From 10576d4195a40dd771a9f8bf57f9e1ce2feadf6d Mon Sep 17 00:00:00 2001
From: Samuel Yun <sam@samsyun.com>
Date: Tue, 20 Jun 2023 07:20:42 -0700
Subject: [PATCH 1/3] Update toc.yml - network security

---
 .../operating-system-security/network-security/toc.yml      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system-security/network-security/toc.yml b/windows/security/operating-system-security/network-security/toc.yml
index c62a6aaad4..f8ef3f19b2 100644
--- a/windows/security/operating-system-security/network-security/toc.yml
+++ b/windows/security/operating-system-security/network-security/toc.yml
@@ -1,8 +1,10 @@
 items:
   - name: Transport layer security (TLS) 🔗
     href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
-  - name: WiFi Security
+  - name: Wi-Fi Security
     href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
+  - name: Extensible Authentication Protocol (EAP) for network access
+    href: /windows-server/networking/technologies/extensible-authentication-protocol/network-access
   - name: Windows Firewall 🔗
     href: windows-firewall/windows-firewall-with-advanced-security.md
   - name: Virtual Private Network (VPN)
@@ -14,4 +16,4 @@ items:
   - name: Server Message Block (SMB) file service 🔗
     href: /windows-server/storage/file-server/file-server-smb-overview
   - name: Server Message Block Direct (SMB Direct) 🔗
-    href: /windows-server/storage/file-server/smb-direct
\ No newline at end of file
+    href: /windows-server/storage/file-server/smb-direct

From a9294c77992f46ff51367defb6a33c3612f5bfeb Mon Sep 17 00:00:00 2001
From: Sam Yun <microsoft.com>
Date: Tue, 20 Jun 2023 10:33:40 -0400
Subject: [PATCH 2/3] Link in VPN auth page

---
 .../network-security/vpn/vpn-authentication.md           | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
index 1fc65b4198..cbb238ee6a 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
@@ -1,7 +1,7 @@
 ---
 title: VPN authentication options 
 description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
-ms.date: 09/23/2021
+ms.date: 06/20/2023
 ms.topic: conceptual
 ---
 
@@ -9,7 +9,7 @@ ms.topic: conceptual
 
 In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
 
-Windows supports a number of EAP authentication methods. 
+Windows supports a number of EAP authentication methods.
 
 - EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2):
   - User name and password authentication
@@ -71,14 +71,14 @@ For a UWP VPN plug-in, the app vendor controls the authentication method to be u
 
 ## Configure authentication
 
-See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration. 
+See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration.
 
 >[!NOTE]
 >To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../../../identity-protection/hello-for-business/hello-identity-verification.md).
 
 The following image shows the field for EAP XML in a Microsoft Intune VPN profile. The EAP XML field only appears when you select a built-in connection type (automatic, IKEv2, L2TP, PPTP).
 
-:::image type="content" source="images/vpn-eap-xml.png" alt-text="EAP XML configuration in Intune profile.":::
+:::image type="content" source="images/vpn-eap-xml.png" alt-text="Screenshot showing EAP XML configuration in Intune profile.":::
 
 ## Related topics
 
@@ -90,3 +90,4 @@ The following image shows the field for EAP XML in a Microsoft Intune VPN profil
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
 - [VPN profile options](vpn-profile-options.md)
+- [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)

From dfb0e2eecfcfe6beb1c13341ead4d3ec30c7fde8 Mon Sep 17 00:00:00 2001
From: Sam Yun <microsoft.com>
Date: Tue, 20 Jun 2023 10:36:13 -0400
Subject: [PATCH 3/3] Acrolinx

---
 .../network-security/vpn/vpn-authentication.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
index cbb238ee6a..5b8c8be320 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
@@ -43,7 +43,7 @@ Windows supports a number of EAP authentication methods.
 
   - Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials.
 
-  - [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.
+  - [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it's possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.
 
 - Tunneled Transport Layer Security (TTLS)
   - Inner method