrates Customer Data from other Products, including Windows, Microsoft Intune, Azure Active Directory, and Office (collectively for purposes of this provision "Windows Autopatch Input Services"). Once Customer Data from Windows Autopatch Input Services is integrated into Windows Autopatch Preview, only the Product Terms and [DPA provisions)](https://www.microsoft.com/licensing/terms/product/Glossary/all) applicable to Windows Autopatch Preview apply to that data.
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
index 4850fddac3..06470b36ca 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
@@ -2,8 +2,8 @@
 title: Privacy
 description:  This article provides details about the data platform and privacy compliance for Autopatch
 ms.date: 11/08/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
 ms.topic: reference
 ms.localizationpriority: medium
 author: tiaraquan
@@ -79,7 +79,7 @@ Windows Autopatch creates and uses guest accounts using just-in-time access func
 | Account name | Usage | Mitigating controls |
 | ----- | ----- | -----|
 | MsAdmin@tenantDomain.onmicrosoft.com | <ul><li>This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.</li><li>This account doesn't have interactive sign-in permissions. The account performs operations only through the service.</li></ul> | Audited sign-ins |
-| MsAdminInt@tenantDomain.onmicrosoft.com |<ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.</li><li>This account is used for interactive login to the customer’s tenant.</li><li>The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.</li></ul> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy</li><li>Audited sign-ins</li</ul> |
+| MsAdminInt@tenantDomain.onmicrosoft.com |<ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.</li><li>This account is used for interactive login to the customer’s tenant.</li><li>The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.</li></ul> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy</li><li>Audited sign-ins</li></ul> |
 | MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
 
 ## Microsoft Windows Update for Business
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md
similarity index 100%
rename from windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
rename to windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index bb1511b250..5e36572e92 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -1,10 +1,10 @@
 ---
-title: What's new
-description: This article lists the new feature releases and any corresponding Message center post numbers.
-ms.date: 12/02/2022
+title: What's new 2022
+description: This article lists the 2022 feature releases and any corresponding Message center post numbers.
+ms.date: 12/09/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
-ms.topic: how-to
+ms.topic: whats-new
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
@@ -12,7 +12,7 @@ manager: dougeby
 msreviewer: hathind
 ---
 
-# What's new
+# What's new 2022
 
 This article lists new and updated feature releases, and service releases, with their corresponding Message center post numbers (if applicable).
 
@@ -24,11 +24,19 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 | Article | Description |
 | ----- | ----- |
+| [Windows quality updates](../operate/windows-autopatch-wqu-overview.md) | Added information about: <ul><li>Turning off service-driven expedited quality update releases<ul><li>[MC482178](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul></li><li>Viewing deployed out of band releases<ul><li>[MC484915](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul></li></ul> |
+| [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md) | Added Roles and responsibilities article |
 | [Prerequisites](../prepare/windows-autopatch-prerequisites.md) | Added more licenses to the More about licenses section<ul><li>[MC452168](https://admin.microsoft.com/adminportal/home#/MessageCenter) |
 | [Unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md) | Updated to include other policy managers in the Group policy section |
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the Device configuration, Microsoft Office and Edge policies |
 | [Windows quality update reports](../operate/windows-autopatch-wqu-reports-overview.md) | Added Windows quality update reports |
 
+### December service release
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC48119](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch advisory: December 2022 (2022.12 B) Windows quality update deployment |
+
 ## November 2022
 
 ### November feature releases or updates
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
new file mode 100644
index 0000000000..a73d5a370c
--- /dev/null
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
@@ -0,0 +1,33 @@
+---
+title: What's new 2023
+description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
+ms.date: 01/09/2023
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: whats-new
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# What's new 2023
+
+This article lists new and updated feature releases, and service releases, with their corresponding Message center post numbers (if applicable).
+
+Minor corrections such as typos, style, or formatting issues aren't listed.
+
+## January 2023
+
+### January feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Submit a support request](../operate/windows-autopatch-support-request.md) | Added Premier and Unified support options section |
+
+### January service release
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC494386](https://admin.microsoft.com/adminportal/home#/MessageCenter) | January 2023 (2023.01 B) Windows quality update deployment |
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 28d817ea6d..7e8bbc7ba7 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -8,7 +8,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 ms.collection: 
-  - M365-modern-desktop
   - highpri
 ms.topic: tutorial
 ms.date: 10/28/2022
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 48eab123cc..34066bed6d 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -30,6 +30,8 @@ In Windows 10, version 1903 and later, you'll see taxonomy updates in both the *
 
 Additionally, starting in Windows 11 and Windows Server 2022, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to reflect its behavior more accurately by changing it to **Diagnostic data off**. All these changes are explained in the section named **Behavioral changes**.
 
+Prior to December 13 2022, the default setting for Windows Server 2022 Datacenter: Azure Edition images deployed using Azure Marketplace was **Diagnostic data off**. Beginning December 13 2022, all newly deployed images are set to **Required diagnostic data** to align with all other Windows releases. All other Windows releases and existing installations remain unchanged.
+
 ## Taxonomy changes
 
 Starting in Windows 10, version 1903 and later, both the **Out-of-Box-Experience** (OOBE) and the **Diagnostics & feedback** privacy setting pages will reflect the following changes:
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 4e4656fc55..ac1febdc26 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -164,6 +164,8 @@ Here’s a summary of the types of data that is included with each setting:
 
 This setting was previously labeled as **Security**. When you configure this setting, no Windows diagnostic data is sent from your device. This is only available on Windows Server, Windows Enterprise, and Windows Education editions. If you choose this setting, devices in your organization will still be secure.
 
+This was the default setting for Windows Server 2022 Datacenter: Azure Edition prior to December 13, 2022.
+
 >[!NOTE]
 > If your organization relies on Windows Update, the minimum recommended setting is **Required diagnostic data**. Because no Windows Update information is collected when diagnostic data is off, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
 
@@ -171,7 +173,7 @@ This setting was previously labeled as **Security**. When you configure this set
 
 Required diagnostic data, previously labeled as **Basic**, gathers a limited set of data that’s critical for understanding the device and its configuration. This data helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version.
 
-This is the default setting for current releases of Windows, Windows 10, version 1903.
+This is the default setting for current releases of Windows, Windows 10, version 1903. Beginning December 13, 2022, it is also the default setting for Windows Server 2022 Datacenter: Azure Edition.
 
 Required diagnostic data includes:
 
diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d93fc2caaf..26288c8351 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -45,45 +45,45 @@
       href: /windows-hardware/design/device-experiences/oem-highly-secure
 - name: Operating system security
   items:
-   - name: Overview
-     href: operating-system.md
-   - name: System security
-     items:
-     - name: Secure the Windows boot process
-       href: information-protection/secure-the-windows-10-boot-process.md
-     - name: Trusted Boot
-       href: trusted-boot.md
-     - name: Cryptography and certificate management
-       href: cryptography-certificate-mgmt.md
-     - name: The Windows Security app
-       href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
-       items:
-       - name: Virus & threat protection
-         href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
-       - name: Account protection
-         href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
-       - name: Firewall & network protection
-         href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
-       - name: App & browser control
-         href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
-       - name: Device security
-         href: threat-protection\windows-defender-security-center\wdsc-device-security.md
-       - name: Device performance & health
-         href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
-       - name: Family options
-         href: threat-protection\windows-defender-security-center\wdsc-family-options.md
-     - name: Security policy settings
-       href: threat-protection/security-policy-settings/security-policy-settings.md
-     - name: Security auditing
-       href: threat-protection/auditing/security-auditing-overview.md
-   - name: Encryption and data protection
-     href: encryption-data-protection.md
-     items:
-     - name: Encrypted Hard Drive
-       href: information-protection/encrypted-hard-drive.md
-     - name: BitLocker
-       href: information-protection/bitlocker/bitlocker-overview.md
-       items:
+    - name: Overview
+      href: operating-system.md
+    - name: System security
+      items:
+      - name: Secure the Windows boot process
+        href: information-protection/secure-the-windows-10-boot-process.md
+      - name: Trusted Boot
+        href: trusted-boot.md
+      - name: Cryptography and certificate management
+        href: cryptography-certificate-mgmt.md
+      - name: The Windows Security app
+        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
+        items:
+        - name: Virus & threat protection
+          href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
+        - name: Account protection
+          href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
+        - name: Firewall & network protection
+          href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
+        - name: App & browser control
+          href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
+        - name: Device security
+          href: threat-protection\windows-defender-security-center\wdsc-device-security.md
+        - name: Device performance & health
+          href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
+        - name: Family options
+          href: threat-protection\windows-defender-security-center\wdsc-family-options.md
+      - name: Security policy settings
+        href: threat-protection/security-policy-settings/security-policy-settings.md
+      - name: Security auditing
+        href: threat-protection/auditing/security-auditing-overview.md
+    - name: Encryption and data protection
+      href: encryption-data-protection.md
+      items:
+      - name: Encrypted Hard Drive
+        href: information-protection/encrypted-hard-drive.md
+      - name: BitLocker
+        href: information-protection/bitlocker/bitlocker-overview.md
+        items:
         - name: Overview of BitLocker Device Encryption in Windows
           href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
         - name: BitLocker frequently asked questions (FAQ)
@@ -155,21 +155,21 @@
                   href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
                 - name: Decode Measured Boot logs to track PCR changes
                   href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
-     - name: Personal Data Encryption (PDE)
-       items:
-       - name: Personal Data Encryption (PDE) overview
-         href: information-protection/personal-data-encryption/overview-pde.md
-       - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-         href: information-protection/personal-data-encryption/faq-pde.yml
-       - name: Configure Personal Data Encryption (PDE) in Intune
-         href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
-     - name: Configure S/MIME for Windows
-       href: identity-protection/configure-s-mime.md
-   - name: Network security
-     items:
-     - name: VPN technical guide
-       href: identity-protection/vpn/vpn-guide.md
-       items:
+    - name: Personal Data Encryption (PDE)
+      items:
+      - name: Personal Data Encryption (PDE) overview
+        href: information-protection/personal-data-encryption/overview-pde.md
+      - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
+        href: information-protection/personal-data-encryption/faq-pde.yml
+      - name: Configure Personal Data Encryption (PDE) in Intune
+        href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
+    - name: Configure S/MIME for Windows
+      href: identity-protection/configure-s-mime.md
+    - name: Network security
+      items:
+      - name: VPN technical guide
+        href: identity-protection/vpn/vpn-guide.md
+        items:
         - name: VPN connection types
           href: identity-protection/vpn/vpn-connection-type.md
         - name: VPN routing decisions
@@ -192,17 +192,17 @@
           href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
         - name: Optimizing Office 365 traffic with the Windows VPN client
           href: identity-protection/vpn/vpn-office-365-optimization.md
-     - name: Windows Defender Firewall
-       href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-   - name: Windows security baselines
-     href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-     items:
+      - name: Windows Defender Firewall
+        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+    - name: Windows security baselines
+      href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+      items:
       - name: Security Compliance Toolkit
         href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
       - name: Get support
         href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
-   - name: Virus & threat protection
-     items:
+    - name: Virus & threat protection
+      items:
       - name: Overview
         href: threat-protection/index.md
       - name: Microsoft Defender Antivirus
@@ -219,8 +219,8 @@
         href: /microsoft-365/security/defender-endpoint/exploit-protection
       - name: Microsoft Defender for Endpoint
         href: /microsoft-365/security/defender-endpoint
-   - name: More Windows security
-     items:
+    - name: More Windows security
+      items:
       - name: Override Process Mitigation Options to help enforce app-related security policies
         href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
       - name: Use Windows Event Forwarding to help with intrusion detection
@@ -230,9 +230,9 @@
       - name: Windows Information Protection (WIP)
         href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
         items:
-         - name: Create a WIP policy using Microsoft Intune
-           href: information-protection/windows-information-protection/overview-create-wip-policy.md
-           items:
+          - name: Create a WIP policy using Microsoft Intune
+            href: information-protection/windows-information-protection/overview-create-wip-policy.md
+            items:
             - name: Create a WIP policy in Microsoft Intune
               href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
               items:
@@ -244,26 +244,26 @@
               href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
             - name: Determine the enterprise context of an app running in WIP
               href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-         - name: Create a WIP policy using Microsoft Configuration Manager
-           href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-           items:
+          - name: Create a WIP policy using Microsoft Configuration Manager
+            href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+            items:
             - name: Create and deploy a WIP policy in Configuration Manager
               href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
             - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
               href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
             - name: Determine the enterprise context of an app running in WIP
               href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-         - name: Mandatory tasks and settings required to turn on WIP
-           href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
-         - name: Testing scenarios for WIP
-           href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
-         - name: Limitations while using WIP
-           href: information-protection/windows-information-protection/limitations-with-wip.md
-         - name: How to collect WIP audit event logs
-           href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-         - name: General guidance and best practices for WIP
-           href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-           items:
+          - name: Mandatory tasks and settings required to turn on WIP
+            href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
+          - name: Testing scenarios for WIP
+            href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
+          - name: Limitations while using WIP
+            href: information-protection/windows-information-protection/limitations-with-wip.md
+          - name: How to collect WIP audit event logs
+            href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+          - name: General guidance and best practices for WIP
+            href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+            items:
             - name: Enlightened apps for use with WIP
               href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
             - name: Unenlightened and enlightened app behavior while using WIP
@@ -272,52 +272,59 @@
               href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
             - name: Using Outlook Web Access with WIP
               href: information-protection/windows-information-protection/using-owa-with-wip.md
-         - name: Fine-tune WIP Learning
-           href: information-protection/windows-information-protection/wip-learning.md
-         - name: Disable WIP
-           href: information-protection/windows-information-protection/how-to-disable-wip.md
+          - name: Fine-tune WIP Learning
+            href: information-protection/windows-information-protection/wip-learning.md
+          - name: Disable WIP
+            href: information-protection/windows-information-protection/how-to-disable-wip.md
 - name: Application security
   items:
-   - name: Overview
-     href: apps.md
-   - name: Windows Defender Application Control and virtualization-based protection of code integrity
-     href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-   - name: Windows Defender Application Control
-     href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
-   - name: Microsoft Defender Application Guard
-     href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
-   - name: Windows Sandbox
-     href: threat-protection/windows-sandbox/windows-sandbox-overview.md
-     items:
+    - name: Overview
+      href: apps.md
+    - name: Windows Defender Application Control and virtualization-based protection of code integrity
+      href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+    - name: Windows Defender Application Control
+      href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
+    - name: Microsoft Defender Application Guard
+      href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+    - name: Windows Sandbox
+      href: threat-protection/windows-sandbox/windows-sandbox-overview.md
+      items:
         - name: Windows Sandbox architecture
           href: threat-protection/windows-sandbox/windows-sandbox-architecture.md
         - name: Windows Sandbox configuration
           href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
-   - name: Microsoft Defender SmartScreen overview
-     href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-     items:
+    - name: Microsoft Defender SmartScreen overview
+      href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+      items:
         - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
           href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md
-   - name: Configure S/MIME for Windows
-     href: identity-protection\configure-s-mime.md
-   - name: Windows Credential Theft Mitigation Guide Abstract
-     href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md
+    - name: Configure S/MIME for Windows
+      href: identity-protection\configure-s-mime.md
+    - name: Windows Credential Theft Mitigation Guide Abstract
+      href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md
 - name: User security and secured identity
   items:
     - name: Overview
       href: identity.md
-    - name: Windows Hello for Business
-      href: identity-protection/hello-for-business/index.yml
     - name: Windows credential theft mitigation guide
       href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+    - name: Passwordless
+      items:
+      - name: Windows Hello for Business
+        href: identity-protection/hello-for-business/index.yml
+      - name: FIDO 2 security keys
+        href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=/windows/security/context/context
+    - name: Local Administrator Password Solution (LAPS)
+      href: /windows-server/identity/laps/laps-overview?context=/windows/security/context/context
     - name: Enterprise Certificate Pinning
       href: identity-protection/enterprise-certificate-pinning.md
-    - name: Protect derived domain credentials with Credential Guard
-      href: identity-protection/credential-guard/credential-guard.md
+    - name: Credential Guard
       items:
+        - name: Protect derived domain credentials with Credential Guard
+          href: identity-protection/credential-guard/credential-guard.md
         - name: How Credential Guard works
           href: identity-protection/credential-guard/credential-guard-how-it-works.md
-        - name: Credential Guard Requirements
+        - name: Requirements
           href: identity-protection/credential-guard/credential-guard-requirements.md
         - name: Manage Credential Guard
           href: identity-protection/credential-guard/credential-guard-manage.md
@@ -327,30 +334,32 @@
           href: identity-protection/credential-guard/credential-guard-protection-limits.md
         - name: Considerations when using Credential Guard
           href: identity-protection/credential-guard/credential-guard-considerations.md
-        - name: "Credential Guard: Additional mitigations"
+        - name: Additional mitigations
           href: identity-protection/credential-guard/additional-mitigations.md
-        - name: "Credential Guard: Known issues"
+        - name: Known issues
           href: identity-protection/credential-guard/credential-guard-known-issues.md
-    - name: Protect Remote Desktop credentials with Remote Credential Guard
+    - name: Remote Credential Guard
       href: identity-protection/remote-credential-guard.md
     - name: Configuring LSA Protection
       href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
     - name: Technical support policy for lost or forgotten passwords
       href: identity-protection/password-support-policy.md
-    - name: Access Control Overview
-      href: identity-protection/access-control/access-control.md
+    - name: Access Control
       items:
+        - name: Overview
+          href: identity-protection/access-control/access-control.md
         - name: Local Accounts
           href: identity-protection/access-control/local-accounts.md
-        - name: User Account Control
+    - name: User Account Control (UAC)
+      items:
+        - name: Overview
           href: identity-protection/user-account-control/user-account-control-overview.md
-          items:
-            - name: How User Account Control works
-              href: identity-protection/user-account-control/how-user-account-control-works.md
-            - name: User Account Control security policy settings
-              href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
-            - name: User Account Control Group Policy and registry key settings
-              href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+        - name: How User Account Control works
+          href: identity-protection/user-account-control/how-user-account-control-works.md
+        - name: User Account Control security policy settings
+          href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
+        - name: User Account Control Group Policy and registry key settings
+          href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
     - name: Smart Cards
       href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
       items:
@@ -396,14 +405,14 @@
               href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
 - name: Cloud services
   items:
-   - name: Overview
-     href: cloud.md
-   - name: Mobile device management
-     href: /windows/client-management/mdm/
-   - name: Windows 365 Cloud PCs
-     href: /windows-365/overview
-   - name: Azure Virtual Desktop
-     href: /azure/virtual-desktop/
+    - name: Overview
+      href: cloud.md
+    - name: Mobile device management
+      href: /windows/client-management/mdm/
+    - name: Windows 365 Cloud PCs
+      href: /windows-365/overview
+    - name: Azure Virtual Desktop
+      href: /azure/virtual-desktop/
 - name: Security foundations
   items:
     - name: Overview
diff --git a/windows/security/apps.md b/windows/security/apps.md
index 1ddbbc8a9d..6ae3789ec4 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -5,9 +5,10 @@ ms.reviewer:
 manager: aaroncz
 ms.author: dansimp
 author: dansimp
-ms.collection: M365-security-compliance
 ms.prod: windows-client
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Windows application security
diff --git a/windows/security/breadcrumb/toc.yml b/windows/security/breadcrumb/toc.yml
index 2531ffba73..19748bed13 100644
--- a/windows/security/breadcrumb/toc.yml
+++ b/windows/security/breadcrumb/toc.yml
@@ -10,3 +10,9 @@ items:
     - name: Security
       tocHref: /windows-server/security/credentials-protection-and-management/
       topicHref: /windows/security/
+    - name: Security
+      tocHref: /windows-server/identity/laps/
+      topicHref: /windows/security/
+    - name: Security
+      tocHref: /azure/active-directory/authentication/
+      topicHref: /windows/security/
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 0c96ff69db..27db0f26ae 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -10,7 +10,6 @@ ms.date: 09/20/2021
 ms.localizationpriority: medium
 ms.custom: 
 search.appverid: MET150
-ms.collection: M365-security-compliance
 ms.prod: windows-client
 ms.technology: itpro-security
 ---
diff --git a/windows/security/context/context.yml b/windows/security/context/context.yml
new file mode 100644
index 0000000000..aa53a529eb
--- /dev/null
+++ b/windows/security/context/context.yml
@@ -0,0 +1,4 @@
+### YamlMime: ContextObject
+brand: windows
+breadcrumb_path: ../breadcrumb/toc.yml
+toc_rel: ../toc.yml
\ No newline at end of file
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index 8484e3b795..bb2804df03 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -65,13 +65,15 @@
     },
     "fileMetadata": {
       "author":{
-        "identity-protection/hello-for-business/**/*.md": "paolomatarazzo"
+        "identity-protection/**/*.md": "paolomatarazzo"
       },
       "ms.author":{
-        "identity-protection/hello-for-business/**/*.md": "paoloma"
+        "identity-protection/**/*.md": "paoloma"
       },
       "ms.reviewer":{
-        "identity-protection/hello-for-business/**/*.md": "erikdau"
+        "identity-protection/hello-for-business/*.md": "erikdau",
+        "identity-protection/credential-guard/*.md": "zwhittington",
+        "identity-protection/access-control/*.md": "sulahiri"
       }
     },
     "template": [],
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 7954ea474f..0baa5e3748 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -5,9 +5,10 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 author: vinaypamnani-msft
-ms.collection: M365-security-compliance
 ms.prod: windows-client
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Windows hardware security
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index f900a31aa3..0f1ca8d5c4 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -1,19 +1,12 @@
 ---
-title: Access Control Overview (Windows 10)
-description: Access Control Overview
+title: Access Control Overview
+description: Description of the access controls in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
 ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
 ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/18/2017
+ms.date: 11/22/2022
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows Server 2016</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 
@@ -21,89 +14,66 @@ ms.technology: itpro-security
 
 This topic for the IT professional describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing.
 
-## <a href="" id="bkmk-over"></a>Feature description
-
+## Feature description
 
 Computers that are running a supported version of Windows can control the use of system and network resources through the interrelated mechanisms of authentication and authorization. After a user is authenticated, the Windows operating system uses built-in authorization and access control technologies to implement the second phase of protecting resources: determining if an authenticated user has the correct permissions to access a resource.
 
-Shared resources are available to users and groups other than the resource’s owner, and they need to be protected from unauthorized use. In the access control model, users and groups (also referred to as security principals) are represented by unique security identifiers (SIDs). They are assigned rights and permissions that inform the operating system what each user and group can do. Each resource has an owner who grants permissions to security principals. During the access control check, these permissions are examined to determine which security principals can access the resource and how they can access it.
+Shared resources are available to users and groups other than the resource's owner, and they need to be protected from unauthorized use. In the access control model, users and groups (also referred to as security principals) are represented by unique security identifiers (SIDs). They are assigned rights and permissions that inform the operating system what each user and group can do. Each resource has an owner who grants permissions to security principals. During the access control check, these permissions are examined to determine which security principals can access the resource and how they can access it.
 
 Security principals perform actions (which include Read, Write, Modify, or Full control) on objects. Objects include files, folders, printers, registry keys, and Active Directory Domain Services (AD DS) objects. Shared resources use access control lists (ACLs) to assign permissions. This enables resource managers to enforce access control in the following ways:
 
--   Deny access to unauthorized users and groups
-
--   Set well-defined limits on the access that is provided to authorized users and groups
+- Deny access to unauthorized users and groups
+- Set well-defined limits on the access that is provided to authorized users and groups
 
 Object owners generally grant permissions to security groups rather than to individual users. Users and computers that are added to existing groups assume the permissions of that group. If an object (such as a folder) can hold other objects (such as subfolders and files), it is called a container. In a hierarchy of objects, the relationship between a container and its content is expressed by referring to the container as the parent. An object in the container is referred to as the child, and the child inherits the access control settings of the parent. Object owners often define permissions for container objects, rather than individual child objects, to ease access control management.
 
 This content set contains:
 
--   [Dynamic Access Control Overview](dynamic-access-control.md)
-
--   [Security identifiers](security-identifiers.md)
-
--   [Security Principals](security-principals.md)
-
-    -   [Local Accounts](local-accounts.md)
-
-    -   [Active Directory Accounts](active-directory-accounts.md)
-
-    -   [Microsoft Accounts](microsoft-accounts.md)
-
-    -   [Service Accounts](service-accounts.md)
-
-    -   [Active Directory Security Groups](active-directory-security-groups.md)
-
-## <a href="" id="bkmk-app"></a>Practical applications
+- [Dynamic Access Control Overview](dynamic-access-control.md)
+- [Security identifiers](security-identifiers.md)
+- [Security Principals](security-principals.md)
+  - [Local Accounts](local-accounts.md)
+  - [Active Directory Accounts](active-directory-accounts.md)
+  - [Microsoft Accounts](microsoft-accounts.md)
+  - [Service Accounts](service-accounts.md)
+  - [Active Directory Security Groups](active-directory-security-groups.md)
 
+## Practical applications
 
 Administrators who use the supported version of Windows can refine the application and management of access control to objects and subjects to provide the following security:
 
--   Protect a greater number and variety of network resources from misuse.
-
--   Provision users to access resources in a manner that is consistent with organizational policies and the requirements of their jobs.
-
--   Enable users to access resources from a variety of devices in numerous locations.
-
--   Update users’ ability to access resources on a regular basis as an organization’s policies change or as users’ jobs change.
-
--   Account for a growing number of use scenarios (such as access from remote locations or from a rapidly expanding variety of devices, such as tablet computers and mobile phones).
-
--   Identify and resolve access issues when legitimate users are unable to access resources that they need to perform their jobs.
+- Protect a greater number and variety of network resources from misuse.
+- Provision users to access resources in a manner that is consistent with organizational policies and the requirements of their jobs.
+- Enable users to access resources from a variety of devices in numerous locations.
+- Update users' ability to access resources on a regular basis as an organization's policies change or as users' jobs change.
+- Account for a growing number of use scenarios (such as access from remote locations or from a rapidly expanding variety of devices, such as tablet computers and mobile phones).
+- Identify and resolve access issues when legitimate users are unable to access resources that they need to perform their jobs.
 
 ## Permissions
 
-
 Permissions define the type of access that is granted to a user or group for an object or object property. For example, the Finance group can be granted Read and Write permissions for a file named Payroll.dat.
 
 By using the access control user interface, you can set NTFS permissions for objects such as files, Active Directory objects, registry objects, or system objects such as processes. Permissions can be granted to any user, group, or computer. It is a good practice to assign permissions to groups because it improves system performance when verifying access to an object.
 
 For any object, you can grant permissions to:
 
--   Groups, users, and other objects with security identifiers in the domain.
-
--   Groups and users in that domain and any trusted domains.
-
--   Local groups and users on the computer where the object resides.
+- Groups, users, and other objects with security identifiers in the domain.
+- Groups and users in that domain and any trusted domains.
+- Local groups and users on the computer where the object resides.
 
 The permissions attached to an object depend on the type of object. For example, the permissions that can be attached to a file are different from those that can be attached to a registry key. Some permissions, however, are common to most types of objects. These common permissions are:
 
--   Read
-
--   Modify
-
--   Change owner
-
--   Delete
+- Read
+- Modify
+- Change owner
+- Delete
 
 When you set permissions, you specify the level of access for groups and users. For example, you can let one user read the contents of a file, let another user make changes to the file, and prevent all other users from accessing the file. You can set similar permissions on printers so that certain users can configure the printer and other users can only print.
 
 When you need to change the permissions on a file, you can run Windows Explorer, right-click the file name, and click **Properties**. On the **Security** tab, you can change permissions on the file. For more information, see [Managing Permissions](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770962(v=ws.11)).
 
-**Note**  
-Another kind of permissions, called share permissions, is set on the Sharing tab of a folder's **Properties** page or by using the Shared Folder Wizard. For more information see [Share and NTFS Permissions on a File Server](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754178(v=ws.11)).
-
- 
+> [!NOTE]
+> Another kind of permissions, called share permissions, is set on the Sharing tab of a folder's **Properties** page or by using the Shared Folder Wizard. For more information see [Share and NTFS Permissions on a File Server](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754178(v=ws.11)).
 
 ### Ownership of objects
 
@@ -115,7 +85,6 @@ Inheritance allows administrators to easily assign and manage permissions. This
 
 ## User rights
 
-
 User rights grant specific privileges and sign-in rights to users and groups in your computing environment. Administrators can assign specific rights to group accounts or to individual user accounts. These rights authorize users to perform specific actions, such as signing in to a system interactively or backing up files and directories.
 
 User rights are different from permissions because user rights apply to user accounts, and permissions are associated with objects. Although user rights can apply to individual user accounts, user rights are best administered on a group account basis. There is no support in the access control user interface to grant user rights. However, user rights assignment can be administered through **Local Security Settings**.
@@ -124,15 +93,10 @@ For more information about user rights, see [User Rights Assignment](/windows/de
 
 ## Object auditing
 
-
 With administrator's rights, you can audit users' successful or failed access to objects. You can select which object access to audit by using the access control user interface, but first you must enable the audit policy by selecting **Audit object access** under **Local Policies** in **Local Security Settings**. You can then view these security-related events in the Security log in Event Viewer.
 
 For more information about auditing, see [Security Auditing Overview](../../threat-protection/auditing/security-auditing-overview.md).
 
 ## See also
 
--   For more information about access control and authorization, see [Access Control and Authorization Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/jj134043(v=ws.11)).
-
-
- 
-
+- For more information about access control and authorization, see [Access Control and Authorization Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/jj134043(v=ws.11)).
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 6d48d39a9a..5a35d2853f 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,85 +1,51 @@
 ---
-title: Local Accounts (Windows 10)
+title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
+ms.date: 12/05/2022
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
-ms.localizationpriority: medium
-ms.date: 06/17/2022
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 
 # Local Accounts
 
-This reference article for IT professionals describes the default local user accounts for servers, including how to manage these built-in accounts on a member or standalone server. 
+This article describes the default local user accounts for Windows operating systems, and how to manage the built-in accounts.
 
-## <a href="" id="about-local-user-accounts-"></a>About local user accounts
+## About local user accounts
 
-Local user accounts are stored locally on the server. These accounts can be assigned rights and permissions on a particular server, but on that server only. Local user accounts are security principals that are used to secure and manage access to the resources on a standalone or member server for services or users.
+Local user accounts are stored locally on the device. These accounts can be assigned rights and permissions on a particular device, but on that device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users.
 
-This article describes the following:
+## Default local user accounts
 
--   [Default local user accounts](#sec-default-accounts)
+The *default local user accounts* are built-in accounts that are created automatically when the operating system is installed. The default local user accounts can't be removed or deleted and don't provide access to network resources.
 
-    -   [Administrator account](#sec-administrator)
+Default local user accounts are used to manage access to the local device's resources based on the rights and permissions that are assigned to the account. The default local user accounts, and the local user accounts that you create, are located in the *Users* folder. The Users folder is located in the Local Users and Groups folder in the local *Computer Management* Microsoft Management Console (MMC). *Computer Management* is a collection of administrative tools that you can use to manage a local or remote device.
 
-    -   [Guest Account](#sec-guest)
+Default local user accounts are described in the following sections. Expand each section for more information.
 
-    -   [HelpAssistant account (installed by using a Remote Assistance session)](#sec-helpassistant)
+<br>
+<details>
+<summary><b>Administrator</b></summary>
 
-    -   [DefaultAccount](#defaultaccount)
+The default local Administrator account is a user account for system administration. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation.
 
--   [Default local system accounts](#sec-localsystem)
-
--   [How to manage local accounts](#sec-manage-accounts)
-
-    -   [Restrict and protect local accounts with administrative rights](#sec-restrict-protect-accounts)
-
-    -   [Enforce local account restrictions for remote access](#sec-enforce-account-restrictions)
-
-    -   [Deny network logon to all local Administrator accounts](#sec-deny-network-logon)
-
-    -   [Create unique passwords for local accounts with administrative rights](#sec-create-unique-passwords)
-
-For information about security principals, see [Security Principals](security-principals.md).
-
-## <a href="" id="sec-default-accounts"></a>Default local user accounts
-
-The default local user accounts are built-in accounts that are created automatically when you install Windows. 
-
-After Windows is installed, the default local user accounts can't be removed or deleted. In addition, default local user accounts don't provide access to network resources.
-
-Default local user accounts are used to manage access to the local server’s resources based on the rights and permissions that are assigned to the account. The default local user accounts, and the local user accounts that you create, are located in the Users folder. The Users folder is located in the Local Users and Groups folder in the local Computer Management Microsoft Management Console (MMC). Computer Management is a collection of administrative tools that you can use to manage a single local or remote computer. For more information, see [How to manage local accounts](#sec-manage-accounts) later in this article.
-
-Default local user accounts are described in the following sections.
-
-### <a href="" id="sec-administrator"></a>Administrator account
-
-The default local Administrator account is a user account for the system administrator. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation.
-
-The Administrator account has full control of the files, directories, services, and other resources on the local computer. The Administrator account can create other local users, assign user rights, and assign permissions. The Administrator account can take control of local resources at any time simply by changing the user rights and permissions.
+The Administrator account has full control of the files, directories, services, and other resources on the local device. The Administrator account can create other local users, assign user rights, and assign permissions. The Administrator account can take control of local resources at any time by changing the user rights and permissions.
 
 The default Administrator account can't be deleted or locked out, but it can be renamed or disabled.
 
-From Windows 10, Windows 11 and Windows Server 2016, Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the **Run as Administrator** option. Fast User Switching is more secure than using Runas or different-user elevation.  
+Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group.
+
+Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.  
 
 **Account group membership**
 
-By default, the Administrator account is installed as a member of the Administrators group on the server. It's a best practice to limit the number of users in the Administrators group because members of the Administrators group on a local server have Full Control permissions on that computer.
+By default, the Administrator account is a member of the Administrators group. It's a best practice to limit the number of users in the Administrators group because members of the Administrators group have Full Control permissions on the device.
 
-The Administrator account can't be deleted or removed from the Administrators group, but it can be renamed.
+The Administrator account can't be removed from the Administrators group.
 
 **Security considerations**
 
@@ -89,9 +55,7 @@ You can rename the Administrator account. However, a renamed Administrator accou
 
 As a security best practice, use your local (non-Administrator) account to sign in and then use **Run as administrator** to accomplish tasks that require a higher level of rights than a standard user account. Don't use the Administrator account to sign in to your computer unless it's entirely necessary. For more information, see [Run a program with administrative credentials](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732200(v=ws.11)).
 
-In comparison, on the Windows client operating system, a user with a local user account that has Administrator rights is considered the system administrator of the client computer. The first local user account that is created during installation is placed in the local Administrators group. However, when multiple users run as local administrators, the IT staff has no control over these users or their client computers.
-
-In this case, Group Policy can be used to enable secure settings that can control the use of the local Administrators group automatically on every server or client computer. For more information about Group Policy, see [Group Policy Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)).
+Group Policy can be used to control the use of the local Administrators group automatically. For more information about Group Policy, see [Group Policy Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)).
 
 > [!IMPORTANT]
 > 
@@ -99,13 +63,16 @@ In this case, Group Policy can be used to enable secure settings that can contro
 >
 > - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled. 
 
-### <a href="" id="sec-guest"></a>Guest account
+</details>
+<br>
+<details>
+<summary><b>Guest</b></summary>
 
-The Guest account is disabled by default on installation. The Guest account lets occasional or one-time users, who don't have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account has a blank password. Because the Guest account can provide anonymous access, it's a security risk. For this reason, it's a best practice to leave the Guest account disabled, unless its use is entirely necessary.
+The Guest account lets occasional or one-time users, who don't have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account is disabled and has a blank password. Since the Guest account can provide anonymous access, it's considered a security risk. For this reason, it's a best practice to leave the Guest account disabled, unless its use is necessary.
 
 **Account group membership**
 
-By default, the Guest account is the only member of the default Guests group (SID S-1-5-32-546), which lets a user sign in to a server. On occasion, an administrator who is a member of the Administrators group can set up a user with a Guest account on one or more computers.
+By default, the Guest account is the only member of the default Guests group (SID S-1-5-32-546), which lets a user sign in to a device.
 
 **Security considerations**
 
@@ -113,8 +80,11 @@ When enabling the Guest account, only grant limited rights and permissions. For
 
 In addition, the guest user in the Guest account shouldn't be able to view the event logs. After the Guest account is enabled, it's a best practice to monitor the Guest account frequently to ensure that other users can't use services and other resources. This includes resources that were unintentionally left available by a previous user.
 
-## <a href="" id="sec-helpassistant"></a>HelpAssistant account (installed with a Remote Assistance session)
+</details>
 
+<br>
+<details>
+<summary><b>HelpAssistant</b></summary>
 
 The HelpAssistant account is a default local account that is enabled when a Remote Assistance session is run. This account is automatically disabled when no Remote Assistance requests are pending.
 
@@ -124,9 +94,9 @@ HelpAssistant is the primary account that is used to establish a Remote Assistan
 
 The SIDs that pertain to the default HelpAssistant account include:
 
--   SID: S-1-5-&lt;domain&gt;-13, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services.
+- SID: `S-1-5-<domain>-13`, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services.
 
--   SID: S-1-5-&lt;domain&gt;-14, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
+- SID: `S-1-5-<domain>-14`, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
 
 For the Windows Server operating system, Remote Assistance is an optional component that isn't installed by default. You must install Remote Assistance before it can be used.
 
@@ -138,23 +108,26 @@ For details about the HelpAssistant account attributes, see the following table.
 |--- |--- |
 |Well-Known SID/RID|`S-1-5-<domain>-13 (Terminal Server User), S-1-5-<domain>-14 (Remote Interactive Logon)`|
 |Type|User|
-|Default container|`CN=Users, DC=<domain>, DC=`|
+|Default container|`CN=Users, DC=<domain>`|
 |Default members|None|
 |Default member of|Domain Guests<br/><br/>Guests|
 |Protected by ADMINSDHOLDER?|No|
 |Safe to move out of default container?|Can be moved out, but we don't recommend it.|
 |Safe to delegate management of this group to non-Service admins?|No|
 
-### DefaultAccount
+</details>
 
-The DefaultAccount, also known as the Default System Managed Account (DSMA), is a built-in account introduced in Windows 10 version 1607 and Windows Server 2016. 
-The DSMA is a well-known user account type. 
-It's a user neutral account that can be used to run processes that are either multi-user aware or user-agnostic. 
-The DSMA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop. 
+<br>
+<details>
+<summary><b>DefaultAccount</b></summary>
 
-The DSMA has a well-known RID of 503. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: S-1-5-21-\<ComputerIdentifier>-503 
+The DefaultAccount account, also known as the Default System Managed Account (DSMA), is a well-known user account type. DefaultAccount can be used to run processes that are either multi-user aware or user-agnostic.
 
-The DSMA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of S-1-5-32-581. 
+The DSMA is disabled by default on the desktop SKUs and on the Server operating systems with the desktop experience.
+
+The DSMA has a well-known RID of `503`. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: `S-1-5-21-\<ComputerIdentifier>-503`.
+
+The DSMA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of `S-1-5-32-581`.
 
 The DSMA alias can be granted access to resources during offline staging even before the account itself has been created. The account and the group are created during first boot of the machine within the Security Accounts Manager (SAM).
 
@@ -169,10 +142,10 @@ Today, Xbox automatically signs in as Guest account and all apps run in this con
 All the apps are multi-user-aware and respond to events fired by user manager. 
 The apps run as the Guest account.
 
-Similarly, Phone auto logs in as a “DefApps” account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. 
+Similarly, Phone auto logs in as a *DefApps* account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. 
 
 In the converged user model, the multi-user-aware apps and multi-user-aware brokers will need to run in a context different from that of the users. 
-For this purpose, the system creates DSMA. 
+For this purpose, the system creates DSMA.
 
 #### How the DefaultAccount gets created on domain controllers
 
@@ -182,25 +155,37 @@ If the domain was created with domain controllers running an earlier version of
 #### Recommendations for managing the Default Account (DSMA)
 
 Microsoft doesn't recommend changing the default configuration, where the account is disabled. There's no security risk with having the account in the disabled state. Changing the default configuration could hinder future scenarios that rely on this account.
+</details>
 
-## <a href="" id="sec-localsystem"></a>Default local system accounts
+## Default local system accounts
 
-### SYSTEM
-The SYSTEM account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account’s user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups. 
+<br>
+<details>
+<summary><b>SYSTEM</b></summary>
+
+
+The *SYSTEM* account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account's user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups. 
 
 On the other hand, the SYSTEM account does appear on an NTFS file system volume in File Manager in the **Permissions** portion of the **Security** menu. By default, the SYSTEM account is granted Full Control permissions to all files on an NTFS volume. Here the SYSTEM account has the same functional rights and permissions as the Administrator account.
 
 > [!NOTE]
 > To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them.
 
-### NETWORK SERVICE 
+</details>
+<br>
+<details>
+<summary><b>NETWORK SERVICE </b></summary>
+
 The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account).
+</details>
+<br>
+<details>
+<summary><b>LOCAL SERVICE</b></summary>
 
-### LOCAL SERVICE
 The LOCAL SERVICE account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account).
+</details>
 
-## <a href="" id="sec-manage-accounts"></a>How to manage local user accounts
-
+## How to manage local user accounts
 
 The default local user accounts, and the local user accounts you create, are located in the Users folder. The Users folder is located in Local Users and Groups. For more information about creating and managing local user accounts, see [Manage Local Users](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731899(v=ws.11)).
 
@@ -209,11 +194,11 @@ You can use Local Users and Groups to assign rights and permissions on only the
 You can't use Local Users and Groups on a domain controller. However, you can use Local Users and Groups on a domain controller to target remote computers that aren't domain controllers on the network.
 
 > [!NOTE]
-> You use Active Directory Users and Computers to manage users and groups in Active Directory.
+> You use Active Directory Users and Computers to manage users and groups in Active Directory.
 
 You can also manage local users by using NET.EXE USER and manage local groups by using NET.EXE LOCALGROUP, or by using various PowerShell cmdlets and other scripting technologies.
 
-### <a href="" id="sec-restrict-protect-accounts"></a>Restrict and protect local accounts with administrative rights
+### Restrict and protect local accounts with administrative rights
 
 An administrator can use many approaches to prevent malicious users from using stolen credentials such as a stolen password or password hash, for a local account on one computer from being used to authenticate on another computer with administrative rights. This is also called "lateral movement".
 
@@ -221,22 +206,20 @@ The simplest approach is to sign in to your computer with a standard user accoun
 
 The other approaches that can be used to restrict and protect user accounts with administrative rights include:
 
--   Enforce local account restrictions for remote access.
+- Enforce local account restrictions for remote access.
 
--   Deny network logon to all local Administrator accounts.
+- Deny network logon to all local Administrator accounts.
 
--   Create unique passwords for local accounts with administrative rights.
+- Create unique passwords for local accounts with administrative rights.
 
 Each of these approaches is described in the following sections.
 
 > [!NOTE]
 > These approaches do not apply if all administrative local accounts are disabled.
 
- 
+### Enforce local account restrictions for remote access
 
-### <a href="" id="sec-enforce-account-restrictions"></a>Enforce local account restrictions for remote access
-
-The User Account Control (UAC) is a security feature in Windows that has been in use in Windows Server 2008 and in Windows Vista, and the operating systems to which the **Applies To** list refers. UAC enables you to stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change how often UAC notifies you.
+User Account Control (UAC) is a security feature that informs you when a program makes a change that requires administrative permissions. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change when UAC notifies you.
 
 UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the **Run as** command.
 
@@ -268,79 +251,45 @@ The following table shows the Group Policy and registry settings that are used t
  
 #### To enforce local account restrictions for remote access
 
-1.  Start the **Group Policy Management** Console (GPMC).
+1. Start the **Group Policy Management** Console (GPMC)
+1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, right-click **Group Policy Objects > New**
+1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and &gt; **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer
+1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
+1. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
 
-2.  In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO).
+  - Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**
+  - Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**
+  - Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**
 
-3.  In the console tree, right-click **Group Policy Objects**, and &gt; **New**.
+1. Ensure that the local account restrictions are applied to network interfaces by following these steps:
 
-    ![local accounts 1.](images/localaccounts-proc1-sample1.png)
+  - Navigate to *Computer Configuration\Preferences and Windows Settings*, and > **Registry**
+  - Right-click **Registry**, and &gt; **New** &gt; **Registry Item**
+  - In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**
+  - Ensure that the **Hive** box is set to **HKEY_LOCAL_MACHINE**
+  - Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
+  - In the **Value name** area, type `LocalAccountTokenFilterPolicy`
+  - In the **Value type** box, from the drop-down list, select **REG_DWORD** to change the value
+  - In the **Value data** box, ensure that the value is set to **0**
+  - Verify this configuration, and &gt; **OK**
 
-4.  In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and &gt; **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer.
+1. Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
 
-    ![local accounts 2.](images/localaccounts-proc1-sample2.png)
+  - Navigate to the `*Forest*\<Domains>\*Domain*\*OU*` path
+  - Right-click the **Workstations > Link an existing GPO**
+  - Select the GPO that you created, and &gt; **OK**
 
-5.  In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**.
-
-    ![local accounts 3.](images/localaccounts-proc1-sample3.png)
-
-6.  Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
-
-    1.  Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**.
-
-    2.  Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**.
-
-    3.  Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**.
-
-7.  Ensure that the local account restrictions are applied to network interfaces by following these steps:
-
-    1.  Navigate to Computer Configuration\\Preferences and Windows Settings, and &gt; **Registry**.
-
-    2.  Right-click **Registry**, and &gt; **New** &gt; **Registry Item**.
-
-        ![local accounts 4.](images/localaccounts-proc1-sample4.png)
-
-    3.  In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**.
-
-    4.  Ensure that the **Hive** box is set to **HKEY\_LOCAL\_MACHINE**.
-
-    5.  Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: **SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System**.
-
-    6.  In the **Value name** area, type **LocalAccountTokenFilterPolicy**.
-
-    7.  In the **Value type** box, from the drop-down list, select **REG\_DWORD** to change the value.
-
-    8.  In the **Value data** box, ensure that the value is set to **0**.
-
-    9.  Verify this configuration, and &gt; **OK**.
-
-        ![local accounts 5.](images/localaccounts-proc1-sample5.png)
-
-8.  Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
-
-    1.  Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path.
-
-    2.  Right-click the **Workstations** OU, and &gt; **Link an existing GPO**.
-
-        ![local accounts 6.](images/localaccounts-proc1-sample6.png)
-
-    3.  Select the GPO that you created, and &gt; **OK**.
-
-9.  Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy.
-
-10. Create links to all other OUs that contain workstations.
-
-11. Create links to all other OUs that contain servers.
-
-### <a href="" id="sec-deny-network-logon"></a>Deny network logon to all local Administrator accounts
+1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
+1. Create links to all other OUs that contain workstations
+1. Create links to all other OUs that contain servers
+### Deny network logon to all local Administrator accounts
 
 Denying local accounts the ability to perform network logons can help prevent a local account password hash from being reused in a malicious attack. This procedure helps to prevent lateral movement by ensuring that stolen credentials for local accounts from a compromised operating system can't be used to compromise other computers that use the same credentials.
 
 > [!NOTE]
 > To perform this procedure, you must first identify the name of the local, default Administrator account, which might not be the default user name "Administrator", and any other accounts that are members of the local Administrators group.
 
- 
-
 The following table shows the Group Policy settings that are used to deny network logon for all local Administrator accounts.
 
 |No.|Setting|Detailed Description|
@@ -354,55 +303,33 @@ The following table shows the Group Policy settings that are used to deny networ
 
 #### To deny network logon to all local administrator accounts
 
-1.  Start the **Group Policy Management** Console (GPMC).
+1. Start the **Group Policy Management** Console (GPMC)
+1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, right-click **Group Policy Objects**, and &gt; **New**
+1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and then &gt; **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
+1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
+1. Configure the user rights to deny network logons for administrative local accounts as follows:
+1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and &gt; **User Rights Assignment**
+1. Double-click **Deny access to this computer from the network**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
+1. Configure the user rights to deny Remote Desktop (Remote Interactive) logons for administrative local accounts as follows:
+1. Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then select **User Rights Assignment**
+1. Double-click **Deny log on through Remote Desktop Services**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
+1. Link the GPO to the first **Workstations** OU as follows:
 
-2.  In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO).
+  - Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path
+  - Right-click the **Workstations** OU, and &gt; **Link an existing GPO**
+  - Select the GPO that you created, and &gt; **OK**
 
-3.  In the console tree, right-click **Group Policy Objects**, and &gt; **New**.
+1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
+1. Create links to all other OUs that contain workstations
+1. Create links to all other OUs that contain servers
 
-4.  In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and then &gt; **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer.
+> [!NOTE]
+> You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers.
 
-    ![local accounts 7.](images/localaccounts-proc2-sample1.png)
-
-5.  In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**.
-
-    ![local accounts 8.](images/localaccounts-proc2-sample2.png)
-
-6.  Configure the user rights to deny network logons for administrative local accounts as follows:
-
-    1.  Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and &gt; **User Rights Assignment**.
-
-    2.  Double-click **Deny access to this computer from the network**.
-
-    3.  Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**. 
-
-7.  Configure the user rights to deny Remote Desktop (Remote Interactive) logons for administrative local accounts as follows:
-
-    1.  Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then select **User Rights Assignment**.
-
-    2.  Double-click **Deny log on through Remote Desktop Services**.
-
-    3.  Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**. 
-
-8.  Link the GPO to the first **Workstations** OU as follows:
-
-    1.  Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path.
-
-    2.  Right-click the **Workstations** OU, and &gt; **Link an existing GPO**.
-
-    3.  Select the GPO that you created, and &gt; **OK**.
-
-9.  Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy.
-
-10. Create links to all other OUs that contain workstations.
-
-11. Create links to all other OUs that contain servers.
-
-    > [!NOTE]
-    > You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers.
-
-
-### <a href="" id="sec-create-unique-passwords"></a>Create unique passwords for local accounts with administrative rights
+### Create unique passwords for local accounts with administrative rights
 
 Passwords should be unique per individual account. While it's true for individual user accounts, many enterprises have identical passwords for common local accounts, such as the default Administrator account. This also occurs when the same passwords are used for local accounts during operating system deployments.
 
@@ -410,19 +337,6 @@ Passwords that are left unchanged or changed synchronously to keep them identica
 
 Passwords can be randomized by:
 
--   Purchasing and implementing an enterprise tool to accomplish this task. These tools are commonly referred to as "privileged password management" tools.
-
--   Configuring [Local Administrator Password Solution (LAPS)](https://www.microsoft.com/download/details.aspx?id=46899) to accomplish this task.
-
--   Creating and implementing a custom script or solution to randomize local account passwords.
-
-## <a href="" id="dhcp-references"></a>See also
-
-
-The following resources provide additional information about technologies that are related to local accounts.
-
--   [Security Principals](security-principals.md)
-
--   [Security Identifiers](security-identifiers.md)
-
--   [Access Control Overview](access-control.md)
+- Purchasing and implementing an enterprise tool to accomplish this task. These tools are commonly referred to as "privileged password management" tools
+- Configuring [Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) to accomplish this task
+- Creating and implementing a custom script or solution to randomize local account passwords
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index 6fadaf74b4..e7d4d83f53 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 07/27/2017
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 3fd8405edf..c8ed1adc92 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -1,16 +1,11 @@
 ---
 title: Additional mitigations
 description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/17/2017
-ms.technology: itpro-security
+ms.topic: article
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Additional mitigations
@@ -27,21 +22,21 @@ Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring,
 
 **To enable Kerberos armoring for restricting domain users to specific domain-joined devices**
 
--   Users need to be in domains that are running Windows Server 2012 R2 or higher
--   All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
--   All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
+- Users need to be in domains that are running Windows Server 2012 R2 or higher
+- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
+- All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
 
 ### Protecting domain-joined device secrets
 
 Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Windows Defender Credential Guard, the private key can be protected. Then authentication policies can require that users sign on to devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user.
 
 Domain-joined device certificate authentication has the following requirements:
--   Devices' accounts are in Windows Server 2012 domain functional level or higher.
--   All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
-    -   KDC EKU present
-    -   DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
--   Windows devices have the CA issuing the domain controller certificates in the enterprise store.
--   A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
+- Devices' accounts are in Windows Server 2012 domain functional level or higher.
+- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
+  - KDC EKU present
+  -    DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
+- Windows devices have the CA issuing the domain controller certificates in the enterprise store.
+- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
 
 #### Deploying domain-joined device certificates
 
@@ -74,54 +69,54 @@ CertReq -EnrollCredGuardCert MachineAuthentication
 
 > [!NOTE]
 > You must restart the device after enrolling the machine authentication certificate.
- 
+
 #### How a certificate issuance policy can be used for access control
 
 Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd378897(v=ws.10)) on TechNet.
 
 **To see the issuance policies available**
 
--   The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.
-    From a Windows PowerShell command prompt, run the following command:
+- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.\
+From a Windows PowerShell command prompt, run the following command:
 
-    ```powershell
-    .\get-IssuancePolicy.ps1 –LinkedToGroup:All
-    ```
+```powershell
+.\get-IssuancePolicy.ps1 -LinkedToGroup:All
+```
 
 **To link an issuance policy to a universal security group**
 
--   The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.
-    From a Windows PowerShell command prompt, run the following command:
+- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.\
+From a Windows PowerShell command prompt, run the following command:
 
-    ```powershell
-    .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"<name of issuance policy>" –groupOU:"<Name of OU to create>" –groupName:”<name of Universal security group to create>"
-    ```
+```powershell
+.\set-IssuancePolicyToGroupLink.ps1 -IssuancePolicyName:"<name of issuance policy>" -groupOU:"<Name of OU to create>" -groupName:"<name of Universal security group to create>"
+```
 
 ### Restricting user sign-on
 
 So we now have completed the following:
 
--   Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on
--   Mapped that policy to a universal security group or claim
--   Provided a way for domain controllers to get the device authorization data during user sign-on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
+- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on
+- Mapped that policy to a universal security group or claim
+- Provided a way for domain controllers to get the device authorization data during user sign-on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
 
 Authentication policies have the following requirements:
--   User accounts are in a Windows Server 2012 domain functional level or higher domain.
+- User accounts are in a Windows Server 2012 domain functional level or higher domain.
 
 **Creating an authentication policy restricting users to the specific universal security group**
 
-1.  Open Active Directory Administrative Center.
-2.  Click **Authentication**, click **New**, and then click **Authentication Policy**.
-3.  In the **Display name** box, enter a name for this authentication policy.
-4.  Under the **Accounts** heading, click **Add**.
-5.  In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then click **OK**.
-6.  Under the **User Sign On** heading, click the **Edit** button.
-7. Click **Add a condition**.
-8. In the **Edit Access Control Conditions** box, ensure that it reads **User** &gt; **Group** &gt; **Member of each** &gt; **Value**, and then click **Add items**.
-9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**.
-10. Click **OK** to close the **Edit Access Control Conditions** box.
-11. Click **OK** to create the authentication policy.
-12. Close Active Directory Administrative Center.
+1. Open Active Directory Administrative Center.
+1. Click **Authentication**, click **New**, and then click **Authentication Policy**.
+1. In the **Display name** box, enter a name for this authentication policy.
+1. Under the **Accounts** heading, click **Add**.
+1. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then click **OK**.
+1. Under the **User Sign On** heading, click the **Edit** button.
+1. Click **Add a condition**.
+1. In the **Edit Access Control Conditions** box, ensure that it reads **User** &gt; **Group** &gt; **Member of each** &gt; **Value**, and then click **Add items**.
+1. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**.
+1. Click **OK** to close the **Edit Access Control Conditions** box.
+1. Click **OK** to create the authentication policy.
+1. Close Active Directory Administrative Center.
 
 > [!NOTE]
 > When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
@@ -326,7 +321,7 @@ write-host "There are no issuance policies which are not mapped to groups"
 ```
 > [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
- 
+
 ### <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index b041c61076..5714236fec 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -1,22 +1,11 @@
 ---
-title: Advice while using Windows Defender Credential Guard (Windows)
+title: Considerations when using Windows Defender Credential Guard
 description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/31/2017
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Considerations when using Windows Defender Credential Guard
@@ -26,6 +15,7 @@ Passwords are still weak. We recommend that in addition to deploying Windows Def
 Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, aren't supported.
 
 ## Wi-fi and VPN Considerations
+
 When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You'll be forced to enter your credentials to use these protocols and can't save the credentials for future use. If you're using WiFi and VPN endpoints that are based on MS-CHAPv2, they're subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS.
 
 ## Kerberos Considerations
@@ -33,19 +23,25 @@ When you enable Windows Defender Credential Guard, you can no longer use NTLM cl
 When you enable Windows Defender Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. Use constrained or resource-based Kerberos delegation instead.
 
 ## 3rd Party Security Support Providers Considerations
+
 Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it doesn't allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs aren't supported. We recommend that custom implementations of SSPs/APs are tested with Windows Defender Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API isn't supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](/windows/win32/secauthn/restrictions-around-registering-and-installing-a-security-package) on MSDN.
 
 ## Upgrade Considerations
+
 As the depth and breadth of protections provided by Windows Defender Credential Guard are increased, subsequent releases of Windows 10 with Windows Defender Credential Guard running may impact scenarios that were working in the past. For example, Windows Defender Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities. Test scenarios required for operations in an organization before upgrading a device using Windows Defender Credential Guard.
 
 ### Saved Windows Credentials Protected
 
-Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials: Windows credentials, certificate-based credentials, and generic credentials. Generic credentials such as user names and passwords that you use to log on to websites aren't protected since the applications require your cleartext password. If the application doesn't need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network. The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager:
+Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials: Windows credentials, certificate-based credentials, and generic credentials. Generic credentials such as user names and passwords that you use to log on to websites aren't protected since the applications require your cleartext password. If the application doesn't need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network. 
+
+The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager:
+
 * Windows credentials saved by Remote Desktop Client can't be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message "Logon attempt failed."
 * Applications that extract Windows credentials fail.
 * When credentials are backed up from a PC that has Windows Defender Credential Guard enabled, the Windows credentials can't be restored. If you need to back up your credentials, you must do this before you enable Windows Defender Credential Guard. Otherwise, you can't restore those credentials.
 
 ## Clearing TPM Considerations
+
 Virtualization-based Security (VBS) uses the TPM to protect its key. So when the TPM is cleared then the TPM protected key used to encrypt VBS secrets is lost.
 
 >[!WARNING]
@@ -58,9 +54,11 @@ As a result Credential Guard can no longer decrypt protected data. VBS creates a
 > Credential Guard obtains the key during initialization. So the data loss will only impact persistent data and occur after the next system startup.
 
 ### Windows credentials saved to Credential Manager
+
 Since Credential Manager can't decrypt saved Windows Credentials, they're deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard.
 
 ### Domain-joined device’s automatically provisioned public key
+
 Beginning with Windows 10 and Windows Server 2016, domain-devices automatically provision a bound public key, for more information about automatic public key provisioning, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
 
 Since Credential Guard can't decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it can't authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
@@ -68,6 +66,7 @@ Since Credential Guard can't decrypt the protected private key, Windows uses the
 Also if any access control checks including authentication policies require devices to have either the KEY TRUST IDENTITY (S-1-18-4) or FRESH PUBLIC KEY IDENTITY (S-1-18-3) well-known SIDs, then those access checks fail. For more information about authentication policies, see [Authentication Policies and Authentication Policy Silos](/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos). For more information about well-known SIDs, see [[MS-DTYP] Section 2.4.2.4 Well-known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
 
 ### Breaking DPAPI on domain-joined devices
+
 On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery isn't possible.
 
 >[!IMPORTANT]
@@ -88,6 +87,7 @@ Domain user sign-in on a domain-joined device after clearing a TPM for as long a
 Once the device has connectivity to the domain controllers, DPAPI recovers the user's key and data protected prior to clearing the TPM can be decrypted.
 
 #### Impact of DPAPI failures on Windows Information Protection
+
 When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection.  The impact includes: Outlook 2016 is unable to start and work protected documents can't be opened.  If DPAPI is working, then newly created work data is protected and can be accessed.
 
 **Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
@@ -95,6 +95,4 @@ When data protected with user DPAPI is unusable, then the user loses access to a
 
 ## See also
 
-**Related videos**
-
-[What is virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
+- [What is virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index 48360ee775..c9ed9e42c7 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -1,22 +1,11 @@
 ---
 title: How Windows Defender Credential Guard works
 description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/17/2017
+ms.topic: conceptual
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # How Windows Defender Credential Guard works
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index cb1b52ff54..07d9647887 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -1,22 +1,11 @@
 ---
-title: Windows Defender Credential Guard - Known issues (Windows)
+title: Windows Defender Credential Guard - Known issues
 description: Windows Defender Credential Guard - Known issues in Windows Enterprise
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 11/28/2022
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 # Windows Defender Credential Guard: Known issues
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index f7d645071d..e4eb399ed3 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -1,27 +1,15 @@
 ---
 title: Manage Windows Defender Credential Guard (Windows)
 description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
+ms.date: 11/23/2022
+ms.collection:
   - highpri
 ms.topic: article
-ms.custom: 
-  - CI 120967
-  - CSSTroubleshooting
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
+
 # Manage Windows Defender Credential Guard
 
 ## Default Enablement
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index 51ecf3c661..86b9533f7a 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -1,22 +1,11 @@
 ---
 title: Windows Defender Credential Guard protection limits & mitigations (Windows)
 description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Credential Guard protection limits and mitigations
@@ -26,16 +15,16 @@ in the Deep Dive into Windows Defender Credential Guard video series.
 
 Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
 
--   Software that manages credentials outside of Windows feature protection
--   Local accounts and Microsoft Accounts
--   Windows Defender Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise.
--   Key loggers
--   Physical attacks
--   Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization.
--   Third-party security packages
--   Digest and CredSSP credentials
-    -   When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
--   Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- 
+- Software that manages credentials outside of Windows feature protection
+- Local accounts and Microsoft Accounts
+- Windows Defender Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise.
+- Key loggers
+- Physical attacks
+- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization.
+- Third-party security packages
+- Digest and CredSSP credentials
+  - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
+- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- 
 -  When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host.
 -  Windows logon cached password verifiers (commonly called "cached credentials")
 do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available.
@@ -54,21 +43,21 @@ Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring,
 
 **To enable Kerberos armoring for restricting domain users to specific domain-joined devices**
 
--   Users need to be in domains that are running Windows Server 2012 R2 or higher
--   All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
--   All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
+- Users need to be in domains that are running Windows Server 2012 R2 or higher
+- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
+- All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
 
 #### Protecting domain-joined device secrets
 
 Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Windows Defender Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user.
 
 Domain-joined device certificate authentication has the following requirements:
--   Devices' accounts are in Windows Server 2012 domain functional level or higher.
--   All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
-    -   KDC EKU present
-    -   DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
--   Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store.
--   A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
+- Devices' accounts are in Windows Server 2012 domain functional level or higher.
+- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
+  - KDC EKU present
+  - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
+- Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store.
+- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
 
 ##### Deploying domain-joined device certificates
 
@@ -78,17 +67,17 @@ For example, let's say you wanted to use the High Assurance policy only on these
 
 **Creating a new certificate template**
 
-1.  From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.**
-2.  Right-click **Workstation Authentication**, and then click **Duplicate Template**.
-3.  Right-click the new template, and then click **Properties**.
-4.  On the **Extensions** tab, click **Application Policies**, and then click **Edit**.
-5.  Click **Client Authentication**, and then click **Remove**.
-6.  Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values:
-    -   Name: Kerberos Client Auth
-    -   Object Identifier: 1.3.6.1.5.2.3.4
-7.  On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**.
-8.  Under **Issuance Policies**, click**High Assurance**.
-9.  On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box.
+1. From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.**
+1. Right-click **Workstation Authentication**, and then click **Duplicate Template**.
+1. Right-click the new template, and then click **Properties**.
+1. On the **Extensions** tab, click **Application Policies**, and then click **Edit**.
+1. Click **Client Authentication**, and then click **Remove**.
+1. Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values:
+  - Name: Kerberos Client Auth
+  - Object Identifier: 1.3.6.1.5.2.3.4
+1. On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**.
+1. Under **Issuance Policies**, click**High Assurance**.
+1. On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box.
 
 Then on the devices that are running Windows Defender Credential Guard, enroll the devices using the certificate you just created.
 
@@ -101,15 +90,15 @@ CertReq -EnrollCredGuardCert MachineAuthentication
 
 > [!NOTE]
 > You must restart the device after enrolling the machine authentication certificate.
- 
+ 
 ##### How a certificate issuance policy can be used for access control
 
 Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd378897(v=ws.10)) on TechNet.
 
 **To see the issuance policies available**
 
--   The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.
-    From a Windows PowerShell command prompt, run the following command:
+- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.\
+From a Windows PowerShell command prompt, run the following command:
 
     ```powershell
     .\get-IssuancePolicy.ps1 –LinkedToGroup:All
@@ -117,7 +106,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
 
 **To link an issuance policy to a universal security group**
 
--   The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.
+- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.
     From a Windows PowerShell command prompt, run the following command:
 
     ```powershell
@@ -128,12 +117,12 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
 
 So we now have completed the following:
 
--   Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on
--   Mapped that policy to a universal security group or claim
--   Provided a way for domain controllers to get the device authorization data during user sign-on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
+- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on
+- Mapped that policy to a universal security group or claim
+- Provided a way for domain controllers to get the device authorization data during user sign-on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
 
 Authentication policies have the following requirements:
--   User accounts are in a Windows Server 2012 domain functional level or higher domain.
+- User accounts are in a Windows Server 2012 domain functional level or higher domain.
 
 **Creating an authentication policy restricting users to the specific universal security group**
 
@@ -357,7 +346,7 @@ write-host "There are no issuance policies which are not mapped to groups"
 ```
 > [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
- 
+ 
 #### <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index ef9f6a2bce..42fbe2a663 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -1,41 +1,30 @@
 ---
 title: Windows Defender Credential Guard protection limits (Windows)
 description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/17/2017
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 # Windows Defender Credential Guard protection limits
 
 Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
 
--   Software that manages credentials outside of Windows feature protection
--   Local accounts and Microsoft Accounts
--   Windows Defender Credential Guard doesn't protect the Active Directory database running on Windows Server 2016 domain controllers. It also doesn't protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise.
--   Key loggers
--   Physical attacks
--   Doesn't prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization.
--   Third-party security packages
--   Digest and CredSSP credentials
-    -   When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
--   Supplied credentials for NTLM authentication aren't protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. These same credentials are vulnerable to key loggers as well.- 
--  Kerberos service tickets aren't protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is.
--  When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it doesn't provide additional protection from privileged system attacks originating from the host.
--  Windows logon cached password verifiers (commonly called "cached credentials")
-don't qualify as credentials because they can't be presented to another computer for authentication, and can only be used locally to verify credentials. They're stored in the registry on the local computer and provide validation for credentials when a domain-joined computer can't connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller isn't available.
+- Software that manages credentials outside of Windows feature protection
+- Local accounts and Microsoft Accounts
+- Windows Defender Credential Guard doesn't protect the Active Directory database running on Windows Server domain controllers. It also doesn't protect credential input pipelines, such as Windows Server running Remote Desktop Gateway. If you're using a Windows Server OS as a client PC, it will get the same protection as it would when running a Windows client OS.
+- Key loggers
+- Physical attacks
+- Doesn't prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization.
+- Third-party security packages
+- Digest and CredSSP credentials
+  - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
+- Supplied credentials for NTLM authentication aren't protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. These same credentials are vulnerable to key loggers as well.- 
+- Kerberos service tickets aren't protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is.
+- When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it doesn't provide additional protection from privileged system attacks originating from the host.
+- Windows logon cached password verifiers (commonly called "cached credentials")
+don't qualify as credentials because they can't be presented to another computer for authentication, and can only be used locally to verify credentials. They're stored in the registry on the local computer and provide validation for credentials when a domain-joined computer can't connect to AD DS during user logon. These *cached logons*, or more specifically, *cached domain account information*, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller isn't available.
 
 ## See also
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 2e2a82219b..164f0f776e 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -1,26 +1,14 @@
 ---
-title: Windows Defender Credential Guard Requirements (Windows)
+title: Windows Defender Credential Guard requirements
 description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
-ms.topic: article
 ms.date: 12/27/2021
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
-# Windows Defender Credential Guard: Requirements
+# Windows Defender Credential Guard requirements
 
 For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index 11caa36d86..5051ce94cd 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -1,23 +1,20 @@
 ---
 title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows)
 description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
-ms.date: 08/17/2017
-ms.technology: itpro-security
+ms.date: 11/22/2022
+ms.topic: reference
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
-# Windows Defender Credential Guard: Scripts for Certificate Authority Issuance Policies
+# Windows Defender Credential Guard: scripts for certificate authority issuance policies
 
-Here is a list of scripts mentioned in this topic.
+Expand each section to see the PowerShell scripts:
 
-## <a href="" id="bkmk-getscript"></a>Get the available issuance policies on the certificate authority
+<br>
+<details>
+<summary><b>Get the available issuance policies on the certificate authority</b></summary>
 
 Save this script file as get-IssuancePolicy.ps1.
 
@@ -207,8 +204,12 @@ write-host "There are no issuance policies which are not mapped to groups"
 ```
 > [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
- 
-## <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
+
+</details>
+
+<br>
+<details>
+<summary><b>Link an issuance policy to a group</b></summary>
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
 
@@ -489,3 +490,5 @@ write-host $tmp -Foreground Red
 
 > [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
+
+</details>
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index aa1ffc29b1..6548d02f17 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -1,24 +1,13 @@
 ---
 title: Protect derived domain credentials with Windows Defender Credential Guard (Windows)
 description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
-  - highpri
+ms.date: 11/22/2022
 ms.topic: article
-ms.date: 03/10/2022
+ms.collection: 
+  - highpri
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Protect derived domain credentials with Windows Defender Credential Guard
@@ -27,14 +16,13 @@ Windows Defender Credential Guard uses virtualization-based security to isolate
 
 By enabling Windows Defender Credential Guard, the following features and solutions are provided:
 
--   **Hardware security** NTLM, Kerberos, and Credential Manager take advantage of platform security features, including Secure Boot and virtualization, to protect credentials.
--   **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system.
--   **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Windows Defender Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate other security strategies and architectures.
+- **Hardware security** NTLM, Kerberos, and Credential Manager take advantage of platform security features, including Secure Boot and virtualization, to protect credentials.
+- **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system.
+- **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Windows Defender Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate other security strategies and architectures.
 
 > [!NOTE]
 > As of Windows 11, version 22H2, Windows Defender Credential Guard has been enabled by default on all devices which meet the minimum requirements as specified in the [Default Enablement](credential-guard-manage.md#default-enablement) section. For information about known issues related to default enablement, see [Credential Guard: Known Issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
 
- 
 ## Related topics
 
 - [Protecting network passwords with Windows Defender Credential Guard](https://www.microsoft.com/itshowcase/Article/Content/831/Protecting-network-passwords-with-Windows-10-Credential-Guard)
diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index bfb971ef4f..d834db9710 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -1,21 +1,11 @@
 ---
 title: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
 description: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool script
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
-appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+ms.date: 11/22/2022
+ms.topic: reference
+appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md
index 4b46daa4cb..6b2de2aa60 100644
--- a/windows/security/identity-protection/enterprise-certificate-pinning.md
+++ b/windows/security/identity-protection/enterprise-certificate-pinning.md
@@ -4,7 +4,6 @@ description: Enterprise certificate pinning is a Windows feature for remembering
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-security
diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
index 721ddca258..004083bb85 100644
--- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
@@ -1,12 +1,12 @@
 ---
-title: Azure Active Directory join cloud only deployment
-description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device.
+title: Windows Hello for Business cloud-only deployment
+description: Learn how to configure Windows Hello for Business in a cloud-only deployment scenario.
 ms.date: 06/23/2021
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
 ms.topic: article
 ---
-# Azure Active Directory join cloud only deployment
+# Cloud-only deployment
 
 [!INCLUDE [hello-hybrid-key-trust](../../includes/hello-cloud.md)]
 
@@ -17,7 +17,7 @@ When you Azure Active Directory (Azure AD) join a Windows device, the system pro
 You may wish to disable the automatic Windows Hello for Business enrollment prompts if you aren't ready to use it in your environment. Instructions on how to disable Windows Hello for Business enrollment in a cloud only environment are included below.
 
 > [!NOTE]
-> During the out-of-box experience (OOBE) flow of an Azure AD join, you will see a provisioning PIN when you don’t have Intune. You can always cancel the PIN screen and set this cancellation with registry keys to prevent future prompts.
+> During the out-of-box experience (OOBE) flow of an Azure AD join, you will see a provisioning PIN when you don't have Intune. You can always cancel the PIN screen and set this cancellation with registry keys to prevent future prompts.
 
 ## Prerequisites
 
@@ -25,7 +25,7 @@ Cloud only deployments will use Azure AD multi-factor authentication (MFA) durin
 
 The necessary Windows Hello for Business prerequisites are located at [Cloud Only Deployment](hello-identity-verification.md#azure-ad-cloud-only-deployment).
 
-Also note that it's possible for federated domains to enable the “Supports MFA” flag in your federated domain settings. This flag tells Azure AD that the federated IDP will perform the MFA challenge.
+Also note that it's possible for federated domains to enable the *Supports MFA* flag in your federated domain settings. This flag tells Azure AD that the federated IDP will perform the MFA challenge.
 
 Check and view this setting with the following MSOnline PowerShell command:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
index 485f602211..32dc3ba63e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
+++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
@@ -4,7 +4,7 @@ description: Guide for planning to have an adequate number of Windows Server 201
 ms.date: 08/20/2018
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.topic: article
 ---
 # Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 3486c444df..d258d207f7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -1,566 +1,318 @@
 ---
-title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business)
-description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust.
-ms.date: 01/14/2021
+title: Prepare and deploy Active Directory Federation Services in an on-premises certificate trust
+description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business certificate trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Prepare and Deploy Active Directory Federation Services (AD FS)
-
-Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS).  The on-premises certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority.
-
-The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
-
-If your environment exceeds either of these factors or needs to provide SAML artifact resolution, token replay detection, or needs Active Directory Federation Services to operate in a federated provider role, then your deployment needs to use a SQL for your configuration database. To deploy the Active Directory Federation Services using SQL as its configuration database, please review the [Deploying a Federation Server Farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist.
-
-If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update.  If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment.  If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment.
-
-Ensure you apply the Windows Server 2016 Update to all nodes in the farm after you have successfully completed the upgrade. 
-
-A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with an external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
-
-Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers.  Ensure the update listed below is applied to each server before continuing.
-
-> [!NOTE]
-> For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
->
-> 1. Launch AD FS management console. Browse to "Services > Scope Descriptions".
-> 2. Right click "Scope Descriptions" and select "Add Scope Description".
-> 3. Under name type "ugs" and Click Apply > OK.
-> 4. Launch PowerShell as an administrator.
-> 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b":
-> ```PowerShell
-> (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
-> ```
-> 6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
-> 7. Restart the AD FS service.
-> 8. On the client: Restart the client. User should be prompted to provision Windows Hello for Business.
-
-## Update Windows Server 2016
-
-Sign-in the federation server with _local admin_ equivalent credentials.
-1. Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If you’re not using Windows Update for updates, please advise the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed.
-2. Ensure the latest server updates to the federation server includes [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889).
-
->[!IMPORTANT]
->The above referenced updates are mandatory for Windows Hello for Business all on-premises deployment and hybrid certificate trust deployments for domain joined computers.
-
-## Enroll for a TLS Server Authentication Certificate
-
-Windows Hello for Business on-premises deployments require a federation server for device registration, key registration, and authentication certificate enrollment.  Typically, a federation service is an edge facing role.  However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity.  
-
-The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority.  The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm:
-
-- Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS)
-- Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com)
-- Subject Alternate Name: Your device registration service name, such as *enterpriseregistration.contoso.com*
-
-You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**.  The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com.
-
-You can; however, issue one certificate for all hosts in the farm.  If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request.  All names should include the FQDN of each host in the farm and the federation service name.  
-
-It’s recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm.
-
-Be sure to enroll or import the certificate into the AD FS server’s computer certificate store.  Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
-
-### Internal Web Server Authentication Certificate Enrollment
-
-Sign-in the federation server with domain administrator equivalent credentials.
-
-1. Start the Local Computer **Certificate Manager** (certlm.msc).
-2. Expand the **Personal** node in the navigation pane.
-3. Right-click **Personal**. Select **All Tasks** and **Request New Certificate**.
-4. Click **Next** on the **Before You Begin** page.
-5. Click **Next** on the **Select Certificate Enrollment Policy** page.
-6. On the **Request Certificates** page, Select the **Internal Web Server** check box.
-7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link   
-    ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link.](images/hello-internal-web-server-cert.png)
-8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**.  
-9. Under **Alternative name**, select **DNS** from the **Type** list.  Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role.  Click **Add**. Repeat the same to add device registration service name (*enterpriseregistration.contoso.com*) as another alternative name. Click **OK** when finished.
-10. Click **Enroll**.
-
-A server authentication certificate should appear in the computer’s Personal certificate store.
-
-## Deploy the Active Directory Federation Service Role
-
-The Active Directory Federation Service (AD FS) role provides the following services to support Windows Hello for Business on-premises deployments:
-
-- Device registration
-- Key registration
-- Certificate registration authority (certificate trust deployments)
-
->[!IMPORTANT]
-> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm.  Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. 
-
-Windows Hello for Business depends on proper device registration.  For on-premises deployments, Windows Server 2016 AD FS handles device registration.
-
-Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
-
-1. Start **Server Manager**.  Click **Local Server** in the navigation pane.
-2. Click **Manage** and then click **Add Roles and Features**.
-3. Click **Next** on the **Before you begin** page.
-4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
-5. On the **Select destination server** page, choose **Select a server from the server pool**.  Select the federation server from the **Server Pool** list.  Click **Next**.
-6. On the **Select server roles** page, select **Active Directory Federation Services**.  Click **Next**.
-7. Click **Next** on the **Select features** page.
-8. Click **Next** on the **Active Directory Federation Service** page.
-9. Click **Install** to start the role installation.
-
-## Review & validate
+# Prepare and deploy Active Directory Federation Services - on-premises certificate trust
 
 [!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
 
+Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS) role included with Windows Server. The on-premises certificate trust deployment model uses AD FS for *certificate enrollment* and *device registration*.
+
+The following guidance describes the deployment of a new instance of AD FS using the Windows Information Database (WID) as the configuration database.\
+WID is ideal for environments with no more than **30 federation servers** and no more than **100 relying party trusts**. If your environment exceeds either of these factors, or needs to provide *SAML artifact resolution*, *token replay detection*, or needs AD FS to operate as a federated provider role, then the deployment requires the use of SQL as a configuration database.\
+To deploy AD FS using SQL as its configuration database, review the [Deploying a Federation Server Farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist.
+
+A new AD FS farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
+
+Prepare the AD FS deployment by installing and **updating** two Windows Servers.
+
+## Enroll for a TLS server authentication certificate
+
+Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity.
+
+The AD FS role needs a *server authentication* certificate for the federation services, and you can use a certificate issued by your enterprise (internal) CA. The server authentication certificate should have the following names included in the certificate, if you are requesting an individual certificate for each node in the federation farm:
+ - **Subject Name**: the internal FQDN of the federation server
+ - **Subject Alternate Name**: the federation service name (e.g. *sts.corp.contoso.com*) or an appropriate wildcard entry (e.g. *\*.corp.contoso.com*)
+
+The federation service name is set when the AD FS role is configured. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server *adfs* and the federation service *sts*. In this example, the FQDN of the host is *adfs.corp.contoso.com* and the FQDN of the federation service is *sts.corp.contoso.com*.
+
+You can also issue one certificate for all hosts in the farm. If you chose this option, leave the subject name *blank*, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name.
+
+When creating a wildcard certificate, mark the private key as exportable, so that the same certificate can be deployed across each federation server and web application proxy within the AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm.
+
+Be sure to enroll or import the certificate into the AD FS server's computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
+### AD FS authentication certificate enrollment
+
+Sign-in the federation server with *domain administrator* equivalent credentials.
+
+1. Start the Local Computer **Certificate Manager** (certlm.msc)
+1. Expand the **Personal** node in the navigation pane
+1. Right-click **Personal**. Select **All Tasks > Request New Certificate**
+1. Select **Next** on the **Before You Begin** page
+1. Select **Next** on the **Select Certificate Enrollment Policy** page
+1. On the **Request Certificates** page, select the **Internal Web Server** check box
+1. Select the **⚠️ More information is required to enroll for this certificate. Click here to configure settings** link
+    :::image type="content" source="images/hello-internal-web-server-cert.png" lightbox="images/hello-internal-web-server-cert.png" alt-text="Example of Certificate Properties Subject Tab - This is what shows when you select the above link.":::
+1. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the AD FS role and then select **Add**
+1. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name that you will use for your federation services (*sts.corp.contoso.com*). The name you use here MUST match the name you use when configuring the AD FS server role. Select **Add** and **OK** when finished
+1. Select **Enroll**
+
+A server authentication certificate should appear in the computer's personal certificate store.
+
+## Deploy the AD FS role
+
+AD FS provides the following services to support Windows Hello for Business on-premises deployments in a certificate trust model:
+
+- Device registration
+- Key registration
+- Certificate registration authority (CRA)
+
+>[!IMPORTANT]
+> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm.  Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm.
+
+Sign-in the federation server with *Enterprise Administrator* equivalent credentials.
+
+1. Start **Server Manager**. Select **Local Server** in the navigation pane
+1. Select **Manage > Add Roles and Features**
+1. Select **Next** on the **Before you begin** page
+1. On the **Select installation type** page, select **Role-based or feature-based installation > Next**
+1. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list and **Next**
+1. On the **Select server roles** page, select **Active Directory Federation Services** and **Next**
+1. Select **Next** on the **Select features** page
+1. Select **Next** on the **Active Directory Federation Service** page
+1. Select **Install** to start the role installation
+
+## Review to validate the AD FS deployment
+
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
 
-- Confirm the AD FS farm uses the correct database configuration.
-- Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load.
-- Confirm **all** AD FS servers in the farm have the latest updates.
-- Confirm all AD FS servers have a valid server authentication certificate.
-    - The subject of the certificate is the common name (FQDN) of the host or a wildcard name.
-    - The alternate name of the certificate contains a wildcard or the FQDN of the federation service.
+> [!div class="checklist"]
+> * Confirm the AD FS farm uses the correct database configuration
+> * Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load
+> * Confirm **all** AD FS servers in the farm have the latest updates installed
+> * Confirm all AD FS servers have a valid server authentication certificate
 
-## Device Registration Service Account Prerequisite
+## Device registration service account prerequisites
 
-The service account used for the device registration server depends on the domain controllers in the environment.  
+The use of Group Managed Service Accounts (GMSA) is the preferred way to deploy service accounts for services that support them. GMSAs have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. AD FS supports GMSAs, and it should be configured using them for additional security.
 
->[!NOTE]
-> Follow the procedures below based on the domain controllers deployed in your environment.  If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+GSMA uses the *Microsoft Key Distribution Service* that is located on the domain controllers. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA.
 
-### Windows Server 2012 or later Domain Controllers
+### Create KDS Root Key
 
-Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them.  Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management.  This means the password is long, complex, and changes periodically.  The best part of GMSA is all this happens automatically.  AD FS supports GMSA and should be configured using them for additional defense in depth security.
+Sign-in a domain controller with *Enterprise Administrator* equivalent credentials.
 
-GMSA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers.  Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GMSA.  Before you can create a GMSA, you must first create a root key for the service.  You can skip this if your environment already uses GMSA.
-
->[!NOTE]
-> If the [default object creation quota for security principles](/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices. 
-
-#### Create KDS Root Key
-
-Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.
-
-1. Start an elevated Windows PowerShell console.
-2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`.
-
-### Windows Server 2008 or 2008 R2 Domain Controllers
-
-Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts.  Therefore, you must use create a normal user account as a service account where you are responsible for changing the password on a regular basis.
-
-#### Create an AD FS Service Account
-
-Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
-
-1. Open **Active Directory Users and Computers**.
-2. Right-click the **Users** container, Click **New**. Click **User**.
-3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box.  Type **adfssvc** in the **User logon name** text box.  Click **Next**.
-4. Enter and confirm a password for the **adfssvc** user. Clear the **User must change password at next logon** check box.
-5. Click **Next** and then click **Finish**.
+Start an elevated PowerShell console and execute the following command:
+```PowerShell
+Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)
+```
 
 ## Configure the Active Directory Federation Service Role
 
->[!IMPORTANT]
-> Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+Use the following procedures to configure AD FS.
 
-### Windows Server 2012 or later Domain Controllers
+Sign-in to the federation server with *Domain Administrator* equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm.
 
-Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**.  If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section.
-
-Sign-in the federation server with _domain administrator_ equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm.
-
-1. Start **Server Manager**.
-2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**.
-![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png)
-3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
-4. Click **Next** on the **Connect to Active Directory Domain Services** page.
-5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list.  The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*.
-6. Select the federation service name from the **Federation Service Name** list.
-7. Type the Federation Service Display Name in the text box.  This is the name users see when signing in.  Click **Next**.
-8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**.  In the **Account Name** box, type **adfssvc**.
-9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
-10. On the **Review Options** page, click **Next**.
-11. On the **Pre-requisite Checks** page, click **Configure**.
-12. When the process completes, click **Close**.
-
-### Windows Server 2008 or 2008 R2 Domain Controllers
-
-Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**.  If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section.
-
-Sign-in the federation server with _domain administrator_ equivalent credentials.  These instructions assume you are configuring the first federation server in a federation server farm.
-
-1. Start **Server Manager**.
-2. Click the notification flag in the upper right corner.  Click **Configure federation services on this server**.
-![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png)
-3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
-4. Click **Next** on the **Connect to Active Directory Domain Services** page.
-5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as fs.corp.mstepdemo.net or fs.mstepdemo.net.
-6. Select the federation service name from the **Federation Service Name** list.
-7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**.
-8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**.  In the **Select User or Service Account** dialog box, type the name of the previously created AD FS service account (example adfssvc) and click **OK**. Type the password for the AD FS service account and click **Next**.
-9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
-10. On the **Review Options** page, click **Next**.
-11. On the **Pre-requisite Checks** page, click **Configure**.
-12. When the process completes, click **Close**.
-13. Do not restart the AD FS server. You will do this later.
-
-### Add the AD FS Service account to the KeyCredential Admin group and the Windows Hello for Business Users group
+1. Start **Server Manager**
+1. Select the notification flag in the upper right corner and select **Configure the federation services on this server**
+1. On the **Welcome** page, select **Create the first federation server farm > Next**
+1. On the **Connect to Active Directory Domain Services** page, select **Next**
+1. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *sts.corp.contoso.com*
+1. Select the federation service name from the **Federation Service Name** list
+1. Type the *Federation Service Display Name* in the text box. This is the name users see when signing in. Select **Next**
+1. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type *adfssvc*
+1. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and select **Next**
+1. On the **Review Options** page, select **Next**
+1. On the **Pre-requisite Checks** page, select **Configure**
+1. When the process completes, select **Close**
 
 > [!NOTE]
-> If you have a Windows Server 2016 domain controller in your domain, you can use the **Key Admins** group instead of **KeyCredential Administrators** and skip the **Configure Permissions for Key Registration** step.
+> For AD FS 2019 and later in a certificate trust model, a known PRT issue exists. You may encounter this error in AD FS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
+>
+> 1. Launch AD FS management console. Browse to ***Services > Scope Descriptions**
+> 2. Right-click **Scope Descriptions** and select **Add Scope Description**
+> 3. Under name type *ugs* and select **Apply > OK**
+> 4. Launch PowerShell as an administrator and execute the following commands:
+> ```PowerShell
+> $id = (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
+> Set-AdfsApplicationPermission -TargetIdentifier $id -AddScope 'ugs'
+> ```
+> 7. Restart the AD FS service
+> 8. Restart the client. User should be prompted to provision Windows Hello for Business
 
-The **KeyCredential Administrators** global group provides the AD FS service with the permissions needed to perform key registration.  The Windows Hello for Business group provides the AD FS service with the permissions needed to enroll a Windows Hello for Business authentication certificate on behalf of the provisioning user.
+### Add the AD FS service account to the *Key Admins* group
 
-Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
+During Windows Hello for Business enrollment, the public key is registered in an attribute of the user object in Active Directory. To ensure that the AD FS service can add and remove keys are part of its normal workflow, it must be a member of the *Key Admins* global group.
 
-1. Open **Active Directory Users and Computers**.
-2. Click the **Users** container in the navigation pane.
-3. Right-click **KeyCredential Admins** in the details pane and click **Properties**.
-4. Click the **Members** tab and click **Add…**
-5. In the **Enter the object names to select** text box, type **adfssvc**.  Click **OK**.
-6. Click **OK** to return to **Active Directory Users and Computers**.
-7. Right-click **Windows Hello for Business Users** group
-8. Click the **Members** tab and click **Add…**
-9. In the **Enter the object names to select** text box, type **adfssvc**.  Click **OK**.
-10. Click **OK** to return to **Active Directory Users and Computers**.
-11. Change to server hosting the AD FS role and restart it.
+Sign-in to a domain controller or management workstation with *Domain Administrator* equivalent credentials.
 
-### Configure Permissions for Key Registration
+1. Open **Active Directory Users and Computers**
+1. Select the **Users** container in the navigation pane
+1. Right-click **Key Admins** in the details pane and select **Properties**
+1. Select the **Members > Add…**
+1. In the **Enter the object names to select** text box, type *adfssvc*. Select **OK**
+1. Select **OK** to return to **Active Directory Users and Computers**
+1. Change to server hosting the AD FS role and restart it
 
-Key Registration stores the Windows Hello for Business public key in Active Directory.  With on-premises deployments, the Windows Server 2016 AD FS server registers the public key with the on-premises Active Directory.
+Sign-in to the federation server with *Enterprise Administrator* equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
 
-The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.
+1. Open the **AD FS management** console
+1. In the navigation pane, expand **Service**. Select **Device Registration**
+1. In the details pane, select **Configure device registration**
+1. In the **Configure Device Registration** dialog, Select **OK**
 
-Sign-in a domain controller or management workstations with _Domain Admin_ equivalent credentials.
+:::image type="content" source="images/adfs-device-registration.png" lightbox="images/adfs-device-registration.png" alt-text="AD FS device registration: configuration of the service connection point.":::
 
-1. Open **Active Directory Users and Computers**.
-2. Right-click your domain name from the navigation pane and click **Properties**.
-3. Click **Security** (if the Security tab is missing, turn on Advanced Features from the View menu).
-4. Click **Advanced**. Click **Add**. Click **Select a principal**.
-5. The **Select User, Computer, Service Account, or Group** dialog box appears. In the **Enter the object name to select** text box, type **KeyCredential Admins**.  Click **OK**.
-6. In the **Applies to** list box, select **Descendant User objects**.
-7. Using the scroll bar, scroll to the bottom of the page and click **Clear all**.
-8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCrendentialLink**.
-9. Click **OK** three times to complete the task.
+Triggering device registration from AD FS, creates the service connection point (SCP) in the Active Directory configuration partition. The SCP is used to store the device registration information that Windows clients will automatically discover.
 
-## Configure the Device Registration Service
+:::image type="content" source="images/adfs-scp.png" lightbox="images/adfs-scp.png" alt-text="AD FS device registration: service connection point object created by AD FS.":::
 
-Sign-in the federation server with _Enterprise Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
-
-1. Open the **AD FS management** console.
-2. In the navigation pane, expand **Service**. Click **Device Registration**.
-3. In the details pane, click **Configure Device Registration**.
-4. In the **Configure Device Registration** dialog, click **OK**.
-
-## Review to validate
+## Review to validate the AD FS and Active Directory configuration
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you followed the correct procedures based on the domain controllers used in your deployment. 
-    * Windows Server 2012 or Windows Server 2012 R2
-    * Windows Server 2008 or Windows Server 2008 R2
-* Confirm you have the correct service account based on your domain controller version.
-* Confirm you properly installed the AD FS role on your Windows Server 2016 based on the proper sizing of your federation, the number of relying parties, and database needs.
-* Confirm you used a certificate with the correct names as the server authentication certificate.
-    * Record the expiration date of the certificate and set a renewal reminder at least six weeks before it expires that includes the:
-        * Certificate serial number
-        * Certificate thumbprint
-        * Common name of the certificate
-        * Subject alternate name of the certificate
-        * Name of the physical host server
-        * The issued date
-        * The expiration date
-        * Issuing CA Vendor (if a third-party certificate) 
-* Confirm you granted the AD FS service allow read and write permissions to the ms-DSKeyCredentialLink Active Directory attribute.
-* Confirm you enabled the Device Registration service.
 
-## Prepare and Deploy AD FS Registration Authority
+> [!div class="checklist"]
+> * Record the information about the AD FS certificate, and set a renewal reminder at least six weeks before it expires. Relevant information includes: certificate serial number, thumbprint, common name, subject alternate name, name of the physical host server, the issued date, the expiration date, and issuing CA vendor (if a third-party certificate)
+> * Confirm you added the AD FS service account to the KeyAdmins group
+> * Confirm you enabled the Device Registration service
 
-A registration authority is a trusted authority that validates certificate request.  Once it validates the request, it presents the request to the certificate authority for issuance.  The certificate authority issues the certificate, returns it to the registration authority, which returns the certificate to the requesting user.  The Windows Hello for Business on-premises certificate-based deployment uses the Active Directory Federation Server (AD FS) as the certificate registration authority.
+## Configure the certificate registration authority
 
-### Configure Registration Authority template
+The Windows Hello for Business on-premises certificate-based deployment uses AD FS as the certificate registration authority (CRA). The registration authority is responsible for issuing certificates to users and devices. The registration authority is also responsible for revoking certificates when users or devices are removed from the environment.
 
-The certificate registration authority enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate. The certificate authority only issues a certificate for that template if the registration authority signs the certificate request.
+Sign-in the AD FS server with *domain administrator* equivalent credentials.
 
-The registration authority template you configure depends on the AD FS service configuration, which depends on the domain controllers the environment uses for authentication.
+Open a **Windows PowerShell** prompt and type the following command:
 
->[!IMPORTANT]
->Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
-
-#### Windows 2012 or later domain controllers
-
-Sign-in a certificate authority or management workstations with _domain administrator_ equivalent credentials.
-
-1. Open the **Certificate Authority Management** console.
-2. Right-click **Certificate Templates** and click **Manage**.
-3. In the **Certificate Template Console**, right click on the **Exchange Enrollment Agent (Offline request)** template details pane and click **Duplicate Template**.
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
-5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
-6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
-
-   > [!NOTE]
-   > The preceding step is very important.  Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate.  You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
-
-7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
-8. On the **Security** tab, click **Add**.
-9. Click **Object Types**.  Select the **Service Accounts** check box and click **OK**.
-10. Type **adfssvc** in the **Enter the object names to select** text box and click **OK**.
-11. Click the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section, In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission. Excluding the **adfssvc** user, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
-12. Close the console.
-
-#### Windows 2008 or 2008R2 domain controllers
-
-Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
-
-1. Open the **Certificate Authority** management console.
-2. Right-click **Certificate Templates** and click **Manage**.
-3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent** template in the details pane and click **Duplicate Template**.
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
-5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
-6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected.  Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
-7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
-8. On the **Security** tab, click **Add**. Type **adfssvc** in the **Enter the object names to select text box** and click **OK**.
-9. Click the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission. Excluding the **adfssvc** user, clear the **Allow** check boxes for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
-10. Close the console.
-
-### Configure the Windows Hello for Business Authentication Certificate template
-
-During Windows Hello for Business provisioning, the Windows 10, version 1703 client requests an authentication certificate from the Active Directory Federation Service, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring.
-
-Sign-in a certificate authority or management workstations with _domain administrator equivalent_ credentials.
-
-1. Open the **Certificate Authority** management console.
-2. Right-click **Certificate Templates** and click **Manage**.
-3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
-5. On the **General** tab, type **WHFB Authentication** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
-   > [!NOTE]
-   > If you use different template names, you’ll need to remember and substitute these names in different portions of the deployment.
-6. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  
-7. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**.
-8. On the **Issuance Requirements** tab, select the T**his number of authorized signatures** check box.  Type **1** in the text box.
-   Select **Application policy** from the **Policy type required in signature**. Select **Certificate Request Agent** from in the **Application policy** list. Select the **Valid existing certificate** option.
-9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
-10. On the **Request Handling** tab, select the **Renew with same key** check box.
-11. On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**.
-12. Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Enroll** permission. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**.
-13. If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template.
-14. Click on the **Apply** to save changes and close the console.
-
-#### Mark the template as the Windows Hello Sign-in template 
-
-Sign-in to an **AD FS Windows Server 2016** computer with _enterprise administrator_ equivalent credentials.
-
-1. Open an elevated command prompt.
-2. Run `certutil –dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`.
-
->[!NOTE]
->If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It’s important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
-
-### Publish Enrollment Agent and Windows Hello For Business Authentication templates to the Certificate Authority
-
-Sign-in a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
-
-1. Open the **Certificate Authority** management console.
-2. Expand the parent node from the navigation pane.
-3. Click **Certificate Templates** in the navigation pane.
-4. Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template to issue**.
-5. In the **Enable Certificates Templates** window, select the **WHFB Enrollment Agent** template you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
-6. Publish the **WHFB Authentication** certificate template using step 5.
-7. Close the console.
-
-### Configure the Registration Authority
-
-Sign-in the AD FS server with domain administrator equivalent credentials.
-
-1. Open a **Windows PowerShell** prompt.
-2. Type the following command
-  
    ```PowerShell
    Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplate WHFBEnrollmentAgent -WindowsHelloCertificateTemplate WHFBAuthentication
    ```
    >[!NOTE]
-   > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It’s important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
+   > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace *WHFBEnrollmentAgent* and *WHFBAuthentication* in the above command with the name of your certificate templates.
 
-### Enrollment Agent Certificate Enrollment
+### Enrollment agent certificate enrollment
 
-Active Directory Federation Server used for Windows Hello for Business certificate enrollment perform their own certificate lifecycle management.  Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
+AD FS performs its own certificate lifecycle management. Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
 
-Approximately 60 days prior to enrollment agent certificate’s expiration, the AD FS service attempts to renew the certificate until it is successful.  If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate.  You can view the AD FS event logs to determine the status of the enrollment agent certificate.
+Approximately 60 days prior to enrollment agent certificate's expiration, the AD FS service attempts to renew the certificate until it is successful. If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate. You can view the AD FS event logs to determine the status of the enrollment agent certificate.
 
-### Service Connection Point (SCP) in Active Directory for ADFS Device Registration Service
+## Additional federation servers
 
-> [!NOTE]
-> Normally this script is not needed, as enabling Device Registration via the ADFS Management console already creates the objects. You can validate the SCP using the script below. For detailed information about the Device Registration Service, see [Configuring Device Registration](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614658(v=ws.11)).
+Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm.
 
-Now you will add the Service connection Point to ADFS device registration Service for your Active directory by running the following script:
+### Server authentication certificate
 
-> [!TIP]
-> Make sure to change the $enrollmentService and $configNC variables before running the script.
+Each server you add to the AD FS farm must have a proper server authentication certificate. Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate. As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities.
 
-```powershell
-# Replace this with your Device Registration Service endpoint
-$enrollmentService = "enterpriseregistration.contoso.com"
-# Replace this with your Active Directory configuration naming context 
-$configNC = "CN=Configuration,DC=corp,DC=contoso,DC=org" 
- 
-$de = New-Object System.DirectoryServices.DirectoryEntry
-$de.Path = "LDAP://CN=Device Registration Configuration,CN=Services," + $configNC
-
-$deSCP = $de.Children.Add("CN=62a0ff2e-97b9-4513-943f-0d221bd30080", "serviceConnectionPoint")
-$deSCP.Properties["keywords"].Add("enterpriseDrsName:" + $enrollmentService)
-$deSCP.CommitChanges()
-```
-
->[!NOTE]
-> You can save the modified script in notepad and save them as "add-scpadfs.ps1" and the way to run it is just navigating into the script path folder and running .\add-scpAdfs.ps1.
->
-
-## Additional Federation Servers
-
-Organizations should deploy more than one federation server in their federation farm for high-availability.  You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more.  This largely depends on the number of devices and users using the services provided by the AD FS farm. 
-
-### Server Authentication Certificate
-
-Each server you add to the AD FS farm must have a proper server authentication certificate.  Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate.  As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities.
-
-### Install Additional Servers
+### Install additional servers
 
 Adding federation servers to the existing AD FS farm begins with ensuring the server are fully patched, to include Windows Server 2016 Update needed to support Windows Hello for Business deployments (https://aka.ms/whfbadfs1703). Next, install the Active Directory Federation Service role on the additional servers and then configure the server as an additional server in an existing farm.
 
-## Load Balance AD FS Federation Servers
+## Load balance AD FS
 
-Many environments load balance using hardware devices.  Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm.  Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced.
+Many environments load balance using hardware devices. Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm. Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced.
 
 ### Install Network Load Balancing Feature on AD FS Servers
 
-Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
+Sign-in the federation server with *Enterprise Administrator* equivalent credentials.
 
-1. Start **Server Manager**.  Click **Local Server** in the navigation pane.
-2. Click **Manage** and then click **Add Roles and Features**.
-3. Click **Next** On the **Before you begin** page.
-4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
-5. On the **Select destination server** page, choose **Select a server from the server pool**.  Select the federation server from the **Server Pool** list.  Click **Next**.
-6. On the **Select server roles** page, click **Next**.
-7. Select **Network Load Balancing** on the **Select features** page.
-8. Click **Install** to start the feature installation.
-   ![Feature selection screen with NLB selected.](images/hello-nlb-feature-install.png)
+1. Start **Server Manager**. Select **Local Server** in the navigation pane
+1. Select **Manage** and then select **Add Roles and Features**
+1. Select **Next** On the **Before you begin** page
+1. On the **Select installation type** page, select **Role-based or feature-based installation** and select **Next**
+1. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Select **Next**
+1. On the **Select server roles** page, select **Next**
+1. Select **Network Load Balancing** on the **Select features** page
+1. Select **Install** to start the feature installation
 
 ### Configure Network Load Balancing for AD FS
 
-Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster.  Once you have created the cluster, then you can add new nodes to that cluster.
+Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster. Once you have created the cluster, then you can add new nodes to that cluster.
 
-Sign-in a node of the federation farm with _Admin_ equivalent credentials.
+Sign-in a node of the federation farm with *Administrator* equivalent credentials.
 
-1. Open **Network Load Balancing Manager** from **Administrative Tools**.
-    ![NLB Manager user interface.](images/hello-nlb-manager.png)
-2. Right-click **Network Load Balancing Clusters**, and then click **New Cluster**.
-3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**.
-    ![NLB Manager - Connect to new Cluster screen.](images/hello-nlb-connect.png)
-4. Select the interface that you want to use with the cluster, and then click **Next**. (The interface hosts the virtual IP address and receives the client traffic to load balance.)
-5. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Click **Next**.
-6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**.
-    ![NLB Manager - Add IP to New Cluster screen.](images/hello-nlb-add-ip.png)
-7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster.
-    ![NLB Manager - Cluster IP Configuration screen.](images/hello-nlb-cluster-ip-config.png)
-8. In **Cluster operation mode**, click **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Click **Next**.
-9. In Port Rules, click Edit to modify the default port rules to use port 443.
-    ![NLB Manager - Add\Edit Port Rule screen.](images/hello-nlb-cluster-port-rule.png)
+1. Open **Network Load Balancing Manager** from **Administrative Tools**
+1. Right-click **Network Load Balancing Clusters**, and then select **New Cluster**
+1. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then select **Connect**
+1. Select the interface that you want to use with the cluster, and then select **Next** (the interface hosts the virtual IP address and receives the client traffic to load balance)
+1. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Select **Next**
+1. In **Cluster IP Addresses**, select **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Select **Next**
+1. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster
+1. In **Cluster operation mode**, select **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Select **Next**
+1. In Port Rules, select Edit to modify the default port rules to use port 443
 
 ### Additional AD FS Servers
 
-1. To add more hosts to the cluster, right-click the new cluster, and then click **Add Host to Cluster**.
-2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same.
-    ![NLB Manager - Cluster with nodes.](images/hello-nlb-cluster.png)
+1. To add more hosts to the cluster, right-click the new cluster, and then select **Add Host to Cluster**
+1. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same
 
 ## Configure DNS for Device Registration
 
-Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials.  You’ll need the Federation service name to complete this task.  You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
+Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials.\
+You'll need the *federation service* name to complete this task. You can view the federation service name by selecting **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
 
-1. Open the **DNS Management** console.
-2. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**.
-3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
-4. In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**.
-5. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Click **Add Host**.
-6. Close the DNS Management console.
+1. Open the **DNS Management** console
+1. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**
+1. In the navigation pane, select the node that has the name of your internal Active Directory domain name
+1. In the navigation pane, right-click the domain name node and select **New Host (A or AAAA)**
+1. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Select **Add Host**
+1. Right-click the `<domain_name>` node and select **New Alias (CNAME)**
+1. In the **New Resource Record** dialog box, type `enterpriseregistration` in the **Alias** name box
+1. In the **fully qualified domain name (FQDN)** of the target host box, type `federation_service_farm_name.<domain_name_fqdn`, and select OK
+1. Close the DNS Management console
+
+> [!NOTE]
+> If your forest has multiple UPN suffixes, please make sure that `enterpriseregistration.<upnsuffix_fqdn>` is present for each suffix.
 
 ## Configure the Intranet Zone to include the federation service
 
-The Windows Hello provisioning presents web pages from the federation service.  Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication.  Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication.
+The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication.
 
 ### Create an Intranet Zone Group Policy
 
-Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials:
-
-1. Start the **Group Policy Management Console** (gpmc.msc).
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**.
-4. Type **Intranet Zone Settings** in the name box and click **OK**.
-5. In the content pane, right-click the **Intranet Zone Settings** Group Policy object and click **Edit**.
-6. In the navigation pane, expand **Policies** under **Computer Configuration**.
-7. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel**, and select **Security Page**.
-8. In the content pane, double-click **Site to Zone Assignment List**. Click **Enable**.
-9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**.  Click OK twice, then close the Group Policy Management Editor.
+Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials
+1. Start the **Group Policy Management Console** (gpmc.msc)
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Right-click **Group Policy object** and select **New**
+1. Type **Intranet Zone Settings** in the name box and select **OK**
+1. In the content pane, right-click the **Intranet Zone Settings** Group Policy object and select **Edit**
+1. In the navigation pane, expand **Policies** under **Computer Configuration**
+1. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel >Security Page**. Open **Site to Zone Assignment List**
+1. Select **Enable > Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Select OK twice, then close the Group Policy Management Editor
 
 ### Deploy the Intranet Zone Group Policy object
 
-1. Start the **Group Policy Management Console** (gpmc.msc).
-2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO…**
-3. In the **Select GPO** dialog box, select **Intranet Zone Settings** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
+1. Start the **Group Policy Management Console** (gpmc.msc)
+1. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and select **Link an existing GPO…**
+1. In the **Select GPO** dialog box, select **Intranet Zone Settings** or the name of the Windows Hello for Business Group Policy object you previously created and select **OK**
 
-## Review
+## Review to validate the configuration
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you configured the correct enrollment agent certificate template based on the type of AD FS service account.
-* Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template.
-* Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance. 
-* Confirm you properly configured the Windows Hello for Business authentication certificate template—to include:   
-    * Issuance requirements of an authorized signature from a certificate request agent.
-    * The certificate template was properly marked as a Windows Hello for Business certificate template using certutil.exe.
-    * The Windows Hello for Business Users group, or equivalent has the allow enroll permissions.
-* Confirm all certificate templates were properly published to the appropriate issuing certificate authorities.
-* Confirm the AD FS service account has the allow enroll permission for the Windows Hello Business authentication certificate template.
-* Confirm the AD FS certificate registration authority is properly configured using the `Get-AdfsCertificateAuthority` Windows PowerShell cmdlet.
-* Confirm you restarted the AD FS service.
-* Confirm you properly configured load-balancing (hardware or software).
-* Confirm you created a DNS A Record for the federation service and the IP address used is the load-balanced IP address
-* Confirm you created and deployed the Intranet Zone settings to prevent double authentication to the federation server.
 
-## Validating your work
-
-You need to verify the AD FS service has properly enrolled for an enrollment agent certificate template.  You can verify this is a variety ways, depending on if your service account is a normal user account or if the service account is a group managed service account.
-
-> [!IMPORTANT]
-> After following the previous steps, if you are unable to validate that the devices are, in fact, being registered automatically, there is a Group Policy at:
-> **Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration >** "Register Domain Joined Computers As Devices". Set the policy to **Enabled**
-> and the registration will happen automatically.
+> [!div class="checklist"]
+> * Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template
+> * Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance
+> * Confirm you properly configured the Windows Hello for Business authentication certificate template
+> * Confirm all certificate templates were properly published to the appropriate issuing certificate authorities
+> * Confirm the AD FS service account has the allow enroll permission for the Windows Hello Business authentication certificate template
+> * Confirm the AD FS certificate registration authority is properly configured using the `Get-AdfsCertificateAuthority` Windows PowerShell cmdlet
+> Confirm you restarted the AD FS service
+> * Confirm you properly configured load-balancing (hardware or software)
+> * Confirm you created a DNS A Record for the federation service and the IP address used is the load-balanced IP address
+> * Confirm you created and deployed the Intranet Zone settings to prevent double authentication to the federation server.
 
 ### Event Logs
 
-Use the event logs on the AD FS service to confirm the service account enrolled for an enrollment agent certificate.  First, look for the AD FS event ID 443 that confirms certificate enrollment cycle has finished.  Once confirmed the AD FS certificate enrollment cycle completed review the CertificateLifecycle-User event log.  In this event log, look for event ID 1006, which indicates a new certificate was installed.  Details of the event log should show:
+Use the event logs on the AD FS service to confirm the service account enrolled for an enrollment agent certificate.  First, look for the AD FS event ID 443 that confirms certificate enrollment cycle has finished. Once confirmed the AD FS certificate enrollment cycle completed review the *CertificateLifecycle-User* event log. In this event log, look for event ID 1006, which indicates a new certificate was installed. Details of the event log should show:
 
-* The account name under which the certificate was enrolled.
-* The action, which should read enroll.
-* The thumbprint of the certificate
-* The certificate template used to issue the certificate.
+- The account name under which the certificate was enrolled
+- The action, which should read enroll
+-_ The thumbprint of the certificate
+- The certificate template used to issue the certificate
 
-### Normal Service Account
+You cannot use the Certificate Manager to view enrolled certificates for group managed service accounts. Use the event log information to confirm the AD FS service account enrolled a certificate. Use certutil.exe to view the details of the certificate shown in the event log.
 
-When using a normal service account, use the Microsoft Management Console (mmc.exe) and load the Certificate Manager snap-in for the service account and verify.
+Group managed service accounts use user profiles to store user information, which included enrolled certificates. On the AD FS server, use a command prompt and navigate to `%systemdrive%\users\<adfsGMSA_name>\appdata\roaming\Microsoft\systemcertificates\my\certificates`.
 
-### Group Managed Service Account
+Each file in this folder represents a certificate in the service account's Personal store (You may need to use `dir.exe /A` to view the files in the folder). Match the thumbprint of the certificate from the event log to one of the files in this folder. That file is the certificate. Use the `Certutil -q <certificateThumbprintFileName>` to view the basic information about the certificate.
 
-You cannot use the Certificate Manager to view enrolled certificates for group managed service accounts.  Use the event log information to confirm the AD FS service account enrolled a certificate.  Use certutil.exe to view the details of the certificate now shown in the event log.
+For detailed information about the certificate, use `Certutil -q -v <certificateThumbprintFileName>`.
 
-Group managed service accounts use user profiles to store user information, which included enrolled certificates.  On the AD FS server, use a command prompt and navigate to `%systemdrive%\users\<adfsGMSA_name>\appdata\roaming\Microsoft\systemcertificates\my\certificates` .
-
-Each file in this folder represents a certificate in the service account’s Personal store (You may need to use DIR /A to view the files in the folder).  Match the thumbprint of the certificate from the event log to one of the files in this folder.  That file is the certificate.  Use the `Certutil -q <certificateThumbprintFileName>` to view the basic information about the certificate.
-
-For detailed information about the certificate, use `Certutil -q -v <certificateThumbprintFileName>` .
-
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-
-1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
+> [!div class="nextstepaction"]
+> [Next: validate and deploy multi-factor authentication (MFA)](hello-cert-trust-validate-deploy-mfa.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index bde42599c7..870fc37596 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -1,149 +1,128 @@
 ---
-title: Configure Windows Hello for Business Policy settings - certificate trust
-description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings.
+title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
+description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
 ms.collection: 
-  - M365-identity-device-management
   - highpri
-ms.date: 08/20/2018
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Configure Windows Hello for Business Policy settings - Certificate Trust
+# Configure Windows Hello for Business group policy settings - on-premises certificate Trust
 
 [!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
 
-To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
-Install the Remote Server Administration Tools for Windows on a computer running Windows 10 or later.
+On-premises certificate-based deployments of Windows Hello for Business need three Group Policy settings:
+- Enable Windows Hello for Business
+- Use certificate for on-premises authentication
+- Enable automatic enrollment of certificates
 
-On-premises certificate-based deployments of Windows Hello for Business needs three Group Policy settings:
-* Enable Windows Hello for Business
-* Use certificate for on-premises authentication
-* Enable automatic enrollment of certificates
+## Enable Windows Hello for Business group policy setting
 
-## Enable Windows Hello for Business Group Policy
+The group policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
 
-The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
+If you configure the group policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the group policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business.
 
-If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business .
+## Use certificate for on-premises authentication group policy setting
 
-## Use certificate for on-premises authentication
+The group policy setting determines if the on-premises deployment uses the key-trust or certificate trust on-premises authentication model. You must configure this group policy setting to configure Windows to enroll for a Windows Hello for Business authentication certificate. If you do not configure this policy setting, Windows considers the deployment to use key-trust on-premises authentication.
 
-The Use certificate for on-premises authentication Group Policy setting determines if the on-premises deployment uses the key-trust or certificate trust on-premises authentication model.  You must configure this Group Policy setting to configure Windows to enroll for a Windows Hello for Business authentication certificate. If you do not configure this policy setting, Windows considers the deployment to use key-trust on-premises authentication, which requires a sufficient number of Windows Server 2016 domain controllers to handle the Windows Hello for Business key-trust authentication requests.
+You can configure this setting for computer or users. Deploying this setting to computers results in *all* users requesting a Windows Hello for Business authentication certificate. Deploying this policy setting to a user results in only that user requesting a Windows Hello for Business authentication certificate. Additionally, you can deploy the policy setting to a group of users so only those users request a Windows Hello for Business authentication certificate. If both user and computer policy settings are deployed, the user policy setting has precedence.
 
-You can configure this Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users requesting a Windows Hello for Business authentication certificate.  Deploying this policy setting to a user results in only that user requesting a Windows Hello for Business authentication certificate. Additionally, you can deploy the policy setting to a group of users so only those users request a Windows Hello for Business authentication certificate. If both user and computer policy settings are deployed, the user policy setting has precedence.
+## Enable automatic enrollment of certificates group policy setting
 
-## Enable automatic enrollment of certificates
+Windows Hello for Business provisioning performs the initial enrollment of the Windows Hello for Business authentication certificate. This certificate expires based on the duration configured in the Windows Hello for Business authentication certificate template. The process requires no user interaction provided the user signs-in using Windows Hello for Business. The certificate is renewed in the background before it expires.
 
-Windows Hello for Business provisioning performs the initial enrollment of the Windows Hello for Business authentication certificate. This certificate expires based on the duration configured in the Windows Hello for Business authentication certificate template. The Windows 10, version 1703 certificate auto enrollment was updated to renew these certificates before they expire, which significantly reduces user authentication failures from expired user certificates. 
+## Create the GPO
 
-The process requires no user interaction provided the user signs-in using Windows Hello for Business.  The certificate is renewed in the background before it expires.
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
-## Create the Windows Hello for Business Group Policy object
-
-The Group Policy object contains the policy settings needed to trigger Windows Hello for Business provisioning and to ensure Windows Hello for Business authentication certificates are automatically renewed.
 1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**.
-4. Type *Enable Windows Hello for Business* in the name box and click **OK**.
-5. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
-6. In the navigation pane, expand **Policies** under **User Configuration** (this is the only option for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**).
-7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.
-8. In the content pane, double-click **Use Windows Hello for Business**. Click **Enable** and click **OK**.
-9. Double-click **Use certificate for on-premises authentication**. Click **Enable** and click **OK**.  Close the **Group Policy Management Editor**.
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Right-click **Group Policy object** and select **New**
+1. Type *Enable Windows Hello for Business* in the name box and select **OK**
+1. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and select **Edit**
+1. In the navigation pane, select **User Configuration > Policies > Administrative Templates > Windows Component > Windows Hello for Business**
+1. In the content pane, double-click **Use Windows Hello for Business**. Select **Enable** and **OK**
+1. Select **Use certificate for on-premises authentication > Enable > OK**
+1. In the navigation pane, expand **Policies > User Configuration**
+1. Expand **Windows Settings > Security Settings > Public Key Policies**
+1. In the details pane, right-click **Certificate Services Client - Auto-Enrollment** and select **Properties**
+1. Select **Enabled** from the **Configuration Model** list
+1. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box
+1. Select the **Update certificates that use certificate templates** check box
+1. Select **OK** and close the **Group Policy Management Editor**.
 
-## Configure Automatic Certificate Enrollment
-
-1. Start the **Group Policy Management Console** (gpmc.msc).
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
-4. In the navigation pane, expand **Policies** under **User Configuration** (this is the only option for Windows Server 2016, but for Windows Server 2019 and later this step can also be done in **Computer Configuration**).
-5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**.
-6. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**.
-7. Select **Enabled** from the **Configuration Model** list.
-8. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
-9. Select the **Update certificates that use certificate templates** check box.
-10. Click **OK**. Close the **Group Policy Management Editor**.
-
-## Configure Security in the Windows Hello for Business Group Policy object
+## Configure security in the Windows Hello for Business GPO
 
 The best way to deploy the Windows Hello for Business Group Policy object is to use security group filtering. The enables you to easily manage the users that should receive Windows Hello for Business by simply adding them to a group. This enables you to deploy Windows Hello for Business in phases.
+
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
+
 1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Double-click the **Enable Windows Hello for Business** Group Policy object.
-4. In the **Security Filtering** section of the content pane, click **Add**.  Type *Windows Hello for Business Users* or the name of the security group you previously created and click **OK**.
-5. Click the **Delegation** tab. Select **Authenticated Users** and click **Advanced**.
-6. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Click **OK**.
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Double-click the **Enable Windows Hello for Business** Group Policy object
+1. In the **Security Filtering** section of the content pane, select **Add**.  Type *Windows Hello for Business Users* or the name of the security group you previously created and select **OK**
+1. Select the **Delegation** tab. Select **Authenticated Users** and **Advanced**
+1. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Select **OK**
 
 ## Deploy the Windows Hello for Business Group Policy object
 
-The application of the Windows Hello for Business Group Policy object uses security group filtering.  This enables you to link the Group Policy object at the domain, ensuring the Group Policy object is within scope to all users. However, the security group filtering ensures only the users included in the *Windows Hello for Business Users* global group receive and apply the Group Policy object, which results in the provisioning of Windows Hello for Business.
-1. Start the **Group Policy Management Console** (gpmc.msc)
-2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO…**
-3. In the **Select GPO** dialog box, select **Enable Windows Hello for Business** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
+The application of the Windows Hello for Business Group Policy object uses security group filtering. This solution enables you to link the Group Policy object at the domain level, ensuring the GPO is within scope to all users. However, the security group filtering ensures that only the users included in the *Windows Hello for Business Users* global group receive and apply the Group Policy object, which results in the provisioning of Windows Hello for Business.
 
-Just to reassure, linking the **Windows Hello for Business** Group Policy object to the domain ensures the Group Policy object is in scope for all domain users. However, not all users will have the policy settings applied to them. Only users who are members of the Windows Hello for Business group receive the policy settings. All others users ignore the Group Policy object. 
+1. Start the **Group Policy Management Console** (gpmc.msc)
+1. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and select **Link an existing GPO…**
+1. In the **Select GPO** dialog box, select **Enable Windows Hello for Business** or the name of the Windows Hello for Business Group Policy object you previously created and select **OK**
 
 ## Other Related Group Policy settings
 
-### Windows Hello for Business
-
 There are other Windows Hello for Business policy settings you can configure to manage your Windows Hello for Business deployment.  These policy settings are computer-based policy setting; so they are applicable to any user that sign-in from a computer with these policy settings. 
 
 ### Use a hardware security device
 
-The default configuration for Windows Hello for Business is to prefer hardware protected credentials; however, not all computers are able to create hardware protected credentials.  When Windows Hello for Business enrollment encounters a computer that cannot create a hardware protected credential, it will create a software-based credential.
+The default configuration for Windows Hello for Business is to prefer hardware protected credentials; however, not all computers are able to create hardware protected credentials. When Windows Hello for Business enrollment encounters a computer that cannot create a hardware protected credential, it will create a software-based credential.
 
-You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials.  Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
+You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
 
-Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
+Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
 
 ### Use biometrics
 
 Windows Hello for Business provides a great user experience when combined with the use of biometrics.  Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security.  
 
-The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers.  The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint.
+The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disables all biometrics. Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition.
 
 ### PIN Complexity
 
-PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
+PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed.
 
-Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
-* Require digits
-* Require lowercase letters
-* Maximum PIN length
-* Minimum PIN length
-* Expiration
-* History
-* Require special characters
-* Require uppercase letters
+Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically. The policy settings included are:
 
-In the Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under Computer Configuration\Administrative Templates\System\PIN Complexity in the Group Policy editor.
+- Require digits
+- Require lowercase letters
+- Maximum PIN length
+- Minimum PIN length
+- Expiration
+- History
+- Require special characters
+- Require uppercase letters
 
-## Review
+The settings can be found in *Administrative Templates\System\PIN Complexity*, under both the Computer and User Configuration nodes of the Group Policy editor.
+
+## Review to validate the configuration
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
-* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
-* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
-* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
-* Confirm you configured the proper security settings for the Group Policy object   
-    * Removed the allow permission for Apply Group Policy for Domain Users (Domain Users must always have the read permissions)
-    * Add the Windows Hello for Business Users group to the Group Policy object and gave the group the allow permission for Apply Group Policy
-
-* Linked the Group Policy object to the correct locations within Active Directory
-* Deploy any additional Windows Hello for Business Group Policy setting is a policy separate from the one that enables it for users
 
+> [!div class="checklist"]
+> - Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
+> - Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting
+> - Confirm you configured the proper security settings for the Group Policy object
+> - Confirm you removed the allow permission for Apply Group Policy for Domain Users (Domain Users must always have the read permissions)
+> - Confirm you added the Windows Hello for Business Users group to the Group Policy object, and gave the group the allow permission to Apply Group Policy
+> - Linked the Group Policy object to the correct locations within Active Directory
+> - Deployed any additional Windows Hello for Business Group Policy settings
 
 ## Add users to the Windows Hello for Business Users group
 
-Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the WHFB Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the Windows Hello for Business Users group.   Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business.
-
-
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
-5. Configure Windows Hello for Business Policy settings (*You are here*)
+Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the Windows Hello for Business Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the *Windows Hello for Business Users* group. Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business.
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index af56ffb943..bac1a4e528 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -1,78 +1,30 @@
 ---
-title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business)
-description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model.
-ms.date: 08/19/2018
+title: Validate Active Directory prerequisites in an on-premises certificate trust
+description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a certificate trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Validate Active Directory prerequisites for cert-trust deployment
+# Validate Active Directory prerequisites - on-premises certificate trust
 
 [!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
 
-The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema.
+The key registration process for the on-premises deployment of Windows Hello for Business requires the Windows Server 2016 Active Directory or later schema.
 
-> [!NOTE]
-> If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the "Updating the Schema" and "Create the KeyCredential Admins Security Global Group" steps that follow.
+## Create the Windows Hello for Business Users security group
 
-Manually updating Active Directory uses the command-line utility **adprep.exe** located at **\<drive>:\support\adprep** on the Windows Server 2016 or later DVD or ISO.  Before running adprep.exe, you must identify the domain controller hosting the schema master role.
+The *Windows Hello for Business Users* group is used to make it easy to deploy Windows Hello for Business in phases. You assign Group Policy permissions to this group to simplify the deployment by adding the users to the group. This provides users with the proper permissions to provision Windows Hello for Business.
 
-## Discovering schema role
+Sign-in to a domain controller or to a management workstation with a *Domain Administrator* equivalent credentials.
 
-To locate the schema master role holder, open and command prompt and type:
+1. Open **Active Directory Users and Computers**
+1. Select **View > Advanced Features**
+1. Expand the domain node from the navigation pane
+1. Right-click the **Users** container. Select **New > Group**
+1. Type *Windows Hello for Business Users* in the **Group Name**
+1. Select **OK**
 
-```cmd
-netdom.exe query fsmo | findstr.exe -i "schema"
-```
-
-![Netdom example output.](images/hello-cmd-netdom.png)
-
-The command should return the name of the domain controller where you need to adprep.exe.  Update the schema locally on the domain controller hosting the Schema master role.
-
-## Updating the Schema
-
-Windows Hello for Business uses asymmetric keys as user credentials (rather than passwords).  During enrollment, the public key is registered in an attribute on the user object in Active Directory.  The schema update adds this new attribute to Active Directory.  
-
-Sign-in to the domain controller hosting the schema master operational role using enterprise administrator equivalent credentials.
-
-1. Mount the ISO file (or insert the DVD) containing the Windows Server 2016 or later installation media.
-2. Open an elevated command prompt.
-3. Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO.
-4. To update the schema, type ```adprep /forestprep```.
-5. Read the Adprep Warning.  Type the letter **C** and press **Enter** to update the schema.
-6. Close the Command Prompt and sign-out.
-
-## Create the KeyCredential Admins Security Global Group
-
-The Windows Server 2016 Active Directory Federation Services (AD FS) role registers the public key on the user object during provisioning.  You assign write and read permission to this group to the Active Directory attribute to ensure the AD FS service can add and remove keys are part of its normal workflow.
-
-Sign-in a domain controller or management workstation with domain administrator equivalent credentials.
-
-1. Open **Active Directory Users and Computers**.
-2. Click **View** and click **Advance Features**.
-3. Expand the domain node from the navigation pane.
-4. Right-click the **Users** container. Click **New**. Click **Group**.
-5. Type **KeyCredential Admins** in the **Group Name** text box.
-6. Click **OK**.
-
-## Create the Windows Hello for Business Users Security Global Group
-
-The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases.  You assign Group Policy and Certificate template permissions to this group to simplify the deployment by simply adding the users to the group.  This provides them the proper permissions to provision Windows Hello for Business and to enroll in the Windows Hello for Business authentication certificate.
-
-Sign into a domain controller or management workstation with domain administrator equivalent credentials.
-
-1. Open **Active Directory Users and Computers**.
-2. Click **View** and click **Advanced Features**.
-3. Expand the domain node from the navigation pane.
-4. Right-click the **Users** container. Click **New**. Click **Group**.
-5. Type **Windows Hello for Business Users** in the **Group Name** text box.
-6. Click **OK**.
-
-
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-1. Validate Active Directory prerequisites (*You are here*)
-2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
+> [!div class="nextstepaction"]
+> [Next: validate and configure PKI >](hello-cert-trust-validate-pki.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index 28d010fbd8..e5c4b9a2a4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -1,25 +1,28 @@
 ---
 title: Validate and Deploy MFA for Windows Hello for Business with certificate trust
-description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust
-ms.date: 08/19/2018
+description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises certificate trust model.
+ms.date: 12/13/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Validate and Deploy Multi-Factor Authentication feature
+
+# Validate and deploy multi-factor authentication - on-premises certificate trust
 
 [!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
 
-Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
+Windows Hello for Business requires users perform multi-factor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
 
-For information on available third-party authentication methods, see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method, see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
+- third-party authentication providers for AD FS
+- custom authentication provider for AD FS
 
-Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies, see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
+> [!IMPORTANT]
+> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
 
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-4. Validate and Deploy Multi-factor Authentication Services (MFA) (*You're here*)
-5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
+For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
+
+Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
+
+> [!div class="nextstepaction"]
+> [Next: configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index 4b692280e1..f543372332 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -1,190 +1,348 @@
 ---
-title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business)
-description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model.
-ms.date: 08/19/2018
+title: Configure and validate the Public Key Infrastructure in an on-premises certificate trust model
+description: Configure and validate the Public Key Infrastructure the Public Key Infrastructure when deploying Windows Hello for Business in a certificate trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Validate and Configure Public Key Infrastructure - Certificate Trust Model
+# Configure and validate the Public Key Infrastructure - on-premises certificate trust
 
 [!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
 
-Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model.  All trust models depend on the domain controllers having a certificate.  The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.  The certificate trust model extends certificate issuance to client computers.  During Windows Hello for Business provisioning, the user receives a sign-in certificate.
+Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a root of trust for clients. The certificate ensures that clients don't communicate with rogue domain controllers. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate.
 
-## Deploy an enterprise certificate authority
+## Deploy an enterprise certification authority
 
-This guide assumes most enterprise have an existing public key infrastructure.  Windows Hello for Business depends on a Windows enterprise public key infrastructure running Active Directory Certificate Services.
+This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on an enterprise PKI running the Windows Server *Active Directory Certificate Services* role.
 
-### Lab-based public key infrastructure
+### Lab-based PKI
 
-The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment.
+The following instructions may be used to deploy simple public key infrastructure that is suitable **for a lab environment**.
 
-Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed.
+Sign in using *Enterprise Administrator* equivalent credentials on a Windows Server where you want the certification authority (CA) installed.
 
 >[!NOTE]
->Never install a certificate authority on a domain controller in a production environment.
+>Never install a certification authority on a domain controller in a production environment.
 
 1. Open an elevated Windows PowerShell prompt
-2. Use the following command to install the Active Directory Certificate Services role
+1. Use the following command to install the Active Directory Certificate Services role.
     ```PowerShell
     Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
     ```
-
-3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration
+3. Use the following command to configure the CA using a basic certification authority configuration
     ```PowerShell
     Install-AdcsCertificationAuthority
-    ```   
-    
-## Configure a Production Public Key Infrastructure
+    ```
 
-If you do have an existing public key infrastructure, please review [Certification Authority Guidance](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831574(v=ws.11)) from Microsoft TechNet to properly design your infrastructure.   Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831348(v=ws.11)) for instructions on how to configure your public key infrastructure using the information from your design session.
+## Configure a PKI
 
-### Configure Domain Controller Certificates
+If you have an existing PKI, review [Certification Authority Guidance](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831574(v=ws.11)) to properly design your infrastructure.  Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831348(v=ws.11)) for instructions on how to configure your PKI using the information from your design session.
 
-Clients need to trust domain controllers and the best way to do this is to ensure each domain controller has a Kerberos Authentication certificate.  Installing a certificate on the domain controller enables the Key Distribution Center (KDC) to prove its identity to other members of the domain.  This provides clients a root of trust external to the domain—namely the enterprise certificate authority.
+Expand the following sections to configure the PKI for Windows Hello for Business.
 
-Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory.  However, certificates based on the Domain Controller and Domain Controller Authentication certificate templates do not include the KDC Authentication object identifier (OID), which was later added to the Kerberos RFC.  Therefore, domain controllers need to request a certificate based on the Kerberos Authentication certificate template.
+<br>
+<details>
+<summary><b>Configure domain controller certificates</b></summary>
 
-By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template.  However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs.  To ensure domain controllers request the proper certificate with the best available cryptography, use the Kerberos Authentication certificate template as a baseline to create an updated domain controller certificate template.
+Clients must trust the domain controllers, and to it each domain controller must have a *Kerberos Authentication* certificate. Installing a certificate on the domain controllers enables the Key Distribution Center (KDC) to prove its identity to other members of the domain. The certificates provide clients a root of trust external to the domain, namely the *enterprise certification authority*.
 
-Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
-1. Open the **Certificate Authority** management console.
-2. Right-click **Certificate Templates** and click **Manage**.
-3. In the **Certificate Templates Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
-5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise’s needs.   
-    **Note**If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
-6. On the **Subject Name** tab, select the **Build from this Active Directory information** button if it is not already selected.  Select **None** from the **Subject name format** list.  Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
-7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
-8. Close the console.
+Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise CA is added to Active Directory. However, certificates based on the Domain Controller and Domain Controller Authentication certificate templates don't include the *KDC Authentication* object identifier (OID), which was later added to the Kerberos RFC. Therefore, domain controllers need to request a certificate based on the *Kerberos Authentication* certificate template.
 
-### Superseding the existing Domain Controller certificate
+By default, the Active Directory CA provides and publishes the *Kerberos Authentication* certificate template. The cryptography configuration included in the template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the *Kerberos Authentication* certificate template as a *baseline* to create an updated domain controller certificate template.
 
-Many domain controllers may have an existing domain controller certificate.  The Active Directory Certificate Services provides a default certificate template from domain controllers—the domain controller certificate template.  Later releases provided a new certificate template—the domain controller authentication certificate template.  These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the KDC Authentication extension.  
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
 
-The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers and should be the one you deploy to all your domain controllers (2008 or later).   The autoenrollment feature in Windows enables you to effortlessly replace these domain controller certificates.  You can use the following configuration to replace older domain controller certificates with a new certificate using the Kerberos Authentication certificate template. 
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates > Manage**
+1. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and select **Duplicate Template**
+1. On the **Compatibility** tab:
+   - Clear the **Show resulting changes** check box
+   - Select **Windows Server 2016** from the **Certification Authority** list
+   - Select **Windows 10 / Windows Server 2016** from the **Certificate Recipient** list
+1. On the **General** tab
+   - Type *Domain Controller Authentication (Kerberos)* in Template display name
+   - Adjust the validity and renewal period to meet your enterprise's needs
+   > [!NOTE]
+   > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+1. On the **Subject Name** tab:
+   - Select the **Build from this Active Directory information** button if it isn't already selected
+   - Select **None** from the **Subject name format** list
+   - Select **DNS name** from the **Include this information in alternate subject** list
+   - Clear all other items
+1. On the **Cryptography** tab:
+   - select **Key Storage Provider** from the **Provider Category** list
+   - Select **RSA** from the **Algorithm name** list
+   - Type *2048* in the **Minimum key size** text box
+   - Select **SHA256** from the **Request hash** list
+1. Select **OK**
+1. Close the console
 
-Sign-in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
-1. Open the **Certificate Authority** management console.
-2. Right-click **Certificate Templates** and click **Manage**.
-3. In the **Certificate Templates Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
-4. Click the **Superseded Templates** tab. Click **Add**.
-5. From the **Add Superseded Template** dialog, select the **Domain Controller** certificate template and click **OK**.  Click **Add**.
-6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**.  Click **Add**.
-7. From the **Add Superseded Template** dialog, select the **Kerberos Authentication** certificate template and click **OK**.  Click **Add**. 
-8. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab.
-9. Click **OK** and close the **Certificate Templates** console.
+</details>
 
-The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list.  However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
+<br>
+<details>
+<summary><b>Supersede existing domain controller certificates</b></summary>
 
-### Configure an Internal Web Server Certificate template
+The domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers called *domain controller certificate*. Later releases of Windows Server provided a new certificate template called *domain controller authentication certificate*. These certificate templates were provided prior to the update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the *KDC Authentication* extension. 
 
-Windows 10 or Windows 11 clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate.
+The *Kerberos Authentication* certificate template is the most current certificate template designated for domain controllers, and should be the one you deploy to all your domain controllers.\
+The *autoenrollment* feature allows you to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
 
-Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
-1. Open the **Certificate Authority** management console.
-2. Right-click **Certificate Templates** and click **Manage**.
-3. In the **Certificate Templates Console**, right-click the **Web Server** template in the details pane and click **Duplicate Template**.
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
-5. On the **General** tab, type **Internal Web Server** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.   
-    **Note:** If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
-6. On the **Request Handling** tab, select **Allow private key to be exported**.
-7. On the **Subject Name** tab, select the **Supply in the request** button if it is not already selected.
-8. On the **Security** tab, Click **Add**. Type **Domain Computers** in the **Enter the object names to select** box.  Click **OK**. Select the **Allow** check box next to the **Enroll** permission.
-9. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
-10. Close the console.
+Sign in to a CA or management workstations with *Enterprise Administrator* equivalent credentials.
 
-### Unpublish Superseded Certificate Templates
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates > Manage**
+1. In the **Certificate Template Console**, right-click the *Domain Controller Authentication (Kerberos)* (or the name of the certificate template you created in the previous section) template in the details pane and select **Properties**
+1. Select the **Superseded Templates** tab. Select **Add**
+1. From the **Add Superseded Template** dialog, select the *Domain Controller* certificate template and select **OK > Add**
+1. From the **Add Superseded Template** dialog, select the *Domain Controller Authentication* certificate template and select **OK**
+1. From the **Add Superseded Template** dialog, select the *Kerberos Authentication* certificate template and select **OK**
+1. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab
+1. Select **OK** and close the **Certificate Templates** console
 
-The certificate authority only issues certificates based on published certificate templates.  For defense in depth security, it is a good practice to unpublish certificate templates that the certificate authority is not configured to issue.  This includes the pre-published certificate template from the role installation and any superseded certificate templates.
+The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates isn't active until the certificate template is published to one or more certificate authorities.
 
-The newly created domain controller authentication certificate template supersedes previous domain controller certificate templates.  Therefore, you need to unpublish these certificate templates from all issuing certificate authorities.
+</details>
 
-Sign-in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials.
-1. Open the **Certificate Authority** management console.
-2. Expand the parent node from the navigation pane.
-3. Click **Certificate Templates** in the navigation pane.
-4. Right-click the **Domain Controller** certificate template in the content pane and select **Delete**.  Click **Yes** on the **Disable certificate templates** window.
-5. Repeat step 4 for the **Domain Controller Authentication** and **Kerberos Authentication** certificate templates.
+<br>
+<details>
+<summary><b>Configure an internal web server certificate template</b></summary>
 
-### Publish Certificate Templates to the Certificate Authority
+Windows clients use the https protocol when communicating with Active Directory Federation Services (AD FS). To meet this need, you must issue a server authentication certificate to all the nodes in the AD FS farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running theAD FS can request the certificate.
 
-The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
 
-Sign-in to the certificate authority or management workstations with an _enterprise administrator_ equivalent credentials.
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates** and select **Manage**
+1. In the **Certificate Template Console**, right-click the **Web Server** template in the details pane and select **Duplicate Template**
+1. On the **Compatibility** tab:
+   - Clear the **Show resulting changes** check box
+   - Select **Windows Server 2016** from the **Certification Authority** list
+   - Select **Windows 10 / Windows Server 2016** from the **Certificate recipient** list
+1. On the **General** tab:
+   - Type *Internal Web Server* in **Template display name**
+   - Adjust the validity and renewal period to meet your enterprise's needs
+   > [!NOTE]
+   > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+1. On the **Request Handling** tab, select **Allow private key to be exported**
+1. On the **Subject** tab, select the **Supply in the request** button if it isn't already selected
+1. On the **Security** tab:
+   - Select **Add**
+   - Type **Domain Computers** in the **Enter the object names to select** box
+   - Select **OK**
+   - Select the **Allow** check box next to the **Enroll** permission
+1. On the **Cryptography** tab:
+   - Select **Key Storage Provider** from the **Provider Category** list
+   - Select **RSA** from the **Algorithm name** list
+   - Type *2048* in the **Minimum key size** text box
+   - Select **SHA256** from the **Request hash** list
+   - Select **OK**
+1. Close the console
 
-1. Open the **Certificate Authority** management console.
-2. Expand the parent node from the navigation pane.
-3. Click **Certificate Templates** in the navigation pane.
-4. Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template** to issue.
-5. In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)**, and **Internal Web Server** templates you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
-6. If you published the Domain Controller Authentication (Kerberos) certificate template, then you should unpublish the certificate templates you included in the superseded templates list.
-    * To unpublish a certificate template, right-click the certificate template you want to unpublish in the details pane of the Certificate Authority console and select **Delete**. Click **Yes** to confirm the operation.
-7. Close the console.
+</details>
 
-### Configure Domain Controllers for Automatic Certificate Enrollment
+<br>
+<details>
+<summary><b>Configure a certificate registration authority template</b></summary>
 
-Domain controllers automatically request a certificate from the domain controller certificate template.  However, the domain controller is unaware of newer certificate templates or superseded configurations on certificate templates.  To continue automatic enrollment and renewal of domain controller certificates that understand newer certificate template and superseded certificate template configurations, create and configure a Group Policy object for automatic certificate enrollment and link the Group Policy object to the Domain Controllers OU.
+A certificate registration authority (CRA) is a trusted authority that validates certificate request. Once it validates the request, it presents the request to the certification authority (CA) for issuance. The CA issues the certificate, returns it to the CRA, which returns the certificate to the requesting user. The Windows Hello for Business on-premises certificate-based deployment uses AD FS as the CRA.
+
+The CRA enrolls for an *enrollment agent* certificate. Once the CRA verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the CA. The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate. The CA only issues a certificate for that template if the registration authority signs the certificate request.
+
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates** and select **Manage**
+1. In the **Certificate Template Console**, right-click on the **Exchange Enrollment Agent (Offline request)** template details pane and select **Duplicate Template**
+1. On the **Compatibility** tab:
+   - Clear the **Show resulting changes** check box
+   - Select **Windows Server 2016** from the **Certification Authority** list. 
+   - Select **Windows 10 / Windows Server 2016** from the **Certificate Recipient** list
+1. On the **General** tab:
+   - Type *WHFB Enrollment Agent* in **Template display name**
+   - Adjust the validity and renewal period to meet your enterprise's needs
+1. On the **Subject** tab, select the **Supply in the request** button if it is not already selected
+
+   > [!NOTE]
+   > Group Managed Service Accounts (GMSA) do not support the *Build from this Active Directory information* option and will result in the AD FS server failing to enroll the enrollment agent certificate. You must configure the certificate template with *Supply in the request* to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
+
+1. On the **Cryptography** tab:
+   - Select **Key Storage Provider** from the **Provider Category** list
+   - Select **RSA** from the **Algorithm name** list
+   - Type *2048* in the **Minimum key size** text box
+   - Select **SHA256** from the **Request hash** list
+1. On the **Security** tab, select **Add**
+1. Select **Object Types** and select the **Service Accounts** check box. Select **OK**
+1. Type *adfssvc* in the **Enter the object names to select** text box and select **OK**
+1. Select the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section:
+   - In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission
+   - Excluding the **adfssvc** user, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared
+   - Select **OK**
+1. Close the console
+
+</details>
+
+<br>
+<details>
+<summary><b>Configure a Windows Hello for Business authentication certificate template</b></summary>
+
+During Windows Hello for Business provisioning, Windows clients request an authentication certificate from AD FS, which requests the authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template.
+
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates** and select **Manage**
+1. Right-click the **Smartcard Logon** template and choose **Duplicate Template**
+1. On the **Compatibility** tab:
+   - Clear the **Show resulting changes** check box
+   - Select **Windows Server 2016** from the **Certification Authority** list
+   - Select **Windows 10 / Windows Server 2016** from the **Certificate Recipient** list
+1. On the **General** tab:
+   - Type *WHFB Authentication* in **Template display name**
+   - Adjust the validity and renewal period to meet your enterprise's needs
+   > [!NOTE]
+   > If you use different template names, you'll need to remember and substitute these names in different portions of the deployment.
+1. On the **Cryptography** tab
+   - Select **Key Storage Provider** from the **Provider Category** list
+   - Select **RSA** from the **Algorithm name** list
+   - Type *2048* in the **Minimum key size** text box
+   - Select **SHA256** from the **Request hash** list
+1. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**
+1. On the **Issuance Requirements** tab, 
+   - Select the **This number of authorized signatures** check box. Type *1* in the text box
+   - Select **Application policy** from the **Policy type required in signature**
+   - Select **Certificate Request Agent** from in the **Application policy** list
+   - Select the **Valid existing certificate** option
+1. On the **Subject** tab, 
+   - Select the **Build from this Active Directory information** button
+   - Select **Fully distinguished name** from the **Subject name format** list
+   - Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**
+1. On the **Request Handling** tab, select the **Renew with same key** check box
+1. On the **Security** tab, select **Add**. Type *Window Hello for Business Users* in the **Enter the object names to select** text box and select **OK**
+1. Select the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section:
+   - Select the **Allow** check box for the **Enroll** permission
+   - Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared
+   - Select **OK**
+1. If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template
+1. Select on the **Apply** to save changes and close the console
+
+#### Mark the template as the Windows Hello Sign-in template
+
+Sign in to a CA or management workstations with *Enterprise Administrator* equivalent credentials
+
+Open an elevated command prompt end execute the following command
+
+```cmd
+certutil.exe -dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY
+```
+
+>[!NOTE]
+>If you gave your Windows Hello for Business Authentication certificate template a different name, then replace *WHFBAuthentication* in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on your certification authority.
+
+
+</details>
+
+<br>
+<details>
+<summary><b>Unpublish Superseded Certificate Templates</b></summary>
+
+The certification authority only issues certificates based on published certificate templates. For security, it's a good practice to unpublish certificate templates that the CA isn't configured to issue. This includes the pre-published certificate template from the role installation and any superseded certificate templates.
+
+The newly created *domain controller authentication* certificate template supersedes previous domain controller certificate templates. Therefore, you need to unpublish these certificate templates from all issuing certificate authorities.
+
+Sign in to the CA or management workstation with *Enterprise Administrator* equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Expand the parent node from the navigation pane > **Certificate Templates**
+1. Right-click the *Domain Controller* certificate template and select **Delete**. Select **Yes** on the **Disable certificate templates** window
+1. Repeat step 3 for the *Domain Controller Authentication* and *Kerberos Authentication* certificate templates
+
+</details>
+
+<br>
+<details>
+<summary><b>Publish certificate templates to the CA</b></summary>
+
+A certification authority can only issue certificates for certificate templates that are published to it. If you have more than one CA, and you want more CAs to issue certificates based on the certificate template, then you must publish the certificate template to them.
+
+Sign in to the CA or management workstations with **Enterprise Admin** equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Expand the parent node from the navigation pane
+1. Select **Certificate Templates** in the navigation pane
+1. Right-click the **Certificate Templates** node. Select **New > Certificate Template** to issue
+1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)*, *Internal Web Server*, *WHFB Enrollment Agent* and *WHFB Authentication* templates you created in the previous steps. Select **OK** to publish the selected certificate templates to the certification authority
+1. If you published the *Domain Controller Authentication (Kerberos)* certificate template, then unpublish the certificate templates you included in the superseded templates list
+   - To unpublish a certificate template, right-click the certificate template you want to unpublish and select **Delete**. Select **Yes** to confirm the operation
+1. Close the console
+
+</details>
+
+### Configure automatic certificate enrollment for the domain controllers
+
+Domain controllers automatically request a certificate from the *Domain controller certificate* template. However, domain controllers are unaware of newer certificate templates or superseded configurations on certificate templates. To continue automatic enrollment and renewal of domain controller certificates, create and configure a Group Policy Object (GPO) for automatic certificate enrollment, linking the Group Policy object to the *Domain Controllers* Organizational Unit (OU).
+
+1. Open the **Group Policy Management Console** (gpmc.msc)
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Right-click **Group Policy object** and select **New**
+1. Type *Domain Controller Auto Certificate Enrollment* in the name box and select **OK**
+1. Right-click the **Domain Controller Auto Certificate Enrollment** Group Policy object and select **Edit**
+1. In the navigation pane, expand **Policies** under **Computer Configuration**
+1. Expand **Windows Settings > Security Settings > Public Key Policies**
+1. In the details pane, right-click **Certificate Services Client - Auto-Enrollment** and select **Properties**
+1. Select **Enabled** from the **Configuration Model** list
+1. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box
+1. Select the **Update certificates that use certificate templates** check box
+1. Select **OK**
+1. Close the **Group Policy Management Editor**
+
+### Deploy the domain controller auto certificate enrollment GPO
+
+Sign in to domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**
-4. Type *Domain Controller Auto Certificate Enrollment* in the name box and click **OK**.
-5. Right-click the **Domain Controller Auto Certificate Enrollment** Group Policy object and click **Edit**.
-6. In the navigation pane, expand **Policies** under **Computer Configuration**.
-7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**.
-8. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**.
-9. Select **Enabled** from the **Configuration Model** list.
-10. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box.
-11. Select the **Update certificates that use certificate templates** check box.
-12. Click **OK**. Close the **Group Policy Management Editor**.
+1. In the navigation pane, expand the domain and expand the node with the Active Directory domain name. Right-click the **Domain Controllers** organizational unit and select **Link an existing GPO…**
+1. In the **Select GPO** dialog box, select *Domain Controller Auto Certificate Enrollment* or the name of the domain controller certificate enrollment Group Policy object you previously created
+1. Select **OK**
 
-### Deploy the Domain Controller Auto Certificate Enrollment Group Policy Object
+## Validate the configuration
 
-Sign-in to a domain controller or management workstations with _Domain Admin_ equivalent credentials.
-1. Start the **Group Policy Management Console** (gpmc.msc)
-2. In the navigation pane, expand the domain and expand the node that has your Active Directory domain name.  Right-click the **Domain Controllers** organizational unit and click **Link an existing GPO…**
-3. In the **Select GPO** dialog box, select **Domain Controller Auto Certificate Enrollment** or the name of the domain controller certificate enrollment Group Policy object you previously created and click **OK**.
+Windows Hello for Business is a distributed system, which on the surface appears complex and difficult. The key to a successful Windows Hello for Business deployment is to validate phases of work prior to moving to the next phase.
 
-### Validating your work
+You want to confirm your domain controllers enroll the correct certificates and not any unnecessary (superseded) certificate templates. You need to check each domain controller that autoenrollment for the computer occurred.
 
-Windows Hello for Business is a distributed system, which on the surface appears complex and difficult.  The key to a successful Windows Hello for Business deployment is to validate phases of work prior to moving to the next phase.
+### Use the event logs
 
-You want to confirm your domain controllers enroll the correct certificates and not any unnecessary (superseded) certificate templates.  You need to check each domain controller that autoenrollment for the computer occurred.
+Sign in to domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
-#### Use the Event Logs
+1. Using the Event Viewer, navigate to the **Application and Services > Microsoft > Windows > CertificateServices-Lifecycles-System** event log
+1. Look for an event indicating a new certificate enrollment (autoenrollment):
+   - The details of the event include the certificate template on which the certificate was issued
+   - The name of the certificate template used to issue the certificate should match the certificate template name included in the event
+   - The certificate thumbprint and EKUs for the certificate are also included in the event
+   - The EKU needed for proper Windows Hello for Business authentication is Kerberos Authentication, in addition to other EKUs provide by the certificate template
 
-Windows Server 2012 and later include Certificate Lifecycle events to determine the lifecycles of certificates for both users and computers.  Using the Event Viewer, navigate to the **CertificateServicesClient-Lifecycle-System** event log under **Application and Services/Microsoft/Windows**.
+Certificates superseded by your new domain controller certificate generate an archive event in the event log. The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate.
 
-Look for an event indicating a new certificate enrollment (autoenrollment).  The details of the event include the certificate template on which the certificate was issued.  The name of the certificate template used to issue the certificate should match the certificate template name included in the event.  The certificate thumbprint and EKUs for the certificate are also included in the event.  The EKU needed for proper Windows Hello for Business authentication is Kerberos Authentication, in addition to other EKUs provide by the certificate template. 
+### Certificate Manager
 
-Certificates superseded by your new domain controller certificate generate an archive event in the CertificateServicesClient-Lifecycle-System event.  The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate.
+You can use the Certificate Manager console to validate the domain controller has the properly enrolled certificate based on the correct certificate template with the proper EKUs. Use **certlm.msc** to view certificate in the local computers certificate stores. Expand the **Personal** store and view the certificates enrolled for the computer. Archived certificates don't appear in Certificate Manager.
 
+### Certutil.exe
 
-#### Certificate Manager
+You can use `certutil.exe` command to view enrolled certificates in the local computer. Certutil shows enrolled and archived certificates for the local computer. From an elevated command prompt, run `certutil.exe -q -store my` to view locally enrolled certificates.
 
-You can use the Certificate Manager console to validate the domain controller has the properly enrolled certificate based on the correct certificate template with the proper EKUs.  Use **certlm.msc** to view certificate in the local computers certificate stores.  Expand the **Personal** store and view the certificates enrolled for the computer.  Archived certificates do not appear in Certificate Manager.
+To view detailed information about each certificate in the store, use `certutil.exe -q -v -store my` to validate automatic certificate enrollment enrolled the proper certificates.
 
-#### Certutil.exe
+### Troubleshooting
 
-You can use **certutil.exe** to view enrolled certificates in the local computer. Certutil shows enrolled and archived certificates for the local computer.  From an elevated command prompt, run `certutil -q -store my` to view locally enrolled certificates.
+Windows triggers automatic certificate enrollment for the computer during boot, and when Group Policy updates. You can refresh Group Policy from an elevated command prompt using `gpupdate.exe /force`.
 
-To view detailed information about each certificate in the store, use `certutil -q -v -store my` to validate automatic certificate enrollment enrolled the proper certificates. 
+Alternatively, you can forcefully trigger automatic certificate enrollment using `certreq.exe -autoenroll -q` from an elevated command prompt.
 
-#### Troubleshooting
+Use the event logs to monitor certificate enrollment and archive. Review the configuration, such as publishing certificate templates to issuing certification authority and the allow auto enrollment permissions.
 
-Windows triggers automatic certificate enrollment for the computer during boot, and when Group Policy updates.  You can refresh Group Policy from an elevated command prompt using `gpupdate /force`.
-
-Alternatively, you can forcefully trigger automatic certificate enrollment using `certreq -autoenroll -q` from an elevated command prompt.
-
-Use the event logs to monitor certificate enrollment and archive.  Review the configuration, such as publishing certificate templates to issuing certificate authority and the allow auto enrollment permissions.
-
-
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-2. Validate and Configure Public Key Infrastructure (*You are here*)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
+> [!div class="nextstepaction"]
+> [Next: prepare and deploy AD FS >](hello-cert-trust-adfs.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index 115a1041e1..d19452cbd8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -1,22 +1,20 @@
 ---
-title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment
-description: A guide to on premises, certificate trust Windows Hello for Business deployment.
-ms.date: 08/19/2018
+title: Windows Hello for Business deployment guide for the on-premises certificate trust model
+description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# On Premises Certificate Trust Deployment
+# Deployment guide overview - on-premises certificate trust
 
 [!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
 
-Windows Hello for Business replaces username and password sign-in to Windows with authentication using an asymmetric key pair. This deployment guide provides the information you'll need to successfully deploy Windows Hello for Business in an existing environment.  
-
-Below, you can find all the information needed to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
+Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment:
 
 1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-4. [Validate and Deploy Multi-factor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
+2. [Validate and configure a PKI](hello-cert-trust-validate-pki.md)
+3. [Prepare and deploy AD FS](hello-cert-trust-adfs.md)
+4. [Validate and deploy multi-factor authentication (MFA)](hello-cert-trust-validate-deploy-mfa.md)
+5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
index 6dfcd9f952..34d860c531 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
@@ -1,21 +1,20 @@
 ---
-title: Windows Hello for Business Deployment Guide - On Premises Key Deployment
-description: A guide to on premises, key trust Windows Hello for Business deployment.
-ms.date: 08/20/2018
+title: Windows Hello for Business deployment guide for the on-premises key trust model
+description: Learn how to deploy Windows Hello for Business in an on-premises, key trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# On Premises Key Trust Deployment
+# Deployment guide overview - on-premises key trust
 
 [!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
 
-Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair.  The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.  
-
-Below, you can find all the information you need to deploy Windows Hello for Business in a key trust model in your on-premises environment:
+Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment::
 
 1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md)
-3. [Prepare and Deploy Active Directory Federation Services](hello-key-trust-adfs.md)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
+1. [Validate and configure a PKI](hello-key-trust-validate-pki.md)
+1. [Prepare and deploy AD FS](hello-key-trust-adfs.md)
+1. [Validate and deploy multi-factor authentication (MFA)](hello-key-trust-validate-deploy-mfa.md)
+1. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index af71e186d2..5fe62506a6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -4,22 +4,17 @@ description: Learn how to deploy certificates to cloud Kerberos trust and key tr
 ms.collection: 
   - ContentEngagementFY23
 ms.topic: article
-localizationpriority: medium
 ms.date: 11/15/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.technology: itpro-security
 ---
 
 # Deploy certificates for remote desktop (RDP) sign-in
 
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [cloud Kerberos trust](hello-hybrid-cloud-kerberos-trust.md), [ key trust](hello-how-it-works-technology.md#key-trust)\
-✅ **Device registration type:** [Azure AD join](hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](hello-how-it-works-technology.md#hybrid-azure-ad-join)
-
-<br>
-
+This document describes Windows Hello for Business functionalities or scenarios that apply to:
+- **Deployment type:** [!INCLUDE [hybrid](../../includes/hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [cloud-kerberos](../../includes/hello-trust-cloud-kerberos.md)], [!INCLUDE [key](../../includes/hello-trust-key.md)]
+- **Join type:** [!INCLUDE [hello-join-aadj](../../includes/hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](../../includes/hello-join-hybrid.md)]
 ---
 
 Windows Hello for Business supports using a certificate as the supplied credential, when establishing a remote desktop connection to another Windows device. This document discusses three approaches for *cloud Kerberos trust* and *key trust* deployments, where authentication certificates can be deployed to an existing Windows Hello for Business user:
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index f4456c7110..7d673787ba 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -1,7 +1,7 @@
 ### YamlMime:FAQ
 metadata:
   title: Windows Hello for Business Frequently Asked Questions (FAQ)
-  description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business.   
+  description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business.  
   keywords: identity, PIN, biometric, Hello, passport
   ms.prod: windows-client
   ms.technology: itpro-security
@@ -13,7 +13,6 @@ metadata:
   manager: aaroncz
   ms.reviewer: prsriva
   ms.collection:
-    - M365-identity-device-management
     - highpri
   ms.topic: faq
   localizationpriority: medium
@@ -30,16 +29,16 @@ sections:
     
       - question: What is Windows Hello for Business cloud Kerberos trust?
         answer: |
-          Windows Hello for Business cloud Kerberos trust is a new trust model that is currently in preview. This trust model will enable Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). cloud Kerberos trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [Hybrid cloud Kerberos trust Deployment (Preview)](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust).
+          Windows Hello for Business *cloud Kerberos trust* is a **trust model** that enables Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). Cloud Kerberos trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [cloud Kerberos trust deployment](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust).
 
 
       - question: What about virtual smart cards?
         answer: |
-          Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using Windows 10 and virtual smart cards should move to Windows Hello for Business.  Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends that new Windows 10 deployments use Windows Hello for Business. Virtual smart cards remain supported for Windows 7 and Windows 8.
+          Windows Hello for Business is the modern, two-factor credential for Windows. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using virtual smart cards should move to Windows Hello for Business. Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends that new Windows deployments use Windows Hello for Business.
 
       - question: What about convenience PIN?
         answer: |
-          Microsoft is committed to its vision of a <u>world without passwords.</u> We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends that customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. 
+          While *convenience PIN* provides a convenient way to sign in to Windows, it stills uses a password for authentication. Customers using *convenience PINs* should move to **Windows Hello for Business**. New Windows deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business.
 
       - question: Can I use Windows Hello for Business key trust and RDP?
         answer: |
@@ -57,10 +56,14 @@ sections:
       - question: How many users can enroll for Windows Hello for Business on a single Windows 10 computer?
         answer: |
           The maximum number of supported enrollments on a single Windows 10 computer is 10. This lets 10 users each enroll their face and up to 10 fingerprints. For devices with more than 10 users, we strongly encourage the use of FIDO2 security keys.
+          
+      - question: Can I use Windows Hello for Business credentials in private browser mode or "incognito" mode?
+        answer: |
+          Windows Hello for Business credentials need access to device state, which is not available in private browser mode or incognito mode. Hence it can't be used in private browser or Incognito mode.
 
       - question: How can a PIN be more secure than a password?
         answer: |
-          When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key.  With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key.
+          When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key. With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key.
           The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
 
       - question: What's a container?
@@ -77,7 +80,7 @@ sections:
 
       - question: How does Windows Hello for Business work with Azure AD registered devices?
         answer: |
-          A user will be prompted to set up a Windows Hello for Business key on an Azure AD registered devices  if the feature is enabled by policy. If the user has an existing Windows Hello container, the Windows Hello for Business key will be enrolled in that container and will be protected using their exiting gestures.
+          A user will be prompted to set up a Windows Hello for Business key on an Azure AD registered devices  if the feature is enabled by policy. If the user has an existing Windows Hello container, the Windows Hello for Business key will be enrolled in that container and will be protected using their existing gestures.
 
           If a user has signed into their Azure AD registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
 
@@ -91,7 +94,7 @@ sections:
 
       - question: Can I use a convenience PIN with Azure Active Directory?
         answer: |
-          It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users.
+          It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. However, convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users.
 
       - question: Can I use an external Windows Hello compatible camera when my computer has a built-in Windows Hello compatible camera?
         answer: |
@@ -166,7 +169,7 @@ sections:
 
       - question: Where is Windows Hello biometrics data stored?
         answer: |
-            When you enroll in Windows Hello, a representation of your face called an enrollment profile is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server.  For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored).
+            When you enroll in Windows Hello, a representation of your face called an enrollment profile is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored).
       
       - question: What is the format used to store Windows Hello biometrics data on the device?
         answer: |
@@ -230,9 +233,9 @@ sections:
           
       - question: How does PIN caching work with Windows Hello for Business?
         answer: |
-          Windows Hello for Business provides a PIN caching user experience by using a ticketing system. Rather than caching a PIN, processes cache a ticket they can use to request private key operations. Azure AD and Active Directory sign-in keys are cached under lock. This means the keys remain available for use without prompting, as long as the user is interactively signed-in. Microsoft Account sign-in keys are transactional keys, which means the user is always prompted when accessing the key.  
+          Windows Hello for Business provides a PIN caching user experience by using a ticketing system. Rather than caching a PIN, processes cache a ticket they can use to request private key operations. Azure AD and Active Directory sign-in keys are cached under lock. This means the keys remain available for use without prompting, as long as the user is interactively signed-in. Microsoft Account sign-in keys are transactional keys, which means the user is always prompted when accessing the key. 
           
-          Beginning with Windows 10, version 1709, Windows Hello for Business used as a smart card (smart card emulation that is enabled by default) provides the same user experience of default smart card PIN caching. Each process requesting a private key operation will prompt the user for the PIN on first use. Subsequent private key operations won't prompt the user for the PIN.  
+          Beginning with Windows 10, version 1709, Windows Hello for Business used as a smart card (smart card emulation that is enabled by default) provides the same user experience of default smart card PIN caching. Each process requesting a private key operation will prompt the user for the PIN on first use. Subsequent private key operations won't prompt the user for the PIN. 
           
           The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process doesn't receive the PIN, but rather the ticket that grants them private key operations. Windows 10 doesn't provide any Group Policy settings to adjust this caching.
           
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index 313ef05f54..e1aa2e7acb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -2,7 +2,6 @@
 title: Pin Reset
 description: Learn how Microsoft PIN reset services enable you to help users recover who have forgotten their PIN.
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.date: 07/29/2022
 appliesto: 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index ad5eec8634..7bec9c2543 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -70,6 +70,7 @@ The certificate trust model uses a securely issued certificate based on the user
 - [Deployment type](#deployment-type)
 - [Hybrid Azure AD join](#hybrid-azure-ad-join)
 - [Hybrid deployment](#hybrid-deployment)
+- [Cloud Kerberos trust](#cloud-kerberos-trust)
 - [Key trust](#key-trust)
 - [On-premises deployment](#on-premises-deployment)
 - [Trust type](#trust-type)
@@ -102,6 +103,26 @@ In Windows 10 and Windows 11, cloud experience host is an application used while
 
 [Windows Hello for Business and device registration](./hello-how-it-works-device-registration.md)
 
+## Cloud Kerberos trust
+
+The cloud Kerberos trust model offers a simplified deployment experience, when compared to the other trust types.\
+With cloud Kerberos trust, there's no need to deploy certificates to the users or to the domain controllers, which is ideal for environments without an existing PKI.
+
+Giving the simplicity offered by this model, cloud Kerberos trust is the recommended model when compared to the key trust model. It is also the preferred deployment model if you do not need to support certificate authentication scenarios.
+
+### Related to cloud Kerberos trust
+
+- [Deployment type](#deployment-type)
+- [Hybrid Azure AD join](#hybrid-azure-ad-join)
+- [Hybrid deployment](#hybrid-deployment)
+- [Key trust](#key-trust)
+- [On-premises deployment](#on-premises-deployment)
+- [Trust type](#trust-type)
+
+### More information about cloud Kerberos trust
+
+[Cloud Kerberos trust deployment](hello-hybrid-cloud-kerberos-trust.md)
+
 ## Deployment type
 
 Windows Hello for Business has three deployment models to accommodate the needs of different organizations. The three deployment models include:
@@ -223,6 +244,7 @@ The key trust model uses the user's Windows Hello for Business identity to authe
 
 ### Related to key trust
 
+- [Cloud Kerberos trust](#cloud-kerberos-trust)
 - [Certificate trust](#certificate-trust)
 - [Deployment type](#deployment-type)
 - [Hybrid Azure AD join](#hybrid-azure-ad-join)
@@ -314,6 +336,7 @@ The trust type determines how a user authenticates to the Active Directory to ac
 
 ### Related to trust type
 
+- [Cloud Kerberos trust](#cloud-kerberos-trust)
 - [Certificate trust](#certificate-trust)
 - [Hybrid deployment](#hybrid-deployment)
 - [Key trust](#key-trust)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 1b222da4f8..e8e87a1d23 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -297,7 +297,7 @@ Sign in a certificate authority or management workstations with _Domain Admin eq
 
 3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
 
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certificate Recipient** list.
 
 5. On the **General** tab, type **AADJ WHFB Authentication** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise's needs.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 98725d74b3..2b43ffad0a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -37,7 +37,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 
 3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
 
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certificate Recipient** list.
 
 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise's needs.
 
@@ -103,7 +103,7 @@ Sign-in to a certificate authority or management workstation with _Domain Admin_
 
 3. In the **Certificate Template Console**, right click on the **Exchange Enrollment Agent (Offline request)** template details pane and click **Duplicate Template**.
 
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certificate Recipient** list.
 
 5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise's needs.
 
@@ -134,7 +134,7 @@ Sign-in to a certificate authority or management workstation with *Domain Admin*
 
 3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent (Offline request)** template in the details pane and click **Duplicate Template**.
 
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certificate Recipient** list.
 
 5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise's needs.
 
@@ -160,7 +160,7 @@ Sign-in to a certificate authority or management workstation with _Domain Admin
 
 3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
 
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certificate Recipient** list.
 
 5. On the **General** tab, type **WHFB Authentication** or your choice of template name in **Template display name**. Note the short template name for later use with CertUtil. Adjust the validity and renewal period to meet your enterprise's needs.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
index d8063e6127..ebcff732f3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@@ -1,16 +1,16 @@
 ---
-title: Hybrid cloud Kerberos trust deployment (Windows Hello for Business)
-description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario.
+title: Windows Hello for Business Cloud Kerberos trust deployment
+description: Learn how to deploy Windows Hello for Business in a cloud Kerberos trust scenario.
 ms.date: 11/1/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10, version 21H2 and later</a>
 ms.topic: article
 ---
-# Hybrid cloud Kerberos trust deployment
+# Cloud Kerberos trust deployment
 
 [!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cloudkerb-trust.md)]
 
-Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario.
+Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to successfully deploy Windows Hello for Business in a cloud Kerberos trust scenario.
 
 ## Introduction to cloud Kerberos trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
index a824e822fe..9e36481b2a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@@ -33,7 +33,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 1. Open the **Certificate Authority** management console.
 2. Right-click **Certificate Templates** and click **Manage**.
 3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certificate Recipient** list.
 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise's needs.
    > [!NOTE]
    > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 37b6335a50..e1ed3396b6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -2,11 +2,11 @@
 title: Windows Hello for Business Deployment Prerequisite Overview
 description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
 ms.collection: 
-  - M365-identity-device-management
-  - highpri
-ms.date: 2/15/2022
-appliesto: 
+- highpri
+ms.date: 12/13/2022
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.topic: article
 ---
 
@@ -16,11 +16,10 @@ This article lists the infrastructure requirements for the different deployment
 
 ## Azure AD Cloud Only Deployment
 
-* Microsoft Azure Account
-* Azure Active Directory
-* Azure AD Multifactor Authentication
-* Modern Management (Intune or supported third-party MDM), *optional*
-* Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory
+- Azure Active Directory
+- Azure AD Multifactor Authentication
+- Device management solution (Intune or supported third-party MDM), *optional*
+- Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory
 
 ## Hybrid Deployments
 
@@ -28,44 +27,26 @@ The table shows the minimum requirements for each deployment. For key trust in a
 
 | Requirement | cloud Kerberos trust<br/>Group Policy or Modern managed | Key trust<br/>Group Policy or Modern managed | Certificate Trust<br/>Mixed managed | Certificate Trust<br/>Modern managed | 
 | --- | --- | --- | --- | --- |
-| **Windows Version** | Windows 10, version 21H2 with KB5010415; Windows 11 with KB5010414; or later | Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**<br>  *Minimum:* Windows 10, version 1703<br>  *Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).<br/>**Azure AD Joined:**<br>  Windows 10, version 1511 or later| Windows 10, version 1511 or later |
-| **Schema Version** | No specific Schema requirement | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema |
+| **Windows Version** | Any supported Windows client versions| Any supported Windows client versions | Any supported Windows client versions |
+| **Schema Version** | No specific Schema requirement | Windows Server 2016 or later schema | Windows Server 2016 or later schema | Windows Server 2016 or later schema |
 | **Domain and Forest Functional Level** | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
-| **Domain Controller Version** | Windows Server 2016 or later | Windows Server 2016 or later | Windows Server 2008 R2 or later | Windows Server 2008 R2 or later  |
-| **Certificate Authority**| N/A | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
-| **AD FS Version** | N/A | N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients managed by Group Policy),<br> and<br/>Windows Server 2012 or later Network Device Enrollment Service (hybrid Azure AD joined & Azure AD joined managed by MDM) | Windows Server 2012 or later Network Device Enrollment Service |
-| **MFA Requirement** | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter |
+| **Domain Controller Version** | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions  |
+| **Certificate Authority**| N/A |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
+| **AD FS Version** | N/A | N/A | Any supported Windows Server versions | Any supported Windows Server versions |
+| **MFA Requirement** | Azure MFA, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter |
 | **Azure AD Connect** | N/A | Required | Required | Required |
 | **Azure AD License** | Azure AD Premium, optional | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional. Intune license required |
 
-> [!Important]
-> - Hybrid deployments support non-destructive PIN reset that works with Certificate Trust, Key Trust and cloud Kerberos trust models.
->
->   **Requirements:**
->   - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
->   - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
->
-> - On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.
->
->   **Requirements:**
->   - Reset from settings - Windows 10, version 1703, Professional
->   - Reset above lock screen - Windows 10, version 1709, Professional
->   - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
-
 ## On-premises Deployments
 
 The table shows the minimum requirements for each deployment.
 
 | Key trust <br/> Group Policy managed | Certificate trust <br/> Group Policy managed|
 | --- | --- |
-| Windows 10, version 1703 or later | Windows 10, version 1703 or later |
+|Any supported Windows client versions|Any supported Windows client versions|
 | Windows Server 2016 Schema | Windows Server 2016 Schema|
 | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
-| Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
-| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
-| Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) |
-| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |
-| Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |
-
-> [!IMPORTANT]
-> For Windows Hello for Business key trust deployments, if you have several domains, at least one Windows Server Domain Controller 2016 or newer is required for each domain. For more information, see the [planning guide](./hello-adequate-domain-controllers.md).
+| Any supported Windows Server versions  | Any supported Windows Server versions |
+| Any supported Windows Server versions  | Any supported Windows Server versions  |
+| Any supported Windows Server versions  | Any supported Windows Server versions  |
+| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index 4a8dc18965..b08abdb82d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -1,337 +1,261 @@
 ---
-title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business)
-description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust.
-ms.date: 08/19/2018
+title: Prepare and deploy Active Directory Federation Services in an on-premises key trust
+description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business key trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust
+# Prepare and deploy Active Directory Federation Services - on-premises key trust
 
 [!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
 
-Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration.
+Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS) role included with Windows Server. The on-premises key trust deployment model uses AD FS for *key registration* and *device registration*.
 
-The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
+The following guidance describes the deployment of a new instance of AD FS using the Windows Information Database (WID) as the configuration database.\
+WID is ideal for environments with no more than **30 federation servers** and no more than **100 relying party trusts**. If your environment exceeds either of these factors, or needs to provide *SAML artifact resolution*, *token replay detection*, or needs AD FS to operate as a federated provider role, then the deployment requires the use of SQL as a configuration database.\
+To deploy AD FS using SQL as its configuration database, review the [Deploying a Federation Server Farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist.
 
-If your environment exceeds either of these factors or needs to provide SAML artifact resolution, token replay detection, or needs Active Directory Federation Services to operate in a federated provider role, then your deployment needs to use a SQL for your configuration database. To deploy the Active Directory Federation Services using SQL as its configuration database, please review the [Deploying a Federation Server Farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist.
+A new AD FS farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
 
-If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update. If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment. If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment.
+Prepare the AD FS deployment by installing and **updating** two Windows Servers.
 
-Ensure you apply the Windows Server 2016 Update to all nodes in the farm after you have successfully completed the upgrade. 
+## Enroll for a TLS server authentication certificate
 
-A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
+Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity.
 
-Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. 
+The AD FS role needs a *server authentication* certificate for the federation services, and you can use a certificate issued by your enterprise (internal) CA. The server authentication certificate should have the following names included in the certificate, if you are requesting an individual certificate for each node in the federation farm:
+ - **Subject Name**: the internal FQDN of the federation server
+ - **Subject Alternate Name**: the federation service name (e.g. *sts.corp.contoso.com*) or an appropriate wildcard entry (e.g. *\*.corp.contoso.com*)
 
-## Update Windows Server 2016
+The federation service name is set when the AD FS role is configured. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server *adfs* and the federation service *sts*. In this example, the FQDN of the host is *adfs.corp.contoso.com* and the FQDN of the federation service is *sts.corp.contoso.com*.
 
-Sign-in the federation server with _local admin_ equivalent credentials.
-1. Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If you’re not using Windows Update for updates, please review the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed.
-2. Ensure the latest server updates to the federation server includes [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889).
+You can also issue one certificate for all hosts in the farm. If you chose this option, leave the subject name *blank*, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name.
+
+When creating a wildcard certificate, mark the private key as exportable, so that the same certificate can be deployed across each federation server and web application proxy within the AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm.
+
+Be sure to enroll or import the certificate into the AD FS server's computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
+
+### AD FS authentication certificate enrollment
+
+Sign-in the federation server with *domain administrator* equivalent credentials.
+
+1. Start the Local Computer **Certificate Manager** (certlm.msc)
+1. Expand the **Personal** node in the navigation pane
+1. Right-click **Personal**. Select **All Tasks > Request New Certificate**
+1. Select **Next** on the **Before You Begin** page
+1. Select **Next** on the **Select Certificate Enrollment Policy** page
+1. On the **Request Certificates** page, select the **Internal Web Server** check box
+1. Select the **⚠️ More information is required to enroll for this certificate. Click here to configure settings** link
+    :::image type="content" source="images/hello-internal-web-server-cert.png" lightbox="images/hello-internal-web-server-cert.png" alt-text="Example of Certificate Properties Subject Tab - This is what shows when you select the above link.":::
+1. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the AD FS role and then select **Add**
+1. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name that you will use for your federation services (*sts.corp.contoso.com*). The name you use here MUST match the name you use when configuring the AD FS server role. Select **Add** and **OK** when finished
+1. Select **Enroll**
+
+A server authentication certificate should appear in the computer's personal certificate store.
+
+## Deploy the AD FS role
+
+AD FS provides *device registration* and *key registration* services to support the Windows Hello for Business on-premises deployments.
 
 >[!IMPORTANT]
->The above referenced updates are mandatory for Windows Hello for Business all on-premises deployment and hybrid certificate trust deployments for domain joined computers.
+> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm. Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm.
 
-## Enroll for a TLS Server Authentication Certificate
+Sign-in the federation server with *Enterprise Administrator* equivalent credentials.
 
-Key trust Windows Hello for Business on-premises deployments need a federation server for device registration and key registration. Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity. 
+1. Start **Server Manager**. Select **Local Server** in the navigation pane
+1. Select **Manage > Add Roles and Features**
+1. Select **Next** on the **Before you begin** page
+1. On the **Select installation type** page, select **Role-based or feature-based installation > Next**
+1. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list and **Next**
+1. On the **Select server roles** page, select **Active Directory Federation Services** and **Next**
+1. Select **Next** on the **Select features** page
+1. Select **Next** on the **Active Directory Federation Service** page
+1. Select **Install** to start the role installation
 
-The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority. The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm:
-* Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS)
-* Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com)
-
-You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**. The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com.
-
-You can, however, issue one certificate for all hosts in the farm. If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name. 
-
-When creating a wildcard certificate, it is recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm. 
-
-Be sure to enroll or import the certificate into the AD FS server’s computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
-
-### Internal Server Authentication Certificate Enrollment
-
-Sign-in the federation server with domain administrator equivalent credentials.
-1. Start the Local Computer **Certificate Manager** (certlm.msc).
-2. Expand the **Personal** node in the navigation pane.
-3. Right-click **Personal**. Select **All Tasks** and **Request New Certificate**.
-4. Click **Next** on the **Before You Begin** page.
-5. Click **Next** on the **Select Certificate Enrollment Policy** page.
-6. On the **Request Certificates** page, Select the **Internal Web Server** check box.
-7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link   
-    ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link.](images/hello-internal-web-server-cert.png)
-8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Click **OK** when finished.
-9. Click **Enroll**.
-
-A server authentication certificate should appear in the computer’s Personal certificate store.
-
-## Deploy the Active Directory Federation Service Role
-
-The Active Directory Federation Service (AD FS) role provides the following services to support Windows Hello for Business on-premises deployments.
-* Device registration
-* Key registration 
-
->[!IMPORTANT]
-> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm. Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. 
-
-Windows Hello for Business depends on proper device registration. For on-premises key trust deployments, Windows Server 2016 AD FS handles device and key registration.
-
-Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
-1. Start **Server Manager**. Click **Local Server** in the navigation pane.
-2. Click **Manage** and then click **Add Roles and Features**.
-3. Click **Next** on the **Before you begin** page.
-4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
-5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**.
-6. On the **Select server roles** page, select **Active Directory Federation Services**. Click **Next**.
-7. Click **Next** on the **Select features** page.
-8. Click **Next** on the **Active Directory Federation Service** page.
-9. Click **Install** to start the role installation.
-
-## Review to validate
+## Review to validate the AD FS deployment
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm the AD FS farm uses the correct database configuration.
-* Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load.
-* Confirm **all** AD FS servers in the farm have the latest updates.
-* Confirm all AD FS servers have a valid server authentication certificate    
-    * The subject of the certificate is the common name (FQDN) of the host or a wildcard name.
-    * The alternate name of the certificate contains a wildcard or the FQDN of the federation service
 
-## Device Registration Service Account Prerequisite
+> [!div class="checklist"]
+> * Confirm the AD FS farm uses the correct database configuration
+> * Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load
+> * Confirm **all** AD FS servers in the farm have the latest updates installed
+> * Confirm all AD FS servers have a valid server authentication certificate
 
-The service account used for the device registration server depends on the domain controllers in the environment.
+## Device registration service account prerequisites
 
->[!NOTE]
->Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+The use of Group Managed Service Accounts (GMSA) is the preferred way to deploy service accounts for services that support them. GMSAs have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. AD FS supports GMSAs, and it should be configured using them for additional security.
 
-### Windows Server 2012 or later Domain Controllers
+GSMA uses the *Microsoft Key Distribution Service* that is located on the domain controllers. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA.
 
-Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA, have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security.
+### Create KDS Root Key
 
-GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA.
+Sign-in a domain controller with *Enterprise Administrator* equivalent credentials.
 
-#### Create KDS Root Key
-
-Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.
-1. Start an elevated Windows PowerShell console.
-2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`
-
-### Windows Server 2008 or 2008 R2 Domain Controllers
-
-Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use or create a normal user account as a service account where you are responsible for changing the password on a regular basis.
-
-#### Create an AD FS Service Account
-
-Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
-1. Open **Active Directory Users and Computers**.
-2. Right-click the **Users** container, Click **New**. Click **User**.
-3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box. Type **adfssvc** in the **User logon name** text box. Click **Next**.
-4. Enter and confirm a password for the **adfssvc** user. Clear the **User must change password at next logon** check box.
-5. Click **Next** and then click **Finish**.
+Start an elevated PowerShell console and execute the following command:
+```PowerShell
+Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)
+```
 
 ## Configure the Active Directory Federation Service Role
 
->[!IMPORTANT]
->Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+Use the following procedures to configure AD FS.
 
-### Windows Server 2016, 2012 R2 or later Domain Controllers
+Sign-in to the federation server with *Domain Administrator* equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm.
 
-Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**. If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section.
+1. Start **Server Manager**
+1. Select the notification flag in the upper right corner and select **Configure the federation services on this server**
+1. On the **Welcome** page, select **Create the first federation server farm > Next**
+1. On the **Connect to Active Directory Domain Services** page, select **Next**
+1. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *sts.corp.contoso.com*
+1. Select the federation service name from the **Federation Service Name** list
+1. Type the *Federation Service Display Name* in the text box. This is the name users see when signing in. Select **Next**
+1. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type *adfssvc*
+1. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and select **Next**
+1. On the **Review Options** page, select **Next**
+1. On the **Pre-requisite Checks** page, select **Configure**
+1. When the process completes, select **Close**
 
-Sign-in the federation server with _Domain Admin_ equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm.
-1. Start **Server Manager**.
-2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. 
-   ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png)
+### Add the AD FS service account to the *Key Admins* group
 
-3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
-4. Click **Next** on the **Connect to Active Directory Domain Services** page.
-5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*.
-6. Select the federation service name from the **Federation Service Name** list.
-7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**.
-8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type **adfssvc**.
-9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
-10. On the **Review Options** page, click **Next**.
-11. On the **Pre-requisite Checks** page, click **Configure**.
-12. When the process completes, click **Close**.
+During Windows Hello for Business enrollment, the public key is registered in an attribute of the user object in Active Directory. To ensure that the AD FS service can add and remove keys are part of its normal workflow, it must be a member of the *Key Admins* global group.
 
-### Windows Server 2008 or 2008 R2 Domain Controllers
+Sign-in to a domain controller or management workstation with *Domain Administrator* equivalent credentials.
 
-Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**. If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section.
+1. Open **Active Directory Users and Computers**
+1. Select the **Users** container in the navigation pane
+1. Right-click **Key Admins** in the details pane and select **Properties**
+1. Select the **Members > Add…**
+1. In the **Enter the object names to select** text box, type *adfssvc*. Select **OK**
+1. Select **OK** to return to **Active Directory Users and Computers**
+1. Change to server hosting the AD FS role and restart it
 
-Sign-in the federation server with _Domain Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
-1. Start **Server Manager**.
-2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**.
-    ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png)
+## Configure the device registration service
 
-3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
-4. Click **Next** on the **Connect to Active Directory Domain Services** page.
-5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as fs.corp.mstepdemo.net or fs.mstepdemo.net.
-6. Select the federation service name from the **Federation Service Name** list.
-7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**.
-8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**. 
-    * In the **Select User or Service Account** dialog box, type the name of the previously created AD FS service account (example adfssvc) and click **OK**. Type the password for the AD FS service account and click **Next**.
-9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
-10. On the **Review Options** page, click **Next**.
-11. On the **Pre-requisite Checks** page, click **Configure**.
-12. When the process completes, click **Close**.
-13. Do not restart the AD FS server. You will do this later.
+Sign-in to the federation server with *Enterprise Administrator* equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
 
+1. Open the **AD FS management** console
+1. In the navigation pane, expand **Service**. Select **Device Registration**
+1. In the details pane, select **Configure device registration**
+1. In the **Configure Device Registration** dialog, Select **OK**
 
-### Add the AD FS Service account to the KeyAdmins group
+:::image type="content" source="images/adfs-device-registration.png" lightbox="images/adfs-device-registration.png"  alt-text="AD FS device registration: configuration of the service connection point.":::
 
-The KeyAdmins global group provides the AD FS service with the permissions needed to perform key registration.
+Triggering device registration from AD FS, creates the service connection point (SCP) in the Active Directory configuration partition. The SCP is used to store the device registration information that Windows clients will automatically discover.
 
-Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
-1. Open **Active Directory Users and Computers**.
-2. Click the **Users** container in the navigation pane.
-3. Right-click **KeyAdmins** in the details pane and click **Properties**.
-4. Click the **Members** tab and click **Add…**
-5. In the **Enter the object names to select** text box, type **adfssvc**. Click **OK**.
-6. Click **OK** to return to **Active Directory Users and Computers**.
-7. Change to server hosting the AD FS role and restart it.
+:::image type="content" source="images/adfs-scp.png" lightbox="images/adfs-scp.png" alt-text="AD FS device registration: service connection point object created by AD FS.":::
 
-
-## Configure the Device Registration Service
-
-Sign-in the federation server with _Enterprise Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
-1. Open the **AD FS management** console.
-2. In the navigation pane, expand **Service**. Click **Device Registration**.
-3. In the details pane, click **Configure Device Registration**.
-4. In the **Configure Device Registration** dialog, click **OK**.
-
-## Review and validate
+## Review to validate the AD FS and Active Directory configuration
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you followed the correct procedures based on the domain controllers used in your deployment   
-    * Windows Server 2016, 2012 R2 or Windows Server 2012 R2
-    * Windows Server 2008 or Windows Server 2008 R2
-* Confirm you have the correct service account based on your domain controller version.
-* Confirm you properly installed the AD FS role on your Windows Server 2016 based on the proper sizing of your federation, the number of relying parties, and database needs.
-* Confirm you used a certificate with the correct names as the server authentication certificate
-    * Record the expiration date of the certificate and set a renewal reminder at least six weeks before it expires that includes the:
-        * Certificate serial number
-        * Certificate thumbprint
-        * Common name of the certificate
-        * Subject alternate name of the certificate
-        * Name of the physical host server
-        * The issued date
-        * The expiration date
-        * Issuing CA Vendor (if a third-party certificate) 
-* Confirm you added the AD FS service account to the KeyAdmins group.
-* Confirm you enabled the Device Registration service.
 
+> [!div class="checklist"]
+> * Record the information about the AD FS certificate, and set a renewal reminder at least six weeks before it expires. Relevant information includes: certificate serial number, thumbprint, common name, subject alternate name, name of the physical host server, the issued date, the expiration date, and issuing CA vendor (if a third-party certificate)
+> * Confirm you added the AD FS service account to the KeyAdmins group
+> * Confirm you enabled the Device Registration service
 
-## Additional Federation Servers
+## Additional federation servers
 
-Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm. 
+Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm.
 
-### Server Authentication Certificate
+### Server authentication certificate
 
 Each server you add to the AD FS farm must have a proper server authentication certificate. Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate. As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities.
 
-### Install Additional Servers
+### Install additional servers
 
-Adding federation servers to the existing AD FS farm begins with ensuring the server are fully patched, to include Windows Server 2016 Update needed to support Windows Hello for Business deployments (https://aka.ms/whfbadfs1703). Next, install the Active Directory Federation Service role on the additional servers and then configure the server as an additional server in an existing farm. 
+Adding federation servers to the existing AD FS farm begins with ensuring the server are fully patched, to include Windows Server 2016 Update needed to support Windows Hello for Business deployments (https://aka.ms/whfbadfs1703). Next, install the Active Directory Federation Service role on the additional servers and then configure the server as an additional server in an existing farm.
 
-## Load Balance AD FS Federation Servers
+## Load balance AD FS
 
 Many environments load balance using hardware devices. Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm. Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced.
 
 ### Install Network Load Balancing Feature on AD FS Servers
 
-Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
-1. Start **Server Manager**. Click **Local Server** in the navigation pane.
-2. Click **Manage** and then click **Add Roles and Features**.
-3. Click **Next** On the **Before you begin** page.
-4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
-5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**.
-6. On the **Select server roles** page, click **Next**.
-7. Select **Network Load Balancing** on the **Select features** page.
-8. Click **Install** to start the feature installation   
-    ![Feature selection screen with NLB selected.](images/hello-nlb-feature-install.png)
+Sign-in the federation server with *Enterprise Administrator* equivalent credentials.
+
+1. Start **Server Manager**. Select **Local Server** in the navigation pane
+1. Select **Manage** and then select **Add Roles and Features**
+1. Select **Next** On the **Before you begin** page
+1. On the **Select installation type** page, select **Role-based or feature-based installation** and select **Next**
+1. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Select **Next**
+1. On the **Select server roles** page, select **Next**
+1. Select **Network Load Balancing** on the **Select features** page
+1. Select **Install** to start the feature installation
 
 ### Configure Network Load Balancing for AD FS
 
 Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster. Once you have created the cluster, then you can add new nodes to that cluster.
 
-Sign-in a node of the federation farm with _Admin_ equivalent credentials.
-1. Open **Network Load Balancing Manager** from **Administrative Tools**. 
-    ![NLB Manager user interface.](images/hello-nlb-manager.png)
-2. Right-click **Network Load Balancing Clusters**, and then click **New Cluster**.
-3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**. 
-    ![NLB Manager - Connect to new Cluster screen.](images/hello-nlb-connect.png)
-4. Select the interface that you want to use with the cluster, and then click **Next**. (The interface hosts the virtual IP address and receives the client traffic to load balance.)
-5. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Click **Next**.
-6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**. 
-    ![NLB Manager - Add IP to New Cluster screen.](images/hello-nlb-add-ip.png)
-7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster. 
-    ![NLB Manager - Cluster IP Configuration screen.](images/hello-nlb-cluster-ip-config.png)
-8. In **Cluster operation mode**, click **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Click **Next**.
-9. In Port Rules, click Edit to modify the default port rules to use port 443. 
-    ![NLB Manager - Add\Edit Port Rule screen.](images/hello-nlb-cluster-port-rule.png)
+Sign-in a node of the federation farm with *Administrator* equivalent credentials.
+
+1. Open **Network Load Balancing Manager** from **Administrative Tools**
+1. Right-click **Network Load Balancing Clusters**, and then select **New Cluster**
+1. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then select **Connect**
+1. Select the interface that you want to use with the cluster, and then select **Next** (the interface hosts the virtual IP address and receives the client traffic to load balance)
+1. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Select **Next**
+1. In **Cluster IP Addresses**, select **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Select **Next**
+1. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster
+1. In **Cluster operation mode**, select **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Select **Next**
+1. In Port Rules, select Edit to modify the default port rules to use port 443
 
 ### Additional AD FS Servers
 
-1. To add more hosts to the cluster, right-click the new cluster, and then click **Add Host to Cluster**.
-2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same. 
-    ![NLB Manager - Cluster with nodes.](images/hello-nlb-cluster.png)
+1. To add more hosts to the cluster, right-click the new cluster, and then select **Add Host to Cluster**
+1. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same
 
 ## Configure DNS for Device Registration
 
-Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials. You’ll need the Federation service name to complete this task. You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
-1. Open the **DNS Management** console.
-2. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**.
-3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
-4. In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**.
-5. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Click **Add Host**. 
-6. Right-click the `domain_name` node and select **New Alias (CNAME)**.
-7. In the **New Resource Record** dialog box, type "enterpriseregistration" in the **Alias** name box.
-8. In the **fully qualified domain name (FQDN)** of the target host box, type `federation_service_farm_name.domain_name.com`, and click OK.
-9. Close the DNS Management console.
+Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials.\
+You'll need the *federation service* name to complete this task. You can view the federation service name by selecting **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
+
+1. Open the **DNS Management** console
+1. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**
+1. In the navigation pane, select the node that has the name of your internal Active Directory domain name
+1. In the navigation pane, right-click the domain name node and select **New Host (A or AAAA)**
+1. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Select **Add Host**
+1. Right-click the `<domain_name>` node and select **New Alias (CNAME)**
+1. In the **New Resource Record** dialog box, type `enterpriseregistration` in the **Alias** name box
+1. In the **fully qualified domain name (FQDN)** of the target host box, type `federation_service_farm_name.<domain_name_fqdn`, and select OK
+1. Close the DNS Management console
 
 > [!NOTE]
-> If your forest has multiple UPN suffixes, please make sure that `enterpriseregistration.upnsuffix.com` is present for each suffix.
+> If your forest has multiple UPN suffixes, please make sure that `enterpriseregistration.<upnsuffix_fqdn>` is present for each suffix.
 
 ## Configure the Intranet Zone to include the federation service
 
-The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. 
+The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication.
 
 ### Create an Intranet Zone Group Policy
 
 Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials
 1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**
-4. Type **Intranet Zone Settings** in the name box and click **OK**.
-5. In the content pane, right-click the **Intranet Zone Settings** Group Policy object and click **Edit**.
-6. In the navigation pane, expand **Policies** under **Computer Configuration**.
-7. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel**, and select **Security Page**.
-8. In the content pane, double-click **Site to Zone Assignment List**. Click **Enable**.
-9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Click OK twice, then close the Group Policy Management Editor.
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Right-click **Group Policy object** and select **New**
+1. Type **Intranet Zone Settings** in the name box and select **OK**
+1. In the content pane, right-click the **Intranet Zone Settings** Group Policy object and select **Edit**
+1. In the navigation pane, expand **Policies** under **Computer Configuration**
+1. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel >Security Page**. Open **Site to Zone Assignment List**
+1. Select **Enable > Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Select OK twice, then close the Group Policy Management Editor
 
 ### Deploy the Intranet Zone Group Policy object
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
-2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO…**
-3. In the **Select GPO** dialog box, select **Intranet Zone Settings** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
+1. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and select **Link an existing GPO…**
+1. In the **Select GPO** dialog box, select **Intranet Zone Settings** or the name of the Windows Hello for Business Group Policy object you previously created and select **OK**
 
-## Review
+## Review to validate the configuration
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm all AD FS servers have a valid server authentication certificate    
-    * The subject of the certificate is the common name (FQDN) of the host or a wildcard name.
-    * The alternate name of the certificate contains a wildcard or the FQDN of the federation service
-* Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load.
-* Confirm **all** AD FS servers in the farm have the latest updates.
-* Confirm you restarted the AD FS service.
-* Confirm you created a DNS A Record for the federation service and the IP address used is the load-balanced IP address
-* Confirm you created and deployed the Intranet Zone settings to prevent double authentication to the federation server.
 
+> [!div class="checklist"]
+> * Confirm all AD FS servers have a valid server authentication certificate. The subject of the certificate is the common name (FQDN) of the host or a wildcard name. The alternate name of the certificate contains a wildcard or the FQDN of the federation service
+> * Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load
+> * Confirm you restarted the AD FS service
+> * Confirm you created a DNS A Record for the federation service and the IP address used is the load-balanced IP address
+> * Confirm you created and deployed the Intranet Zone settings to prevent double authentication to the federation server
 
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-
-1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md)
-3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
+> [!div class="nextstepaction"]
+> [Next: validate and deploy multi-factor authentication (MFA)](hello-key-trust-validate-deploy-mfa.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index c618365d4e..03e7dbfe38 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -1,71 +1,70 @@
 ---
-title: Configure Windows Hello for Business Policy settings - key trust
-description: Configure Windows Hello for Business Policy settings for Windows Hello for Business
-ms.date: 08/19/2018
+title: Configure Windows Hello for Business Policy settings in an on-premises key trust
+description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Configure Windows Hello for Business Policy settings - Key Trust
+# Configure Windows Hello for Business group policy settings - on-premises key trust
 
 [!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
 
-To run the Group Policy Management Console from a Windows client, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
+On-premises key trust deployments of Windows Hello for Business need one Group Policy setting: *Enable Windows Hello for Business*.
+The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
 
-Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows client installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information.
+If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business.
 
-On-premises certificate-based deployments of Windows Hello for Business needs one Group Policy setting:  Enable Windows Hello for Business
+## Enable Windows Hello for Business group policy setting
 
-## Enable Windows Hello for Business Group Policy
+The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
 
-The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users. 
+If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business .
 
-If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. For these settings to be configured using GPO, you need to download and install the latest Administrative Templates (.admx) for Windows.
+## Create the GPO
 
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
-## Create the Windows Hello for Business Group Policy object
-
-The Group Policy object contains the policy settings needed to trigger Windows Hello for Business provisioning and to ensure Windows Hello for Business authentication certificates are automatically renewed.
 1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**.
-4. Type *Enable Windows Hello for Business* in the name box and click **OK**.
-5. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
-6. In the navigation pane, expand **Policies** under **User Configuration**.
-7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.
-8. In the content pane, double-click **Use Windows Hello for Business**. Click **Enable** and click **OK**.
-9. Close the **Group Policy Management Editor**.
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Right-click **Group Policy object** and select **New**
+1. Type *Enable Windows Hello for Business* in the name box and select **OK**
+1. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and select **Edit**
+1. In the navigation pane, select **User Configuration > Policies > **Administrative Templates > Windows Component > Windows Hello for Business**
+1. In the content pane, double-click **Use Windows Hello for Business**. Select **Enable** and **OK**
+1. Close the **Group Policy Management Editor**
 
-## Configure Security in the Windows Hello for Business Group Policy object
+## Configure security in the Windows Hello for Business GPO
 
 The best way to deploy the Windows Hello for Business Group Policy object is to use security group filtering. The enables you to easily manage the users that should receive Windows Hello for Business by simply adding them to a group. This enables you to deploy Windows Hello for Business in phases.
+
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
+
 1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Double-click the **Enable Windows Hello for Business** Group Policy object.
-4. In the **Security Filtering** section of the content pane, click **Add**.  Type *Windows Hello for Business Users* or the name of the security group you previously created and click **OK**.
-5. Click the **Delegation** tab. Select **Authenticated Users** and click **Advanced**.
-6. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Click **OK**.
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Double-click the **Enable Windows Hello for Business** Group Policy object
+1. In the **Security Filtering** section of the content pane, select **Add**.  Type *Windows Hello for Business Users* or the name of the security group you previously created and select **OK**
+1. Select the **Delegation** tab. Select **Authenticated Users** and **Advanced**
+1. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Select **OK**
 
 ## Deploy the Windows Hello for Business Group Policy object
 
-The application of the Windows Hello for Business Group Policy object uses security group filtering.  This enables you to link the Group Policy object at the domain, ensuring the Group Policy object is within scope to all users. However, the security group filtering ensures only the users included in the *Windows Hello for Business Users* global group receive and apply the Group Policy object, which results in the provisioning of Windows Hello for Business.
-1. Start the **Group Policy Management Console** (gpmc.msc)
-2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO…**
-3. In the **Select GPO** dialog box, select **Enable Windows Hello for Business** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
+The application of the Windows Hello for Business Group Policy object uses security group filtering. This solution enables you to link the Group Policy object at the domain level, ensuring the GPO is within scope to all users. However, the security group filtering ensures that only the users included in the *Windows Hello for Business Users* global group receive and apply the Group Policy object, which results in the provisioning of Windows Hello for Business.
 
-Just to reassure, linking the **Windows Hello for Business** Group Policy object to the domain ensures the Group Policy object is in scope for all domain users. However, not all users will have the policy settings applied to them. Only users who are members of the Windows Hello for Business group receive the policy settings. All others users ignore the Group Policy object. 
+1. Start the **Group Policy Management Console** (gpmc.msc)
+1. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and select **Link an existing GPO…**
+1. In the **Select GPO** dialog box, select **Enable Windows Hello for Business** or the name of the Windows Hello for Business Group Policy object you previously created and select **OK**
 
 ## Other Related Group Policy settings
 
-### Windows Hello for Business
-
 There are other Windows Hello for Business policy settings you can configure to manage your Windows Hello for Business deployment.  These policy settings are computer-based policy setting; so they are applicable to any user that sign-in from a computer with these policy settings. 
 
 ### Use a hardware security device
 
-The default configuration for Windows Hello for Business is to prefer hardware protected credentials; however, not all computers are able to create hardware protected credentials.  When Windows Hello for Business enrollment encounters a computer that cannot create a hardware protected credential, it will create a software-based credential.
+The default configuration for Windows Hello for Business is to prefer hardware protected credentials; however, not all computers are able to create hardware protected credentials. When Windows Hello for Business enrollment encounters a computer that cannot create a hardware protected credential, it will create a software-based credential.
 
-You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials.  Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
+You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
 
 Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
 
@@ -73,47 +72,37 @@ Another policy setting becomes available when you enable the **Use a hardware se
 
 Windows Hello for Business provides a great user experience when combined with the use of biometrics.  Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security.  
 
-The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers.  The policy setting disabled all biometrics.  Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition.
+The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disables all biometrics. Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition.
 
 ### PIN Complexity
 
-PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
+PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed.
 
-Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
-* Require digits
-* Require lowercase letters
-* Maximum PIN length
-* Minimum PIN length
-* Expiration
-* History
-* Require special characters
-* Require uppercase letters
+Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically. The policy settings included are:
 
-In the Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under Administrative Templates\System\PIN Complexity under both the Computer and User Configuration nodes of the Group Policy editor.
+- Require digits
+- Require lowercase letters
+- Maximum PIN length
+- Minimum PIN length
+- Expiration
+- History
+- Require special characters
+- Require uppercase letters
 
-## Review
+The settings can be found in *Administrative Templates\System\PIN Complexity*, under both the Computer and User Configuration nodes of the Group Policy editor.
+
+## Review to validate the configuration
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
-* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
-* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
-* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
-* Confirm you configured the proper security settings for the Group Policy object   
-    * Removed the allow permission for Apply Group Policy for Domain Users (Domain Users must always have the read permissions)
-    * Add the Windows Hello for Business Users group to the Group Policy object and gave the group the allow permission for Apply Group Policy
-
-* Linked the Group Policy object to the correct locations within Active Directory
-* Deploy any additional Windows Hello for Business Group Policy setting is a policy separate from the one that enables it for users
 
+> [!div class="checklist"]
+> * Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
+> * Confirm you configured the proper security settings for the Group Policy object   
+> * Confirm you removed the allow permission for Apply Group Policy for Domain Users (Domain Users must always have the read permissions)
+> * Confirm you added the Windows Hello for Business Users group to the Group Policy object, and gave the group the allow permission to Apply Group Policy
+> * Linked the Group Policy object to the correct locations within Active Directory
+> * Deployed any additional Windows Hello for Business Group Policy settings
 
 ## Add users to the Windows Hello for Business Users group
 
-Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the Windows Hello for Business Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the Windows Hello for Business Users group.   Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business.
-
-
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
-5. Configure Windows Hello for Business Policy settings (*You are here*)
+Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the Windows Hello for Business Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the *Windows Hello for Business Users* group. Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business.
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index 57080612a2..e53e1d194f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -1,39 +1,32 @@
 ---
-title: Key registration for on-premises deployment of Windows Hello for Business
-description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model.
-ms.date: 08/19/2018
+title: Validate Active Directory prerequisites in an on-premises key trust
+description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a key trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Validate Active Directory prerequisites - Key Trust
+# Validate Active Directory prerequisites - on-premises key trust
 
 [!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
 
-Key trust deployments need an adequate number of 2016 or later domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md), the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section.
+Key trust deployments need an adequate number of domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md) and the [Planning an adequate number of Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section.
 
-> [!NOTE]
->There was an issue with key trust authentication on Windows Server 2019. If you are planning to use Windows Server 2019 domain controllers refer to [KB4487044](https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044) to fix this issue.
+The key registration process for the on-premises deployment of Windows Hello for Business requires the Windows Server 2016 Active Directory or later schema.
 
-The key registration process for the On-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema.  The key-trust model receives the schema extension when the first Windows Server 2016 domain controller is added to the forest.  The minimum required domain functional and forest functional levels for Windows Hello for Business deployment is Windows Server 2008 R2.
+## Create the Windows Hello for Business Users security group
 
-## Create the Windows Hello for Business Users Security Global Group
+The *Windows Hello for Business Users* group is used to make it easy to deploy Windows Hello for Business in phases. You assign Group Policy permissions to this group to simplify the deployment by adding the users to the group. This provides users with the proper permissions to provision Windows Hello for Business.
 
-The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases.  You assign Group Policy permissions to this group to simplify the deployment by simply adding the users to the group.  This provides users with the proper permissions to provision Windows Hello for Business.
+Sign-in to a domain controller or to a management workstation with a *Domain Administrator* equivalent credentials.
 
-Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
+1. Open **Active Directory Users and Computers**
+1. Select **View > Advanced Features**
+1. Expand the domain node from the navigation pane
+1. Right-click the **Users** container. Select **New > Group**
+1. Type *Windows Hello for Business Users* in the **Group Name**
+1. Select **OK**
 
-1. Open **Active Directory Users and Computers**.
-2. Click **View** and click **Advanced Features**.
-3. Expand the domain node from the navigation pane.
-4. Right-click the **Users** container. Click **New**. Click **Group**.
-5. Type **Windows Hello for Business Users** in the **Group Name** text box.
-6. Click **OK**.
-
-
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-1. Validate Active Directory prerequisites (*You are here*)
-2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
+> [!div class="nextstepaction"]
+> [Next: validate and configure PKI >](hello-key-trust-validate-pki.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index 046acb3df3..6088986d1e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -1,28 +1,29 @@
 ---
 title: Validate and Deploy MFA for Windows Hello for Business with key trust
-description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust
-ms.date: 08/19/2018
+description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises key trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Validate and Deploy Multifactor Authentication (MFA)
+
+# Validate and deploy multi-factor authentication - on-premises key trust
 
 [!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
 
-> [!IMPORTANT]
-> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
+Windows Hello for Business requires users perform multi-factor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
 
-Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential.  On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
+- certificates
+- third-party authentication providers for AD FS
+- custom authentication provider for AD FS
+
+> [!IMPORTANT]
+> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
 
 For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
 
 Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
 
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
-
-1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md)
-4. Validate and Deploy Multifactor Authentication Services (MFA) (*You are here*)
-5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
\ No newline at end of file
+> [!div class="nextstepaction"]
+> [Next: configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index c3a9226714..dac396577a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -1,245 +1,248 @@
 ---
-title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business)
-description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model.
-ms.date: 08/19/2018
+title: Configure and validate the Public Key Infrastructure in an on-premises key trust model
+description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a key trust model.
+ms.date: 12/12/2022
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.topic: tutorial
 ---
-# Validate and Configure Public Key Infrastructure - Key Trust
+# Configure and validate the Public Key Infrastructure - on-premises key trust
 
 [!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
 
-Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model.  All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.  
+Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a root of trust for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
 
-## Deploy an enterprise certificate authority
+## Deploy an enterprise certification authority
 
-This guide assumes most enterprises have an existing public key infrastructure.  Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later.
+This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on an enterprise PKI running the Windows Server *Active Directory Certificate Services* role.
 
-### Lab-based public key infrastructure
+### Lab-based PKI
 
-The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment.
+The following instructions may be used to deploy simple public key infrastructure that is suitable **for a lab environment**.
 
-Sign in using **Enterprise Admin** equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed.
+Sign in using *Enterprise Administrator* equivalent credentials on a Windows Server where you want the certification authority (CA) installed.
 
 >[!NOTE]
->Never install a certificate authority on a domain controller in a production environment.
+>Never install a certification authority on a domain controller in a production environment.
 
-1. Open an elevated Windows PowerShell prompt.
-2. Use the following command to install the Active Directory Certificate Services role.   
+1. Open an elevated Windows PowerShell prompt
+1. Use the following command to install the Active Directory Certificate Services role.
     ```PowerShell
     Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
     ```
-
-3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration.   
+3. Use the following command to configure the CA using a basic certification authority configuration
     ```PowerShell
     Install-AdcsCertificationAuthority
-    ```   
-
-## Configure a Production Public Key Infrastructure
-
-If you do have an existing public key infrastructure, please review [Certification Authority Guidance](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831574(v=ws.11)) from Microsoft TechNet to properly design your infrastructure.   Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831348(v=ws.11)) for instructions on how to configure your public key infrastructure using the information from your design session.
-
-### Configure Domain Controller Certificates
-
-Clients need to trust domain controllers and the best way to do this is to ensure each domain controller has a Kerberos Authentication certificate.  Installing a certificate on the domain controller enables the Key Distribution Center (KDC) to prove its identity to other members of the domain.  This provides clients a root of trust external to the domain—namely the enterprise certificate authority.
-
-Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory.  However, certificates based on the Domain Controller and Domain Controller Authentication certificate templates do not include the KDC Authentication object identifier (OID), which was later added to the Kerberos RFC.  Therefore, domain controllers need to request a certificate based on the Kerberos Authentication certificate template.
-
-By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template.  However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs.  To ensure domain controllers request the proper certificate with the best available cryptography, use the Kerberos Authentication certificate template as a baseline to create an updated domain controller certificate template.
-
-Sign in to a certificate authority or management workstations with **Domain Admin** equivalent credentials.
-
-1. Open the **Certificate Authority** management console.
-
-2. Right-click **Certificate Templates** and click **Manage**.
-
-3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
-
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
-
-5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise’s needs.   
-
-    > [!NOTE]
-    > If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
-
-6. On the **Subject Name** tab, select the **Build from this Active Directory information** button if it is not already selected.  Select **None** from the **Subject name format** list.  Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
-
-7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
-
-8. Close the console.
-
-### Superseding the existing Domain Controller certificate
-
-Many domain controllers may have an existing domain controller certificate.  The Active Directory Certificate Services provides a default certificate template from domain controllers—the domain controller certificate template.  Later releases provided a new certificate template—the domain controller authentication certificate template.  These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the KDC Authentication extension.  
-
-The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers and should be the one you deploy to all your domain controllers (2008 or later).   The autoenrollment feature in Windows enables you to effortlessly replace these domain controller certificates.  You can use the following configuration to replace older domain controller certificates with a new certificate using the Kerberos Authentication certificate template. 
-
-Sign in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
-
-1. Open the **Certificate Authority** management console.
-
-2. Right-click **Certificate Templates** and click **Manage**.
-
-3. In the **Certificate Template Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
-
-4. Click the **Superseded Templates** tab. Click **Add**.
-
-5. From the **Add Superseded Template** dialog, select the **Domain Controller** certificate template and click **OK**.  Click **Add**.
-
-6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**.
-
-7. From the **Add Superseded Template dialog**, select the **Kerberos Authentication** certificate template and click **OK**. 
-
-8. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab.
-
-9. Click **OK** and close the **Certificate Templates** console.
-
-The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list.  However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
-
-### Configure an Internal Web Server Certificate template
-
-Windows clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. 
-
-Sign in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
-
-1. Open the **Certificate Authority** management console.
-
-2. Right-click **Certificate Templates** and click **Manage**.
-
-3. In the **Certificate Template Console**, right-click the **Web Server** template in the details pane and click **Duplicate Template**.
-
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
-
-5. On the **General** tab, type **Internal Web Server** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
-
-    > [!NOTE]
-    > If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
-    
-6. On the **Request Handling** tab, select **Allow private key to be exported**.
-
-7. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
-
-8. On the **Security** tab, Click **Add**. Type **Domain Computers** in the **Enter the object names to select** box.  Click **OK**. Select the **Allow** check box next to the **Enroll** permission.
-
-9. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**.
-
-10. Close the console.
-
-### Unpublish Superseded Certificate Templates
-
-The certificate authority only issues certificates based on published certificate templates.  For defense in depth security, it is a good practice to unpublish certificate templates that the certificate authority is not configured to issue.  This includes the pre-published certificate template from the role installation and any superseded certificate templates.
-
-The newly created domain controller authentication certificate template supersedes previous domain controller certificate templates.  Therefore, you need to unpublish these certificate templates from all issuing certificate authorities.
-
-Sign in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials.
-
-1. Open the **Certificate Authority** management console.
-
-2. Expand the parent node from the navigation pane.
-
-3. Click **Certificate Templates** in the navigation pane.
-
-4. Right-click the **Domain Controller** certificate template in the content pane and select **Delete**.  Click **Yes** on the **Disable certificate templates** window.
-
-5. Repeat step 4 for the **Domain Controller Authentication** and **Kerberos Authentication** certificate templates.
-
-### Publish Certificate Templates to the Certificate Authority
-
-The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
-
-Sign in to the certificate authority or management workstations with **Enterprise Admin** equivalent credentials.
-
-1. Open the **Certificate Authority** management console.
-
-2. Expand the parent node from the navigation pane.
-
-3. Click **Certificate Templates** in the navigation pane.
-
-4. Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template** to issue.
-
-5. In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)**, and **Internal Web Server** templates you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
-
-6. If you published the Domain Controller Authentication (Kerberos) certificate template, then you should unpublish the certificate templates you included in the superseded templates list.
-
-    \* To unpublish a certificate template, right-click the certificate template you want to unpublish in the details pane of the Certificate Authority console and select **Delete**. Click **Yes** to confirm the operation.
-
-7. Close the console.
-
-### Configure Domain Controllers for Automatic Certificate Enrollment
-
-Domain controllers automatically request a certificate from the domain controller certificate template.  However, the domain controller is unaware of newer certificate templates or superseded configurations on certificate templates.  To continue automatic enrollment and renewal of domain controller certificates that understand newer certificate template and superseded certificate template configurations, create and configure a Group Policy object for automatic certificate enrollment and link the Group Policy object to the Domain Controllers OU.
+    ```
+
+## Configure a PKI
+
+If you have an existing PKI, review [Certification Authority Guidance](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831574(v=ws.11)) to properly design your infrastructure.  Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831348(v=ws.11)) for instructions on how to configure your PKI using the information from your design session.
+
+Expand the following sections to configure the PKI for Windows Hello for Business.
+
+<br>
+<details>
+<summary><b>Configure domain controller certificates</b></summary>
+
+Clients must trust the domain controllers, and to it each domain controller must have a *Kerberos Authentication* certificate. Installing a certificate on the domain controllers enables the Key Distribution Center (KDC) to prove its identity to other members of the domain. The certificates provide clients a root of trust external to the domain, namely the *enterprise certification authority*.
+
+Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise CA is added to Active Directory. However, certificates based on the Domain Controller and Domain Controller Authentication certificate templates don't include the *KDC Authentication* object identifier (OID), which was later added to the Kerberos RFC. Therefore, domain controllers need to request a certificate based on the *Kerberos Authentication* certificate template.
+
+By default, the Active Directory CA provides and publishes the *Kerberos Authentication* certificate template. The cryptography configuration included in the template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the *Kerberos Authentication* certificate template as a *baseline* to create an updated domain controller certificate template.
+
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates > Manage**
+1. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and select **Duplicate Template**
+1. On the **Compatibility** tab:
+   - Clear the **Show resulting changes** check box
+   - Select **Windows Server 2016** from the **Certification Authority** list
+   - Select **Windows 10 / Windows Server 2016** from the **Certificate Recipient** list
+1. On the **General** tab
+   - Type *Domain Controller Authentication (Kerberos)* in Template display name
+   - Adjust the validity and renewal period to meet your enterprise's needs
+   > [!NOTE]
+   > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+1. On the **Subject Name** tab:
+   - Select the **Build from this Active Directory information** button if it isn't already selected
+   - Select **None** from the **Subject name format** list
+   - Select **DNS name** from the **Include this information in alternate subject** list
+   - Clear all other items
+1. On the **Cryptography** tab:
+   - select **Key Storage Provider** from the **Provider Category** list
+   - Select **RSA** from the **Algorithm name** list
+   - Type *2048* in the **Minimum key size** text box
+   - Select **SHA256** from the **Request hash** list
+1. Select **OK**
+1. Close the console
+
+</details>
+
+
+<br>
+<details>
+<summary><b>Supersede existing domain controller certificates</b></summary>
+
+The domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers called *domain controller certificate*. Later releases of Windows Server provided a new certificate template called *domain controller authentication certificate*. These certificate templates were provided prior to the update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the *KDC Authentication* extension. 
+
+The *Kerberos Authentication* certificate template is the most current certificate template designated for domain controllers, and should be the one you deploy to all your domain controllers.\
+The *autoenrollment* feature allows you to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
+
+Sign in to a CA or management workstations with *Enterprise Administrator* equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates > Manage**
+1. In the **Certificate Template Console**, right-click the *Domain Controller Authentication (Kerberos)* (or the name of the certificate template you created in the previous section) template in the details pane and select **Properties**
+1. Select the **Superseded Templates** tab. Select **Add**
+1. From the **Add Superseded Template** dialog, select the *Domain Controller* certificate template and select **OK > Add**
+1. From the **Add Superseded Template** dialog, select the *Domain Controller Authentication* certificate template and select **OK**
+1. From the **Add Superseded Template** dialog, select the *Kerberos Authentication* certificate template and select **OK**
+1. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab
+1. Select **OK** and close the **Certificate Templates** console
+
+The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates isn't active until the certificate template is published to one or more certificate authorities.
+
+</details>
+
+<br>
+<details>
+<summary><b>Configure an internal web server certificate template</b></summary>
+
+Windows clients use the https protocol when communicating with Active Directory Federation Services (AD FS). To meet this need, you must issue a server authentication certificate to all the nodes in the AD FS farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running theAD FS can request the certificate.
+
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Right-click **Certificate Templates** and select **Manage**
+1. In the **Certificate Template Console**, right-click the **Web Server** template in the details pane and select **Duplicate Template**
+1. On the **Compatibility** tab:
+   - Clear the **Show resulting changes** check box
+   - Select **Windows Server 2016** from the **Certification Authority** list
+   - Select **Windows 10 / Windows Server 2016** from the **Certificate Recipient** list
+1. On the **General** tab:
+   - Type *Internal Web Server* in **Template display name**
+   - Adjust the validity and renewal period to meet your enterprise's needs
+   > [!NOTE]
+   > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+1. On the **Request Handling** tab, select **Allow private key to be exported**
+1. On the **Subject** tab, select the **Supply in the request** button if it isn't already selected
+1. On the **Security** tab:
+   - Select **Add**
+   - Type **Domain Computers** in the **Enter the object names to select** box
+   - Select **OK**
+   - Select the **Allow** check box next to the **Enroll** permission
+1. On the **Cryptography** tab:
+   - Select **Key Storage Provider** from the **Provider Category** list
+   - Select **RSA** from the **Algorithm name** list
+   - Type *2048* in the **Minimum key size** text box
+   - Select **SHA256** from the **Request hash** list
+   - Select **OK**
+1. Close the console
+
+</details>
+
+<br>
+<details>
+<summary><b>Unpublish Superseded Certificate Templates</b></summary>
+
+The certification authority only issues certificates based on published certificate templates. For security, it's a good practice to unpublish certificate templates that the CA isn't configured to issue. This includes the pre-published certificate template from the role installation and any superseded certificate templates.
+
+The newly created *domain controller authentication* certificate template supersedes previous domain controller certificate templates. Therefore, you need to unpublish these certificate templates from all issuing certificate authorities.
+
+Sign in to the CA or management workstation with *Enterprise Administrator* equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Expand the parent node from the navigation pane > **Certificate Templates**
+1. Right-click the *Domain Controller* certificate template and select **Delete**. Select **Yes** on the **Disable certificate templates** window
+1. Repeat step 3 for the *Domain Controller Authentication* and *Kerberos Authentication* certificate templates
+
+</details>
+
+<br>
+<details>
+<summary><b>Publish certificate templates to the CA</b></summary>
+
+A certification authority can only issue certificates for certificate templates that are published to it. If you have more than one CA, and you want more CAs to issue certificates based on the certificate template, then you must publish the certificate template to them.
+
+Sign in to the CA or management workstations with **Enterprise Admin** equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Expand the parent node from the navigation pane
+1. Select **Certificate Templates** in the navigation pane
+1. Right-click the **Certificate Templates** node. Select **New > Certificate Template** to issue
+1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)*, and *Internal Web Server* templates you created in the previous steps. Select **OK** to publish the selected certificate templates to the certification authority
+1. If you published the *Domain Controller Authentication (Kerberos)* certificate template, then unpublish the certificate templates you included in the superseded templates list
+   - To unpublish a certificate template, right-click the certificate template you want to unpublish and select **Delete**. Select **Yes** to confirm the operation
+1. Close the console
+
+</details>
+
+### Configure automatic certificate enrollment for the domain controllers
+
+Domain controllers automatically request a certificate from the *Domain controller certificate* template. However, domain controllers are unaware of newer certificate templates or superseded configurations on certificate templates. To continue automatic enrollment and renewal of domain controller certificates, create and configure a Group Policy Object (GPO) for automatic certificate enrollment, linking the Group Policy object to the *Domain Controllers* Organizational Unit (OU).
+
+1. Open the **Group Policy Management Console** (gpmc.msc)
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane
+1. Right-click **Group Policy object** and select **New**
+1. Type *Domain Controller Auto Certificate Enrollment* in the name box and select **OK**
+1. Right-click the **Domain Controller Auto Certificate Enrollment** Group Policy object and select **Edit**
+1. In the navigation pane, expand **Policies** under **Computer Configuration**
+1. Expand **Windows Settings > Security Settings > Public Key Policies**
+1. In the details pane, right-click **Certificate Services Client - Auto-Enrollment** and select **Properties**
+1. Select **Enabled** from the **Configuration Model** list
+1. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box
+1. Select the **Update certificates that use certificate templates** check box
+1. Select **OK**
+1. Close the **Group Policy Management Editor**
+
+### Deploy the domain controller auto certificate enrollment GPO
+
+Sign in to domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
+1. In the navigation pane, expand the domain and expand the node with the Active Directory domain name. Right-click the **Domain Controllers** organizational unit and select **Link an existing GPO…**
+1. In the **Select GPO** dialog box, select *Domain Controller Auto Certificate Enrollment* or the name of the domain controller certificate enrollment Group Policy object you previously created
+1. Select **OK**
 
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+## Validate the configuration
 
-3. Right-click **Group Policy object** and select **New**
+Windows Hello for Business is a distributed system, which on the surface appears complex and difficult. The key to a successful Windows Hello for Business deployment is to validate phases of work prior to moving to the next phase.
 
-4. Type *Domain Controller Auto Certificate Enrollment* in the name box and click **OK**.
+You want to confirm your domain controllers enroll the correct certificates and not any unnecessary (superseded) certificate templates. You need to check each domain controller that autoenrollment for the computer occurred.
 
-5. Right-click the **Domain Controller Auto Certificate Enrollment** Group Policy object and click **Edit**.
+### Use the event logs
 
-6. In the navigation pane, expand **Policies** under **Computer Configuration**.
+Sign in to domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
-7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**.
+1. Using the Event Viewer, navigate to the **Application and Services > Microsoft > Windows > CertificateServices-Lifecycles-System** event log
+1. Look for an event indicating a new certificate enrollment (autoenrollment):
+   - The details of the event include the certificate template on which the certificate was issued
+   - The name of the certificate template used to issue the certificate should match the certificate template name included in the event
+   - The certificate thumbprint and EKUs for the certificate are also included in the event
+   - The EKU needed for proper Windows Hello for Business authentication is Kerberos Authentication, in addition to other EKUs provide by the certificate template
 
-8. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**.
+Certificates superseded by your new domain controller certificate generate an archive event in the event log. The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate.
 
-9. Select **Enabled** from the **Configuration Model** list.
+### Certificate Manager
 
-10. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box.
+You can use the Certificate Manager console to validate the domain controller has the properly enrolled certificate based on the correct certificate template with the proper EKUs. Use **certlm.msc** to view certificate in the local computers certificate stores. Expand the **Personal** store and view the certificates enrolled for the computer. Archived certificates don't appear in Certificate Manager.
 
-11. Select the **Update certificates that use certificate templates** check box.
+### Certutil.exe
 
-12. Click **OK**. Close the **Group Policy Management Editor**.
+You can use `certutil.exe` command to view enrolled certificates in the local computer. Certutil shows enrolled and archived certificates for the local computer. From an elevated command prompt, run `certutil.exe -q -store my` to view locally enrolled certificates.
 
-### Deploy the Domain Controller Auto Certificate Enrollment Group Policy Object
+To view detailed information about each certificate in the store, use `certutil.exe -q -v -store my` to validate automatic certificate enrollment enrolled the proper certificates.
 
-Sign in to domain controller or management workstations with _Domain Admin_ equivalent credentials.
+### Troubleshooting
 
-1. Start the **Group Policy Management Console** (gpmc.msc).
+Windows triggers automatic certificate enrollment for the computer during boot, and when Group Policy updates. You can refresh Group Policy from an elevated command prompt using `gpupdate.exe /force`.
 
-2. In the navigation pane, expand the domain and expand the node that has your Active Directory domain name.  Right-click the **Domain Controllers** organizational unit and click **Link an existing GPO…**.
+Alternatively, you can forcefully trigger automatic certificate enrollment using `certreq.exe -autoenroll -q` from an elevated command prompt.
 
-3. In the **Select GPO** dialog box, select **Domain Controller Auto Certificate Enrollment** or the name of the domain controller certificate enrollment Group Policy object you previously created and click **OK**.
+Use the event logs to monitor certificate enrollment and archive. Review the configuration, such as publishing certificate templates to issuing certification authority and the allow auto enrollment permissions.
 
-### Validating your work
-
-Windows Hello for Business is a distributed system, which on the surface appears complex and difficult.  The key to a successful Windows Hello for Business deployment is to validate phases of work prior to moving to the next phase.
-
-You want to confirm your domain controllers enroll the correct certificates and not any unnecessary (superseded) certificate templates.  You need to check each domain controller that autoenrollment for the computer occurred.
-
-#### Use the Event Logs
-
-Windows Server 2012 and later include Certificate Lifecycle events to determine the lifecycles of certificates for both users and computers.  Using the Event Viewer, navigate to the CertificateServices-Lifecycles-System event log under Application and Services/Microsoft/Windows.
-
-Look for an event indicating a new certificate enrollment (autoenrollment).  The details of the event include the certificate template on which the certificate was issued.  The name of the certificate template used to issue the certificate should match the certificate template name included in the event.  The certificate thumbprint and EKUs for the certificate are also included in the event.  The EKU needed for proper Windows Hello for Business authentication is Kerberos Authentication, in addition to other EKUs provide by the certificate template. 
-
-Certificates superseded by your new domain controller certificate generate an archive event in the CertificateServices-Lifecycles-System event.  The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate.
-
-#### Certificate Manager
-
-You can use the Certificate Manager console to validate the domain controller has the properly enrolled certificate based on the correct certificate template with the proper EKUs.  Use **certlm.msc** to view certificate in the local computers certificate stores.  Expand the **Personal** store and view the certificates enrolled for the computer.  Archived certificates do not appear in Certificate Manager.
-
-#### Certutil.exe
-
-You can use **certutil.exe** to view enrolled certificates in the local computer. Certutil shows enrolled and archived certificates for the local computer.  From an elevated command prompt, run `certutil -q -store my` to view locally enrolled certificates.
-
-To view detailed information about each certificate in the store, use `certutil -q -v -store my` to validate automatic certificate enrollment enrolled the proper certificates.
-
-#### Troubleshooting
-
-Windows triggers automatic certificate enrollment for the computer during boot, and when Group Policy updates.  You can refresh Group Policy from an elevated command prompt using `gpupdate /force`.
-
-Alternatively, you can forcefully trigger automatic certificate enrollment using `certreq -autoenroll -q` from an elevated command prompt.
-
-Use the event logs to monitor certificate enrollment and archive.  Review the configuration, such as publishing certificate templates to issuing certificate authority and the allow auto enrollment permissions.
-
-## Follow the Windows Hello for Business on premises key trust deployment guide
-
-1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
-2. Validate and Configure Public Key Infrastructure (*You are here*)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md)
-4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
+> [!div class="nextstepaction"]
+> [Next: prepare and deploy AD FS >](hello-key-trust-adfs.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index 2d83fca7b3..a548960eab 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -2,7 +2,6 @@
 title: Manage Windows Hello in your organization (Windows)
 description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10.
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.date: 2/15/2022
 appliesto: 
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 87ec948d71..48c16385f3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -2,11 +2,11 @@
 title: Windows Hello for Business Overview (Windows)
 description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11.
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: conceptual
 appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+  - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+ms.date: 12/31/2017
 ---
 # Windows Hello for Business Overview
 
@@ -45,9 +45,9 @@ Windows stores biometric data that is used to implement Windows Hello securely o
 
 ## The difference between Windows Hello and Windows Hello for Business
 
-- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it's set up, but can use a password hash depending on an individual's account type. This configuration is referred to as Windows Hello convenience PIN and it's not backed by asymmetric (public/private key) or certificate-based authentication.
+- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it's set up, but can use a password hash depending on an individual's account type. This configuration is referred to as *Windows Hello convenience PIN* and it's not backed by asymmetric (public/private key) or certificate-based authentication.
 
-- **Windows Hello for Business**, which is configured by group policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This behavior makes it more secure than **Windows Hello convenience PIN**.
+- *Windows Hello for Business*, which is configured by group policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This behavior makes it more secure than *Windows Hello convenience PIN*.
 
 ## Benefits of Windows Hello
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index f2ba4fd368..89fe8f84ce 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -2,7 +2,6 @@
 title: Why a PIN is better than an online password (Windows)
 description: Windows Hello enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password.
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.date: 10/23/2017
 appliesto: 
diff --git a/windows/security/identity-protection/hello-for-business/images/adfs-device-registration.png b/windows/security/identity-protection/hello-for-business/images/adfs-device-registration.png
new file mode 100644
index 0000000000..cf0b7aeff4
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/adfs-device-registration.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/adfs-scp.png b/windows/security/identity-protection/hello-for-business/images/adfs-scp.png
new file mode 100644
index 0000000000..5a806fadf0
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/adfs-scp.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-adfs-configure-2012r2.png b/windows/security/identity-protection/hello-for-business/images/hello-adfs-configure-2012r2.png
deleted file mode 100644
index 374d8f1297..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-adfs-configure-2012r2.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-internal-web-server-cert.png b/windows/security/identity-protection/hello-for-business/images/hello-internal-web-server-cert.png
index cc78ba41cf..5db53fa03c 100644
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-internal-web-server-cert.png and b/windows/security/identity-protection/hello-for-business/images/hello-internal-web-server-cert.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-nlb-add-ip.png b/windows/security/identity-protection/hello-for-business/images/hello-nlb-add-ip.png
deleted file mode 100644
index 49b06a8cc2..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-nlb-add-ip.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster-ip-config.png b/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster-ip-config.png
deleted file mode 100644
index e74cc5f586..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster-ip-config.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster-port-rule.png b/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster-port-rule.png
deleted file mode 100644
index c8d406f45f..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster-port-rule.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster.png b/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster.png
deleted file mode 100644
index 3c4e29b213..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-nlb-cluster.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-nlb-connect.png b/windows/security/identity-protection/hello-for-business/images/hello-nlb-connect.png
deleted file mode 100644
index c5aac0791e..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-nlb-connect.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-nlb-feature-install.png b/windows/security/identity-protection/hello-for-business/images/hello-nlb-feature-install.png
deleted file mode 100644
index 3ab085a804..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-nlb-feature-install.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/hello-nlb-manager.png b/windows/security/identity-protection/hello-for-business/images/hello-nlb-manager.png
deleted file mode 100644
index 61af244a4c..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/hello-nlb-manager.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml
index 0f14b0a619..0c6b760604 100644
--- a/windows/security/identity-protection/hello-for-business/index.yml
+++ b/windows/security/identity-protection/hello-for-business/index.yml
@@ -15,7 +15,6 @@ metadata:
   ms.reviewer: prsriva
   ms.date: 01/22/2021
   ms.collection:
-    - M365-identity-device-management
     - highpri
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
deleted file mode 100644
index 6d5ad8dea5..0000000000
--- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: Microsoft-compatible security key
-description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key.
-ms.date: 11/14/2018
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
----
-# What is a Microsoft-compatible security key?
-
-> [!Warning]
-> Some information relates to pre-released product that may change before it is commercially released.  Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-
-Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. See [FIDO2 security keys features and providers](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys).
-
-The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience. 
-
-A security key **MUST** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft-compatible:
-
-| #</br> | Feature / Extension trust</br> | Why is this required? </br> |
-| --- | --- | --- | 
-| 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key |
-| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have a user interface|
-| 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode |
-| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD) |
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index a18a0b3aeb..4b2daf06b4 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -341,4 +341,4 @@ In this configuration, passwords for SCRIL-configured users expire based on Acti
 
 ## The road ahead
 
-The information presented here is just the beginning. We'll update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in a password-less future, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback).
+The information presented here is just the beginning. We'll update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in a password-less future, we would love to hear from you. Your feedback is important. Send us an email at [pwdlessQA@microsoft.com](mailto:pwdlessQA@microsoft.com?subject=Passwordless%20Feedback).
diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md
deleted file mode 100644
index 366a317f73..0000000000
--- a/windows/security/identity-protection/hello-for-business/reset-security-key.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Reset-security-key
-description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key
-ms.date: 11/14/2018
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-ms.topic: article
----
-# How to reset a Microsoft-compatible security key? 
-> [!Warning]
-> Some information relates to pre-released product that may change before it is commercially released.  Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
->[!IMPORTANT]
->This operation will wipe everything from your security key and reset it to factory defaults.</br> **All data and credentials will be cleared.** 
-
-
-A [Microsoft-compatible security key](./microsoft-compatible-security-key.md) can be reset via Settings app (Settings > Accounts > Sign-in options > Security key).
-</br>
-Follow the instructions in the Settings app and look for specific instructions based on your security key manufacturer below:
-
-
-|Security key manufacturer</br> | Reset instructions </br> |
-| --- | --- | 
-|Yubico | **USB:** Remove and reinsert the security key. When the LED on the security key begins flashing, touch the metal contact  <br> **NFC:** Tap the security key on the reader <br>|
-|Feitian | Touch the blinking fingerprint sensor twice to reset the key|
-|HID | Tap the card on the reader twice to reset it |
-
->[!NOTE]
->The steps to reset your security key may vary based on the security key manufacturer.</br>
->If your security key is not listed here, please reach out to your security key manufacturer for reset instructions.
diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
index 5aa1fcad6a..1987c05d33 100644
--- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
@@ -3,8 +3,7 @@ title: How Windows Hello for Business works (Windows)
 description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business.
 ms.date: 10/16/2017
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
 ms.topic: article
 ---
 # How Windows Hello for Business works in Windows devices
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index 502a196109..fb4c92826f 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -99,7 +99,7 @@
         href: hello-deployment-key-trust.md
       - name: Validate Active Directory prerequisites
         href: hello-key-trust-validate-ad-prereq.md
-      - name: Validate and configure Public Key Infrastructure (PKI)
+      - name: Configure and validate Public Key Infrastructure (PKI)
         href: hello-key-trust-validate-pki.md
       - name: Prepare and deploy Active Directory Federation Services (AD FS)
         href: hello-key-trust-adfs.md
@@ -113,7 +113,7 @@
         href: hello-deployment-cert-trust.md
       - name: Validate Active Directory prerequisites
         href: hello-cert-trust-validate-ad-prereq.md
-      - name: Validate and configure Public Key Infrastructure (PKI)
+      - name: Configure and validate Public Key Infrastructure (PKI)
         href: hello-cert-trust-validate-pki.md
       - name: Prepare and Deploy Active Directory Federation Services (AD FS)
         href: hello-cert-trust-adfs.md
diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
index 534fddf6ee..42e5d338b1 100644
--- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md
+++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
@@ -16,7 +16,7 @@ Starting in **Windows 11, version 22H2**, WebAuthn APIs support ECC algorithms.
 
 ## What does this mean?
 
-By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.yml) or [FIDO2 Security Keys](./microsoft-compatible-security-key.md) to implement passwordless multi-factor authentication for their applications on Windows devices.
+By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.yml) or [FIDO2 Security Keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to implement passwordless multi-factor authentication for their applications on Windows devices.
 
 Users of these apps or sites can use any browser that supports WebAuthn APIs for passwordless authentication. Users will have a familiar and consistent experience on Windows, no matter which browser they use.
 
diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index efab24f84a..c42735cfe2 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 02/05/2018
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 943feee191..e094da893b 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
 ms.localizationpriority: medium
diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
index 94d820ba53..7c25e23d15 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
index 8fdd044d15..0b300b959d 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
index 664a098b48..ad23803395 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 08/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
index eafc1a53ec..dfcc5f5c94 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 041be309ae..3c1b301625 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -7,7 +7,6 @@ ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
 ms.localizationpriority: medium
diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md
index 82b2141687..ed07b57089 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index 9ba33317ac..a14fa3345b 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/02/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index 75800f2ed8..b0989b839d 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -6,8 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
index 1dde909358..1df09c74c0 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
index 60ec54e817..187d0bc8a9 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
index fe25ba9e7c..c543380fcd 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
index 073e9fb3e9..9ba3ee5da6 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -6,7 +6,6 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: ardenw
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/24/2021
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 9736d287a0..a968914652 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -1,24 +1,14 @@
 ---
 title: How User Account Control works (Windows)
 description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/23/2021
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # How User Account Control works
@@ -27,7 +17,7 @@ User Account Control (UAC) is a fundamental component of Microsoft's overall sec
 
 ## UAC process and interactions
 
-Each app that requires the administrator access token must prompt for consent. The one exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process. Both the parent and child processes, however, must have the same integrity level. Windows protects processes by marking their integrity levels. Integrity levels are measurements of trust. A "high" integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a "low" integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. Apps with lower integrity levels cannot modify data in applications with higher integrity levels. When a standard user attempts to run an app that requires an administrator access token, UAC requires that the user provide valid administrator credentials.
+Each app that requires the administrator access token must prompt for consent. The one exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process. Both the parent and child processes, however, must have the same integrity level. Windows protects processes by marking their integrity levels. Integrity levels are measurements of trust. A "high" integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a "low" integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. Apps with lower integrity levels cannot modify data in applications with higher integrity levels. When a standard user attempts to run an app that requires an administrator access token, UAC requires that the user provide valid administrator credentials.
 
 To better understand how this process happens, let's look at the Windows logon process.
 
@@ -41,17 +31,17 @@ By default, standard users and administrators access resources and run apps in t
 
 When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed. The standard user access token is used to start apps that do not perform administrative tasks (standard user apps). The standard user access token is then used to display the desktop (explorer.exe). Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all apps run as a standard user unless a user provides consent or credentials to approve an app to use a full administrative access token.
 
-A user that is a member of the Administrators group can log on, browse the Web, and read e-mail while using a standard user access token. When the administrator needs to perform a task that requires the administrator access token, Windows 10 or Windows 11 automatically prompts the user for approval. This prompt is called an elevation prompt, and its behavior can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
+A user that is a member of the Administrators group can log on, browse the Web, and read e-mail while using a standard user access token. When the administrator needs to perform a task that requires the administrator access token, Windows automatically prompts the user for approval. This prompt is called an elevation prompt, and its behavior can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
 
 ### The UAC User Experience
 
-When UAC is enabled, the user experience for standard users is different from that of administrators in Admin Approval Mode. The recommended and more secure method of running Windows 10 or Windows 11 is to make your primary user account a standard user account. Running as a standard user helps to maximize security for a managed environment. With the built-in UAC elevation component, standard users can easily perform an administrative task by entering valid credentials for a local administrator account. The default, built-in UAC elevation component for standard users is the credential prompt.
+When UAC is enabled, the user experience for standard users is different from that of administrators in Admin Approval Mode. The recommended and more secure method of running Windows, is to make your primary user account a standard user account. Running as a standard user helps to maximize security for a managed environment. With the built-in UAC elevation component, standard users can easily perform an administrative task by entering valid credentials for a local administrator account. The default, built-in UAC elevation component for standard users is the credential prompt.
 
 The alternative to running as a standard user is to run as an administrator in Admin Approval Mode. With the built-in UAC elevation component, members of the local Administrators group can easily perform an administrative task by providing approval. The default, built-in UAC elevation component for an administrator account in Admin Approval Mode is called the consent prompt.
 
 **The consent and credential prompts**
 
-With UAC enabled, Windows 10 or Windows 11 prompts for consent or prompts for credentials of a valid local administrator account before starting a program or task that requires a full administrator access token. This prompt ensures that no malicious software can be silently installed.
+With UAC enabled, Windows prompts for consent or prompts for credentials of a valid local administrator account before starting a program or task that requires a full administrator access token. This prompt ensures that no malicious software can be silently installed.
 
 **The consent prompt**
 
@@ -69,18 +59,18 @@ The following is an example of the UAC credential prompt.
 
 **UAC elevation prompts**
 
-The UAC elevation prompts are color-coded to be app-specific, enabling for immediate identification of an application's potential security risk. When an app attempts to run with an administrator's full access token, Windows 10 or Windows 11 first analyzes the executable file to determine its publisher. Apps are first separated into three categories based on the file's publisher: Windows 10 or Windows 11, publisher verified (signed), and publisher not verified (unsigned). The following diagram illustrates how Windows determines which color elevation prompt to present to the user.
+The UAC elevation prompts are color-coded to be app-specific, enabling for immediate identification of an application's potential security risk. When an app attempts to run with an administrator's full access token, Windows first analyzes the executable file to determine its publisher. Apps are first separated into three categories based on the file's publisher: Windows 10 or Windows 11, publisher verified (signed), and publisher not verified (unsigned). The following diagram illustrates how Windows determines which color elevation prompt to present to the user.
 
 The elevation prompt color-coding is as follows:
 
--   Red background with a red shield icon: The app is blocked by Group Policy or is from a publisher that is blocked.
--   Blue background with a blue and gold shield icon: The application is a Windows 10 and Windows 11 administrative app, such as a Control Panel item.
--   Blue background with a blue shield icon: The application is signed by using Authenticode and is trusted by the local computer.
--   Yellow background with a yellow shield icon: The application is unsigned or signed but is not yet trusted by the local computer.
+- Red background with a red shield icon: The app is blocked by Group Policy or is from a publisher that is blocked.
+- Blue background with a blue and gold shield icon: The application is a Windows 10 and Windows 11 administrative app, such as a Control Panel item.
+- Blue background with a blue shield icon: The application is signed by using Authenticode and is trusted by the local computer.
+- Yellow background with a yellow shield icon: The application is unsigned or signed but is not yet trusted by the local computer.
 
 **Shield icon**
 
-Some Control Panel items, such as **Date and Time Properties**, contain a combination of administrator and standard user operations. Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. The following is a screen shot of the **Date and Time Properties** Control Panel item.
+Some Control Panel items, such as **Date and Time Properties**, contain a combination of administrator and standard user operations. Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. The following is a screenshot of the **Date and Time Properties** Control Panel item.
 
 :::image type="content" source="images/uacshieldicon.png" alt-text="UAC Shield Icon in Date and Time Properties":::
 
@@ -88,7 +78,7 @@ The shield icon on the **Change date and time** button indicates that the proces
 
 **Securing the elevation prompt**
 
-The elevation process is further secured by directing the prompt to the secure desktop. The consent and credential prompts are displayed on the secure desktop by default in Windows 10 and Windows 11. Only Windows processes can access the secure desktop. For higher levels of security, we recommend keeping the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting enabled.
+The elevation process is further secured by directing the prompt to the secure desktop. The consent and credential prompts are displayed on the secure desktop by default in Windows 10 and Windows 11. Only Windows processes can access the secure desktop. For higher levels of security, we recommend keeping the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting enabled.
 
 When an executable file requests elevation, the interactive desktop, also called the user desktop, is switched to the secure desktop. The secure desktop dims the user desktop and displays an elevation prompt that must be responded to before continuing. When the user clicks **Yes** or **No**, the desktop switches back to the user desktop.
 
@@ -134,9 +124,9 @@ To better understand each component, review the table below:
  
 The slider will never turn UAC completely off. If you set it to **Never notify**, it will:
 
--   Keep the UAC service running.
--   Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
--   Automatically deny all elevation requests for standard users.
+- Keep the UAC service running.
+- Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
+- Automatically deny all elevation requests for standard users.
 
 > [!IMPORTANT]
 > In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
@@ -148,17 +138,17 @@ The slider will never turn UAC completely off. If you set it to **Never notify**
 
 Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, you do not need to replace the majority of apps when UAC is turned on.
 
-Windows 10 and Windows 11 include file and registry virtualization technology for apps that are not UAC-compliant and that require an administrator's access token to run correctly. When an administrative apps that is not UAC-compliant attempts to write to a protected folder, such as Program Files, UAC gives the app its own virtualized view of the resource it is attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the non-compliant app.
+Windows 10 and Windows 11 include file and registry virtualization technology for apps that are not UAC-compliant and that require an administrator's access token to run correctly. When an administrative app that is not UAC-compliant attempts to write to a protected folder, such as Program Files, UAC gives the app its own virtualized view of the resource it is attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the non-compliant app.
 
 Most app tasks operate properly by using virtualization features. Although virtualization allows a majority of applications to run, it is a short-term fix and not a long-term solution. App developers should modify their apps to be compliant as soon as possible, rather than relying on file, folder, and registry virtualization.
 
 Virtualization is not an option in the following scenarios:
 
--   Virtualization does not apply to apps that are elevated and run with a full administrative access token.
+- Virtualization does not apply to apps that are elevated and run with a full administrative access token.
 
--   Virtualization supports only 32-bit apps. Non-elevated 64-bit apps simply receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit apps are required to be compatible with UAC and to write data into the correct locations.
+- Virtualization supports only 32-bit apps. Non-elevated 64-bit apps simply receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit apps are required to be compatible with UAC and to write data into the correct locations.
 
--   Virtualization is disabled if the app includes an app manifest with a requested execution level attribute.
+- Virtualization is disabled if the app includes an app manifest with a requested execution level attribute.
 
 ### Request execution levels
 
@@ -168,22 +158,22 @@ All UAC-compliant apps should have a requested execution level added to the appl
 
 ### Installer detection technology
 
-Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users do not have sufficient access to install programs. Windows 10 and Windows 11 heuristically detect installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows 10 and Windows 11 also heuristically detect updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
+Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users do not have sufficient access to install programs. Windows 10 and Windows 11 heuristically detect installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows 10 and Windows 11 also heuristically detect updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
 
 Installer detection only applies to:
 
--   32-bit executable files.
--   Applications without a requested execution level attribute.
--   Interactive processes running as a standard user with UAC enabled.
+- 32-bit executable files.
+- Applications without a requested execution level attribute.
+- Interactive processes running as a standard user with UAC enabled.
 
 Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:
 
--   The file name includes keywords such as "install," "setup," or "update."
--   Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
--   Keywords in the side-by-side manifest are embedded in the executable file.
--   Keywords in specific StringTable entries are linked in the executable file.
--   Key attributes in the resource script data are linked in the executable file.
--   There are targeted sequences of bytes within the executable file.
+- The file name includes keywords such as "install," "setup," or "update."
+- Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
+- Keywords in the side-by-side manifest are embedded in the executable file.
+- Keywords in specific StringTable entries are linked in the executable file.
+- Key attributes in the resource script data are linked in the executable file.
+- There are targeted sequences of bytes within the executable file.
 
 > [!NOTE]
 > The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index aeae137539..f3c8c14d4e 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -1,24 +1,13 @@
 ---
 title: User Account Control Group Policy and registry key settings (Windows)
 description: Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
-ms.localizationpriority: medium
 ms.date: 04/19/2017
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # User Account Control Group Policy and registry key settings
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index 1e1fb5f9a7..35851d61af 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -1,24 +1,13 @@
 ---
 title: User Account Control (Windows)
 description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
 ms.date: 09/24/2011
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # User Account Control
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index 2b860883d7..28f209a22e 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -1,23 +1,11 @@
 ---
 title: User Account Control security policy settings (Windows)
 description: You can use security policies to configure how User Account Control works in your organization.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
 ms.topic: article
-ms.localizationpriority: medium
 ms.date: 09/24/2021
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # User Account Control security policy settings
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index 7154750f0b..a29f378683 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index 8aff0f477f..c2913cb244 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index 3dbfc81372..d29782a291 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index 361c943258..22c293e635 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 10/13/2017
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index c4bbcf77bd..521d0afec7 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index 7145692213..0475663ff5 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index c8e7f675e5..beb70ccddd 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 10/13/2017
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 5ca81d5c91..188fe97442 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: how-to
 ---
 
 # How to configure Diffie Hellman protocol over IKEv2 VPN connections
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index 4b167fab27..e44a13a1a8 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -1,9 +1,9 @@
 ---
-title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11)
+title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
 description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections.
 ms.prod: windows-client
 author: paolomatarazzo
-ms.date: 03/22/2022
+ms.date: 12/28/2022
 manager: aaroncz
 ms.author: paoloma
 ms.reviewer: pesmith
@@ -11,53 +11,56 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: how-to
 ---
 
 # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
 
 This article explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. The following scenarios are typically used:
 
-- Connecting to a network using Wi-Fi or VPN.
-- Use credentials for WiFi or VPN authentication to also authenticate requests to access a domain resource without being prompted for your domain credentials.
+- Connecting to a network using Wi-Fi or VPN
+- Use credentials for Wi-Fi or VPN authentication to also authenticate requests to access domain resources, without being prompted for domain credentials
 
 For example, you want to connect to a corporate network and access an internal website that requires Windows integrated authentication.
 
-The credentials that are used for the connection authentication are placed in Credential Manager as the default credentials for the logon session. Credential Manager stores credentials that can be used for specific domain resources. These are based on the target name of the resource:
-- For VPN, the VPN stack saves its credential as the session default.
-- For WiFi, Extensible Authentication Protocol (EAP) provides support.
+The credentials that are used for the connection authentication are placed in *Credential Manager* as the default credentials for the **logon session**. Credential Manager stores credentials that can be used for specific domain resources. These are based on the target name of the resource:
 
-The credentials are placed in Credential Manager as a "\*Session" credential.
-A "\*Session" credential implies that it is valid for the current user session.
-The credentials are also cleaned up when the WiFi or VPN connection is disconnected.
+- For VPN, the VPN stack saves its credential as the **session default**
+- For WiFi, Extensible Authentication Protocol (EAP) provides support
+
+The credentials are placed in Credential Manager as a *session credential*:
+
+- A *session credential* implies that it is valid for the current user session
+- The credentials are cleaned up when the WiFi or VPN connection is disconnected
 
 > [!NOTE]
-> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager.
+> In Windows 10, version 21H2 and later, the *session credential* is not visible in Credential Manager.
 
-For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it.
+For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from Credential Manager to the SSP that is requesting it.
 For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).
 
 The local security authority will look at the device application to determine if it has the right capability. This includes items such as a Universal Windows Platform (UWP) application.
 If the app isn't a UWP, it doesn't matter.
-But if the application is a UWP app, it will evaluate at the device capability for Enterprise Authentication.
+But, if the application is a UWP app, it will evaluate at the device capability for Enterprise Authentication.
 If it does have that capability and if the resource that you're trying to access is in the Intranet zone in the Internet Options (ZoneMap), then the credential will be released.
 This behavior helps prevent credentials from being misused by untrusted third parties.
 
 ## Intranet zone
 
-For the Intranet zone, by default it only allows single-label names, such as Http://finance.
+For the Intranet zone, by default it only allows single-label names, such as *http://finance*.
 If the resource that needs to be accessed has multiple domain labels, then the workaround is to use the [Registry CSP](/windows/client-management/mdm/registry-csp).
 
 ### Setting the ZoneMap
 
 The ZoneMap is controlled using a registry that can be set through MDM.
-By default, single-label names such as http://finance are already in the intranet zone.
-For multi-label names, such as http://finance.net, the ZoneMap needs to be updated.
+By default, single-label names such as *http://finance* are already in the intranet zone.
+For multi-label names, such as *http://finance.net*, the ZoneMap needs to be updated.
 
 ## MDM Policy
 
 OMA URI example:
 
-./Vendor/MSFT/Registry/HKU/S-1-5-21-2702878673-795188819-444038987-2781/Software/Microsoft/Windows/CurrentVersion/Internet%20Settings/ZoneMap/Domains/`<domain name>`/* as an Integer Value of 1 for each of the domains that you want to SSO into from your device. This adds the specified domains to the Intranet Zone of the Microsoft Edge browser.
+`./Vendor/MSFT/Registry/HKU/S-1-5-21-2702878673-795188819-444038987-2781/Software/Microsoft/Windows/CurrentVersion/Internet%20Settings/ZoneMap/Domains/<domain name>` as an `Integer` value of `1` for each of the domains that you want to SSO into from your device. This adds the specified domains to the Intranet Zone of the Microsoft Edge browser.
 
 ## Credential requirements
 
@@ -65,10 +68,10 @@ For VPN, the following types of credentials will be added to credential manager
 
 - Username and password
 - Certificate-based authentication:
-    - TPM Key Storage Provider (KSP) Certificate
-    - Software Key Storage Provider (KSP) Certificates
-    - Smart Card Certificate
-    - Windows Hello for Business Certificate
+  - TPM Key Storage Provider (KSP) Certificate
+  - Software Key Storage Provider (KSP) Certificates
+  - Smart Card Certificate
+  - Windows Hello for Business Certificate
 
 The username should also include a domain that can be reached over the connection (VPN or WiFi).
 
@@ -78,10 +81,10 @@ If the credentials are certificate-based, then the elements in the following tab
 
 | Template element | Configuration |
 |------------------|---------------|
-| SubjectName | The user’s distinguished name (DN) where the domain components of the distinguished name reflect the internal DNS namespace when the SubjectAlternativeName does not have the fully qualified UPN required to find the domain controller. </br>This requirement is relevant in multi-forest environments as it ensures a domain controller can be located. |
-| SubjectAlternativeName | The user’s fully qualified UPN where a domain name component of the user’s UPN matches the organizations internal domain’s DNS namespace. </br>This requirement is relevant in multi-forest environments as it ensures a domain controller can be located when the SubjectName does not have the DN required to find the domain controller. |
+| SubjectName | The user's distinguished name (DN) where the domain components of the distinguished name reflect the internal DNS namespace when the SubjectAlternativeName does not have the fully qualified UPN required to find the domain controller. </br>This requirement is relevant in multi-forest environments as it ensures a domain controller can be located. |
+| SubjectAlternativeName | The user's fully qualified UPN where a domain name component of the user's UPN matches the organizations internal domain's DNS namespace. </br>This requirement is relevant in multi-forest environments as it ensures a domain controller can be located when the SubjectName does not have the DN required to find the domain controller. |
 | Key Storage Provider (KSP) | If the device is joined to Azure AD, a discrete SSO certificate is used. |
-| EnhancedKeyUsage | One or more of the following EKUs is required: </br>- Client Authentication (for the VPN) </br>- EAP Filtering OID (for Windows Hello for Business)</br>- SmartCardLogon (for Azure AD-joined devices) </br>If the domain controllers require smart card EKU either:</br>- SmartCardLogon</br>- id-pkinit-KPClientAuth (1.3.6.1.5.2.3.4) <br>Otherwise:</br>- TLS/SSL Client Authentication (1.3.6.1.5.5.7.3.2) |
+| EnhancedKeyUsage | One or more of the following EKUs is required: </br><ul><li>Client Authentication (for the VPN)</li><li>EAP Filtering OID (for Windows Hello for Business)</li><li>SmartCardLogon (for Azure AD-joined devices)</li></ul>If the domain controllers require smart card EKU either:<ul><li>SmartCardLogon</li><li>id-pkinit-KPClientAuth (1.3.6.1.5.2.3.4) </li></ul>Otherwise:</br><ul><li>TLS/SSL Client Authentication (1.3.6.1.5.5.7.3.2)</li></ul> |
 
 ## NDES server configuration
 
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index fa541c4f87..a44aa1b079 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # VPN authentication options
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index e7e1f831ab..61044232d2 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # VPN auto-triggered profile options
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 5d7a695376..5da2a635a4 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # VPN and conditional access
diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md
index c3b4995351..e9eecdbbb9 100644
--- a/windows/security/identity-protection/vpn/vpn-connection-type.md
+++ b/windows/security/identity-protection/vpn/vpn-connection-type.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # VPN connection types
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index 40331b878d..f8cf27d242 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Windows VPN technical guide
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index 61fccf4518..34f201d00a 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # VPN name resolution
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index ebd414e637..d5725508e4 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # VPN profile options
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index 195202fe24..be5bc1caf0 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 # VPN routing decisions
 
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index d21e11182a..f8fb6861a0 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -12,6 +12,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # VPN security features
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index 9b7bb26672..aee7a82d2d 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
diff --git a/windows/security/identity.md b/windows/security/identity.md
index 6ef1e3db59..c773cf7055 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -5,9 +5,10 @@ ms.reviewer:
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
-ms.collection: M365-security-compliance
 ms.prod: windows-client
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Windows identity and privacy
diff --git a/windows/security/images/icons/information.svg b/windows/security/images/icons/information.svg
new file mode 100644
index 0000000000..bc692eabb9
--- /dev/null
+++ b/windows/security/images/icons/information.svg
@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M8 7C8.27614 7 8.5 7.22386 8.5 7.5V10.5C8.5 10.7761 8.27614 11 8 11C7.72386 11 7.5 10.7761 7.5 10.5V7.5C7.5 7.22386 7.72386 7 8 7ZM8.00001 6.24907C8.41369 6.24907 8.74905 5.91371 8.74905 5.50003C8.74905 5.08635 8.41369 4.751 8.00001 4.751C7.58633 4.751 7.25098 5.08635 7.25098 5.50003C7.25098 5.91371 7.58633 6.24907 8.00001 6.24907ZM2 8C2 4.68629 4.68629 2 8 2C11.3137 2 14 4.68629 14 8C14 11.3137 11.3137 14 8 14C4.68629 14 2 11.3137 2 8ZM8 3C5.23858 3 3 5.23858 3 8C3 10.7614 5.23858 13 8 13C10.7614 13 13 10.7614 13 8C13 5.23858 10.7614 3 8 3Z" fill="#0078D4" />
+</svg>
\ No newline at end of file
diff --git a/windows/security/includes/hello-cloud.md b/windows/security/includes/hello-cloud.md
index c40ed1027c..1c41485f11 100644
--- a/windows/security/includes/hello-cloud.md
+++ b/windows/security/includes/hello-cloud.md
@@ -1,7 +1,11 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [cloud](../identity-protection/hello-for-business/hello-how-it-works-technology.md#cloud-deployment)\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-cloud](hello-deployment-cloud.md)]
+- **Join type:** [!INCLUDE [hello-join-aad](hello-join-aad.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-deployment-cloud.md b/windows/security/includes/hello-deployment-cloud.md
new file mode 100644
index 0000000000..8152da9722
--- /dev/null
+++ b/windows/security/includes/hello-deployment-cloud.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[cloud :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#cloud-deployment "For organizations using Azure AD-only identities. Device management is usually done via Intune/MDM")
\ No newline at end of file
diff --git a/windows/security/includes/hello-deployment-hybrid.md b/windows/security/includes/hello-deployment-hybrid.md
new file mode 100644
index 0000000000..b35d4b548e
--- /dev/null
+++ b/windows/security/includes/hello-deployment-hybrid.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[hybrid :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment "For organizations using Active Directory identities synchronized to Azure AD. Device management is usually done via Group Policy or Intune/MDM")
\ No newline at end of file
diff --git a/windows/security/includes/hello-deployment-onpremises.md b/windows/security/includes/hello-deployment-onpremises.md
new file mode 100644
index 0000000000..8746a5e9c7
--- /dev/null
+++ b/windows/security/includes/hello-deployment-onpremises.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[on-premises :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment "For organizations using Active Directory identities, not synchronized to Azure AD. Device management is usually done via Group Policy")
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-cert-trust-aad.md b/windows/security/includes/hello-hybrid-cert-trust-aad.md
index e80912d8b9..57c03e95a3 100644
--- a/windows/security/includes/hello-hybrid-cert-trust-aad.md
+++ b/windows/security/includes/hello-hybrid-cert-trust-aad.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [hello-trust-certificate](hello-trust-certificate.md)]
+- **Join type:** [!INCLUDE [hello-join-aadj](hello-join-aad.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-cert-trust-ad.md b/windows/security/includes/hello-hybrid-cert-trust-ad.md
index 4ef97bd233..4691d86bc0 100644
--- a/windows/security/includes/hello-hybrid-cert-trust-ad.md
+++ b/windows/security/includes/hello-hybrid-cert-trust-ad.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
-✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [hello-trust-cloud-kerberos](hello-trust-cloud-kerberos.md)]
+- **Join type:** [!INCLUDE [hello-join-hybrid](hello-join-hybrid.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-cert-trust.md b/windows/security/includes/hello-hybrid-cert-trust.md
index 77a897f264..d6ca6e8f5d 100644
--- a/windows/security/includes/hello-hybrid-cert-trust.md
+++ b/windows/security/includes/hello-hybrid-cert-trust.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [hello-trust-certificate](hello-trust-certificate.md)]
+- **Join type:** [!INCLUDE [hello-join-aadj](hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](hello-join-hybrid.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-cloudkerb-trust.md b/windows/security/includes/hello-hybrid-cloudkerb-trust.md
index 4f68be791b..61346cd80e 100644
--- a/windows/security/includes/hello-hybrid-cloudkerb-trust.md
+++ b/windows/security/includes/hello-hybrid-cloudkerb-trust.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [hello-trust-cloud-kerberos](hello-trust-cloud-kerberos.md)]
+- **Join type:** [!INCLUDE [hello-join-aadj](hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](hello-join-hybrid.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-key-trust-ad.md b/windows/security/includes/hello-hybrid-key-trust-ad.md
index 68521a5a14..a5074f5bd4 100644
--- a/windows/security/includes/hello-hybrid-key-trust-ad.md
+++ b/windows/security/includes/hello-hybrid-key-trust-ad.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\
-✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [hello-trust-key](hello-trust-key.md)]
+- **Join type:** [!INCLUDE [hello-join-hybrid](hello-join-hybrid.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-key-trust.md b/windows/security/includes/hello-hybrid-key-trust.md
index fdb7466014..d9feebc213 100644
--- a/windows/security/includes/hello-hybrid-key-trust.md
+++ b/windows/security/includes/hello-hybrid-key-trust.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [hello-trust-key](hello-trust-key.md)]
+- **Join type:** [!INCLUDE [hello-join-aadj](hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](hello-join-hybrid.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-keycert-trust-aad.md b/windows/security/includes/hello-hybrid-keycert-trust-aad.md
index a8d82200d3..4c073f0897 100644
--- a/windows/security/includes/hello-hybrid-keycert-trust-aad.md
+++ b/windows/security/includes/hello-hybrid-keycert-trust-aad.md
@@ -1,7 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust), [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [hello-trust-key](hello-trust-key.md)], [!INCLUDE [hello-trust-certificate](hello-trust-certificate.md)]
+- **Join type:** [!INCLUDE [hello-join-aadj](hello-join-aad.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-intro.md b/windows/security/includes/hello-intro.md
new file mode 100644
index 0000000000..46d97c93e6
--- /dev/null
+++ b/windows/security/includes/hello-intro.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+This document describes Windows Hello for Business functionalities or scenarios that apply to:
\ No newline at end of file
diff --git a/windows/security/includes/hello-join-aad.md b/windows/security/includes/hello-join-aad.md
new file mode 100644
index 0000000000..5709970576
--- /dev/null
+++ b/windows/security/includes/hello-join-aad.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[Azure AD join :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join "Devices that are Azure AD joined do not have any dependencies on Active Directory. Only local users accounts and Azure AD users can sign in to these devices")
\ No newline at end of file
diff --git a/windows/security/includes/hello-join-domain.md b/windows/security/includes/hello-join-domain.md
new file mode 100644
index 0000000000..0385e2089a
--- /dev/null
+++ b/windows/security/includes/hello-join-domain.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[domain join :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md "Devices that are domain joined do not have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices")
\ No newline at end of file
diff --git a/windows/security/includes/hello-join-hybrid.md b/windows/security/includes/hello-join-hybrid.md
new file mode 100644
index 0000000000..3d3e75c6b6
--- /dev/null
+++ b/windows/security/includes/hello-join-hybrid.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[hybrid Azure AD join :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join "Devices that are hybrid Azure AD joined don't have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices. Active Directory users that are synchronized to Azure AD will have single-sign on to both Active Directory and Azure AD-protected resources")
\ No newline at end of file
diff --git a/windows/security/includes/hello-on-premises-cert-trust.md b/windows/security/includes/hello-on-premises-cert-trust.md
index 2cc01ac3ac..b106b5b8c8 100644
--- a/windows/security/includes/hello-on-premises-cert-trust.md
+++ b/windows/security/includes/hello-on-premises-cert-trust.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\
-✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
-✅ **Device registration type:** Active Directory domain join
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-onpremises](hello-deployment-onpremises.md)]
+- **Trust type:** [!INCLUDE [hello-trust-certificate](hello-trust-certificate.md)]
+- **Join type:** [!INCLUDE [hello-join-domain](hello-join-domain.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-on-premises-key-trust.md b/windows/security/includes/hello-on-premises-key-trust.md
index cd6241fa72..f290b0d975 100644
--- a/windows/security/includes/hello-on-premises-key-trust.md
+++ b/windows/security/includes/hello-on-premises-key-trust.md
@@ -1,8 +1,12 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\
-✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\
-✅ **Device registration type:** Active Directory domain join
-
-<br>
-
 ---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[!INCLUDE [hello-intro](hello-intro.md)]
+- **Deployment type:** [!INCLUDE [hello-deployment-onpremises](hello-deployment-onpremises.md)]
+- **Trust type:** [!INCLUDE [hello-trust-key](hello-trust-key.md)]
+- **Join type:** [!INCLUDE [hello-join-domain](hello-join-domain.md)]
+---
\ No newline at end of file
diff --git a/windows/security/includes/hello-trust-certificate.md b/windows/security/includes/hello-trust-certificate.md
new file mode 100644
index 0000000000..ffc705fde0
--- /dev/null
+++ b/windows/security/includes/hello-trust-certificate.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[certificate trust :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust "This trust type uses a certificate to authenticate the users to Active Directory. It's required to issue certificates to the users and to the domain controllers")
\ No newline at end of file
diff --git a/windows/security/includes/hello-trust-cloud-kerberos.md b/windows/security/includes/hello-trust-cloud-kerberos.md
new file mode 100644
index 0000000000..5ddac53ba9
--- /dev/null
+++ b/windows/security/includes/hello-trust-cloud-kerberos.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[cloud Kerberos trust :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#cloud-kerberos-trust "This trust type uses security keys to authenticate the users to Active Directory. It's not required to issue any certificates, making it the recommended choice for environments that do not need certificate authentication")
\ No newline at end of file
diff --git a/windows/security/includes/hello-trust-key.md b/windows/security/includes/hello-trust-key.md
new file mode 100644
index 0000000000..133f7f5204
--- /dev/null
+++ b/windows/security/includes/hello-trust-key.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[key trust :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust "This trust type uses a raw key to authenticate the users to Active Directory. It's not required to issue certificates to users, but it's required to deploy certificates to domain controllers")
\ No newline at end of file
diff --git a/windows/security/includes/improve-request-performance.md b/windows/security/includes/improve-request-performance.md
index 24aaa25d9f..f928705138 100644
--- a/windows/security/includes/improve-request-performance.md
+++ b/windows/security/includes/improve-request-performance.md
@@ -1,14 +1,8 @@
 ---
-title: Improve request performance
-description: Improve request performance
-search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
-ms.localizationpriority: medium
-ms.collection: M365-security-compliance 
-ms.topic: article
 author: paolomatarazzo
 ms.author: paoloma
-manager: aaroncz
+ms.date: 12/08/2022
+ms.topic: include
 ---
 
 >[!TIP]
diff --git a/windows/security/includes/machineactionsnote.md b/windows/security/includes/machineactionsnote.md
index 31e3d1ac98..d4b4560d8f 100644
--- a/windows/security/includes/machineactionsnote.md
+++ b/windows/security/includes/machineactionsnote.md
@@ -1,12 +1,8 @@
 ---
-title: Perform a Machine Action via the Microsoft Defender for Endpoint API
-description: This page focuses on performing a machine action via the Microsoft Defender for Endpoint API.
-ms.date: 08/28/2017
-ms.reviewer: 
 author: paolomatarazzo
 ms.author: paoloma
-manager: aaroncz
-ms.prod: m365-security
+ms.date: 12/08/2022
+ms.topic: include
 ---
 
 >[!Note]
diff --git a/windows/security/includes/microsoft-defender-api-usgov.md b/windows/security/includes/microsoft-defender-api-usgov.md
index 74cfd90cbb..0b0b2be701 100644
--- a/windows/security/includes/microsoft-defender-api-usgov.md
+++ b/windows/security/includes/microsoft-defender-api-usgov.md
@@ -1,14 +1,8 @@
 ---
-title: Microsoft Defender for Endpoint API URIs for US Government
-description: Microsoft Defender for Endpoint API URIs for US Government
-search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
 author: paolomatarazzo
 ms.author: paoloma
-manager: aaroncz
-ms.localizationpriority: medium
-ms.collection: M365-security-compliance 
-ms.topic: article
+ms.date: 12/08/2022
+ms.topic: include
 ---
 
 >[!NOTE]
diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md
index 0aade34b01..bd9a8d2c0d 100644
--- a/windows/security/includes/microsoft-defender.md
+++ b/windows/security/includes/microsoft-defender.md
@@ -1,13 +1,7 @@
 ---
-title: Microsoft 365 Defender important guidance
-description: A note in regard to important Microsoft 365 Defender guidance.
-ms.date: 
-ms.reviewer: 
-manager: aaroncz
 author: paolomatarazzo
 ms.author: paoloma
-manager: aaroncz
-ms.prod: m365-security
+ms.date: 12/08/2022
 ms.topic: include
 ---
 
diff --git a/windows/security/includes/prerelease.md b/windows/security/includes/prerelease.md
index 58b056c484..c0212561bd 100644
--- a/windows/security/includes/prerelease.md
+++ b/windows/security/includes/prerelease.md
@@ -1,12 +1,8 @@
 ---
-title: Microsoft Defender for Endpoint Pre-release Disclaimer
-description: Disclaimer for pre-release version of Microsoft Defender for Endpoint.
-ms.date: 08/28/2017
-ms.reviewer: 
 author: paolomatarazzo
 ms.author: paoloma
-manager: aaroncz
-ms.prod: m365-security
+ms.date: 12/08/2022
+ms.topic: include
 ---
 
 > [!IMPORTANT]
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 57d27d3093..2aa8f670fe 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -1,22 +1,19 @@
 ### YamlMime:Landing
 
-title: Windows security # < 60 chars
-summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive.  # < 160 chars
+title: Windows security
+summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive.
 
 metadata:
-  title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about Windows security # Required; article description that is displayed in search results. < 160 chars.
+  title: Windows security
+  description: Learn about Windows security technologies and how to use them to protect your data and devices.
   ms.topic: landing-page
   ms.prod: windows-client
   ms.technology: itpro-security
   ms.collection:
-    - m365-security-compliance
     - highpri
-  ms.custom: intro-hub-or-landing
   author: paolomatarazzo
   ms.author: paoloma
-  ms.date: 09/20/2021
-  localization_priority: Priority
+  ms.date: 12/19/2022
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
index aaee4befef..c8a7446c07 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml
index df826bda53..b917a468f8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml
@@ -2,19 +2,13 @@
 metadata:
   title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10)
   description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. 
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
   audience: ITPro
   ms.collection:
-    - M365-security-compliance
     - highpri
   ms.topic: faq
   ms.date: 11/08/2022
@@ -22,9 +16,8 @@ metadata:
 title: BitLocker and Active Directory Domain Services (AD DS) FAQ
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
   
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index a2047fc5a1..3518062515 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -7,8 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
index 7a8377aceb..32a6c0816b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@@ -7,8 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
index 39701f8123..dbea4c718a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
@@ -2,28 +2,19 @@
 metadata:
   title: BitLocker deployment and administration FAQ (Windows 10)
   description: Browse frequently asked questions about BitLocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?"
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
-  ms.reviewer: 
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
-  audience: ITPro
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 11/08/2022
   ms.custom: bitlocker
 title: BitLocker frequently asked questions (FAQ)
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
 
 sections:
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
index d3643ab0fe..bb9df0cf68 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 82fb89a4d8..811287a4d3 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -7,7 +7,6 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/08/2022
diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
index 46ab64d09d..24016c5ca6 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
@@ -2,20 +2,13 @@
 metadata:
   title: BitLocker FAQ (Windows 10)
   description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of BitLocker.
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
-  ms.reviewer: 
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
   audience: ITPro
   ms.collection:
-    - M365-security-compliance
     - highpri
   ms.topic: faq
   ms.date: 11/08/2022
@@ -23,9 +16,8 @@ metadata:
 title: BitLocker frequently asked questions (FAQ) resources
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
   This article links to frequently asked questions about BitLocker. BitLocker is a data protection feature that encrypts drives on computers to help prevent data theft or exposure. BitLocker-protected computers can also delete data more securely when they're decommissioned because it's much more difficult to recover deleted data from an encrypted drive than from a non-encrypted drive.
   
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index a082bdcca9..948d296fa0 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -8,7 +8,6 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/08/2022
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
index bdf2e0b538..9d743637c9 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index dd8cc3e8c7..37a5af8983 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -7,8 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml
index b7aa1ae889..ad23cc6714 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml
@@ -2,27 +2,20 @@
 metadata:
   title: BitLocker Key Management FAQ (Windows 10)
   description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
   audience: ITPro
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 11/08/2022
   ms.custom: bitlocker
 title: BitLocker Key Management FAQ
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
 
 sections:
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index e3bea9928b..b86eb930d8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -6,8 +6,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
@@ -37,6 +35,11 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge
 
 For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well.
 
+> [!NOTE]
+> To manage Bitlocker, except to enable and disable it, one of the following licenses must be assigned to your users:
+> - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5).
+> - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 and A5).
+
 ## Managing workplace-joined PCs and phones
 
 For Windows PCs and Windows Phones that are enrolled using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
index 7129c50889..9683743787 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
@@ -4,15 +4,10 @@ metadata:
   description: Familiarize yourself with BitLocker Network Unlock. Learn how it can make desktop and server management easier within domain environments.
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
   audience: ITPro
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 11/08/2022
   ms.reviewer: 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
index c8bea939c1..8398ff5cb5 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
@@ -2,19 +2,13 @@
 metadata:
   title: BitLocker overview and requirements FAQ (Windows 10)
   description: This article for IT professionals answers frequently asked questions concerning the requirements to use BitLocker.
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
   audience: ITPro
   ms.collection:
-    - M365-security-compliance
     - highpri
   ms.topic: faq
   ms.date: 11/08/2022
@@ -22,9 +16,8 @@ metadata:
 title: BitLocker Overview and Requirements FAQ
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
 
 sections:
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index de852a1f48..5cc2a4ae6c 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/08/2022
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index efdcd705e7..495549c66c 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -9,7 +9,6 @@ ms.author: frankroj
 ms.reviewer: rafals
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/08/2022
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index 4120e83475..11ce21de12 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -7,7 +7,6 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/08/2022
diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml
index 04035cd1cb..8b53e2e639 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml
@@ -1,28 +1,21 @@
 ### YamlMime:FAQ
 metadata:
-  title: BitLocker Security FAQ (Windows 10)
+  title: BitLocker Security FAQ
   description: Learn more about how BitLocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?"
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
   audience: ITPro
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 11/08/2022
   ms.custom: bitlocker
 title: BitLocker Security FAQ
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
   
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml
index 1ab54f3689..c780b6ee5a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml
@@ -1,19 +1,13 @@
 ### YamlMime:FAQ
 metadata:
-  title: BitLocker To Go FAQ (Windows 10)
+  title: BitLocker To Go FAQ
   description: "Learn more about BitLocker To Go"
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.prod: windows-client
   ms.technology: itpro-security
   ms.author: frankroj
-  ms.mktglfcycl: deploy
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   manager: aaroncz
   audience: ITPro
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 11/08/2022
   ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml
index 2ab78a0734..13441d1f58 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml
@@ -1,18 +1,12 @@
 ### YamlMime:FAQ
 metadata:
-  title: BitLocker Upgrading FAQ (Windows 10)
+  title: BitLocker Upgrading FAQ
   description: Learn more about upgrading systems that have BitLocker enabled. Find frequently asked questions, such as, "Can I upgrade to Windows 10 with BitLocker enabled?"
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
-  audience: ITPro
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 11/08/2022
   ms.reviewer: 
@@ -20,9 +14,8 @@ metadata:
 title: BitLocker Upgrading FAQ
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
 
 sections:
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index 573fcb0e51..ea25cc99da 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -8,7 +8,6 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/08/2022
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
index 4fedd8f3d5..315672e456 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -8,7 +8,6 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/08/2022
diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
index 64f9160f29..4d0267a25a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
@@ -1,28 +1,19 @@
 ### YamlMime:FAQ
 metadata:
-  title: Using BitLocker with other programs FAQ (Windows 10)
+  title: Using BitLocker with other programs FAQ
   description: Learn how to integrate BitLocker with other software on a device.
-  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.prod: windows-client
   ms.technology: itpro-security
-  ms.mktglfcycl: explore
-  ms.sitesec: library
-  ms.pagetype: security
-  ms.localizationpriority: medium
   author: frankroj
   ms.author: frankroj
   manager: aaroncz
-  audience: ITPro
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 11/08/2022
-  ms.custom: bitlocker
 title: Using BitLocker with other programs FAQ
 summary: |
   **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
+  - Windows 10 and later
+  - Windows Server 2016 and later
   
 
 sections:
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 56026fd192..07323ba946 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -7,8 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index edf5fd84f3..c8e7301a42 100644
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/08/2022
 ms.custom: bitlocker
diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md
index 765325f2f0..82af1b7c01 100644
--- a/windows/security/information-protection/encrypted-hard-drive.md
+++ b/windows/security/information-protection/encrypted-hard-drive.md
@@ -8,6 +8,7 @@ ms.prod: windows-client
 author: frankroj
 ms.date: 11/08/2022
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Encrypted Hard Drive
diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md
index 39c23c342b..7126b41530 100644
--- a/windows/security/information-protection/index.md
+++ b/windows/security/information-protection/index.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/10/2018
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 63520fd7a9..234c8a6eba 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -2,14 +2,13 @@
 title: Kernel DMA Protection (Windows)
 description: Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports.
 ms.prod: windows-client
-author: dansimp
-ms.author: dansimp
+author: vinaypamnani-msft
+ms.author: vinpa
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
-ms.date: 03/26/2019
+ms.date: 01/05/2023
 ms.technology: itpro-security
 ---
 
@@ -67,6 +66,9 @@ Systems released prior to Windows 10 version 1803 do not support Kernel DMA Prot
 >[!NOTE]
 >Kernel DMA Protection is not compatible with other BitLocker DMA attacks countermeasures. It is recommended to disable the BitLocker DMA attacks countermeasures if the system supports Kernel DMA Protection. Kernel DMA Protection provides higher security bar for the system over the BitLocker DMA attack countermeasures, while maintaining usability of external peripherals.
 
+>[!NOTE]
+>DMA remapping support for graphics devices was added in Windows 11 with the WDDM 3.0 driver model; Windows 10 does not support this feature.
+
 ## How to check if Kernel DMA Protection is enabled
 
 Systems running Windows 10 version 1803 that do support Kernel DMA Protection do have this security feature enabled automatically by the OS with no user or IT admin configuration required.
diff --git a/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md b/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
index 4375ada864..0aed4ad1d1 100644
--- a/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
+++ b/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
@@ -3,16 +3,17 @@ title: Configure Personal Data Encryption (PDE) in Intune
 description: Configuring and enabling Personal Data Encryption (PDE) required and recommended policies in Intune
 author: frankroj
 ms.author: frankroj
-ms.reviewer: rafals
+ms.reviewer: rhonnegowda
 manager: aaroncz
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.date: 09/22/2022
+ms.date: 12/13/2022
 ---
 
 <!-- Max 5963468 OS 32516487 -->
+<!-- Max 6946251 -->
 
 # Configure Personal Data Encryption (PDE) policies in Intune
 
@@ -20,104 +21,243 @@ ms.date: 09/22/2022
 
 ### Enable Personal Data Encryption (PDE)
 
-1. Sign into the Intune
+1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
 2. Navigate to **Devices** > **Configuration Profiles**
+
 3. Select **Create profile**
+
 4. Under **Platform**, select **Windows 10 and later**
+
 5. Under **Profile type**, select **Templates**
+
 6. Under **Template name**, select **Custom**, and then select **Create**
-7. On the ****Basics** tab: 
+
+7. In **Basics**:
+
     1. Next to **Name**, enter **Personal Data Encryption**
-    2. Next to **Description**, enter a description 
+    2. Next to **Description**, enter a description
+
 8. Select **Next**
-9. On the **Configuration settings** tab, select **Add**
-10. In the **Add Row** window:
+
+9. In **Configuration settings**, select **Add**
+
+10. In **Add Row**:
+
     1. Next to **Name**, enter **Personal Data Encryption**
     2. Next to **Description**, enter a description
     3. Next to **OMA-URI**, enter in **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
     4. Next to **Data type**, select **Integer**
     5. Next to **Value**, enter in **1**
+
 11. Select **Save**, and then select **Next**
-12. On the **Assignments** tab:
+
+12. In **Assignments**:
+
     1. Under **Included groups**, select **Add groups**
     2. Select the groups that the PDE policy should be deployed to
     3. Select **Select**
     4. Select **Next**
-13. On the **Applicability Rules** tab, configure if necessary and then select **Next**
-14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
 
-#### Disable Winlogon automatic restart sign-on (ARSO)
+13. In **Applicability Rules**, configure if necessary and then select **Next**
+
+14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
+
+### Disable Winlogon automatic restart sign-on (ARSO)
+
+1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. Sign into the Intune
 2. Navigate to **Devices** > **Configuration Profiles**
+
 3. Select **Create profile**
+
 4. Under **Platform**, select **Windows 10 and later**
+
 5. Under **Profile type**, select **Templates**
+
 6. Under **Template name**, select **Administrative templates**, and then select **Create**
-7. On the ****Basics** tab:
+
+7. In **Basics**:
+
     1. Next to **Name**, enter **Disable ARSO**
     2. Next to **Description**, enter a description
+
 8. Select **Next**
-9. On the **Configuration settings** tab, under **Computer Configuration**, navigate to **Windows Components** > **Windows Logon Options**
+
+9. In **Configuration settings**, under **Computer Configuration**, navigate to **Windows Components** > **Windows Logon Options**
+
 10. Select **Sign-in and lock last interactive user automatically after a restart**
+
 11. In the **Sign-in and lock last interactive user automatically after a restart** window that opens, select **Disabled**, and then select **OK**
+
 12. Select **Next**
-13. On the **Scope tags** tab, configure if necessary and then select **Next**
-12. On the **Assignments** tab:
+
+13. In **Scope tags**, configure if necessary and then select **Next**
+
+14. In **Assignments**:
+
     1. Under **Included groups**, select **Add groups**
     2. Select the groups that the ARSO policy should be deployed to
     3. Select **Select**
     4. Select **Next**
-13. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
 
-## Recommended prerequisites
+15. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
 
-#### Disable crash dumps
+## Security hardening recommendations
+
+### Disable kernel-mode crash dumps and live dumps
+
+1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. Sign into the Intune
 2. Navigate to **Devices** > **Configuration Profiles**
+
 3. Select **Create profile**
+
 4. Under **Platform**, select **Windows 10 and later**
+
 5. Under **Profile type**, select **Settings catalog**, and then select **Create**
-6. On the ****Basics** tab:
-    1. Next to **Name**, enter **Disable Hibernation**
+
+6. In **Basics**:
+
+    1. Next to **Name**, enter **Disable Kernel-Mode Crash Dumps**
     2. Next to **Description**, enter a description
+
 7. Select **Next**
-8. On the **Configuration settings** tab, select **Add settings**
-9. In the **Settings picker** windows, select **Memory Dump**
-10. When the settings appear in the lower pane, under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
+
+8. In **Configuration settings**, select **Add settings**
+
+9. In the **Settings picker** window, under **Browse by category**, select **Memory Dump**
+
+10. When the settings appear under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
+
 11. Change both **Allow Live Dump** and **Allow Crash Dump** to **Block**, and then select **Next**
-12. On the **Scope tags** tab, configure if necessary and then select **Next**
-13. On the **Assignments** tab:
+
+12. In **Scope tags**, configure if necessary and then select **Next**
+
+13. In **Assignments**:
+
     1. Under **Included groups**, select **Add groups**
-    2. Select the groups that the crash dumps policy should be deployed to
+    2. Select the groups that the disable crash dumps policy should be deployed to
     3. Select **Select**
     4. Select **Next**
-14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
 
-#### Disable hibernation
+14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
+
+### Disable Windows Error Reporting (WER)/Disable user-mode crash dumps
+
+1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. Sign into the Intune
 2. Navigate to **Devices** > **Configuration Profiles**
+
 3. Select **Create profile**
+
 4. Under **Platform**, select **Windows 10 and later**
+
 5. Under **Profile type**, select **Settings catalog**, and then select **Create**
-6. On the ****Basics** tab:
+
+6. In **Basics**:
+
+    1. Next to **Name**, enter **Disable Windows Error Reporting (WER)**
+    2. Next to **Description**, enter a description
+
+7. Select **Next**
+
+8. In **Configuration settings**, select **Add settings**
+
+9. In the **Settings picker** window, under **Browse by category**, expand to **Administrative Templates** > **Windows Components**, and then select **Windows Error Reporting**
+
+10. When the settings appear under **Setting name**, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
+
+11. Change **Disable Windows Error Reporting** to **Enabled**, and then select **Next**
+
+12. In **Scope tags**, configure if necessary and then select **Next**
+
+13. In **Assignments**:
+
+    1. Under **Included groups**, select **Add groups**
+    2. Select the groups that the disable WER dumps policy should be deployed to
+    3. Select **Select**
+    4. Select **Next**
+
+14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
+
+### Disable hibernation
+
+1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
+2. Navigate to **Devices** > **Configuration Profiles**
+
+3. Select **Create profile**
+
+4. Under **Platform**, select **Windows 10 and later**
+
+5. Under **Profile type**, select **Settings catalog**, and then select **Create**
+
+6. In **Basics**:
+
     1. Next to **Name**, enter **Disable Hibernation**
     2. Next to **Description**, enter a description
+
 7. Select **Next**
-8. On the **Configuration settings** tab, select **Add settings**
-9. In the **Settings picker** windows, select **Power**
-10. When the settings appear in the lower pane, under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
+
+8. In **Configuration settings**, select **Add settings**
+
+9. In the **Settings picker** window, under **Browse by category**, select **Power**
+
+10. When the settings appear under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
+
 11. Change **Allow Hibernate** to **Block**, and then select **Next**
-12. On the **Scope tags** tab, configure if necessary and then select **Next**
-13. On the **Assignments** tab:
+
+12. In **Scope tags**, configure if necessary and then select **Next**
+
+13. In **Assignments**:
+
     1. Under **Included groups**, select **Add groups**
-    2. Select the groups that the hibernation policy should be deployed to
+    2. Select the groups that the disable hibernation policy should be deployed to
     3. Select **Select**
     4. Select **Next**
-14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
+
+14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
+
+### Disable allowing users to select when a password is required when resuming from connected standby
+
+1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
+2. Navigate to **Devices** > **Configuration Profiles**
+
+3. Select **Create profile**
+
+4. Under **Platform**, select **Windows 10 and later**
+
+5. Under **Profile type**, select **Settings catalog**, and then select **Create**
+
+6. In **Basics**:
+
+    1. Next to **Name**, enter **Disable allowing users to select when a password is required when resuming from connected standby**
+    2. Next to **Description**, enter a description
+
+7. Select **Next**
+
+8. In **Configuration settings**, select **Add settings**
+
+9. In the **Settings picker** window, under **Browse by category**, expand to **Administrative Templates** > **System**, and then select **Logon**
+
+10. When the settings appear under **Setting name**, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
+
+11. Make sure that **Allow users to select when a password is required when resuming from connected standby** is left at the default of **Disabled**, and then select **Next**
+
+12. In **Scope tags**, configure if necessary and then select **Next**
+
+13. In **Assignments**:
+
+    1. Under **Included groups**, select **Add groups**
+    2. Select the groups that the disable Allow users to select when a password is required when resuming from connected standby policy should be deployed to
+    3. Select **Select**
+    4. Select **Next**
+
+14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
 
 ## See also
+
 - [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
\ No newline at end of file
+- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.yml b/windows/security/information-protection/personal-data-encryption/faq-pde.yml
index 744161659e..c56effe008 100644
--- a/windows/security/information-protection/personal-data-encryption/faq-pde.yml
+++ b/windows/security/information-protection/personal-data-encryption/faq-pde.yml
@@ -5,13 +5,16 @@ metadata:
   description: Answers to common questions regarding Personal Data Encryption (PDE).
   author: frankroj
   ms.author: frankroj
-  ms.reviewer: rafals
+  ms.reviewer: rhonnegowda
   manager: aaroncz
   ms.topic: faq
   ms.prod: windows-client
   ms.technology: itpro-security
   ms.localizationpriority: medium
-  ms.date: 09/22/2022
+  ms.date: 12/13/2022
+
+# Max 5963468 OS 32516487
+# Max 6946251
 
 title: Frequently asked questions for Personal Data Encryption (PDE)
 summary: |
@@ -22,53 +25,58 @@ sections:
     questions:
       - question: Can PDE encrypt entire volumes or drives?
         answer: |
-          No. PDE only encrypts specified files.
+          No. PDE only encrypts specified files and content.
 
       - question: Is PDE a replacement for BitLocker?
         answer: |
           No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
 
-      - question: Can an IT admin specify which files should be encrypted?
+      - question: How are files and content protected by PDE selected?
         answer: |
-          Yes, but it can only be done using the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
+          [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) are used to select which files and content are protected using PDE.
 
-      - question: Do I need to use OneDrive as my backup provider?
+      - question: Do I need to use OneDrive in Microsoft 365 as my backup provider?
         answer: |
-          No. PDE doesn't have a requirement for a backup provider including OneDrive. However, backups are strongly recommended in case the keys used by PDE to decrypt files are lost. OneDrive is a recommended backup provider.
+          No. PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.
 
       - question: What is the relation between Windows Hello for Business and PDE?
         answer: |
-          During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to decrypt files.
+          During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect content.
 
-      - question: Can a file be encrypted with both PDE and EFS at the same time?
+      - question: Can a file be protected with both PDE and EFS at the same time?
         answer: |
           No. PDE and EFS are mutually exclusive.
 
-      - question: Can PDE encrypted files be accessed after signing on via a Remote Desktop connection (RDP)?
+      - question: Can PDE protected content be accessed after signing on via a Remote Desktop connection (RDP)?
         answer: |
-          No. Accessing PDE encrypted files over RDP isn't currently supported.
+          No. Accessing PDE protected content over RDP isn't currently supported.
 
-      - question: Can PDE encrypted files be access via a network share?
+      - question: Can PDE protected content be accessed via a network share?
         answer: |
-          No. PDE encrypted files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
+          No. PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
 
-      - question: How can it be determined if a file is encrypted with PDE?
+      - question: How can it be determined if a file is protected with PDE?
         answer: |
-          Encrypted files will show a padlock on the file's icon. Additionally, `cipher.exe` can be used to show the encryption state of the file.
+          - Files protected with PDE and EFS will both show a padlock on the file's icon. To verify whether a file is protected with PDE vs. EFS:
+            1. In the properties of the file, navigate to **General** > **Advanced**. The option **Encrypt contents to secure data** should be selected.
+            2. Select the **Details** button.
+            3. If the file is protected with PDE, under **Protection status:**, the item **Personal Data Encryption is:** will be marked as **On**.
+          - [`cipher.exe`](/windows-server/administration/windows-commands/cipher) can also be used to show the encryption state of the file.
 
       - question: Can users manually encrypt and decrypt files with PDE?
         answer: |
-          Currently users can decrypt files manually but they can't encrypt files manually.
+          Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section **Disable PDE and decrypt files** in [Personal Data Encryption (PDE)](overview-pde.md).
 
-      - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE encrypted files?
+      - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content?
         answer: |
-          No. The keys used by PDE to decrypt files are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
+          No. The keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
 
       - question: What encryption method and strength does PDE use?
         answer: |
-          PDE uses AES-CBC with a 256-bit key to encrypt files
+          PDE uses AES-CBC with a 256-bit key to encrypt content.
 
 additionalContent: |
   ## See also
     - [Personal Data Encryption (PDE)](overview-pde.md)
-    - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
\ No newline at end of file
+    - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
+    
diff --git a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
index 7ca7334657..2eb0fa2a66 100644
--- a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
+++ b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
@@ -4,24 +4,25 @@ description: Personal Data Encryption (PDE) description include file
 
 author: frankroj
 ms.author: frankroj
-ms.reviewer: rafals
+ms.reviewer: rhonnegowda
 manager: aaroncz
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.date: 09/22/2022
+ms.date: 12/13/2022
 ---
 
 <!-- Max 5963468 OS 32516487 -->
+<!-- Max 6946251 -->
 
-Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it  encrypts individual files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
+Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it  encrypts individual files and content instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
 
-PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to files. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.
+PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to content. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.
 
-PDE is also accessibility friendly. For example, The BitLocker PIN entry screen doesn't have accessibility options. PDE however uses Windows Hello for Business, which does have accessibility features.
+Because PDE utilizes Windows Hello for Business, PDE is also accessibility friendly due to the accessibility features available when using Windows Hello for Business.
 
-Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE encrypted files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked.
+Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE protected content once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked.
 
 > [!NOTE]
-> PDE is currently only available to developers via [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or encrypt files via PDE. Also, although there is an MDM policy that can enable PDE, there are no MDM policies that can be used to encrypt files via PDE.
+> PDE can be enabled using MDM policies. The content to be protected by PDE can be specified using [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or protect content using PDE.
diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md
index bfb7153548..12709e8d35 100644
--- a/windows/security/information-protection/personal-data-encryption/overview-pde.md
+++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md
@@ -3,75 +3,123 @@ title: Personal Data Encryption (PDE)
 description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot.
 author: frankroj
 ms.author: frankroj
-ms.reviewer: rafals
+ms.reviewer: rhonnegowda
 manager: aaroncz
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.date: 09/22/2022
+ms.date: 12/13/2022
 ---
 
 <!-- Max 5963468 OS 32516487 -->
+<!-- Max 6946251 -->
 
 # Personal Data Encryption (PDE)
 
-(*Applies to: Windows 11, version 22H2 and later Enterprise and Education editions*)
+**Applies to:**
+
+- Windows 11, version 22H2 and later Enterprise and Education editions
 
 [!INCLUDE [Personal Data Encryption (PDE) description](includes/pde-description.md)]
 
 ## Prerequisites
 
-### **Required**
-  - [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join)
-  - [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md)
-  - Windows 11, version 22H2 and later Enterprise and Education editions
+### Required
 
-### **Not supported with PDE**
-  - [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md)
-  - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
-    -  For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)).
-  - [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)
-  - [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
-  - Remote Desktop connections
+- [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join)
+- [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md)
+- Windows 11, version 22H2 and later Enterprise and Education editions
 
-### **Highly recommended**
-  - [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
-    - Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to supplement BitLocker and not replace it.
-  - Backup solution such as [OneDrive](/onedrive/onedrive)
-    - In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to decrypt files can be lost. In such scenarios, any file encrypted with PDE will no longer be accessible. The only way to recover such files would be from backup.
-  - [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
-    - Destructive PIN resets will cause keys used by PDE to decrypt files to be lost. The destructive PIN reset will make any file encrypted with PDE no longer accessible after a destructive PIN reset. Files encrypted with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
-  - [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
-    - Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
-  - [Kernel and user mode crash dumps disabled](/windows/client-management/mdm/policy-csp-memorydump)
-    - Crash dumps can potentially cause the keys used by PDE decrypt files to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps).
-  - [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
-    - Hibernation files can potentially cause the keys used by PDE to decrypt files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
+### Not supported with PDE
+
+- [FIDO/security key authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
+- [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
+  - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)).
+- [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)
+- [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
+- Remote Desktop connections
+
+### Security hardening recommendations
+
+- [Kernel-mode crash dumps  and live dumps disabled](/windows/client-management/mdm/policy-csp-memorydump#memorydump-policies)
+
+   Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](configure-pde-in-intune.md#disable-kernel-mode-crash-dumps-and-live-dumps).
+
+- [Windows Error Reporting (WER) disabled/User-mode crash dumps disabled](/windows/client-management/mdm/policy-csp-errorreporting#errorreporting-disablewindowserrorreporting)
+
+   Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps. For more information on disabling crash dumps via Intune, see [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](configure-pde-in-intune.md#disable-windows-error-reporting-werdisable-user-mode-crash-dumps).
+
+- [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
+
+   Hibernation files can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable hibernation. For more information on disabling crash dumps via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
+
+- [Allowing users to select when a password is required when resuming from connected standby disabled](/windows/client-management/mdm/policy-csp-admx-credentialproviders#admx-credentialproviders-allowdomaindelaylock)
+
+    When this policy isn't configured, the outcome between on-premises Active Directory joined devices and workgroup devices, including native Azure Active Directory joined devices, is different:
+
+  - On-premises Active Directory joined devices:
+
+    - A user can't change the amount of time after the device´s screen turns off before a password is required when waking the device.
+
+    - A password is required immediately after the screen turns off.
+
+    The above is the desired outcome, but PDE isn't supported with on-premises Active Directory joined devices.
+
+  - Workgroup devices, including native Azure AD joined devices:
+
+    - A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device.
+
+    - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. This outcome isn't a desired outcome.
+
+    Because of this undesired outcome, it's recommended to explicitly disable this policy on native Azure AD joined devices instead of leaving it at the default of not configured.
+
+   For information on disabling this policy via Intune, see [Disable allowing users to select when a password is required when resuming from connected standby](configure-pde-in-intune.md#disable-allowing-users-to-select-when-a-password-is-required-when-resuming-from-connected-standby).
+
+### Highly recommended
+
+- [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
+
+   Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to work alongside BitLocker for increased security. PDE isn't a replacement for BitLocker.
+
+- Backup solution such as [OneDrive in Microsoft 365](/sharepoint/onedrive-overview)
+
+   In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to protect content will be lost. In such scenarios, any content protected with PDE will no longer be accessible. The only way to recover such content would be from backup.
+
+- [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
+
+   Destructive PIN resets will cause keys used by PDE to protect content to be lost. The destructive PIN reset will make any content protected with PDE no longer accessible after a destructive PIN reset. Content protected with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
+
+- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
+
+   Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
 
 ## PDE protection levels
 
-PDE uses AES-CBC with a 256-bit key to encrypt files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
+PDE uses AES-CBC with a 256-bit key to protect content and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
 
 | Item | Level 1 | Level 2 |
 |---|---|---|
-| Data is accessible when user is signed in | Yes | Yes |
-| Data is accessible when user has locked their device | Yes | No |
-| Data is accessible after user signs out | No | No |
-| Data is accessible when device is shut down | No | No |
-| Decryption keys discarded | After user signs out | After user locks device or signs out |
+| PDE protected data accessible when user has signed in via Windows Hello for Business | Yes | Yes |
+| PDE protected data is accessible at Windows lock screen | Yes | Data is accessible for one minute after lock, then it's no longer available |
+| PDE protected data is accessible after user signs out of Windows | No | No |
+| PDE protected data is accessible when device is shut down | No | No |
+| PDE protected data is accessible via UNC paths | No | No |
+| PDE protected data is accessible when signing with Windows password instead of Windows Hello for Business | No | No |
+| PDE protected data is accessible via Remote Desktop session | No | No |
+| Decryption keys used by PDE discarded | After user signs out of Windows | One minute after Windows lock screen is engaged or after user signs out of Windows |
 
-## PDE encrypted files accessibility
+## PDE protected content accessibility
 
-When a file is encrypted with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access a PDE encrypted file, they'll be denied access to the file.
+When a file is protected with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access PDE protected content, they'll be denied access to the content.
 
-Scenarios where a user will be denied access to a PDE encrypted file include:
+Scenarios where a user will be denied access to PDE protected content include:
 
 - User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN.
-- If specified via level 2 protection, when the device is locked.
-- When trying to access files on the device remotely. For example, UNC network paths.
+- If protected via level 2 protection, when the device is locked.
+- When trying to access content on the device remotely. For example, UNC network paths.
 - Remote Desktop sessions.
-- Other users on the device who aren't owners of the file, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE encrypted files.
+- Other users on the device who aren't owners of the content, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE protected content.
 
 ## How to enable PDE
 
@@ -85,55 +133,83 @@ To enable PDE on devices, push an MDM policy to the devices with the following p
 There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-csp) available for MDM solutions that support it.
 
 > [!NOTE]
-> Enabling the PDE policy on devices only enables the PDE feature. It does not encrypt any files. To encrypt files, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) to create custom applications and scripts to specify which files to encrypt and at what level to encrypt the files. Additionally, files will not encrypt via the APIs until this policy has been enabled.
+> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any content. To protect content via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled.
 
 For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](configure-pde-in-intune.md#enable-personal-data-encryption-pde).
 
 ## Differences between PDE and BitLocker
 
+PDE is meant to work alongside BitLocker. PDE isn't a replacement for BitLocker, nor is BitLocker a replacement for PDE. Using both features together provides better security than using either BitLocker or PDE alone. However there are differences between BitLocker and PDE and how they work. These differences are why using them together offers better security.
+
 | Item | PDE | BitLocker |
 |--|--|--|
-| Release of key | At user sign-in via Windows Hello for Business | At boot |
-| Keys discarded | At user sign-out | At reboot |
-| Files encrypted | Individual specified files | Entire volume/drive |
-| Authentication to access encrypted file | Windows Hello for Business | When BitLocker with PIN is enabled, BitLocker PIN plus Windows sign in |
-| Accessibility | Windows Hello for Business is accessibility friendly | BitLocker with PIN doesn't have accessibility features |
+| Release of decryption key | At user sign-in via Windows Hello for Business | At boot |
+| Decryption keys discarded | When user signs out of Windows or one minute after Windows lock screen is engaged | At reboot |
+| Files protected | Individual specified files | Entire volume/drive |
+| Authentication to access protected content | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in |
 
 ## Differences between PDE and EFS
 
-The main difference between encrypting files with PDE instead of EFS is the method they use to encrypt the file. PDE uses Windows Hello for Business to secure the keys to decrypt the files. EFS uses certificates to secure and encrypt the files.
+The main difference between protecting files with PDE instead of EFS is the method they use to protect the file. PDE uses Windows Hello for Business to secure the keys that protect the files. EFS uses certificates to secure and protect the files.
 
-To see if a file is encrypted with PDE or EFS:
+To see if a file is protected with PDE or with EFS:
 
 1. Open the properties of the file
 2. Under the **General** tab, select **Advanced...**
 3. In the **Advanced Attributes** windows, select **Details**
 
-For PDE encrypted files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**.
+For PDE protected files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**.
 
-For EFS encrypted files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**.
+For EFS protected files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**.
 
-Encryption information including what encryption method is being used can be obtained with the command line `cipher.exe /c` command.
+Encryption information including what encryption method is being used to protect the file can be obtained with the [cipher.exe /c](/windows-server/administration/windows-commands/cipher) command.
 
-## Disable PDE and decrypt files
+## Disable PDE and decrypt content
 
-Currently there's no method to disable PDE via MDM policy. However, in certain scenarios PDE encrypted files can be decrypted using `cipher.exe` using the following steps:
+Once PDE is enabled, it isn't recommended to disable it. However if PDE does need to be disabled, it can be done so via the MDM policy described in the section [How to enable PDE](#how-to-enable-pde). The value of the OMA-URI needs to be changed from **`1`** to **`0`** as follows:
+
+- Name: **Personal Data Encryption**
+- OMA-URI: **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
+- Data type: **Integer**
+- Value: **0**
+
+Disabling PDE doesn't decrypt any PDE protected content. It only prevents the PDE API from being able to protect any additional content. PDE protected files can be manually decrypted using the following steps:
 
 1. Open the properties of the file
 2. Under the **General** tab, select **Advanced...**
 3. Uncheck the option **Encrypt contents to secure data**
 4. Select **OK**, and then **OK** again
 
-> [!Important]
-> Once a user selects to manually decrypt a file, they will not be able to manually encrypt the file again.
+PDE protected files can also be decrypted using [cipher.exe](/windows-server/administration/windows-commands/cipher). Using `cipher.exe` can be helpful to decrypt files in the following scenarios:
+
+- Decrypting a large number of files on a device
+- Decrypting files on a large number of devices.
+
+To decrypt files on a device using `cipher.exe`:
+
+- Decrypt all files under a directory including subdirectories:
+
+    ```cmd
+    cipher.exe /d /s:<path_to_directory>
+    ```
+
+- Decrypt a single file or all of the files in the specified directory, but not any subdirectories:
+
+    ```cmd
+    cipher.exe /d <path_to_file_or_directory>
+    ```
+
+> [!IMPORTANT]
+> Once a user selects to manually decrypt a file, the user will not be able to manually protect the file again using PDE.
 
 ## Windows out of box applications that support PDE
 
 Certain Windows applications support PDE out of the box. If PDE is enabled on a device, these applications will utilize PDE.
 
 - Mail
-  - Supports encrypting both email bodies and attachments
+  - Supports protecting both email bodies and attachments
 
 ## See also
+
 - [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
 - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
diff --git a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
index b80634992b..5274334565 100644
--- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
@@ -7,8 +7,6 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.localizationpriority: medium
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/15/2022
 appliesto: 
diff --git a/windows/security/information-protection/pluton/pluton-as-tpm.md b/windows/security/information-protection/pluton/pluton-as-tpm.md
index 17a05782e9..a51ef6db48 100644
--- a/windows/security/information-protection/pluton/pluton-as-tpm.md
+++ b/windows/security/information-protection/pluton/pluton-as-tpm.md
@@ -7,8 +7,6 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.localizationpriority: medium
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/15/2022
 appliesto: 
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index 95230d2990..edec923f61 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 05/12/2022
diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 5122a7ca67..5545248585 100644
--- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -6,7 +6,6 @@ ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/03/2021
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index 5dd050c200..5fabd8a69f 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -6,7 +6,6 @@ ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/18/2022
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index bd02dc2445..df275cf0b3 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -7,8 +7,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/03/2021
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 907c31420d..dc54432a56 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -7,7 +7,6 @@ author: dansimp
 ms.author: dansimp
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md
index 4dae6be6e1..1ec4c72de8 100644
--- a/windows/security/information-protection/tpm/manage-tpm-commands.md
+++ b/windows/security/information-protection/tpm/manage-tpm-commands.md
@@ -5,8 +5,6 @@ ms.author: dansimp
 ms.prod: windows-client
 author: dulcemontemayor
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md
index 90cfc7c9ac..b348034a8d 100644
--- a/windows/security/information-protection/tpm/manage-tpm-lockout.md
+++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md
@@ -6,7 +6,6 @@ ms.author: dansimp
 ms.prod: windows-client
 author: dulcemontemayor
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index 4abbc40f2d..34b14b5105 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -6,8 +6,6 @@ ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index 4b69fd9484..60e31fc6af 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -6,8 +6,6 @@ ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 12/27/2021
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index 4cdc7ef9f0..aab2d0711e 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -8,7 +8,6 @@ author: dansimp
 ms.author: dansimp
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index 06be1d344b..f768669a7c 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -8,11 +8,11 @@ author: dansimp
 ms.author: dansimp
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 adobe-target: true
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Trusted Platform Module Technology Overview
@@ -20,8 +20,9 @@ ms.technology: itpro-security
 **Applies to**
 - Windows 11
 - Windows 10
-- Windows Server 2016
+- Windows Server 2022
 - Windows Server 2019
+- Windows Server 2016
 
 This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
 
@@ -74,15 +75,14 @@ Some things that you can check on the device are:
 -   Is SecureBoot supported and enabled?
 
 > [!NOTE]
->  Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
+>  Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows 10, version 1607. TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
 
 ## Supported versions for device health attestation
 
-| TPM version | Windows 11  | Windows 10  | Windows Server 2016 | Windows Server 2019 |
-|-------------|-------------|-------------|---------------------|---------------------|
-| TPM 1.2     |             | >= ver 1607 |    >= ver 1607      |       Yes           |
-| TPM 2.0     |    Yes      |     Yes     |       Yes           |       Yes           |
-
+| TPM version | Windows 11  | Windows 10  | Windows Server 2022 | Windows Server 2019 | Windows Server 2016 |
+|-------------|-------------|-------------|---------------------|---------------------|---------------------|
+| TPM 1.2     |             | >= ver 1607 |                     |      Yes            |    >= ver 1607      |
+| TPM 2.0     |   **Yes**   |  **Yes**    |    **Yes**          |    **Yes**          |    **Yes**          |
 
 ## Related topics
 
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index a9ccf2a714..b6ff1df198 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -6,8 +6,6 @@ ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: 
-  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
index 59a276f5ee..300fe10913 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
@@ -7,7 +7,6 @@ author: dansimp
 ms.author: dansimp
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 687a9b8a7e..7f88cdd683 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
index 0949bc418e..191ef91d6d 100644
--- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
index 76c6da850e..e2a7ffaa5f 100644
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
@@ -7,7 +7,6 @@ author: aczechowski
 ms.author: aaroncz
 manager: dougeby
 ms.reviewer: rafals
-ms.collection: M365-security-compliance
 ms.topic: how-to
 ms.date: 07/15/2022
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
index b7624b94f7..12fd396283 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
index f4c9cd0e4a..1cab70ff7c 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
@@ -7,7 +7,6 @@ author: aczechowski
 ms.author: aaroncz
 manager: dougeby
 ms.reviewer: rafals
-ms.collection: M365-security-compliance
 ms.topic: how-to
 ms.date: 07/15/2022
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 1294e3f168..d60c78b01f 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -6,7 +6,6 @@ author: aczechowski
 ms.author: aaroncz
 manager: dougeby
 ms.reviewer: rafals
-ms.collection: M365-security-compliance
 ms.topic: how-to
 ms.date: 07/15/2022
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
index 6578e9bc6c..81feca58e9 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/05/2019
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 6cea050345..6aed7ca98e 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/02/2019
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
index 6f758d95da..52fa03b931 100644
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index de06121632..db34a870d4 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -6,7 +6,6 @@ author: aczechowski
 ms.author: aaroncz
 manager: dougeby
 ms.reviewer: rafals
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/05/2019
 ms.localizationpriority: medium
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index 9f086b7f07..ac3cd3b1cc 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/25/2022
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
index 076aac8eaf..2f0636e228 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
index 49798db25b..a1b100e968 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/11/2019
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index 9992aec7b6..39b0e027de 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -7,8 +7,6 @@ author: aczechowski
 ms.author: aaroncz
 manager: dougeby
 ms.reviewer: rafals
-ms.collection: 
-  - M365-security-compliance
 ms.topic: overview
 ms.date: 07/15/2022
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
index fef7dcfa1e..a27c24da1d 100644
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/25/2019
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 35d93c25c4..6efe96a30e 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/05/2019
 ms.technology: itpro-security
diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
index 5f413c3657..1be650dda0 100644
--- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
index 37cf054aa4..670283c970 100644
--- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
+++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md
index 8f15eb8d9c..6b8c5f1841 100644
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ b/windows/security/information-protection/windows-information-protection/wip-learning.md
@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
 manager: dougeby
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.technology: itpro-security
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index d2b9b2ae9c..5a71a44832 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -6,7 +6,6 @@ ms.topic: article
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
-ms.collection: M365-security-compliance
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.date: 09/21/2021
diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md
index d49045d449..ceed1cb436 100644
--- a/windows/security/security-foundations.md
+++ b/windows/security/security-foundations.md
@@ -3,21 +3,20 @@ title: Windows security foundations
 description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
 ms.reviewer: 
 ms.topic: article
-manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
-ms.collection: M365-security-compliance
 ms.prod: windows-client
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Windows security foundations
 
 Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
 
-Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. 
+Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified.
 
-Use the links in the following table to learn more about the security foundations:<br/><br/>
+Use the links in the following table to learn more about the security foundations:
 
 | Concept | Description |
 |:---|:---|
@@ -25,6 +24,3 @@ Use the links in the following table to learn more about the security foundation
 | Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
 | Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
 | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |
-
-
-
diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index 54ddd26b54..b4b43624b2 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
@@ -172,4 +171,8 @@ Resource SACLs are also useful for diagnostic scenarios. For example, administra
  
 This category includes the following subcategories:
 -   [File System (Global Object Access Auditing)](file-system-global-object-access-auditing.md)
--   [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md)
\ No newline at end of file
+-   [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md)
+
+## Related topics
+
+-   [Basic security audit policy settings](basic-security-audit-policy-settings.md)
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
index f7e415c185..9b46b2d3a3 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@@ -1,17 +1,14 @@
 ### YamlMime:FAQ
 metadata:
-  title: Advanced security auditing FAQ (Windows 10)
+  title: Advanced security auditing FAQ
   description: This article lists common questions and answers about understanding, deploying, and managing security audit policies.
-  ms.prod: m365-security
-  ms.technology: mde
-  ms.localizationpriority: none
-  author: dansimp
-  ms.author: dansimp
+  ms.prod: windows-client
+  author: vinaypamnani-msft
+  ms.author: vinpa
   manager: aaroncz
-  ms.reviewer: 
-  ms.collection: M365-security-compliance
   ms.topic: faq
   ms.date: 05/24/2022
+  ms.technology: itpro-security
 
 title: Advanced security auditing FAQ
 
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md
index dfdea1de13..37031d5f88 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing.md
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/6/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
index 3838e0f0f4..eb734ebf54 100644
--- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Appendix A: Security monitoring recommendations for many audit events
diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
index 8d2d3f824c..af39d39146 100644
--- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md
index 9d49394e56..f2cf0cc5ec 100644
--- a/windows/security/threat-protection/auditing/audit-account-lockout.md
+++ b/windows/security/threat-protection/auditing/audit-account-lockout.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Account Lockout
diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md
index f7ca99507d..36f8f451a0 100644
--- a/windows/security/threat-protection/auditing/audit-application-generated.md
+++ b/windows/security/threat-protection/auditing/audit-application-generated.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Application Generated
diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md
index 706551065b..cb91f3fa61 100644
--- a/windows/security/threat-protection/auditing/audit-application-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-application-group-management.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Application Group Management
diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
index aaf65be8db..c5cdf8c616 100644
--- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Audit Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
index 6754a2796a..318f08b516 100644
--- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Authentication Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
index e8c3a7d588..b7fd89b268 100644
--- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Authorization Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
index 5e92817efe..62ac5c925c 100644
--- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
+++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Central Access Policy Staging
diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md
index bc1ec469f1..889edc295b 100644
--- a/windows/security/threat-protection/auditing/audit-certification-services.md
+++ b/windows/security/threat-protection/auditing/audit-certification-services.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Certification Services
diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md
index 8c42317e94..63ad7eaac9 100644
--- a/windows/security/threat-protection/auditing/audit-computer-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Computer Account Management
diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md
index b04f1cb5a9..a5a9dc7158 100644
--- a/windows/security/threat-protection/auditing/audit-credential-validation.md
+++ b/windows/security/threat-protection/auditing/audit-credential-validation.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Credential Validation
diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
index 72f481f66b..7fffbad3df 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Detailed Directory Service Replication
diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
index 16b1667db6..9ec6b5c148 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Detailed File Share
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md
index a70119e0d5..e58853650d 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Directory Service Access
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
index 5aa0e36978..c9485389e9 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Directory Service Changes
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
index f9c45299fe..046dd9a1e7 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Directory Service Replication
diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
index 23341f0d60..8eb5bb988c 100644
--- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Distribution Group Management
diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
index bc24e85d75..79dbf17692 100644
--- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md
+++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit DPAPI Activity
diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md
index 59c2d6638e..577c138f46 100644
--- a/windows/security/threat-protection/auditing/audit-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-file-share.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit File Share
diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md
index c9a66ed82e..037faaf8f4 100644
--- a/windows/security/threat-protection/auditing/audit-file-system.md
+++ b/windows/security/threat-protection/auditing/audit-file-system.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit File System
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
index 7984928783..5877ab26f1 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Filtering Platform Connection
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
index 15c0bc27d2..9003cab47c 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Filtering Platform Packet Drop
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
index b8f192cccd..1a4cab1153 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Filtering Platform Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md
index b3740aca1a..9f32d9d336 100644
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Group Membership
diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
index c468ff02f3..50470902eb 100644
--- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md
+++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Handle Manipulation
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
index dc52d2d90e..cfcefafd36 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit IPsec Driver
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
index 92e2d71f5e..33bfbb485d 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit IPsec Extended Mode
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
index 965715efa2..7f1d59e38c 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit IPsec Main Mode
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
index 7a8be4ff82..869e1f4dcf 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit IPsec Quick Mode
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
index 98a1c8f558..4ed0bce866 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Kerberos Authentication Service
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
index 135c2882b7..ed3c49dfef 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Kerberos Service Ticket Operations
diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md
index bb5d6d221a..0dd8928c22 100644
--- a/windows/security/threat-protection/auditing/audit-kernel-object.md
+++ b/windows/security/threat-protection/auditing/audit-kernel-object.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Kernel Object
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index b6108a6488..6a1f7f33ef 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Logoff
diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md
index 74e7fe7f8f..4b78d70722 100644
--- a/windows/security/threat-protection/auditing/audit-logon.md
+++ b/windows/security/threat-protection/auditing/audit-logon.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Logon
diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
index a441c97c4c..4081cf31a9 100644
--- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit MPSSVC Rule-Level Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md
index 6c9a0fb877..2501fecc08 100644
--- a/windows/security/threat-protection/auditing/audit-network-policy-server.md
+++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Network Policy Server
diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
index b9920a8900..01b3fb153f 100644
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Non-Sensitive Privilege Use
diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index 23ab2587a5..23ee128d63 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Other Account Logon Events
diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
index 7d8e27c634..8f3d985309 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Other Account Management Events
diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
index 43e4b822aa..789ab297be 100644
--- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Other Logon/Logoff Events
diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
index 901c4b5a7e..5dc0923e42 100644
--- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Other Object Access Events
diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
index 776b3fdec9..d088e9f929 100644
--- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Other Policy Change Events
diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
index 97a8de3544..c2487a6b33 100644
--- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Other Privilege Use Events
diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md
index 015eb3ddea..63cfb375b0 100644
--- a/windows/security/threat-protection/auditing/audit-other-system-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-system-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Other System Events
diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md
index da07e88f35..224eae5fcb 100644
--- a/windows/security/threat-protection/auditing/audit-pnp-activity.md
+++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit PNP Activity
diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md
index 3eb6dcf190..07b283ace9 100644
--- a/windows/security/threat-protection/auditing/audit-process-creation.md
+++ b/windows/security/threat-protection/auditing/audit-process-creation.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 03/16/2022
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Process Creation
diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md
index 60a0a05de7..b156ba658a 100644
--- a/windows/security/threat-protection/auditing/audit-process-termination.md
+++ b/windows/security/threat-protection/auditing/audit-process-termination.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Process Termination
diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md
index e67da43c3e..a4423aeb52 100644
--- a/windows/security/threat-protection/auditing/audit-registry.md
+++ b/windows/security/threat-protection/auditing/audit-registry.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 01/05/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Registry
diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md
index 4277dd71c8..c9d2586107 100644
--- a/windows/security/threat-protection/auditing/audit-removable-storage.md
+++ b/windows/security/threat-protection/auditing/audit-removable-storage.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Removable Storage
diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md
index 27dc6938be..bee389855a 100644
--- a/windows/security/threat-protection/auditing/audit-rpc-events.md
+++ b/windows/security/threat-protection/auditing/audit-rpc-events.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit RPC Events
diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md
index 1f295079c7..c92e7d5ba5 100644
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit SAM
diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index 6fe81c704f..0564c257b6 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Security Group Management
diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md
index 94c6d1f229..25686b4f33 100644
--- a/windows/security/threat-protection/auditing/audit-security-state-change.md
+++ b/windows/security/threat-protection/auditing/audit-security-state-change.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Security State Change
diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md
index fbda6e4cbb..72a72a15aa 100644
--- a/windows/security/threat-protection/auditing/audit-security-system-extension.md
+++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Security System Extension
diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
index eb8714f152..c79520f698 100644
--- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Sensitive Privilege Use
diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md
index 8f865d11bc..e9958ffa2e 100644
--- a/windows/security/threat-protection/auditing/audit-special-logon.md
+++ b/windows/security/threat-protection/auditing/audit-special-logon.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit Special Logon
diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md
index 761abff74a..4a313d8ae0 100644
--- a/windows/security/threat-protection/auditing/audit-system-integrity.md
+++ b/windows/security/threat-protection/auditing/audit-system-integrity.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit System Integrity
diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
index 533703cb10..d0969156b5 100644
--- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
+++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
@@ -7,6 +7,8 @@ ms.author: vinpa
 ms.pagetype: security
 ms.prod: windows-client
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Audit Token Right Adjusted
diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md
index 7efa2301e3..2faba55a60 100644
--- a/windows/security/threat-protection/auditing/audit-user-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-user-account-management.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit User Account Management
diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md
index 750c5568ca..e22930f47a 100644
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@@ -13,6 +13,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Audit User/Device Claims
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
index c40298d5a5..da74741832 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md
index 2327ae1658..22824ae059 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
index bbd62c2d7f..e9bd4f0117 100644
--- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index c429d26054..319301f86f 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md
index 5223f78f44..1b5014823a 100644
--- a/windows/security/threat-protection/auditing/basic-audit-object-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
index 698273ad21..e698be1f37 100644
--- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
index 202483cba9..4e70e2b0f1 100644
--- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
+++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
index 96125dc789..e2d32e164d 100644
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md
index 951ca143f2..e1c1c1a64c 100644
--- a/windows/security/threat-protection/auditing/basic-audit-system-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
index e05747ce76..5a4bec26db 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
index bbc3b39ae8..aa0e4c7ea2 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
 ms.technology: itpro-security
@@ -39,6 +38,6 @@ Basic security audit policy settings are found under Computer Configuration\\Win
  
 ## Related topics
 
-- [Basic security audit policy settings](basic-security-audit-policy-settings.md)
+- [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
  
  
diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
index 431c0d89e2..f27b911fa2 100644
--- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -12,7 +12,6 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md
index b5e2bfaf89..b0606e87da 100644
--- a/windows/security/threat-protection/auditing/event-1100.md
+++ b/windows/security/threat-protection/auditing/event-1100.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 1100(S): The event logging service has shut down.
diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md
index 3da9fc2a33..c319070f2a 100644
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 1102(S): The audit log was cleared.
diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md
index 71e08f1f79..7768b7a43a 100644
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 1104(S): The security log is now full.
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index 6eea66a2d6..2c10dd205e 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 1105(S): Event log automatic backup
diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md
index 3ef547a322..3412104704 100644
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index 51e0c51819..bbcb45e073 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4608(S): Windows is starting up.
diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md
index cbb410b55d..2307a50732 100644
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4610(S): An authentication package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md
index 0f4b7b7a55..54b57cc223 100644
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4611(S): A trusted logon process has been registered with the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md
index 15ba866bce..111fa80c83 100644
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md
index 1dbbdeeefe..edb915b91d 100644
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4614(S): A notification package has been loaded by the Security Account Manager.
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index d3cd763690..f74209909e 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4615(S): Invalid use of LPC port.
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index dfd4eb58db..166b695ebb 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4616(S): The system time was changed.
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index dcbe79c3ac..f35815a20c 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4618(S): A monitored security event pattern has occurred.
diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md
index 8d85ca11c8..64e4f81134 100644
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4621(S): Administrator recovered system from CrashOnAuditFail.
diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md
index b4d338e351..5dc147c077 100644
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4622(S): A security package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index 9a2a4e5b64..d505b5d9ef 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -14,6 +14,7 @@ ms.author: vinpa
 ms.technology: itpro-security
 ms.collection: 
   - highpri
+ms.topic: reference
 ---
 
 # 4624(S): An account was successfully logged on.
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 8030b3d479..81657a6361 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -14,6 +14,7 @@ ms.author: vinpa
 ms.technology: itpro-security
 ms.collection: 
   - highpri
+ms.topic: reference
 ---
 
 # 4625(F): An account failed to log on.
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index d855d40847..addb26abce 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4626(S): User/Device claims information.
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index b86dcd5739..0da1f08aee 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4627(S): Group membership information.
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index 467dedd19f..6d8ed22539 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4634(S): An account was logged off.
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 9ff4d6507e..64c7e02466 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4647(S): User initiated logoff.
diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md
index b0cab6c7cd..5ffebb9c04 100644
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4648(S): A logon was attempted using explicit credentials.
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index 4447ed9ef5..98a1c9ad18 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4649(S): A replay attack was detected.
diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md
index 4f9aa3d55a..7d974fa3fa 100644
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4656(S, F): A handle to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index fbe96e603d..cb4ecc3ae1 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4657(S): A registry value was modified.
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index c577dd8cb1..532558cd00 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4658(S): The handle to an object was closed.
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 52e57a1502..b0124437c6 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4660(S): An object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index bf8b9b0543..6cc68892c8 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4661(S, F): A handle to an object was requested.
@@ -157,15 +158,15 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
 
 **Access Request Information:**
 
--   **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same the **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.”
+-   **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.”
 
     This parameter might not be captured in the event, and in that case appears as “{00000000-0000-0000-0000-000000000000}”.
 
 > **Note**&nbsp;&nbsp;**GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances.
 
--   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
+-   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
 
--   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
+-   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
 
 -   **Privileges Used for Access Check** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in the table below:
 
@@ -217,4 +218,4 @@ For 4661(S, F): A handle to an object was requested.
 
 > **Important**&nbsp;&nbsp;For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
--   You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.
\ No newline at end of file
+-   You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.
diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md
index cdc37e9ac3..cf19827489 100644
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4662(S, F): An operation was performed on an object.
diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md
index e92604294e..cf790af491 100644
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4663(S): An attempt was made to access an object.
diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md
index 5d20d8cbda..0a27e27f7d 100644
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4664(S): An attempt was made to create a hard link.
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index 1775901f8b..9509f490e5 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4670(S): Permissions on an object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md
index 7a1ee6965a..3215da12d8 100644
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4671(-): An application attempted to access a blocked ordinal through the TBS.
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index 25a4365bb7..3b61e352a2 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4672(S): Special privileges assigned to new logon.
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index e4ba4b8a01..e63486e9fa 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4673(S, F): A privileged service was called.
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index 09b8e8a50e..11f8c3fb62 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4674(S, F): An operation was attempted on a privileged object.
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index 8a6b84b8e9..6daf08eef3 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4675(S): SIDs were filtered.
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 2416040af7..5742fbd554 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4688(S): A new process has been created. (Windows 10)
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index e64fd85f5a..f2014c9a1e 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4689(S): A process has exited.
diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md
index 25c57686e5..e0b54b2afe 100644
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4690(S): An attempt was made to duplicate a handle to an object.
diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index 140889746d..9f88bf0d9b 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4691(S): Indirect access to an object was requested.
@@ -125,12 +126,12 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ
 
 **Access Request Information:**
 
--   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. “Table 13. File access codes.” contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
+-   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
 
--   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
+-   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
 
 ## Security Monitoring Recommendations
 
 For 4691(S): Indirect access to an object was requested.
 
--   Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.
\ No newline at end of file
+-   Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index ac9b7268ca..fb56e8e4c9 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4692(S, F): Backup of data protection master key was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 219798f08e..bd99d76424 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4693(S, F): Recovery of data protection master key was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md
index dc24a37fc9..f66fb36e4d 100644
--- a/windows/security/threat-protection/auditing/event-4694.md
+++ b/windows/security/threat-protection/auditing/event-4694.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4694(S, F): Protection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md
index 78c1b43834..68c0ac644a 100644
--- a/windows/security/threat-protection/auditing/event-4695.md
+++ b/windows/security/threat-protection/auditing/event-4695.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4695(S, F): Unprotection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md
index 16c7a8e333..fc3d8432ee 100644
--- a/windows/security/threat-protection/auditing/event-4696.md
+++ b/windows/security/threat-protection/auditing/event-4696.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4696(S): A primary token was assigned to process.
diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md
index 348ae3a7a9..5d1072f99b 100644
--- a/windows/security/threat-protection/auditing/event-4697.md
+++ b/windows/security/threat-protection/auditing/event-4697.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4697(S): A service was installed in the system.
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index 7eb2d41a68..cfbe0e3f96 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4698(S): A scheduled task was created.
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index 258b0a31d3..56935a1da0 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4699(S): A scheduled task was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index aa1ef1cc10..3c45c92cf4 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4700(S): A scheduled task was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index 11a6147179..0a9639837b 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4701(S): A scheduled task was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index a738b7753e..96c7f0b93b 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4702(S): A scheduled task was updated.
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index b4571317fc..f10d935aa1 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4703(S): A user right was adjusted.
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index 0780690284..4b0b4ef478 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4704(S): A user right was assigned.
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index afd7149169..c66295ce0d 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4705(S): A user right was removed.
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index c6ff0bb373..01ce8db4cd 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4706(S): A new trust was created to a domain.
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index 28b13b2cb0..a47a9ea3ea 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4707(S): A trust to a domain was removed.
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index e92aa50675..218134046e 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4713(S): Kerberos policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md
index 77709fc5c7..fc40a49c6e 100644
--- a/windows/security/threat-protection/auditing/event-4714.md
+++ b/windows/security/threat-protection/auditing/event-4714.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4714(S): Encrypted data recovery policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md
index 82b24bae92..f128397767 100644
--- a/windows/security/threat-protection/auditing/event-4715.md
+++ b/windows/security/threat-protection/auditing/event-4715.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4715(S): The audit policy (SACL) on an object was changed.
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index f6d57fece2..64f3140ad0 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4716(S): Trusted domain information was modified.
diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md
index dc449a8758..8a1f14e022 100644
--- a/windows/security/threat-protection/auditing/event-4717.md
+++ b/windows/security/threat-protection/auditing/event-4717.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4717(S): System security access was granted to an account.
diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md
index 7a47fa5d37..e8ec6b8039 100644
--- a/windows/security/threat-protection/auditing/event-4718.md
+++ b/windows/security/threat-protection/auditing/event-4718.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4718(S): System security access was removed from an account.
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index 97711ffdf7..dae615acf4 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4719(S): System audit policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index bb732fd1dd..b53966664d 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4720(S): A user account was created.
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index 1d82961714..4388873aa0 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4722(S): A user account was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md
index f63004d706..8b8b7975a1 100644
--- a/windows/security/threat-protection/auditing/event-4723.md
+++ b/windows/security/threat-protection/auditing/event-4723.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4723(S, F): An attempt was made to change an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md
index a36b61acac..00c98b63e4 100644
--- a/windows/security/threat-protection/auditing/event-4724.md
+++ b/windows/security/threat-protection/auditing/event-4724.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4724(S, F): An attempt was made to reset an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index 731fa570ad..ad5b546a6d 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4725(S): A user account was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index 620ba8bbeb..7df0779c4a 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4726(S): A user account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md
index 39426b84ac..ca1c673af4 100644
--- a/windows/security/threat-protection/auditing/event-4731.md
+++ b/windows/security/threat-protection/auditing/event-4731.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4731(S): A security-enabled local group was created.
diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md
index e68eecbb3d..8afb300906 100644
--- a/windows/security/threat-protection/auditing/event-4732.md
+++ b/windows/security/threat-protection/auditing/event-4732.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4732(S): A member was added to a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md
index b3dcf94109..3a24b2ef0f 100644
--- a/windows/security/threat-protection/auditing/event-4733.md
+++ b/windows/security/threat-protection/auditing/event-4733.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4733(S): A member was removed from a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md
index 2f83cfa9a5..ac2c5d7b93 100644
--- a/windows/security/threat-protection/auditing/event-4734.md
+++ b/windows/security/threat-protection/auditing/event-4734.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4734(S): A security-enabled local group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md
index f590b87f44..4842263179 100644
--- a/windows/security/threat-protection/auditing/event-4735.md
+++ b/windows/security/threat-protection/auditing/event-4735.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4735(S): A security-enabled local group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index ef5a72da75..63352ed67e 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4738(S): A user account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index 4ecbfdf064..d43bdb27e2 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4739(S): Domain Policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index 63c75713f7..46c0cdcb9d 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4740(S): A user account was locked out.
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index 0152e427a6..5245280f11 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4741(S): A computer account was created.
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index de51f96421..3f5f9c2eb6 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4742(S): A computer account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index cfa007a9b7..50411689a9 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4743(S): A computer account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md
index f49d9f6c7c..8293c95b2b 100644
--- a/windows/security/threat-protection/auditing/event-4749.md
+++ b/windows/security/threat-protection/auditing/event-4749.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4749(S): A security-disabled global group was created.
diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md
index aa3be8fba0..d106e10077 100644
--- a/windows/security/threat-protection/auditing/event-4750.md
+++ b/windows/security/threat-protection/auditing/event-4750.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4750(S): A security-disabled global group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md
index fdd8a37fcc..e3bdca780e 100644
--- a/windows/security/threat-protection/auditing/event-4751.md
+++ b/windows/security/threat-protection/auditing/event-4751.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4751(S): A member was added to a security-disabled global group.
diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md
index d49e422f9e..f6b4fc37dd 100644
--- a/windows/security/threat-protection/auditing/event-4752.md
+++ b/windows/security/threat-protection/auditing/event-4752.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4752(S): A member was removed from a security-disabled global group.
diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md
index b5f941a040..6bdf28a86b 100644
--- a/windows/security/threat-protection/auditing/event-4753.md
+++ b/windows/security/threat-protection/auditing/event-4753.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4753(S): A security-disabled global group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index 85824b3df3..f959fc103a 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4764(S): A group’s type was changed.
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index cf78144c6a..5789319e57 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4765(S): SID History was added to an account.
diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md
index 4178c53a80..4d0ec7ae25 100644
--- a/windows/security/threat-protection/auditing/event-4766.md
+++ b/windows/security/threat-protection/auditing/event-4766.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4766(F): An attempt to add SID History to an account failed.
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index 21beb6c3ec..9dbf921ebf 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4767(S): A user account was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 1eded19698..825ba47534 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
@@ -219,7 +220,7 @@ The most common values:
 | 0x14                                                       | KDC\_ERR\_TGT\_REVOKED                 | TGT has been revoked                                                        | Since the remote KDC may change its PKCROSS key while there are PKCROSS tickets still active, it SHOULD cache the old PKCROSS keys until the last issued PKCROSS ticket expires. Otherwise, the remote KDC will respond to a client with a KRB-ERROR message of type KDC\_ERR\_TGT\_REVOKED. See [RFC1510](https://www.ietf.org/proceedings/49/I-D/draft-ietf-cat-kerberos-pk-cross-07.txt) for more details.                                                                                                                                                                                                                |
 | 0x15                                                       | KDC\_ERR\_CLIENT\_NOTYET               | Client not yet valid—try again later                                        | No information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
 | 0x16                                                       | KDC\_ERR\_SERVICE\_NOTYET              | Server not yet valid—try again later                                        | No information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
-| 0x17                                                       | KDC\_ERR\_KEY\_EXPIRED                 | Password has expired—change password to reset                               | The user’s password has expired.<br>This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event.                                                                                                                                                                                                                                                                                                                                                     |
+| 0x17                                                       | KDC\_ERR\_KEY\_EXPIRED                 | Password has expired—change password to reset                               | The user’s password has expired.                                                                                                                                                                                                                                                                                                                                                     |
 | 0x18                                                       | KDC\_ERR\_PREAUTH\_FAILED              | Pre-authentication information was invalid                                  | The wrong password was provided.<br>This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event.                                                                                                                                                                                                                                                                                                                                                     |
 | 0x19                                                       | KDC\_ERR\_PREAUTH\_REQUIRED            | Additional pre-authentication required                                      | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way.                                                                                                                                                                                              |
 | 0x1A                                                       | KDC\_ERR\_SERVER\_NOMATCH              | KDC does not know about the requested server                                | No information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index bcf3312248..e82434467c 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4769(S, F): A Kerberos service ticket was requested.
diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md
index b24835b3ba..2027d8504f 100644
--- a/windows/security/threat-protection/auditing/event-4770.md
+++ b/windows/security/threat-protection/auditing/event-4770.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4770(S): A Kerberos service ticket was renewed.
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index 0d4c72e45f..3ca1095e98 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -14,6 +14,7 @@ ms.author: vinpa
 ms.technology: itpro-security
 ms.collection: 
   - highpri
+ms.topic: reference
 ---
 
 # 4771(F): Kerberos pre-authentication failed.
diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md
index 54fdd53057..3c378ccc0b 100644
--- a/windows/security/threat-protection/auditing/event-4772.md
+++ b/windows/security/threat-protection/auditing/event-4772.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4772(F): A Kerberos authentication ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md
index e3ad7e5b20..30c32b9f8d 100644
--- a/windows/security/threat-protection/auditing/event-4773.md
+++ b/windows/security/threat-protection/auditing/event-4773.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4773(F): A Kerberos service ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index 4cf831e05b..2f9b37c352 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4774(S, F): An account was mapped for logon
diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md
index 285efe300f..8281bb27e5 100644
--- a/windows/security/threat-protection/auditing/event-4775.md
+++ b/windows/security/threat-protection/auditing/event-4775.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4775(F): An account could not be mapped for logon.
diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index cebb01a7c7..e411b647ce 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -14,6 +14,7 @@ ms.author: vinpa
 ms.technology: itpro-security
 ms.collection: 
   - highpri
+ms.topic: reference
 ---
 
 # 4776(S, F): The computer attempted to validate the credentials for an account.
diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index 21749ac3ac..e534dbee25 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4777(F): The domain controller failed to validate the credentials for an account.
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index f9f3175763..76aac3738e 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4778(S): A session was reconnected to a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index 4edf0f6668..7f6568c1cb 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4779(S): A session was disconnected from a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 982fa983de..5195929a0e 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4780(S): The ACL was set on accounts which are members of administrators groups.
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index 856cd7cb4b..fc2aaffc53 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4781(S): The name of an account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index 3a6d312600..a0615135c6 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4782(S): The password hash of an account was accessed.
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index 7c64bea4eb..cc197ccb60 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4793(S): The Password Policy Checking API was called.
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index 8519e79e9d..6bcb12e02c 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 396f15d0b2..696366f22d 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4798(S): A user's local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index ad750b391e..1cf362be1d 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4799(S): A security-enabled local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index 87f46d5a18..89c94ade64 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4800(S): The workstation was locked.
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index f94c08e08f..906e46fcd3 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4801(S): The workstation was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index 6590d5bd4b..1b423f29ee 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4802(S): The screen saver was invoked.
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index 2c0e8d441b..247e3c704d 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4803(S): The screen saver was dismissed.
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index 8d61ef6f9a..8636e1abef 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4816(S): RPC detected an integrity violation while decrypting an incoming message.
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index 2cb3ae3794..ff20520062 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4817(S): Auditing settings on object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index 25c2111bd2..c884c2e7a8 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index 69743c28c7..e8bca4427e 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4819(S): Central Access Policies on the machine have been changed.
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 914961945b..001e6c6026 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4826(S): Boot Configuration Data loaded.
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index e70836a75b..a26b552f4a 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4864(S): A namespace collision was detected.
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index 76624588fc..aa44c9bb6a 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4865(S): A trusted forest information entry was added.
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index 1e1b870506..1fcc07f446 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4866(S): A trusted forest information entry was removed.
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index 24063dad9d..ce30699bfa 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4867(S): A trusted forest information entry was modified.
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index 5b2a94af52..7185b9f3da 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4902(S): The Per-user audit policy table was created.
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index fd9ee497a2..90858c5844 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4904(S): An attempt was made to register a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md
index c8ba9bb9c9..14eb6cfa8b 100644
--- a/windows/security/threat-protection/auditing/event-4905.md
+++ b/windows/security/threat-protection/auditing/event-4905.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4905(S): An attempt was made to unregister a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md
index 4913d0d431..2058342aa0 100644
--- a/windows/security/threat-protection/auditing/event-4906.md
+++ b/windows/security/threat-protection/auditing/event-4906.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4906(S): The CrashOnAuditFail value has changed.
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index 70de13eecf..c38b66d51b 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4907(S): Auditing settings on object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md
index b5351ecbd4..3314e94436 100644
--- a/windows/security/threat-protection/auditing/event-4908.md
+++ b/windows/security/threat-protection/auditing/event-4908.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4908(S): Special Groups Logon table modified.
diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md
index ab35104b88..8a8631489a 100644
--- a/windows/security/threat-protection/auditing/event-4909.md
+++ b/windows/security/threat-protection/auditing/event-4909.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4909(-): The local policy settings for the TBS were changed.
diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md
index 2e46e4e49e..15276f29ce 100644
--- a/windows/security/threat-protection/auditing/event-4910.md
+++ b/windows/security/threat-protection/auditing/event-4910.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4910(-): The group policy settings for the TBS were changed.
diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md
index b72644a868..abc112dbb4 100644
--- a/windows/security/threat-protection/auditing/event-4911.md
+++ b/windows/security/threat-protection/auditing/event-4911.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4911(S): Resource attributes of the object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md
index 3ac8a96880..0c0e66f90e 100644
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4912(S): Per User Audit Policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md
index 949b10bd58..e15a691617 100644
--- a/windows/security/threat-protection/auditing/event-4913.md
+++ b/windows/security/threat-protection/auditing/event-4913.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4913(S): Central Access Policy on the object was changed.
diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md
index d39db3ef25..902113bb5c 100644
--- a/windows/security/threat-protection/auditing/event-4928.md
+++ b/windows/security/threat-protection/auditing/event-4928.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4928(S, F): An Active Directory replica source naming context was established.
diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md
index 596b209eb4..3fd978d0e3 100644
--- a/windows/security/threat-protection/auditing/event-4929.md
+++ b/windows/security/threat-protection/auditing/event-4929.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4929(S, F): An Active Directory replica source naming context was removed.
diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md
index e66843285f..1b7bee26bf 100644
--- a/windows/security/threat-protection/auditing/event-4930.md
+++ b/windows/security/threat-protection/auditing/event-4930.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4930(S, F): An Active Directory replica source naming context was modified.
diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md
index 27be6fe7ed..75acecb89f 100644
--- a/windows/security/threat-protection/auditing/event-4931.md
+++ b/windows/security/threat-protection/auditing/event-4931.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4931(S, F): An Active Directory replica destination naming context was modified.
diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md
index 71e22cd118..4cdd6b7bdd 100644
--- a/windows/security/threat-protection/auditing/event-4932.md
+++ b/windows/security/threat-protection/auditing/event-4932.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4932(S): Synchronization of a replica of an Active Directory naming context has begun.
diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md
index 3937b0e178..b1636e8e63 100644
--- a/windows/security/threat-protection/auditing/event-4933.md
+++ b/windows/security/threat-protection/auditing/event-4933.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended.
diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md
index 90e2db1e04..efafcb9b79 100644
--- a/windows/security/threat-protection/auditing/event-4934.md
+++ b/windows/security/threat-protection/auditing/event-4934.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4934(S): Attributes of an Active Directory object were replicated.
diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md
index 79ef8d6e1c..a126742afb 100644
--- a/windows/security/threat-protection/auditing/event-4935.md
+++ b/windows/security/threat-protection/auditing/event-4935.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4935(F): Replication failure begins.
diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md
index 16a640d3bb..e2818ec6ee 100644
--- a/windows/security/threat-protection/auditing/event-4936.md
+++ b/windows/security/threat-protection/auditing/event-4936.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4936(S): Replication failure ends.
diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md
index 731aceca7a..8296ce75c4 100644
--- a/windows/security/threat-protection/auditing/event-4937.md
+++ b/windows/security/threat-protection/auditing/event-4937.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4937(S): A lingering object was removed from a replica.
diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md
index 7db0bee853..bb08c3a077 100644
--- a/windows/security/threat-protection/auditing/event-4944.md
+++ b/windows/security/threat-protection/auditing/event-4944.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4944(S): The following policy was active when the Windows Firewall started.
diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md
index 8d73c9f148..852ed5f03e 100644
--- a/windows/security/threat-protection/auditing/event-4945.md
+++ b/windows/security/threat-protection/auditing/event-4945.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4945(S): A rule was listed when the Windows Firewall started.
diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md
index d2fafe1dfc..ab355b85c1 100644
--- a/windows/security/threat-protection/auditing/event-4946.md
+++ b/windows/security/threat-protection/auditing/event-4946.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4946(S): A change has been made to Windows Firewall exception list. A rule was added.
diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md
index 674449382b..284d2d4303 100644
--- a/windows/security/threat-protection/auditing/event-4947.md
+++ b/windows/security/threat-protection/auditing/event-4947.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified.
diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md
index 43acd0b7a9..da8f423b29 100644
--- a/windows/security/threat-protection/auditing/event-4948.md
+++ b/windows/security/threat-protection/auditing/event-4948.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md
index 81db5c36c6..528ad262bb 100644
--- a/windows/security/threat-protection/auditing/event-4949.md
+++ b/windows/security/threat-protection/auditing/event-4949.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4949(S): Windows Firewall settings were restored to the default values.
diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md
index b4bd969a10..8a3aa4274a 100644
--- a/windows/security/threat-protection/auditing/event-4950.md
+++ b/windows/security/threat-protection/auditing/event-4950.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4950(S): A Windows Firewall setting has changed.
diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md
index f585ac4615..7addb69d77 100644
--- a/windows/security/threat-protection/auditing/event-4951.md
+++ b/windows/security/threat-protection/auditing/event-4951.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4951(F): A rule has been ignored because its major version number wasn't recognized by Windows Firewall.
diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md
index f95423f1c1..1dd166db54 100644
--- a/windows/security/threat-protection/auditing/event-4952.md
+++ b/windows/security/threat-protection/auditing/event-4952.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.
diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md
index dfce2c4545..5a5a97d56a 100644
--- a/windows/security/threat-protection/auditing/event-4953.md
+++ b/windows/security/threat-protection/auditing/event-4953.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4953(F): Windows Firewall ignored a rule because it couldn't be parsed.
diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md
index 09f0a2ce76..07977d6aff 100644
--- a/windows/security/threat-protection/auditing/event-4954.md
+++ b/windows/security/threat-protection/auditing/event-4954.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied.
diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md
index 2344350879..105b780984 100644
--- a/windows/security/threat-protection/auditing/event-4956.md
+++ b/windows/security/threat-protection/auditing/event-4956.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4956(S): Windows Firewall has changed the active profile.
diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md
index c408811451..49fae3fef5 100644
--- a/windows/security/threat-protection/auditing/event-4957.md
+++ b/windows/security/threat-protection/auditing/event-4957.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4957(F): Windows Firewall did not apply the following rule.
diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md
index e05fc62bfa..45964176a6 100644
--- a/windows/security/threat-protection/auditing/event-4958.md
+++ b/windows/security/threat-protection/auditing/event-4958.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md
index 6c8452f0d6..51893d2572 100644
--- a/windows/security/threat-protection/auditing/event-4964.md
+++ b/windows/security/threat-protection/auditing/event-4964.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4964(S): Special groups have been assigned to a new logon.
diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md
index b5cdedc6a7..8150e62b11 100644
--- a/windows/security/threat-protection/auditing/event-4985.md
+++ b/windows/security/threat-protection/auditing/event-4985.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 4985(S): The state of a transaction has changed.
diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md
index c6f473df75..9e06608869 100644
--- a/windows/security/threat-protection/auditing/event-5024.md
+++ b/windows/security/threat-protection/auditing/event-5024.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5024(S): The Windows Firewall Service has started successfully.
diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md
index 4dd4c320c6..9ae2fe14d0 100644
--- a/windows/security/threat-protection/auditing/event-5025.md
+++ b/windows/security/threat-protection/auditing/event-5025.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5025(S): The Windows Firewall Service has been stopped.
diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md
index 652dac8c47..d654b82a01 100644
--- a/windows/security/threat-protection/auditing/event-5027.md
+++ b/windows/security/threat-protection/auditing/event-5027.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.
diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md
index 6650d79ec5..bf9c62d91a 100644
--- a/windows/security/threat-protection/auditing/event-5028.md
+++ b/windows/security/threat-protection/auditing/event-5028.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md
index 7ca1bb4522..4a36c10d4d 100644
--- a/windows/security/threat-protection/auditing/event-5029.md
+++ b/windows/security/threat-protection/auditing/event-5029.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md
index 24660d6d45..aa78cb3b62 100644
--- a/windows/security/threat-protection/auditing/event-5030.md
+++ b/windows/security/threat-protection/auditing/event-5030.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5030(F): The Windows Firewall Service failed to start.
diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md
index c328c46107..04c03b1ee6 100644
--- a/windows/security/threat-protection/auditing/event-5031.md
+++ b/windows/security/threat-protection/auditing/event-5031.md
@@ -12,6 +12,7 @@ ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network.
diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md
index 231acb67b1..af43e8ea73 100644
--- a/windows/security/threat-protection/auditing/event-5032.md
+++ b/windows/security/threat-protection/auditing/event-5032.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md
index ce127dad94..467ba04e40 100644
--- a/windows/security/threat-protection/auditing/event-5033.md
+++ b/windows/security/threat-protection/auditing/event-5033.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5033(S): The Windows Firewall Driver has started successfully.
diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md
index 52c8c2522d..dc2d097c4a 100644
--- a/windows/security/threat-protection/auditing/event-5034.md
+++ b/windows/security/threat-protection/auditing/event-5034.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5034(S): The Windows Firewall Driver was stopped.
diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md
index 3cf63d5224..88a49892a6 100644
--- a/windows/security/threat-protection/auditing/event-5035.md
+++ b/windows/security/threat-protection/auditing/event-5035.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5035(F): The Windows Firewall Driver failed to start.
diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md
index bf6d42a9ef..f25a054fe7 100644
--- a/windows/security/threat-protection/auditing/event-5037.md
+++ b/windows/security/threat-protection/auditing/event-5037.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating.
diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md
index 3b4aa0d998..e824e93afe 100644
--- a/windows/security/threat-protection/auditing/event-5038.md
+++ b/windows/security/threat-protection/auditing/event-5038.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index e1f249411a..7bf2bf5471 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5039(-): A registry key was virtualized.
diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md
index 79d4e4b789..38a07353b3 100644
--- a/windows/security/threat-protection/auditing/event-5051.md
+++ b/windows/security/threat-protection/auditing/event-5051.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5051(-): A file was virtualized.
diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md
index bac056b217..3711acef2d 100644
--- a/windows/security/threat-protection/auditing/event-5056.md
+++ b/windows/security/threat-protection/auditing/event-5056.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5056(S): A cryptographic self-test was performed.
diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md
index 2013fda273..4fc7113c1b 100644
--- a/windows/security/threat-protection/auditing/event-5057.md
+++ b/windows/security/threat-protection/auditing/event-5057.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5057(F): A cryptographic primitive operation failed.
diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md
index 2dae2d1e2f..b95c545e7c 100644
--- a/windows/security/threat-protection/auditing/event-5058.md
+++ b/windows/security/threat-protection/auditing/event-5058.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5058(S, F): Key file operation.
diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md
index 26cd95b0d4..cdbae47721 100644
--- a/windows/security/threat-protection/auditing/event-5059.md
+++ b/windows/security/threat-protection/auditing/event-5059.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5059(S, F): Key migration operation.
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index 1a65f76633..60ec2cbd3e 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5060(F): Verification operation failed.
diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md
index d47254485f..802ee6cc60 100644
--- a/windows/security/threat-protection/auditing/event-5061.md
+++ b/windows/security/threat-protection/auditing/event-5061.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5061(S, F): Cryptographic operation.
diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md
index 08b0f7bce0..a76dabb95e 100644
--- a/windows/security/threat-protection/auditing/event-5062.md
+++ b/windows/security/threat-protection/auditing/event-5062.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5062(S): A kernel-mode cryptographic self-test was performed.
diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md
index 784019bc18..41ac047786 100644
--- a/windows/security/threat-protection/auditing/event-5063.md
+++ b/windows/security/threat-protection/auditing/event-5063.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5063(S, F): A cryptographic provider operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md
index 807d3ee45d..3467a2816a 100644
--- a/windows/security/threat-protection/auditing/event-5064.md
+++ b/windows/security/threat-protection/auditing/event-5064.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5064(S, F): A cryptographic context operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md
index 3e978d64a3..66bfddb1d1 100644
--- a/windows/security/threat-protection/auditing/event-5065.md
+++ b/windows/security/threat-protection/auditing/event-5065.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5065(S, F): A cryptographic context modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md
index e834a9e584..62a0920fb7 100644
--- a/windows/security/threat-protection/auditing/event-5066.md
+++ b/windows/security/threat-protection/auditing/event-5066.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5066(S, F): A cryptographic function operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md
index 5aa395a688..78cd9d24aa 100644
--- a/windows/security/threat-protection/auditing/event-5067.md
+++ b/windows/security/threat-protection/auditing/event-5067.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5067(S, F): A cryptographic function modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md
index 814ea02d50..791301bc3b 100644
--- a/windows/security/threat-protection/auditing/event-5068.md
+++ b/windows/security/threat-protection/auditing/event-5068.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5068(S, F): A cryptographic function provider operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md
index b8d6466c09..9894285dad 100644
--- a/windows/security/threat-protection/auditing/event-5069.md
+++ b/windows/security/threat-protection/auditing/event-5069.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5069(S, F): A cryptographic function property operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md
index 1232c68bd4..ba4785e01b 100644
--- a/windows/security/threat-protection/auditing/event-5070.md
+++ b/windows/security/threat-protection/auditing/event-5070.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5070(S, F): A cryptographic function property modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md
index 97f862f3a6..97c0977a60 100644
--- a/windows/security/threat-protection/auditing/event-5136.md
+++ b/windows/security/threat-protection/auditing/event-5136.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5136(S): A directory service object was modified.
diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md
index 072f6dede2..bed5eae208 100644
--- a/windows/security/threat-protection/auditing/event-5137.md
+++ b/windows/security/threat-protection/auditing/event-5137.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5137(S): A directory service object was created.
diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md
index 5fcb9a3381..12d981909a 100644
--- a/windows/security/threat-protection/auditing/event-5138.md
+++ b/windows/security/threat-protection/auditing/event-5138.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5138(S): A directory service object was undeleted.
diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md
index e89fd1eb91..6799a4e50d 100644
--- a/windows/security/threat-protection/auditing/event-5139.md
+++ b/windows/security/threat-protection/auditing/event-5139.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5139(S): A directory service object was moved.
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index 5d72bf2c8c..602e1d4024 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5140(S, F): A network share object was accessed.
@@ -132,7 +133,7 @@ This event generates once per session, when first access attempt was made.
 
 **Access Request Information:**
 
--   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights. Has always “**0x1**” value for this event.
+-   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights. It always has “**0x1**” value for this event.
 
 -   **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. Has always “**ReadData (or ListDirectory)**” value for this event.
 
diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md
index d7ba9c67d4..046ca20f9d 100644
--- a/windows/security/threat-protection/auditing/event-5141.md
+++ b/windows/security/threat-protection/auditing/event-5141.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5141(S): A directory service object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index 6930a066d4..3a69208c29 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5142(S): A network share object was added.
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index ccfe6641b0..e92068c93a 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5143(S): A network share object was modified.
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index 69aa754e48..da401f212d 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5144(S): A network share object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index 8f47f2b4d1..7b34010d4c 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5145(S, F): A network share object was checked to see whether client can be granted desired access.
@@ -134,7 +135,7 @@ This event generates every time network share object (file or folder) was access
 
 **Access Request Information:**
 
--   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights.
+-   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights.
 
 -   **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**.
 
@@ -318,4 +319,4 @@ For 5145(S, F): A network share object was checked to see whether client can be
 
     -   WRITE\_DAC
 
-    -   WRITE\_OWNER
\ No newline at end of file
+    -   WRITE\_OWNER
diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md
index bb9ab2267c..5442a8a705 100644
--- a/windows/security/threat-protection/auditing/event-5148.md
+++ b/windows/security/threat-protection/auditing/event-5148.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md
index 0e4b73fcde..7e0dc6dd45 100644
--- a/windows/security/threat-protection/auditing/event-5149.md
+++ b/windows/security/threat-protection/auditing/event-5149.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5149(F): The DoS attack has subsided and normal processing is being resumed.
diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md
index f1310cde61..80c82d807e 100644
--- a/windows/security/threat-protection/auditing/event-5150.md
+++ b/windows/security/threat-protection/auditing/event-5150.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5150(-): The Windows Filtering Platform blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md
index bf55e6a6eb..6b7d1453bf 100644
--- a/windows/security/threat-protection/auditing/event-5151.md
+++ b/windows/security/threat-protection/auditing/event-5151.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md
index 27438881cb..e5a76da383 100644
--- a/windows/security/threat-protection/auditing/event-5152.md
+++ b/windows/security/threat-protection/auditing/event-5152.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5152(F): The Windows Filtering Platform blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md
index f7a61cc8fe..a321b76f20 100644
--- a/windows/security/threat-protection/auditing/event-5153.md
+++ b/windows/security/threat-protection/auditing/event-5153.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md
index 2002fbb907..9b2425ff9c 100644
--- a/windows/security/threat-protection/auditing/event-5154.md
+++ b/windows/security/threat-protection/auditing/event-5154.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md
index 94377b1098..e6efebdae1 100644
--- a/windows/security/threat-protection/auditing/event-5155.md
+++ b/windows/security/threat-protection/auditing/event-5155.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index fbe87f79bc..3d56301b24 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5156(S): The Windows Filtering Platform has permitted a connection.
diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md
index 6967921a48..4f62c99d51 100644
--- a/windows/security/threat-protection/auditing/event-5157.md
+++ b/windows/security/threat-protection/auditing/event-5157.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5157(F): The Windows Filtering Platform has blocked a connection.
diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md
index af16821b1f..cbc0d2d4ee 100644
--- a/windows/security/threat-protection/auditing/event-5158.md
+++ b/windows/security/threat-protection/auditing/event-5158.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index 5ecd816d89..ffe34518c5 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5159(F): The Windows Filtering Platform has blocked a bind to a local port.
diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md
index 3b59d54629..f0ae1f47a8 100644
--- a/windows/security/threat-protection/auditing/event-5168.md
+++ b/windows/security/threat-protection/auditing/event-5168.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5168(F): SPN check for SMB/SMB2 failed.
diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md
index 3145af538e..ee08c45c93 100644
--- a/windows/security/threat-protection/auditing/event-5376.md
+++ b/windows/security/threat-protection/auditing/event-5376.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5376(S): Credential Manager credentials were backed up.
diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md
index a60bd13f29..a6f12f74f5 100644
--- a/windows/security/threat-protection/auditing/event-5377.md
+++ b/windows/security/threat-protection/auditing/event-5377.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5377(S): Credential Manager credentials were restored from a backup.
diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md
index 64f48471be..b6391769da 100644
--- a/windows/security/threat-protection/auditing/event-5378.md
+++ b/windows/security/threat-protection/auditing/event-5378.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5378(F): The requested credentials delegation was disallowed by policy.
diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md
index 732d1ae81e..96b013cf8c 100644
--- a/windows/security/threat-protection/auditing/event-5447.md
+++ b/windows/security/threat-protection/auditing/event-5447.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5447(S): A Windows Filtering Platform filter has been changed.
diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md
index b5af7f21a3..676a79172e 100644
--- a/windows/security/threat-protection/auditing/event-5632.md
+++ b/windows/security/threat-protection/auditing/event-5632.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5632(S, F): A request was made to authenticate to a wireless network.
diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md
index 1583b0b945..e661c80301 100644
--- a/windows/security/threat-protection/auditing/event-5633.md
+++ b/windows/security/threat-protection/auditing/event-5633.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5633(S, F): A request was made to authenticate to a wired network.
diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md
index d0dc85fe45..32d5ba732a 100644
--- a/windows/security/threat-protection/auditing/event-5712.md
+++ b/windows/security/threat-protection/auditing/event-5712.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5712(S): A Remote Procedure Call (RPC) was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md
index 5c45a9698a..72e18b5e28 100644
--- a/windows/security/threat-protection/auditing/event-5888.md
+++ b/windows/security/threat-protection/auditing/event-5888.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5888(S): An object in the COM+ Catalog was modified.
diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md
index 3b60e803d9..178ec29a4f 100644
--- a/windows/security/threat-protection/auditing/event-5889.md
+++ b/windows/security/threat-protection/auditing/event-5889.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5889(S): An object was deleted from the COM+ Catalog.
diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md
index 09c79bee05..4f473d2a4e 100644
--- a/windows/security/threat-protection/auditing/event-5890.md
+++ b/windows/security/threat-protection/auditing/event-5890.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 5890(S): An object was added to the COM+ Catalog.
diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md
index dfad64c1da..3eb1181321 100644
--- a/windows/security/threat-protection/auditing/event-6144.md
+++ b/windows/security/threat-protection/auditing/event-6144.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6144(S): Security policy in the group policy objects has been applied successfully.
diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md
index 60ed2e8ad8..b062b5e023 100644
--- a/windows/security/threat-protection/auditing/event-6145.md
+++ b/windows/security/threat-protection/auditing/event-6145.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6145(F): One or more errors occurred while processing security policy in the group policy objects.
diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md
index 76f546a222..38f432d51a 100644
--- a/windows/security/threat-protection/auditing/event-6281.md
+++ b/windows/security/threat-protection/auditing/event-6281.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6281(F): Code Integrity determined that the page hashes of an image file aren't valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md
index d8bcc6f1c7..a588c35204 100644
--- a/windows/security/threat-protection/auditing/event-6400.md
+++ b/windows/security/threat-protection/auditing/event-6400.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content.
diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md
index 3e60d3515a..82502eb7ff 100644
--- a/windows/security/threat-protection/auditing/event-6401.md
+++ b/windows/security/threat-protection/auditing/event-6401.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6401(-): BranchCache: Received invalid data from a peer. Data discarded.
diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md
index 3148f9b03e..d5d3febf63 100644
--- a/windows/security/threat-protection/auditing/event-6402.md
+++ b/windows/security/threat-protection/auditing/event-6402.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md
index ad426fdacc..2f9d945388 100644
--- a/windows/security/threat-protection/auditing/event-6403.md
+++ b/windows/security/threat-protection/auditing/event-6403.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client.
diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md
index e2fed0d583..f37bea1b9e 100644
--- a/windows/security/threat-protection/auditing/event-6404.md
+++ b/windows/security/threat-protection/auditing/event-6404.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md
index 48746ad277..1feed0f6a6 100644
--- a/windows/security/threat-protection/auditing/event-6405.md
+++ b/windows/security/threat-protection/auditing/event-6405.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred.
diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md
index 42541a3842..fdd75af38b 100644
--- a/windows/security/threat-protection/auditing/event-6406.md
+++ b/windows/security/threat-protection/auditing/event-6406.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2.
diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md
index 68aba98482..c2f279466e 100644
--- a/windows/security/threat-protection/auditing/event-6407.md
+++ b/windows/security/threat-protection/auditing/event-6407.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6407(-): 1%.
diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md
index 28c11c16f5..36f25a9b69 100644
--- a/windows/security/threat-protection/auditing/event-6408.md
+++ b/windows/security/threat-protection/auditing/event-6408.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md
index c1c419c09d..3f406625b5 100644
--- a/windows/security/threat-protection/auditing/event-6409.md
+++ b/windows/security/threat-protection/auditing/event-6409.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6409(-): BranchCache: A service connection point object could not be parsed.
diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md
index b921dbea1c..958db95565 100644
--- a/windows/security/threat-protection/auditing/event-6410.md
+++ b/windows/security/threat-protection/auditing/event-6410.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.
diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md
index 7d254bf9ef..64cdb17ee1 100644
--- a/windows/security/threat-protection/auditing/event-6416.md
+++ b/windows/security/threat-protection/auditing/event-6416.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6416(S): A new external device was recognized by the System.
diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md
index 108315501c..7368059899 100644
--- a/windows/security/threat-protection/auditing/event-6419.md
+++ b/windows/security/threat-protection/auditing/event-6419.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6419(S): A request was made to disable a device.
diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md
index 2efdfa78aa..2c7166a78d 100644
--- a/windows/security/threat-protection/auditing/event-6420.md
+++ b/windows/security/threat-protection/auditing/event-6420.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6420(S): A device was disabled.
diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md
index 3780d8b15e..ae72b11254 100644
--- a/windows/security/threat-protection/auditing/event-6421.md
+++ b/windows/security/threat-protection/auditing/event-6421.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6421(S): A request was made to enable a device.
diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md
index 02752c9163..bf594b6937 100644
--- a/windows/security/threat-protection/auditing/event-6422.md
+++ b/windows/security/threat-protection/auditing/event-6422.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6422(S): A device was enabled.
diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md
index 5e62ebe6c7..4f7fcb614c 100644
--- a/windows/security/threat-protection/auditing/event-6423.md
+++ b/windows/security/threat-protection/auditing/event-6423.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6423(S): The installation of this device is forbidden by system policy.
diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md
index 699e5ad030..10d33c2820 100644
--- a/windows/security/threat-protection/auditing/event-6424.md
+++ b/windows/security/threat-protection/auditing/event-6424.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy.
diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
index 8f748675ac..90b8df1a2d 100644
--- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
index 4ee793c896..d2af1d3d31 100644
--- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
+++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: how-to
 ---
 
 # How to get a list of XML data name elements in EventData
diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
index 8eab827c8c..9b6b271da7 100644
--- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md
index f07cf95322..a7c3aa44fe 100644
--- a/windows/security/threat-protection/auditing/monitor-claim-types.md
+++ b/windows/security/threat-protection/auditing/monitor-claim-types.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
index a7e5d02dfc..91265a3f10 100644
--- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
index 3efb97355c..179df431d4 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
index 4b441fb816..1e95dc5887 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
index 23e407048c..5bbd6fa638 100644
--- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
index 9e876c52cd..659d01dc6b 100644
--- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
+++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
index 6f278f38b9..70ff402a9c 100644
--- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
+++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md
index 6854674959..800961629e 100644
--- a/windows/security/threat-protection/auditing/other-events.md
+++ b/windows/security/threat-protection/auditing/other-events.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Other Events
diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
index b90600ce1b..ca4a732ae0 100644
--- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
index a003b01b19..ddb00eb78b 100644
--- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md
index af93397c03..6b11aea8c2 100644
--- a/windows/security/threat-protection/auditing/security-auditing-overview.md
+++ b/windows/security/threat-protection/auditing/security-auditing-overview.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
index 43954b93a0..1b69753395 100644
--- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md
index e76f4cde92..ebf21e1e50 100644
--- a/windows/security/threat-protection/auditing/view-the-security-event-log.md
+++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/09/2021
diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index bdee085d81..bb0933cca6 100644
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index b13c6f8d8c..fdc4c5d757 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -9,6 +9,7 @@ ms.author: dansimp
 ms.date: 08/14/2017
 ms.localizationpriority: medium
 ms.technology: itpro-security
+ms.topic: reference
 ---
 
 # Block untrusted fonts in an enterprise
diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index b322223819..bf8fa457c5 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -9,7 +9,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 12/16/2021
diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
index 6956068c52..25024c897f 100644
--- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@@ -9,6 +9,8 @@ ms.reviewer:
 manager: aaroncz
 ms.custom: asr
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Windows Defender Application Control and virtualization-based protection of code integrity
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index f86bf00a8b..1bee48b996 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -8,7 +8,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/20/2017
 ms.reviewer: 
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index c5729ba1e1..7b0d87f42e 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -7,7 +7,6 @@ manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
 ms.localizationpriority: medium
diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md
index f3481ad39c..6fb73d0cd6 100644
--- a/windows/security/threat-protection/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/get-support-for-security-baselines.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 ms.author: dansimp
 author: dulcemontemayor
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/25/2018
 ms.reviewer: 
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 92d1fa392e..4a039044c7 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -7,9 +7,9 @@ ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Windows threat protection
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
index bfb7dc677b..307fd1ee4b 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -8,6 +8,8 @@ author: dansimp
 ms.reviewer: 
 manager: aaroncz
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
  
 # What is Microsoft Baseline Security Analyzer and its uses?
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index c71d2b029e..5ab3f50909 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -13,6 +13,7 @@ ms.reviewer:
 manager: aaroncz
 ms.custom: sasr
 ms.technology: itpro-security
+ms.topic: how-to
 ---
 
 # Configure Microsoft Defender Application Guard policy settings
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
index e9a396f602..816d5da3f4 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
@@ -14,6 +14,7 @@ metadata:
   manager: aaroncz
   ms.custom: asr
   ms.topic: faq
+  ms.date: 12/31/2017
 title: Frequently asked questions - Microsoft Defender Application Guard
 summary: |
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
index b4fb01a3c6..ad5d373c27 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
@@ -8,13 +8,14 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 09/09/2021
+ms.date: 11/30/2022
 ms.reviewer: 
 manager: aaroncz
 ms.custom: asr
 ms.technology: itpro-security
 ms.collection: 
   - highpri
+ms.topic: how-to
 ---
 
 # Prepare to install Microsoft Defender Application Guard
@@ -27,10 +28,12 @@ ms.collection:
 ## Review system requirements
  
 See [System requirements for Microsoft Defender Application Guard](./reqs-md-app-guard.md) to review the hardware and software installation requirements for Microsoft Defender Application Guard.
->[!NOTE]
->Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
+
+> [!NOTE]
+> Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
 
 ## Prepare for Microsoft Defender Application Guard 
+
 Before you can install and use Microsoft Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode.
 
 ### Standalone mode
@@ -51,6 +54,7 @@ Applies to:
 You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add non-enterprise domain(s) in the container.
 
 The following diagram shows the flow between the host PC and the isolated container.
+
 ![Flowchart for movement between Microsoft Edge and Application Guard.](images/application-guard-container-v-host.png)
 
 ## Install Application Guard
@@ -59,29 +63,29 @@ Application Guard functionality is turned off by default. However, you can quick
 
 ### To install by using the Control Panel
 
-1. Open the **Control Panel**, click **Programs,** and then click **Turn Windows features on or off**.
+1. Open the **Control Panel**, click **Programs,** and then select **Turn Windows features on or off**.
 
     ![Windows Features, turning on Microsoft Defender Application Guard.](images/turn-windows-features-on-off.png)
 
-2. Select the check box next to **Microsoft Defender Application Guard** and then click **OK**.
+2. Select the check box next to **Microsoft Defender Application Guard** and then select **OK**.
 
    Application Guard and its underlying dependencies are all installed.
 
 ### To install by using PowerShell
 
->[!NOTE]
->Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
+> [!NOTE]
+> Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
 
-1. Click the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**.
+1. Select the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**.
    
-2. Right-click **Windows PowerShell**, and then click **Run as administrator**.
+2. Right-click **Windows PowerShell**, and then select **Run as administrator**.
 
    Windows PowerShell opens with administrator credentials.
 
 3. Type the following command:
 
     ```
-    Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard
+    Enable-WindowsOptionalFeature -Online -FeatureName Windows-Defender-ApplicationGuard
     ```
 4. Restart the device.
 
@@ -94,17 +98,15 @@ Application Guard functionality is turned off by default. However, you can quick
 
 :::image type="content" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Enroll devices in Intune.":::
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. Choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
 
    1. In the **Platform** list, select **Windows 10 and later**. 
    
-   1. In the **Profile** list, select **Endpoint protection**. 
+   2. In the **Profile** type, choose **Templates** and select **Endpoint protection**. 
    
-   1. Choose **Create**.
+   3. Choose **Create**.
 
-1. Specify the following settings for the profile:
+2. Specify the following settings for the profile:
 
    - **Name** and **Description**
 
@@ -114,16 +116,16 @@ Application Guard functionality is turned off by default. However, you can quick
 
    - Choose your preferences for **Clipboard behavior**, **External content**, and the remaining settings.
 
-1. Choose **OK**, and then choose **OK** again.
+3. Choose **OK**, and then choose **OK** again.
 
-1. Review your settings, and then choose **Create**.
+4. Review your settings, and then choose **Create**.
 
-1. Choose **Assignments**, and then do the following:
+5. Choose **Assignments**, and then do the following:
 
    1. On the **Include** tab, in the **Assign to** list, choose an option.
 
-   1. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab.
+   2. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab.
 
-   1. Click **Save**.
+   3. Select **Save**.
 
 After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place.
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
index 631bbc75fd..0f2bca60b2 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
@@ -10,6 +10,7 @@ ms.reviewer:
 manager: aaroncz
 ms.custom: asr
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Microsoft Defender Application Guard Extension
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index 1ba47ee970..6b284c9344 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -15,6 +15,7 @@ ms.custom: asr
 ms.technology: itpro-security
 ms.collection: 
   - highpri
+ms.topic: conceptual
 ---
 
 # Microsoft Defender Application Guard overview
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index d8461e69f2..4357712bc7 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -10,6 +10,7 @@ ms.reviewer: sazankha
 manager: aaroncz
 ms.date: 09/23/2022
 ms.custom: asr
+ms.topic: conceptual
 ---
 
 # Application Guard testing scenarios
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 5d2279fcc0..8723d513d2 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: reference
 ---
 # Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
 **Applies to:**
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index e58c585f72..393d33b206 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -11,6 +11,8 @@ ms.technology: itpro-security
 adobe-target: true
 ms.collection: 
   - highpri
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Microsoft Defender SmartScreen
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
index 4d099ef9e6..0ee92c6736 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: how-to
 ---
 
 # Set up and use Microsoft Defender SmartScreen on individual devices
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
index db57203dd5..8597ee9893 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
@@ -12,6 +12,7 @@ ms.date: 10/07/2022
 adobe-target: true
 appliesto: 
   - ✅ <b>Windows 11, version 22H2</b>
+ms.topic: conceptual
 ---
 
 # Enhanced Phishing Protection in Microsoft Defender SmartScreen  
diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md
index cf9752c6f3..9c275ac6ba 100644
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@@ -5,11 +5,11 @@ ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Microsoft Security Development Lifecycle
diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
index fa6de91b70..f2ff6373f9 100644
--- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
+++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
@@ -7,6 +7,8 @@ ms.prod: windows-client
 author: dulcemontemayor
 ms.localizationpriority: medium
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 9540d55eb9..29058967b4 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -8,6 +8,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: dansimp
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Mitigate threats by using Windows 10 security features
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index ae2b7dcea6..fa79c1116f 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -9,6 +9,7 @@ author: dulcemontemayor
 ms.date: 10/13/2017
 ms.localizationpriority: medium
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Control the health of Windows 10-based devices
diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
index 4948ce0dd3..1c67b647de 100644
--- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
+++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
index 58a7ccea5f..ea4406b6f7 100644
--- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
+++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/11/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
index 559a82704b..e6f9bec119 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 08/16/2021
@@ -23,6 +22,7 @@ ms.technology: itpro-security
 # Account lockout duration
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Account lockout duration** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
index a53b0258c1..03d4f6bba0 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/11/2018
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Account Lockout Policy
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the Account Lockout Policy settings and links to information about each policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 0b41931636..7436c55ccd 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 11/02/2018
@@ -23,6 +22,7 @@ ms.technology: itpro-security
 # Account lockout threshold
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Account lockout threshold** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md
index ba2d477909..b3031beef7 100644
--- a/windows/security/threat-protection/security-policy-settings/account-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/account-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Account Policies
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 An overview of account policies in Windows and provides links to policy descriptions.
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
index 90bc33cfae..e247a80951 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/01/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Accounts: Administrator account status
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Accounts: Administrator account status** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
index 9e7978d6dc..bd80ebe594 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/10/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Accounts: Block Microsoft accounts
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Accounts: Block Microsoft accounts** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
index 3640a3d432..f23fc8dd7e 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Accounts: Guest account status - security policy setting
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Accounts: Guest account status** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
index 0d915059c8..6b3f24d9e6 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Accounts: Limit local account use of blank passwords to console logon only
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Accounts: Limit local account use of blank passwords to console logon only** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
index 46c725eb8d..bd8090dfe7 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Accounts: Rename administrator account
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 This security policy reference topic for the IT professional describes the best practices, location, values, and security considerations for this policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
index 987c19d4b7..6bfcf412ae 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Accounts: Rename guest account - security policy setting
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Accounts: Rename guest account** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
index 87c7ed20ea..c36f75e923 100644
--- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
+++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
index 562f3219cb..6c558c83f7 100644
--- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
index a56b7a05ba..622ad26f5c 100644
--- a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
+++ b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
index bc2b937927..9994324c08 100644
--- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -95,7 +94,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl
 
 **To administer security policies by using the Security Compliance Manager**
 
-1. Download the most recent version. You can find out more info on the [Microsoft Security Guidance](/archive/blogs/secguide/) blog.
+1. Download the most recent version. You can find more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog.
 1. Read the relevant security baseline documentation that is included in this tool.
 1. Download and import the relevant security baselines. The installation process steps you through baseline selection.
 1. Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines.
diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
index 925f18e265..6e252f1e14 100644
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
index f08466a3fe..6b074f6cb3 100644
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
index f7bee2d141..d5f0c9641a 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
index 7eb7e6736f..7d38765755 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/01/2019
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Audit: Audit the use of Backup and Restore privilege
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Audit: Audit the use of Backup and Restore privilege** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
index 19fbeba785..42e645eb95 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/audit-policy.md b/windows/security/threat-protection/security-policy-settings/audit-policy.md
index 9f1e6cd0c6..5130a2112d 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-policy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Audit Policy
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Provides information about basic audit policies that are available in Windows and links to information about each setting.
diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
index 7a76b59383..614fbe0d12 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Audit: Shut down system immediately if unable to log security audits
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, management practices, and security considerations for the **Audit: Shut down system immediately if unable to log security audits** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
index f73a8fcbfb..40d62fb154 100644
--- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
index e85a3de000..bd274babde 100644
--- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
+++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
index 3f4fea070d..3958ae9bed 100644
--- a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
+++ b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
index be8cee418e..0f18fbe6a0 100644
--- a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
+++ b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
index d4eff325c4..68753e633a 100644
--- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
index 42880a98ce..397456fc85 100644
--- a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
+++ b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md
index cbbe65e98f..bd8b943798 100644
--- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
index 702b33b967..dd58539e88 100644
--- a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
index a1cb062b9e..5ea5c36a0c 100644
--- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
+++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index c0da6c3c6d..b2b90cdc1f 100644
--- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index c5a0177457..e549425217 100644
--- a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md
index 75073bd6ad..c97a34004a 100644
--- a/windows/security/threat-protection/security-policy-settings/debug-programs.md
+++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
index 1e218d4db5..9d51332226 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/19/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
index 388793a1c5..26257d7869 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
index 04490f4249..943ab1c47e 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
index 7ccc3a1197..66c2308100 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
index 5d840786b2..ad977d3239 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
index 3f7ea8fc06..42bcd1198e 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Devices: Allow undock without having to log on
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Devices: Allow undock without having to log on** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
index 6702bc1ca9..f27b736149 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Devices: Allowed to format and eject removable media
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Devices: Allowed to format and eject removable media** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
index fcd1e4ceda..48ec7ee37d 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/05/2022
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Devices: Prevent users from installing printer drivers
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Devices: Prevent users from installing printer drivers** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
index 7a3f1c4576..606f90388d 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Devices: Restrict CD-ROM access to locally logged-on user only
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Devices: Restrict CD-ROM access to locally logged-on user only** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
index cae68cce6a..f678d28b4a 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Devices: Restrict floppy access to locally logged-on user only
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Devices: Restrict floppy access to locally logged-on user only** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
index 53ae7eca11..67c1a1fd26 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
index c231fd191b..cc42ccd096 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
index 73ec982c16..df6db377b5 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
@@ -12,9 +12,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Domain controller: Refuse machine account password changes
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
index f442a4ccd6..497ae0dcf3 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Digitally encrypt or sign secure channel data (always)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Digitally encrypt or sign secure channel data (always)** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
index deb101306c..ee6200237d 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Digitally encrypt secure channel data (when possible)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Digitally encrypt secure channel data (when possible)** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
index b19d3da882..fa4519f654 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Digitally sign secure channel data (when possible)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Digitally sign secure channel data (when possible)** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
index ca4549a9cc..29cc577b0b 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/27/2019
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Disable machine account password changes
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Disable machine account password changes** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
index e5e1ed0e87..ac46532629 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/29/2020
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Maximum machine account password age
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Maximum machine account password age** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
index 402b5c1833..ba84a03cc1 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,7 +20,8 @@ ms.technology: itpro-security
 # Domain member: Require strong (Windows 2000 or later) session key
 
 **Applies to**
--   Windows 10
+-   Windows 11
+-   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Require strong (Windows 2000 or later) session key** security policy setting.
 
diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
index ea2e02efb2..e1bc8ef4b9 100644
--- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
+++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
index 4bb6c855cc..5c1bb1ef3b 100644
--- a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
+++ b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Enforce password history
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, policy management, and security considerations for the **Enforce password history** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
index 9f7ae5a5e6..0b360cffa1 100644
--- a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
+++ b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
index 346ef2f329..47d87b0cef 100644
--- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
+++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
index fddbf6586e..be5d5caebf 100644
--- a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
+++ b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
index d9bdd93728..8cdc5e7f53 100644
--- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 04/19/2017
diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
index 7bb2552b61..c4a613a542 100644
--- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
index 300c643543..3c54eb33ec 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
index 75721584d2..2c2e0bb890 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 2/6/2020
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
index a7a97b3252..d76c4110fc 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Display user information when the session is locked
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
index 66fff5d9b2..6cddf9952d 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
@@ -9,7 +9,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.reviewer: 
@@ -20,7 +19,8 @@ ms.technology: itpro-security
 # Interactive logon: Don't display last signed-in
 
 **Applies to**
--   Windows 10
+-   Windows 11
+-   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting. Before Windows 10 version 1703, this policy setting was named **Interactive logon:Do not display last user name.**
 
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
index bc9c2d4afb..f33b15222c 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -20,6 +19,7 @@ ms.technology: itpro-security
 # Interactive logon: Do not require CTRL+ALT+DEL
 
 **Applies to**
+- Windows 11
 - Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not require CTRL+ALT+DEL** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
index ea25ab2fbb..e283a1f14d 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,7 +20,9 @@ ms.technology: itpro-security
 # Interactive logon: Don't display username at sign-in
 
 **Applies to**
-- Windows 10, Windows Server 2019
+- Windows 11
+- Windows 10
+- Windows Server 2019
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting.
 
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
index c7aad467f2..c08ad29828 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Machine account lockout threshold
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine account lockout threshold** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
index ff6e5b9bac..b65e3da751 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/18/2018
@@ -23,6 +22,7 @@ ms.technology: itpro-security
 # Interactive logon: Machine inactivity limit
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine inactivity limit** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
index 3dca94d8de..0b5af8fa19 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -22,6 +21,7 @@ ms.technology: itpro-security
 
 **Applies to:**
 
+- Windows 11
 - Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Message text for users attempting to log on** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
index cf278a7681..c20c76d1c8 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -22,6 +21,7 @@ ms.technology: itpro-security
 
 **Applies to**
 
+- Windows 11
 - Windows 10
 
 Describes the best practices, location, values, policy management and security considerations for the **Interactive logon: Message title for users attempting to log on** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
index b82c0ed014..91919d8ae3 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/27/2018
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Number of previous logons to cache (in case domain controller is not available)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Number of previous logons to cache (in case domain controller is not available)** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
index 23c3afa966..5508696327 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Interactive log on: Prompt the user to change passwords before expiration
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 This article describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Prompt user to change password before expiration** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
index 66491dbbc4..dea0b48963 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Require Domain Controller authentication to unlock workstation
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require Domain Controller authentication to unlock workstation** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index 164c2cc81a..32b2a60b44 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
index 7388a8053f..804de2d6cb 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Smart card removal behavior
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the recommended practices, location, values, policy management, and security considerations for the **Interactive logon: Smart card removal behavior** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
index 7fb1cb1710..c6fc22a8de 100644
--- a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
index 7c6871a87f..10425d576a 100644
--- a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
+++ b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
index b981d5e8cc..ab91674f23 100644
--- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
+++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
index a55b2121f7..c982a7ca78 100644
--- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
+++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 04/19/2017
diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
index f43b7635b5..833a0d2eea 100644
--- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
+++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
index 37c0b4951f..f19e322da5 100644
--- a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
+++ b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
index 8efd0f5d89..e60f5b8019 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
index 10456a7833..d048ad2d5b 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
index 15fec062f5..7117941bbe 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
index c0b7aae124..7c99d562b8 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Maximum password age
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, policy management, and security considerations for the **Maximum password age** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
index 9934945176..e6976b9407 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
index bde8daf5f1..e446db45a1 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
@@ -13,11 +13,13 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.date: 06/28/2018
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Microsoft network client: Digitally sign communications (always)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 -   Windows Server
 
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
index c3c7ced2ca..1162197765 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
index 39110f95c1..b5f65848a6 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
index 75a1455561..12c009ce89 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
index a3f70b7900..3ef631a76e 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/21/2018
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
index 8c064588f8..9af04189fa 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
index bd1d8be1f3..e157b27f1e 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
index f6ce6b41e1..02c1a25fd5 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
@@ -13,11 +13,13 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.date: 11/13/2018
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Minimum password age
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, policy management, and security considerations for the **Minimum password age** security policy setting.
@@ -89,4 +91,4 @@ If you set a password for a user but want that user to change the password when
 
 ## Related topics
 
-- [Password Policy](password-policy.md)
\ No newline at end of file
+- [Password Policy](password-policy.md)
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
index 14a19ec3af..cde1a5df8b 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 03/30/2022
@@ -23,6 +22,7 @@ ms.technology: itpro-security
 # Minimum password length
 
 **Applies to**
+- Windows 11
 - Windows 10
 
 This article describes the recommended practices, location, values, policy management, and security considerations for the **Minimum password length** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
index fbfb32b045..784db5fe09 100644
--- a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
+++ b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
index d084e365ba..3f104ff095 100644
--- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
+++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
index aafe4619c1..c3103f7be5 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
index 4317675d65..547733a694 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
index 0b57d3a933..36749adf40 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
index 8726b950f2..cd953a6928 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 07/01/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
index a71af792e0..d4297e81d7 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
index 22436ac3ef..beb39359bb 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
index d9c616fb82..cf9c3cea63 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
index 38b0c07c3c..cf59a0d22f 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
index 3b779eb87c..92f62c7e6b 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index 48d6693d11..67f28accd4 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -11,6 +11,7 @@ ms.reviewer:
 manager: aaroncz
 ms.collection: 
   - highpri
+ms.topic: conceptual
 ---
 
 # Network access: Restrict clients allowed to make remote calls to SAM
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
index c6b831e405..6f1e91f1b2 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
index 2d159d7ee9..3feed8fa4d 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
index 82252f7a68..6b67b4947f 100644
--- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
index 68e3fb1776..531f18f014 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/04/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
index e74d40a8ae..4d47667005 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
index 1b8d66ce92..08db95e10e 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/03/2022
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
index c5143b9f49..b0da8cc808 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 04/19/2017
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
index 6fb0bc171f..463b054ea4 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
index dc9aebbb8c..3e5f9a03b9 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
index b3ebd353c1..aba0587774 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 04/19/2017
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
index 4dcdc81aa0..3c0032faf1 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
index 9c3d1d2f2a..d0a7524fb4 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 07/27/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
index 469bd9cf39..022d167542 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
index 4ce6039624..09f6ccc2c7 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
index 61a85682bd..99e8c7a39f 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
index b390537f8b..4c15706058 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index b7024f8999..7bf8d5f15b 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
index 21e4daa313..2f02467243 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
index 02de52f636..33ff80fb70 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
@@ -12,9 +12,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Network security: Restrict NTLM: NTLM authentication in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
index 4158c8dff7..9037b9728c 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/15/2022
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index fb87a0fd40..c7b9c6ad9d 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -13,15 +13,16 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Password must meet complexity requirements
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Password must meet complexity requirements** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index 7ecb04ce32..b4163b8525 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 04/19/2017
@@ -23,6 +22,7 @@ ms.technology: itpro-security
 # Password Policy
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 An overview of password policies for Windows and links to information for each policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
index 310b057751..7b30d8f59c 100644
--- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
+++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
index a98135713c..cde1362185 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
index fe332e87f3..ecb01bb455 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
index 379cef16af..0980bf4469 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
index 6b402af2db..d7906353f2 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
index fbd8bf9e9b..57181925d6 100644
--- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
+++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
index 3978432395..5e9ee1c0f3 100644
--- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
+++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
index 900b66a6fe..1891e3b322 100644
--- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
+++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/02/2018
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Reset account lockout counter after
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Reset account lockout counter after** security policy setting.
@@ -77,4 +77,4 @@ If you don't configure this policy setting or if the value is configured to an i
 
 ## Related topics
 
-- [Account Lockout Policy](account-lockout-policy.md)
\ No newline at end of file
+- [Account Lockout Policy](account-lockout-policy.md)
diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
index ea25267470..d534fcedaa 100644
--- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
index a620908a28..15e8e865fb 100644
--- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Advanced security audit policy settings for Windows 10
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Provides information about the advanced security audit policy settings that are available in Windows and the audit events that they generate.
diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md
index 2617bbe979..b7b56bf6a8 100644
--- a/windows/security/threat-protection/security-policy-settings/security-options.md
+++ b/windows/security/threat-protection/security-policy-settings/security-options.md
@@ -13,11 +13,13 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.date: 06/28/2018
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Security Options
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Provides an introduction to the **Security Options** settings for local security policies and links to more information.
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
index 2668278e86..5aecd1228b 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index 5ab4550261..79136b00da 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 04/19/2017
diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
index 67d5faee52..b2bd961eea 100644
--- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
+++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
index 191d7707e3..6fe3056930 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
index 8dee428efe..4b773d0043 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/01/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
index b177d97e7f..99e2eca53e 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
index 735abfb6ec..b4ac13d05a 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
index e786e34d26..45b7731eb7 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
index 02d3e39e49..cf2feb9753 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
index 7e2d99c5ca..93c6889650 100644
--- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
+++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
@@ -21,6 +20,7 @@ ms.technology: itpro-security
 # Store passwords using reversible encryption
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Store passwords using reversible encryption** security policy setting.
diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
index 27b022d867..f165400681 100644
--- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
+++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
index 73d75fc780..8e1ac04319 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index 7b1b9ef84d..86ed35f4ec 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/16/2018
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
index cfc1e3e48a..fb283fcb9b 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
index 9e16de4a18..c4cc3fd368 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
index 0397eca9d7..d287cf1d46 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
index f8db801710..4d194b9586 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
index 563b7b38aa..279eeced74 100644
--- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
index 32ff199d90..73b7ad213e 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
index bb6ff605e9..541ed662b6 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
index 867ff0c857..b573193466 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
index c80cd46fc4..cc56752bf0 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/11/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
index 157dbcb839..9a76eb60a7 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
index 94940efabd..5b94f9db23 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
index 59e27064f3..c181b31d00 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
index b246a0c52c..28bcf3d293 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
index bff51aac66..3e92e84352 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
index 2d7c126bdf..fe36fcdd30 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
index 79919780f0..0439fc8ee1 100644
--- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
+++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 12/16/2021
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index d48d5da38b..1fac194013 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -9,6 +9,7 @@ author: dulcemontemayor
 ms.date: 02/28/2019
 ms.localizationpriority: medium
 ms.technology: itpro-security
+ms.topic: how-to
 ---
 
 # Use Windows Event Forwarding to help with intrusion detection
@@ -397,6 +398,17 @@ The following GPO snippet performs the following tasks:
 
 ![configure event channels.](images/capi-gpo.png)
 
+The following table also contains the six actions to configure in the GPO:
+
+| Program/Script                     | Arguments                                                                                                |
+|------------------------------------|----------------------------------------------------------------------------------------------------------|
+| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /e:true                                                           |
+| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ms:102432768                                                     |
+| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-AppLocker/EXE and DLL" /ms:102432768                                               |
+| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ca:"O:BAG:SYD:(A;;0x7;;;BA)(A;;0x2;;;AU)(A;;0x1;;;S-1-5-32-573)" |
+| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /e:true                                     |
+| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /ms:52432896                                |
+
 ## <a href="" id="bkmk-appendixd"></a>Appendix D - Minimum GPO for WEF Client configuration
 
 Here are the minimum steps for WEF to operate:
@@ -655,4 +667,4 @@ You can get more info with the following links:
 -   [Event Queries and Event XML](/previous-versions/bb399427(v=vs.90))
 -   [Event Query Schema](/windows/win32/wes/queryschema-schema)
 -   [Windows Event Collector](/windows/win32/wec/windows-event-collector)
--   [4625(F): An account failed to log on](./auditing/event-4625.md)
\ No newline at end of file
+-   [4625(F): An account failed to log on](./auditing/event-4625.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
index 707538f309..ab8014b9a5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: vinpa
 manager: aaroncz
 ms.date: 04/29/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Testing and Debugging AppId Tagging Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
index 6b822bc07e..bf48be5b8d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
@@ -3,13 +3,13 @@ title: Deploying Windows Defender Application Control AppId tagging policies
 description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: vinpa
 manager: aaroncz
 ms.date: 04/29/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Deploying Windows Defender Application Control AppId tagging policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
index cea2b2e0d7..9bce0c01fd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: vinpa
 manager: aaroncz
 ms.date: 04/29/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Creating your WDAC AppId Tagging Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
index a2d2da6611..ffde0b7c8e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: vinpa
 manager: aaroncz
 ms.date: 04/27/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # WDAC Application ID (AppId) Tagging guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
index 7a948159c8..0b5ca8e152 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.date: 10/30/2019
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Allow Line-of-Business Win32 Apps on Intune-Managed S Mode Devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 6e21277b67..f9355db522 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -115,7 +115,7 @@
       href: operations/known-issues.md
     - name: Managed installer and ISG technical reference and troubleshooting guide
       href: configure-wdac-managed-installer.md
-    - name: Managing WDAC Policies with CI Tool
+    - name: CITool.exe technical reference
       href: operations/citool-commands.md
 - name: WDAC AppId Tagging guide
   href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index af08583111..b3e65b47bf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -9,12 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: vinaypamnani-msft
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Allow COM object registration in a Windows Defender Application Control policy
@@ -69,6 +70,10 @@ One attribute:
 
 - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
 
+### Multiple policy considerations
+
+Similar to executable files, COM objects must pass each policy on the system to be allowed by WDAC. For example, if the COM object under evaluation passes most but not all of your WDAC policies, the COM object will not be allowed. If you are using a combination of base and supplemental policies, the COM object just needs to be allowlisted in either the base policy or one of the supplemental policies. 
+
 ### Examples
 
 Example 1: Allows registration of all COM object GUIDs in any provider
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index 999e12d065..c41d4b9e24 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
index 15f67c37ac..0b93872957 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
index d7fe255d6d..4ffbf7a507 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
index 1e52c126e4..ab19a6f3c0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index 2e6095c98a..c2987aea45 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -13,7 +13,6 @@ author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 10/16/2017
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
index 3e68795be1..ff9dab0871 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
index fa42cc82dd..ae89b01ff7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
index 1d908e2f8e..bd9c843bda 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
index e70885a1a5..354f073ff9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
index a0c355bef9..43fe8a1ef2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
index 73fea32c43..f9b9a77466 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
index 149ca60ce9..ba4c5228a2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/08/2018
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
index e151e8190f..32d94d0af1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
index 212cde1127..66826b4b00 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
index 45720da1ec..f2263ece50 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
index 62e3f5bbe7..5f081ad311 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 07/01/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
index ba45e341f1..ff60b9add8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
index 3b7d3855c4..894151f16f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
index 11d5a05373..6399a404d9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
index 72e43ee33a..89b0d672cf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
index 5efaa6ef5c..33534d6a32 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
index d99ffe4b82..6c8c9389cb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
index e32ce48432..68d616c899 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
index 6de23bb531..56981ee10e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index 66f6c0a203..ca59bdbda8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/09/2020
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index 5268d11b52..3e30ca5a13 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
index 4fd68a84b7..40c44e6764 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
index d650a66317..ccc988d5ff 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index 3b7faa4248..975a812d0d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
index 04f8f5ea63..ed337dd53d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index 7a8f7e4cb7..8b93a5a341 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
index 78b0bc09bc..4ef55c919d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index dea2bf1d1d..2ef4d45309 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -11,7 +11,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.pagetype: security
 ms.date: 09/21/2017
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
index ff4be0a01c..46c2d4bd75 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
index 6ea771b3b1..51b3644c43 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
index 68e95db030..3486c2c96a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
index 866659b54e..d73311a429 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
index ae11ea5a92..53383e51c3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
index e614c2ebfd..269b7e0c0a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
index bad5f25658..1be63d7bd3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
index 6c98a90cfb..103730016d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
index a5aef1b467..136220fec8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
index ca2337fc34..a684de3cd7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
index 1fd9ead2c1..c25ac7d908 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
@@ -12,9 +12,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Import an AppLocker policy from another computer
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
index 13d9a01b2a..9683aef8f7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
index 2b4cef69e3..41c1a9a0e4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
@@ -12,9 +12,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Maintain AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
index 4c2f33327f..814136c5f1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
index 56dcf21cac..63bcac7d18 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
index fdb57686ce..4b8c2836f8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index b38259298d..9df3828e59 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
index 182265d2e4..b588a17ed6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index f771463944..74a9350ddd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/13/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
index c60158c407..b45b475826 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
index 4b3bb3f464..5deca1e65f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
index e2d6dd1988..3b4cf38cad 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
index b92733030c..642b8ea960 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
index d1c53d1412..150729a9d8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
index 772023138c..baee48ce11 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/15/2022
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
index 70b10a3c46..ac8ec9e988 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
index a9a7edb8f8..2e5f803568 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
index 8580a543c2..7fb6397c08 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
index 35e67a8b9a..bbb9138590 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
index 11c1b53405..2d9b935f73 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
index 6f70f979bd..47499212fa 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
index 92d977ca6a..f7ca9620ab 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/13/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index 80ca82b196..d763f4b0e4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
index 3ea8eca627..d151bd9066 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
index 8991037f4d..d400c84233 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
index 359939ee32..b788a6f151 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
index 303e8de3de..2d992cfb44 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
index 0b4db784ac..19e74d5246 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
index ae9f22bb2a..06884a0057 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
index 0920f34c34..2696d75f86 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
index 29453e1b5c..a89e0a624e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
index 1760a6c905..7dbac718ff 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
index 68e7b5b770..351eeb599a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index 77c83a4efb..2a927654c2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -11,7 +11,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.reviewer: 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 6b7bda08f8..e78953a494 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/07/2022
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
index aca8d806d7..e73b867fa3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
index 886cd66d27..4c9e95f7c1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
@@ -12,9 +12,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Using Event Viewer with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
index c407320e8f..0ec75fc106 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
index ecbdc3515e..3f53833251 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
index f6718a2f98..252b66b015 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
index b2045a212e..85bfc0c2f0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
index e5b9ec21cc..e746c84f0f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
@@ -14,6 +14,7 @@ ms.localizationpriority: medium
 msauthor: v-anbic
 ms.date: 08/27/2018
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Working with AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index 1aa3c8a019..acdfc6b79b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 05/03/2021
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Use audit events to create WDAC policy rules and Convert **base** policy from audits to enforced
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
index 2dc654001c..ca6fa6c251 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 05/03/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Use audit events to create WDAC policy rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index f078f7a073..c15b97399b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 08/26/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Automatically allow apps deployed by a managed installer with Windows Defender Application Control
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
index c24b6295c9..d1947bc8fe 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 11/11/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Managed installer and ISG technical reference and troubleshooting guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index d0be24f470..982c07dd6a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -10,7 +10,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.topic: conceptual
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
index a7ea499e26..453207654b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 08/08/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Create a WDAC policy using a reference computer
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
index 4e2096d5c5..935140572c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
@@ -9,12 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: vinpa
 manager: aaroncz
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Guidance on Creating WDAC Deny Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
index 0fdfc798f0..a100094dc2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@@ -10,7 +10,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
index 7878df99b7..aa3f0aa5f6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
@@ -10,7 +10,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index 36526d5e74..73d75a96d8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -10,7 +10,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.topic: conceptual
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jgeurten
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index 1d07caffe7..36a2141386 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 07/19/2021
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Use multiple Windows Defender Application Control Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
index d66bca3105..72b2f4c5a2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
@@ -3,7 +3,6 @@ title: Deploy Windows Defender Application Control policies with Configuration M
 description: You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
 ms.prod: windows-client
 ms.technology: itpro-security
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: aaroncz
 ms.author: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 9beafe889b..da03a2f08c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -4,13 +4,12 @@ description: Use scripts to deploy Windows Defender Application Control (WDAC) p
 keywords: security, malware
 ms.prod: windows-client
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: aaroncz
 ms.author: jogeurte
 ms.manager: jsuther
 manager: aaroncz
-ms.date: 10/06/2022
+ms.date: 12/03/2022
 ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
@@ -29,13 +28,22 @@ ms.localizationpriority: medium
 
 This article describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host.
 
-> [!NOTE]
-> To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
-
-## Deploying policies for Windows 10 version 1903 and above
-
 You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 
+## Deploying policies for Windows 11 22H2 and above
+
+You can use [citool.exe](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **&lt;Path to policy binary file to deploy&gt;** in the example below with the actual path to your WDAC policy binary file.
+
+```powershell
+# Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
+$PolicyBinary = "<Path to policy binary file to deploy>"
+citool.exe --update-policy $PolicyBinary --json
+```
+
+## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above
+
+To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
+
 1. Initialize the variables to be used by the script.
 
     ```powershell
@@ -58,7 +66,9 @@ You should now have one or more WDAC policies converted into binary form. If not
    & $RefreshPolicyTool
    ```
 
-## Deploying policies for Windows 10 versions earlier than 1903
+## Deploying policies for all other versions of Windows and Windows Server
+
+Use WMI to apply policies on all other versions of Windows and Windows Server.
 
 1. Initialize the variables to be used by the script.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
index 3ff41f6ec0..f0c1ff7b47 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 10/06/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Deploy Windows Defender Application Control policies by using Group Policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
index f4b43a2558..14716db117 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
@@ -4,7 +4,6 @@ description: You can use an MDM like Microsoft Intune to configure Windows Defen
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md
index 5a4f9be3f6..2414d5dd4e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md
@@ -4,7 +4,6 @@ description: WDAC script enforcement
 keywords: security, malware
 ms.prod: windows-client
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
index 526551ec0e..644f65163a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 11/04/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Remove Windows Defender Application Control (WDAC) policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
index b7c381d70d..0bf9b9d1f5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
@@ -4,7 +4,6 @@ description: Learn how to switch a WDAC policy from audit to enforced mode.
 keywords: security, malware
 ms.prod: windows-client
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index abe6093543..4b9c9e64bd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -4,7 +4,6 @@ description: Learn what different Windows Defender Application Control event IDs
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
@@ -189,3 +188,4 @@ A list of other relevant event IDs and their corresponding description.
 | 3110 | Windows mode change event was unsuccessful. |
 | 3111 | The file under validation didn't meet the hypervisor-protected code integrity (HVCI) policy. |
 | 3112 | The file under validation is signed by a certificate that has been explicitly revoked by Windows. |
+| 3114 | Dynamic Code Security opted the .NET app or DLL into Application Control policy validation. The file under validation didn't pass your policy and was blocked. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index ee37a71bca..f358465735 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.date: 07/13/2021
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Understanding Application Control event tags
diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
index 2c666bad22..0286b18ad3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
@@ -10,7 +10,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 4da8421cfe..23e85b02c4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -4,7 +4,6 @@ description: Compare Windows Defender Application Control (WDAC) and AppLocker f
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: aaroncz
 ms.author: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index 5dd1e3fd49..6602ab9a3c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -4,14 +4,11 @@ title: Application Control for Windows
 metadata:
   title: Application Control for Windows
   description: Landing page for Windows Defender Application Control
-# services: service
-# ms.service: microsoft-WDAC-AppLocker
-# ms.subservice: Application-Control
-# ms.topic: landing-page
-# author: Kim Klein
-# ms.author: Jordan Geurten
-# manager: Jeffrey Sutherland
-# ms.update: 04/30/2021
+  ms.topic: landing-page
+  author: vinaypamnani-msft
+  ms.author: vinpa
+  manager: aaroncz
+  ms.date: 12/07/2022
 # linkListType: overview | how-to-guide | tutorial | video
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
index 77933f3967..5ccc7f5f17 100644
--- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.date: 05/29/2020
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Manage Packaged Apps with Windows Defender Application Control 
diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
index 19737f5a29..80865556cc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
@@ -4,7 +4,6 @@ description: Learn how to merge WDAC policies as part of your policy lifecycle m
 keywords: security, malware
 ms.prod: windows-client
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 407e490e72..68be5afd9a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -4,7 +4,6 @@ description: View a list of recommended block rules, based on knowledge shared b
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jgeurten
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 25e864f812..fc266be640 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -10,7 +10,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 author: jgeurten
 ms.reviewer: jsuther
@@ -18,6 +17,7 @@ ms.author: vinpa
 manager: aaroncz
 ms.date: 11/01/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Microsoft recommended driver block rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
index 88273c3c74..e9f786a561 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
+++ b/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
@@ -3,15 +3,15 @@ title: Managing CI Policies and Tokens with CiTool
 description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool
 author: valemieux
 ms.author: jogeurte
-ms.reviewer: jogeurte
+ms.reviewer: jsuther1974
 ms.topic: how-to
-ms.date: 08/07/2022
+ms.date: 12/03/2022
 ms.custom: template-how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ---
 
-# Manage Windows Defender Application Control (WDAC) Policies with CI Tool
+# CITool.exe technical reference
 
 CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins.  CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CI Tool to update and manage policies.  CI Tool is currently included in Windows 11, version 22H2.
 
@@ -21,7 +21,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi
 |--------|---------|---------|
 | --update-policy `</Path/To/Policy/File>` | Add or update a policy on the current system | -up |
 | --remove-policy `<PolicyGUID>` | Remove a policy indicated by PolicyGUID from the system | -rp |
-| --list-policies | Dump information about all policies on the system, whether they are active or not | -lp |
+| --list-policies | Dump information about all policies on the system, whether they're active or not | -lp |
 
 ## Token Commands
 
@@ -32,7 +32,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi
 | --list-tokens | Dump information about all tokens on the system | -lt |
 
 > [!NOTE]
-> Regarding --add-token, if `<ID>` is specified, a pre-existing token with `<ID>` should not exist.
+> Regarding `--add-token`, if `<ID>` is specified, a pre-existing token with `<ID>` should not exist.
 
 ## Miscellaneous Commands
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
index 675fba1e03..9a7322339f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
+++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
@@ -4,7 +4,6 @@ description: WDAC Known Issues
 keywords: security, malware
 ms.prod: windows-client
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
index 08f23bb4ca..3650147424 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 11/02/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Plan for Windows Defender Application Control lifecycle policy management
diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
index e9cef369c8..edebf6678f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.date: 03/01/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Querying Application Control events centrally using Advanced hunting  
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 836db5154a..d14c84c13f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: vinpa
 manager: aaroncz
 ms.date: 08/29/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Understand Windows Defender Application Control (WDAC) policy rules and file rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
index 7122339287..75657fc814 100644
--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.date: 03/01/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Windows Defender Application Control deployment in different scenarios: types of devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index 6627e9c50a..0e68f7beb2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -10,12 +10,12 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 ms.date: 02/08/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Understand Windows Defender Application Control policy design decisions 
diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md
index 2f9f3c81b4..0a270415dc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md
@@ -3,13 +3,13 @@ title: Understanding Windows Defender Application Control (WDAC) secure settings
 description: Learn about secure settings in Windows Defender Application Control.
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: vinpa
 ms.author: jogeurte
 manager: aaroncz
 ms.date: 10/11/2021
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Understanding WDAC Policy Settings
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index 44e011b695..e73d92001f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -10,7 +10,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.topic: conceptual
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index 48758015d3..6e3ec4c7fb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -11,7 +11,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.topic: conceptual
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 manager: aaroncz
@@ -32,7 +31,7 @@ ms.technology: itpro-security
 >
 > You can continue to use the current Device Guard Signing Service v2 (DGSS) capabilities until that time. DGSS will be replaced by the [Azure Code Signing service (ACS)](https://aka.ms/AzureCodeSigning) and will support your Windows Defender Application Control (WDAC) policy and catalog file signing needs.
 
-The Device Guard Signing Service v2 (DGSS) is a code signing service that comes with your existing Microsoft Store for Business and Education tenant account. You can use the DGSS to sign catalog files and Windows Defender Application Control (WDAC) policies
+The Device Guard Signing Service v2 (DGSS) is a code signing service that comes with your existing Microsoft Store for Business and Education tenant account. You can use the DGSS to sign catalog files and Windows Defender Application Control (WDAC) policies.
 
 ## Set up permissions for DGSS signing in the Microsoft Store for Business and Education
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 679f8ee56b..60174cc444 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -10,7 +10,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 ms.topic: conceptual
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index 6830e5bbcd..3d284b33dd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -11,11 +11,11 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.date: 11/02/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
index 9e5568c30d..d00682891d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
 ms.date: 08/10/2022
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Windows Defender Application Control (WDAC) and .NET
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
index a5d9f79a3f..8f03c660cd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@@ -9,12 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Authorize reputable apps with the Intelligent Security Graph (ISG)
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index 4eda9d1fff..1cac513952 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: vinaypamnani-msft
 ms.reviewer: isbrahm
 ms.author: vinpa
@@ -17,6 +16,7 @@ manager: aaroncz
 ms.date: 09/30/2020
 ms.custom: asr
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Windows Defender Application Control and AppLocker Overview
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
index 1676591088..b4c9fd2969 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: isbrahm
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
index 05d77d395a..53a8d5c954 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: isbrahm
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
index 04dc388298..89d6fab2aa 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: isbrahm
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
index 1546604828..be4fce9d9b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: isbrahm
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
index f584befef7..cc3fb987e1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
@@ -4,7 +4,6 @@ description: The Windows Defender Application Control policy wizard tool allows
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: isbrahm
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
index c8a1476cff..938e4370ae 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@@ -4,7 +4,6 @@ description: Learn how to plan and implement a WDAC deployment.
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
-ms.collection: M365-security-compliance
 author: jgeurten
 ms.reviewer: aaroncz
 ms.author: jogeurte
@@ -32,7 +31,7 @@ Before you deploy your WDAC policies, you must first convert the XML to its bina
 
    ```powershell
     ## Update the path to your WDAC policy XML
-    $WDACPolicyXMLFile = $env:USERPROFILE"\Desktop\MyWDACPolicy.xml"
+    $WDACPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyWDACPolicy.xml"
     [xml]$WDACPolicy = Get-Content -Path $WDACPolicyXMLFile
     if (($WDACPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022)
     {
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
index 6a441bfedb..4b3cdb445f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
index 5dd2b71791..4a03e5ee20 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
@@ -9,13 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: vinpa
 manager: aaroncz
 ms.date: 03/16/2020
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Windows Defender Application Control operational guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
index b0da802f2e..6ac671b28d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@@ -10,7 +10,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 author: vinaypamnani-msft
 ms.reviewer: isbrahm
@@ -19,6 +18,7 @@ manager: aaroncz
 ms.date: 05/26/2020
 ms.custom: asr
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Application Control for Windows
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
index 211e327035..b85fb0dfe8 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
@@ -1,19 +1,12 @@
 ---
 title: Account protection in the Windows Security app
 description: Use the Account protection section to manage security for your account and sign in to Microsoft.
-keywords: account protection, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide, Windows Defender SmartScreen, SmartScreen Filter, Windows SmartScreen
-search.product: eADQiWindows 10XVcnh
 ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
-manager: aaroncz
+ms.date: 12/31/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 
@@ -21,8 +14,7 @@ ms.technology: itpro-security
 
 **Applies to**
 
-- Windows 10
-- Windows 11
+- Windows 10 and later
 
 The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list: 
 
@@ -32,7 +24,6 @@ The **Account protection** section contains information and settings for account
 
 You can also choose to hide the section from users of the device. This is useful if you don't want your employees to access or view user-configured options for these features.
 
-
 ## Hide the Account protection section
 
 You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
index 8744e633e8..817ff1949e 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@@ -1,28 +1,20 @@
 ---
 title: App & browser control in the Windows Security app
 description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
-keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
-search.product: eADQiWindows 10XVcnh
 ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
+ms.date: 12/31/2018
 manager: aaroncz
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # App and browser control
 
 **Applies to**
 
-- Windows 10
-- Windows 11
+- Windows 10 and later
 
 The **App and browser control** section contains information and settings for Windows Defender SmartScreen. IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview).
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index a4d1b860ad..1aed92dc61 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -1,27 +1,19 @@
 ---
 title: Customize Windows Security contact information
 description: Provide information to your employees on how to contact your IT department when a security issue occurs
-keywords: wdsc, security center, defender, notification, customize, contact, it department, help desk, call, help site
-search.product: eADQiWindows 10XVcnh
 ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
-manager: aaroncz
+ms.date: 12/31/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Customize the Windows Security app for your organization
 
 **Applies to**
 
-- Windows 10
-- Windows 11
+- Windows 10 and later
 
 You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
 
@@ -43,8 +35,6 @@ You must have Windows 10, version 1709 or later. The ADMX/ADML template files fo
 
 There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information.
 
-This can only be done in Group Policy.
-
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
 
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
@@ -55,6 +45,9 @@ This can only be done in Group Policy.
 
     1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
 
+        > [!NOTE]
+        > This can only be done in Group Policy.
+
     2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Click **OK**.
 
 5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
@@ -66,5 +59,7 @@ This can only be done in Group Policy.
 
 7. Select **OK** after you configure each setting to save your changes.
 
->[!IMPORTANT]
->You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
+To enable the customized notifications and add the contact information in Intune, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy) and [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings).
+
+> [!IMPORTANT]
+> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
index ab88f6b52c..bfc66838f7 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
@@ -1,19 +1,12 @@
 ---
 title: Device & performance health in the Windows Security app
 description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
-keywords: wdsc, windows update, storage, driver, device, installation, battery, health, status
-search.product: eADQiWindows 10XVcnh
+ms.date: 12/31/2018
 ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
-manager: aaroncz
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
index ef5178a8fb..d56e6ecd4f 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
@@ -1,27 +1,20 @@
 ---
 title: Device security in the Windows Security app
 description: Use the Device security section to manage security built into your device, including virtualization-based security.
-keywords: device security, device guard, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
-search.product: eADQiWindows 10XVcnh
 ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
+ms.date: 12/31/2018
 manager: aaroncz
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Device security
 
 **Applies to**
 
-- Windows 10
-- Windows 11
+- Windows 10 and later
 
 The **Device security** section contains information and settings for built-in device security.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
index 5b3d707b6d..f4a6bb11c6 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
@@ -1,19 +1,12 @@
 ---
 title: Family options in the Windows Security app
 description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
-keywords: wdsc, family options, hide, suppress, remove, disable, uninstall, kids, parents, safety, parental, child, screen time
-search.product: eADQiWindows 10XVcnh
 ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
-manager: aaroncz
+ms.date: 12/31/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 
@@ -21,8 +14,7 @@ ms.technology: itpro-security
 
 **Applies to**
 
-- Windows 10
-- Windows 11
+- Windows 10 and later
 
 The **Family options** section contains links to settings and further information for parents of a Windows 10 PC. It isn't intended for enterprise or business environments.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
index 9c3ba56cc6..1d0d162d10 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -1,18 +1,11 @@
 ---
 title: Firewall and network protection in the Windows Security app
 description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
-keywords: wdsc, firewall, windows defender firewall, network, connections, domain, private network, publish network, allow firewall, firewall rule, block firewall
-search.product: eADQiWindows 10XVcnh
-ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
-manager: aaroncz
+ms.date: 12/31/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
index da06b84e9f..8ca7f8d1c1 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@@ -1,27 +1,19 @@
 ---
 title: Hide notifications from the Windows Security app
 description: Prevent Windows Security app notifications from appearing on user endpoints
-keywords: defender, security center, app, notifications, av, alerts
-search.product: eADQiWindows 10XVcnh
 ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 
-ms.reviewer: 
-manager: aaroncz
+ms.date: 12/31/2018
 ms.technology: itpro-security
+ms.topic: article
 ---
 
 # Hide Windows Security app notifications
 
 **Applies to**
 
-- Windows 10
-- Windows 11
+- Windows 10 and later
 
 The Windows Security app is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
index 21ebc8e722..cfb558208e 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -13,6 +13,8 @@ ms.author: vinpa
 ms.reviewer: 
 manager: aaroncz
 ms.technology: itpro-security
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # Virus and threat protection
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
index 4777c6863d..a3773ffe67 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@@ -14,6 +14,7 @@ ms.date: 04/30/2018
 ms.reviewer: 
 manager: aaroncz
 ms.technology: itpro-security
+ms.topic: how-to
 ---
 
 # Manage Windows Security in Windows 10 in S mode
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index d34c5fc2b0..3f25837b24 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -11,6 +11,8 @@ manager: aaroncz
 ms.technology: itpro-security
 ms.collection: 
   - highpri
+ms.date: 12/31/2017
+ms.topic: article
 ---
 
 # The Windows Security app
diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
index a5a4b985e6..1404209dea 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -14,6 +14,7 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.date: 03/01/2019
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10
diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
index e4715791d7..929c7d815b 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
@@ -13,6 +13,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
+ms.topic: conceptual
 ---
 
 # System Guard Secure Launch and SMM protection
diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index 599f606eb6..272fed2a81 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
index 36d687c819..12a0d5018e 100644
--- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index 29758cdb89..5bb2312dbe 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
index 5dbd0f57e6..4aeb22b1f0 100644
--- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -13,7 +13,6 @@ author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/07/2021
diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
index 011af27334..11fb40c04f 100644
--- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
 appliesto: 
@@ -21,6 +20,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.date: 12/31/2017
 ---
 
 # Basic Firewall Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
index eeb43f2414..c3caab02c2 100644
--- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
+++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
@@ -13,7 +13,6 @@ ms.localizationpriority: medium
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: article
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
index 5f387ab500..35518f5c27 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index ddf9562c69..fc8ce50228 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
index 69e583f17a..7684a782be 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index 147120e57c..ae9e0d2610 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
index cba7590b63..98faaf9390 100644
--- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
+++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
index 6cabec1bf7..6e55af017d 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
index f07cb38e30..42dedfb5a6 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index 3b68925db4..7a27fdafd9 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
index 41a43f9038..e13496eb9d 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
index 389b23caf6..1a33764cd6 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
index aea70dd3ea..146c7be617 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
index b7921828f2..2437571f7b 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
index de58dbc7eb..a334a5eedd 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
index 54b97c48ac..556a01f1c5 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index c13d088e5d..7a3a496e98 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
index 53258f6a73..70b910425b 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 11b301d872..f5cc9a2ba8 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index eb3067f9be..ce9abfe303 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index f3889b86b2..db49df08e9 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
index 0b796f7211..60e8551837 100644
--- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
+++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
index 767fc1f408..089e73a9ab 100644
--- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index 100761b6b1..2526c140bf 100644
--- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
index a2f9b0187f..dc610001a5 100644
--- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
index d20d03f5d7..35828e953a 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
index bc9c1a9e12..c025101f58 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
index df6d6a8219..3e77330596 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
@@ -19,6 +19,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.topic: conceptual
 ---
 
 # Configure the Workstation Authentication Certificate Template
diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index 8ec39eb754..26b8f6be29 100644
--- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
index 503e1a1509..5c43673b29 100644
--- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
index cae3c81088..ed4354a524 100644
--- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
index b2add7fde0..1987320e47 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
index c714c14def..f8f7c3977f 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
@@ -13,7 +13,6 @@ author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/07/2021
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
index fb37c6b565..7a0d8b8743 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
index e1b9c05bb2..1c1d6c0e60 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
index f89624ab3a..8045d1975d 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
index 3a2283e1cd..ea3861bad7 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
@@ -13,7 +13,6 @@ author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/07/2021
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
index 23682f8f12..5c79645f58 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
index 83e8906a26..9ce8ea91f2 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 audience: ITPro
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
index b9cfe0dd86..02116e5f9f 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
index f9e1408e99..4ecf74444b 100644
--- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
+++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index a3d1293e65..4782bb53e2 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.technology: itpro-security
 appliesto: 
@@ -16,6 +15,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.date: 12/31/2017
 ---
 
 # Create Windows Firewall rules in Intune
diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
index 591aa2000d..77ea069a39 100644
--- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -8,7 +8,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/07/2021
diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
index 7cdf313e6c..5d7dc149f9 100644
--- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
index e4f4c426db..68a9b98493 100644
--- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
index ecd84a43b9..8694e3c9fc 100644
--- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
index 9e3463ee29..60932b1a3d 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index 1e198851ed..d906a7fa27 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
index 0f5acc57e9..8e5cbc491c 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
index c77a74cf72..818f3191e4 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/07/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
index ae7e6858d2..ec8427d677 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md
index bd4e7b1f25..0cf4b23338 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 731c0ad6fe..759c9f4ce3 100644
--- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
index d14ee96cbf..a37aa1bb81 100644
--- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md
index 1fffa210de..e90686a631 100644
--- a/windows/security/threat-protection/windows-firewall/exemption-list.md
+++ b/windows/security/threat-protection/windows-firewall/exemption-list.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
index 1b297a4a99..9f9f8dbc43 100644
--- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
@@ -7,9 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: normal
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: 
-  - m365-security-compliance
-  - m365-initiative-windows-security
 ms.topic: troubleshooting
 ms.technology: itpro-security
 appliesto: 
@@ -18,6 +15,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.date: 12/31/2017
 ---
 
 # Filter origin audit log improvements
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
index 0092797805..08a86364ba 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index 5b30251565..948e5e1bab 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
index c18f9f8d11..ae7a47f809 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
@@ -7,9 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: 
-  - m365-security-compliance
-  - m365-initiative-windows-security
 ms.topic: troubleshooting
 ms.technology: itpro-security
 appliesto: 
@@ -18,6 +15,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.date: 12/31/2017
 ---
 
 # Troubleshooting Windows Firewall settings after a Windows upgrade
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
index ba94e03160..7e8e014d6c 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
index 62a1db3b76..5a815ce133 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
index 6eba9eaa00..c004735816 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
index fbbc390730..8655113adc 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
index 4d8b90e2f1..27014f95a8 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
index 2e0dfd5e6b..e01a4c33c8 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
index c16453f08a..abf7fcbadf 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
@@ -5,7 +5,6 @@ ms.reviewer: jekrynit
 ms.author: paoloma
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.prod: windows-client
 ms.localizationpriority: medium
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
index 1588f6d060..19d5d2f4fe 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
index 82ef3d2e1d..8147d76ef7 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
index 82b84d2890..fadc52139d 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index ff2b90f628..877c262554 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index b2b6b365fc..c745825369 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
index e0ce74ae93..2cede95e14 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md
index 062814252f..2f854ff73f 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
index 561d3ab30f..5724da80ea 100644
--- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
+++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.reviewer: jekrynit
diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
index 9d5d01e830..f3eb72f2e3 100644
--- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
+++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 9290de13c5..b0597ddac5 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index 969256d600..2db48a89d3 100644
--- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
index b028f16bd9..e55dca92b4 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index c71a87bdc4..0dead272e0 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -8,7 +8,6 @@ ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/08/2021
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index 7f35f2c4e3..f51325daf5 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
index a3d6128d8e..85c5fb4099 100644
--- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
index 5d059e7bc3..b0b4bc000c 100644
--- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
index ea204961e8..a29847e44c 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index 6931536f0f..7e46a275c4 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 04a0e7ccdd..02e00fb3c5 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
index b5d583e0e9..4eefdea9e1 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
index d91b63d005..4515218f2b 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
index 9175be95f8..c96545cf8b 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index 1f59adb3cf..027506a427 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
index 8e5f1ac2f9..572fa33116 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
index c0aa22cdbb..e9691ceada 100644
--- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index b43ec8cc93..22b46bd189 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
index a91f2973da..430a461918 100644
--- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index 45506318ea..3cb9728be9 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/18/2022
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md
index 8cae981937..55de70d2af 100644
--- a/windows/security/threat-protection/windows-firewall/quarantine.md
+++ b/windows/security/threat-protection/windows-firewall/quarantine.md
@@ -7,7 +7,6 @@ manager: aaroncz
 ms.reviewer: jekrynit
 ms.prod: windows-client
 ms.localizationpriority: normal
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index 49ce9f4442..d478752b6a 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
index 5085bc1098..efc90aca28 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index b22bd127a3..7dca23dc7e 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
index b729ccfeb1..091d80f05a 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index f30c95e52c..03f3651091 100644
--- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.reviewer: jekrynit
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
index 5a4635e28f..f4d1fc60c6 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
index 00c2d9cd9a..97ae77f6c1 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index cab997937a..1b500c186c 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index 1d10511499..08eda94fb7 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -7,9 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: 
-  - m365-security-compliance
-  - m365-initiative-windows-security
 ms.topic: troubleshooting
 ms.technology: itpro-security
 appliesto: 
@@ -18,6 +15,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.date: 12/31/2017
 ---
 
 # Troubleshooting UWP App Connectivity Issues
diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
index 464d0a2e3d..5e70140b77 100644
--- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 40d884c100..cbf01ad656 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.reviewer: jekrynit
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
index 56fcc17fbc..f260e9c06d 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index 62117c90aa..cf9152516d 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.reviewer: jekrynit
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index a7027ab879..6a6d733678 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 3579f01b70..e095007a7d 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -7,7 +7,6 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 26eefe0a15..56c5f70707 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -7,7 +7,6 @@ author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 09/08/2021
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md
index 37bb6cb877..5d976ff196 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/threat-protection/windows-platform-common-criteria.md
@@ -5,7 +5,6 @@ ms.prod: windows-client
 ms.author: paoloma
 author: paolomatarazzo
 manager: aaroncz
-ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/4/2022
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index 82a8b404e8..0dfbc42f89 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -5,17 +5,14 @@ ms.prod: windows-client
 author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
-ms.collection: 
 ms.topic: article
-ms.localizationpriority: 
-ms.date: 
-ms.reviewer: 
+ms.date: 6/30/2022
 ms.technology: itpro-security
 ---
 
 # Windows Sandbox architecture
 
-Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs.
+Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs.
 
 ## Dynamically generated image
 
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 58fb302ed7..2b518a0153 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -8,9 +8,7 @@ manager: aaroncz
 ms.collection: 
   - highpri
 ms.topic: article
-ms.localizationpriority: medium
-ms.date: 
-ms.reviewer: 
+ms.date: 6/30/2022
 ms.technology: itpro-security
 ---
 
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 60ccff4e09..3987f694a9 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -8,13 +8,11 @@ manager: aaroncz
 ms.collection: 
   - highpri
 ms.topic: article
-ms.localizationpriority: 
-ms.date: 
-ms.reviewer: 
+ms.date: 6/30/2022
 ms.technology: itpro-security
 ---
 
-# Windows Sandbox 
+# Windows Sandbox
 
 Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.
 
@@ -51,7 +49,7 @@ Windows Sandbox has the following properties:
    - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:
 
      ```powershell
-     Set-VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true
+     Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
      ```
 
 3. Use the search bar on the task bar and type **Turn Windows Features on or off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
@@ -59,7 +57,11 @@ Windows Sandbox has the following properties:
    If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this analysis is incorrect, review the prerequisite list and steps 1 and 2.
 
    > [!NOTE]
-   > To enable Sandbox using PowerShell, open PowerShell as Administrator and run **Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online**.
+   > To enable Sandbox using PowerShell, open PowerShell as Administrator and run the following command:
+   > 
+   > ```powershell
+   > Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online
+   > ```
 
 4. Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
 
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
index cb62adc90c..65d2045cbc 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -6,7 +6,6 @@ ms.localizationpriority: medium
 ms.author: vinpa
 author: vinaypamnani-msft
 manager: aaroncz
-ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/19/2022
 ms.reviewer: jmunck
@@ -55,7 +54,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
 | Name | Build | Baseline Release Date | Security Tools |
 | ---- | ----- | --------------------- | -------------- |
 | Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br>|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2022<br>December 2021<br>May 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2022<br>December 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) |
 
 <br />
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 11b8b102dd..b08b62f673 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -7,7 +7,6 @@ ms.author: vinpa
 author: vinaypamnani-msft
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 02/14/2022
@@ -32,7 +31,6 @@ The Security Compliance Toolkit consists of:
 -   Windows 10 security baselines
     -   Windows 10, version 22H2
     -   Windows 10, version 21H2
-    -   Windows 10, version 21H1
     -   Windows 10, version 20H2
     -   Windows 10, version 1809
     -   Windows 10, version 1607
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index 47647ffae7..0c513379b1 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -7,7 +7,6 @@ ms.author: vinpa
 author: vinaypamnani-msft
 manager: aaroncz
 ms.collection: 
-  - M365-security-compliance
   - highpri
 ms.topic: conceptual
 ms.date: 01/26/2022
diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index 84ff0bde52..d6159d39a6 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -6,14 +6,14 @@ ms.topic: article
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
-ms.collection: M365-security-compliance
 ms.custom: intro-overview
 ms.prod: windows-client
 ms.technology: itpro-security
+ms.date: 12/31/2017
 ---
 
 # Zero Trust and Windows device health
-Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps addresses today's complex environments.
+Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps address today's complex environments.
 
 The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) principles are:
 
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 12880bd7ef..3c58ebfc65 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
-ms.date: 10/28/2022
+ms.date: 12/05/2022
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
@@ -23,10 +23,12 @@ Each version of Windows client adds new features and functionality. Occasionally
 
 For more information about features in Windows 11, see [Feature deprecations and removals](https://www.microsoft.com/windows/windows-11-specifications#table3).
 
-To understand the distinction between _deprecation_ and _removal_, see [Windows client features lifecycle](feature-lifecycle.md).
+To understand the distinction between *deprecation* and *removal*, see [Windows client features lifecycle](feature-lifecycle.md).
 
 The features in this article are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
 
+## Deprecated features
+
 **The following list is subject to change and might not include every affected feature or functionality.**
 
 > [!NOTE]
@@ -34,6 +36,8 @@ The features in this article are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Deprecation announced |
 | ----------- | --------------------- | ---- |
+| Universal Windows Platform (UWP) Applications for 32-bit Arm <!--7116112-->| This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.</br> </br> Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 |
+| Update Compliance <!--7260188-->| [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
 | Windows Information Protection <!-- 6010051 --> | [Windows Information Protection](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).<br> <br>For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
 | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**<br>Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
diff --git a/windows/whats-new/images/ICD.png b/windows/whats-new/images/ICD.png
deleted file mode 100644
index 9cfcb845df..0000000000
Binary files a/windows/whats-new/images/ICD.png and /dev/null differ
diff --git a/windows/whats-new/images/block-suspicious-behaviors.png b/windows/whats-new/images/block-suspicious-behaviors.png
deleted file mode 100644
index 31a2cf5727..0000000000
Binary files a/windows/whats-new/images/block-suspicious-behaviors.png and /dev/null differ
diff --git a/windows/whats-new/images/compare-changes.png b/windows/whats-new/images/compare-changes.png
deleted file mode 100644
index 0d86db70f5..0000000000
Binary files a/windows/whats-new/images/compare-changes.png and /dev/null differ
diff --git a/windows/whats-new/images/contribute-link.png b/windows/whats-new/images/contribute-link.png
deleted file mode 100644
index 4cf685e54e..0000000000
Binary files a/windows/whats-new/images/contribute-link.png and /dev/null differ
diff --git a/windows/whats-new/images/funfacts.png b/windows/whats-new/images/funfacts.png
deleted file mode 100644
index 71355ec370..0000000000
Binary files a/windows/whats-new/images/funfacts.png and /dev/null differ
diff --git a/windows/whats-new/images/ldstore.PNG b/windows/whats-new/images/ldstore.PNG
deleted file mode 100644
index 63f0eedee7..0000000000
Binary files a/windows/whats-new/images/ldstore.PNG and /dev/null differ
diff --git a/windows/whats-new/images/lockscreen.png b/windows/whats-new/images/lockscreen.png
deleted file mode 100644
index 68c64e15ec..0000000000
Binary files a/windows/whats-new/images/lockscreen.png and /dev/null differ
diff --git a/windows/whats-new/images/lockscreenpolicy.png b/windows/whats-new/images/lockscreenpolicy.png
deleted file mode 100644
index 30b6a7ae9d..0000000000
Binary files a/windows/whats-new/images/lockscreenpolicy.png and /dev/null differ
diff --git a/windows/whats-new/images/pencil-icon.png b/windows/whats-new/images/pencil-icon.png
deleted file mode 100644
index 82fe7852dd..0000000000
Binary files a/windows/whats-new/images/pencil-icon.png and /dev/null differ
diff --git a/windows/whats-new/images/preview-changes.png b/windows/whats-new/images/preview-changes.png
deleted file mode 100644
index cb4ecab594..0000000000
Binary files a/windows/whats-new/images/preview-changes.png and /dev/null differ
diff --git a/windows/whats-new/images/propose-file-change.png b/windows/whats-new/images/propose-file-change.png
deleted file mode 100644
index aedbc07b16..0000000000
Binary files a/windows/whats-new/images/propose-file-change.png and /dev/null differ
diff --git a/windows/whats-new/images/spotlight.png b/windows/whats-new/images/spotlight.png
deleted file mode 100644
index 515269740b..0000000000
Binary files a/windows/whats-new/images/spotlight.png and /dev/null differ
diff --git a/windows/whats-new/images/video-1709.jpg b/windows/whats-new/images/video-1709.jpg
deleted file mode 100644
index b54fe67cf6..0000000000
Binary files a/windows/whats-new/images/video-1709.jpg and /dev/null differ
diff --git a/windows/whats-new/images/video-1709s.jpg b/windows/whats-new/images/video-1709s.jpg
deleted file mode 100644
index 7abc313dd8..0000000000
Binary files a/windows/whats-new/images/video-1709s.jpg and /dev/null differ
diff --git a/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar.png b/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar.png
deleted file mode 100644
index 1f997e62f9..0000000000
Binary files a/windows/whats-new/images/windows-11-whats-new/windows-11-taskbar.png and /dev/null differ
diff --git a/windows/whats-new/images/windows-defender-atp.png b/windows/whats-new/images/windows-defender-atp.png
deleted file mode 100644
index 938ac2c72d..0000000000
Binary files a/windows/whats-new/images/windows-defender-atp.png and /dev/null differ
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index 4ebad1267c..66e69fb814 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -9,6 +9,7 @@ ms.localizationpriority: low
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # Windows 10 Enterprise LTSC
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
index 8d02105a34..60f00167d7 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@@ -9,6 +9,7 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2015
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index ff84fce008..43da9f13c3 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -9,6 +9,7 @@ author: aczechowski
 ms.localizationpriority: low
 ms.topic: article
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2016
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 99bbdce00b..ac0e6ef2cc 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -11,6 +11,7 @@ ms.topic: article
 ms.collection: 
   - highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2019
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
index 6c8dc542bc..ac2853f72a 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@@ -11,6 +11,7 @@ ms.topic: article
 ms.collection: 
   - highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2021
diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
index 66b6c21f4d..8c1413f87f 100644
--- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
+++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, versions 1507 and 1511 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index 5d80c4bdea..b37fc54c61 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -10,6 +10,7 @@ ms.author: aaroncz
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 1607 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md
index d56bac40df..0b0ebd0b2a 100644
--- a/windows/whats-new/whats-new-windows-10-version-1703.md
+++ b/windows/whats-new/whats-new-windows-10-version-1703.md
@@ -10,6 +10,7 @@ ms.author: aaroncz
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 1703 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md
index df9f38a3c3..24468089e9 100644
--- a/windows/whats-new/whats-new-windows-10-version-1709.md
+++ b/windows/whats-new/whats-new-windows-10-version-1709.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 1709 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 3815add5bd..4bfc545809 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 1803 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index ced11ae8ad..776e3fd5fe 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 1809 for IT Pros
@@ -285,9 +286,12 @@ One of the things we’ve heard from you is that it’s hard to know when you’
 
 ## Remote Desktop with Biometrics
 
-Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
+Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol.
+Users using earlier versions of Windows 10 could authenticate to a remote desktop using Windows Hello for Business but were limited to using their PIN as their authentication gesture. Windows 10, version 1809 introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture.
 
-To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and click **Connect**. Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also click **More choices** to choose alternate credentials. Windows uses facial recognition to authenticate the RDP session to the Windows Server 2016 Hyper-V server. You can continue to use Windows Hello for Business in the remote session, but you must use your PIN.
+Azure Active Directory and Active Directory users using Windows Hello for Business in a certificate trust model, can use biometrics to authenticate to a remote desktop session.
+
+To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the device you want to connect to, and select **Connect**. Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also select **More choices** to choose alternate credentials. Windows uses biometrics to authenticate the RDP session to the Windows device. You can continue to use Windows Hello for Business in the remote session, but in the remote session you must use the PIN.
 
 See the following example:
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md
index 1f6ccc5fac..703e8af27b 100644
--- a/windows/whats-new/whats-new-windows-10-version-1903.md
+++ b/windows/whats-new/whats-new-windows-10-version-1903.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 1903 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md
index f901253d51..9b27125a3b 100644
--- a/windows/whats-new/whats-new-windows-10-version-1909.md
+++ b/windows/whats-new/whats-new-windows-10-version-1909.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 1909 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index 5762e44a56..d61e9c57ec 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 2004 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md
index 1b1b11fb62..118d9441cc 100644
--- a/windows/whats-new/whats-new-windows-10-version-20H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-20H2.md
@@ -9,6 +9,7 @@ ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 20H2 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md
index 2e40e1ddd7..cdf34929de 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H1.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H1.md
@@ -9,6 +9,7 @@ ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 21H1 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md
index 5d8e006605..0b5aea83f8 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H2.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.collection: highpri
 ms.custom: intro-overview
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 10, version 21H2
diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md
index a36d8795f6..df8b5092e6 100644
--- a/windows/whats-new/whats-new-windows-11-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-11-version-22H2.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.collection: highpri
 ms.custom: intro-overview
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # What's new in Windows 11, version 22H2
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index 1a2f7d3b76..38dd1a3030 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -9,6 +9,7 @@ ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # Plan for Windows 11
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 1ae1ed1629..6f5f8d35ad 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -9,6 +9,7 @@ ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # Prepare for Windows 11
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index e72a69b1d0..4a63cc1f7c 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
 ms.technology: itpro-fundamentals
+ms.date: 12/31/2017
 ---
 
 # Windows 11 requirements
@@ -105,5 +106,5 @@ The VM host CPU must also meet Windows 11 [processor requirements](/windows-hard
 ## See also
 
 [Windows minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview)<br>
-[What's new in Windows 11 overview](windows-11-whats-new.md)
+[What's new in Windows 11 overview](/windows/whats-new/windows-11-overview)