Merge branch 'main' into main

2025-05-18 08:17:23 +00:00 · 2022-11-29 16:36:32 -05:00 · 2022-11-29 16:36:32 -05:00 · 31d84d39a1
commit 31d84d39a1
parent a5bc253e9b 0f6fa2378e
40 changed files with 20084 additions and 18708 deletions
--- a/windows/client-management/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/enable-admx-backed-policies-in-mdm.md
@ -105,7 +105,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
   2. Find the variable names of the parameters in the ADMX file.
-      You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](mdm/policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
+      You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](mdm/policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2).
      ![Publishing server 2 policy description.](images/admx-appv-policy-description.png)
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@ -277,7 +277,7 @@ Specifies whether to allow Azure RMS encryption for Windows Information Protecti
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 <a href="" id="settings-smbautoencryptedfileextensions"></a>**Settings/SMBAutoEncryptedFileExtensions**
-Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames). Use semicolon (;) delimiter in the list.
+Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-csp-networkisolation.md) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-csp-networkisolation.md). Use semicolon (;) delimiter in the list.
 When this policy isn't specified, the existing auto-encryption behavior is applied.  When this policy is configured, only files with the extensions in the list will be encrypted.
 Supported operations are Add, Get, Replace and Delete. Value type is string.
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@ -21,32 +21,32 @@ ms.date: 07/22/2020
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
 - [Cryptography/AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
 - [Cryptography/TLSCipherSuites](policy-csp-cryptography.md#cryptography-tlsciphersuites)
- [Defender/AllowArchiveScanning](policy-csp-defender.md#defender-allowarchivescanning)
+- [Defender/AllowArchiveScanning](policy-csp-defender.md#allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#defender-allowbehaviormonitoring)
+- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#allowbehaviormonitoring)
- [Defender/AllowCloudProtection](policy-csp-defender.md#defender-allowcloudprotection)
+- [Defender/AllowCloudProtection](policy-csp-defender.md#allowcloudprotection)
- [Defender/AllowEmailScanning](policy-csp-defender.md#defender-allowemailscanning)
+- [Defender/AllowEmailScanning](policy-csp-defender.md#allowemailscanning)
- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
+- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#allowfullscanonmappednetworkdrives)
- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
+- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#allowfullscanremovabledrivescanning)
- [Defender/AllowIOAVProtection](policy-csp-defender.md#defender-allowioavprotection)
+- [Defender/AllowIOAVProtection](policy-csp-defender.md#allowioavprotection)
- [Defender/AllowOnAccessProtection](policy-csp-defender.md#defender-allowonaccessprotection)
+- [Defender/AllowOnAccessProtection](policy-csp-defender.md#allowonaccessprotection)
- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#defender-allowrealtimemonitoring)
+- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#allowrealtimemonitoring)
- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#defender-allowscanningnetworkfiles)
+- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#allowscanningnetworkfiles)
- [Defender/AllowScriptScanning](policy-csp-defender.md#defender-allowscriptscanning)
+- [Defender/AllowScriptScanning](policy-csp-defender.md#allowscriptscanning)
- [Defender/AllowUserUIAccess](policy-csp-defender.md#defender-allowuseruiaccess)
+- [Defender/AllowUserUIAccess](policy-csp-defender.md#allowuseruiaccess)
- [Defender/AvgCPULoadFactor](policy-csp-defender.md#defender-avgcpuloadfactor)
+- [Defender/AvgCPULoadFactor](policy-csp-defender.md#avgcpuloadfactor)
- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#defender-daystoretaincleanedmalware)
+- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#daystoretaincleanedmalware)
- [Defender/ExcludedExtensions](policy-csp-defender.md#defender-excludedextensions)
+- [Defender/ExcludedExtensions](policy-csp-defender.md#excludedextensions)
- [Defender/ExcludedPaths](policy-csp-defender.md#defender-excludedpaths)
+- [Defender/ExcludedPaths](policy-csp-defender.md#excludedpaths)
- [Defender/ExcludedProcesses](policy-csp-defender.md#defender-excludedprocesses)
+- [Defender/ExcludedProcesses](policy-csp-defender.md#excludedprocesses)
- [Defender/PUAProtection](policy-csp-defender.md#defender-puaprotection)
+- [Defender/PUAProtection](policy-csp-defender.md#puaprotection)
- [Defender/RealTimeScanDirection](policy-csp-defender.md#defender-realtimescandirection)
+- [Defender/RealTimeScanDirection](policy-csp-defender.md#realtimescandirection)
- [Defender/ScanParameter](policy-csp-defender.md#defender-scanparameter)
+- [Defender/ScanParameter](policy-csp-defender.md#scanparameter)
- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#defender-schedulequickscantime)
+- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#schedulequickscantime)
- [Defender/ScheduleScanDay](policy-csp-defender.md#defender-schedulescanday)
+- [Defender/ScheduleScanDay](policy-csp-defender.md#schedulescanday)
- [Defender/ScheduleScanTime](policy-csp-defender.md#defender-schedulescantime)
+- [Defender/ScheduleScanTime](policy-csp-defender.md#schedulescantime)
- [Defender/SignatureUpdateInterval](policy-csp-defender.md#defender-signatureupdateinterval)
+- [Defender/SignatureUpdateInterval](policy-csp-defender.md#signatureupdateinterval)
- [Defender/SubmitSamplesConsent](policy-csp-defender.md#defender-submitsamplesconsent)
+- [Defender/SubmitSamplesConsent](policy-csp-defender.md#submitsamplesconsent)
- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#defender-threatseveritydefaultaction)
+- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#threatseveritydefaultaction)
 - [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
 - [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
 - [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
--- a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
+++ b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
@ -0,0 +1,812 @@
 ---
 title: ADMX_MSS-legacy Policy CSP
 description: Learn more about the ADMX_MSS-legacy Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/29/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- ADMX_MSS-legacy-Begin -->
 # Policy CSP - ADMX_MSS-legacy
 > [!TIP]
 > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!-- ADMX_MSS-legacy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ADMX_MSS-legacy-Editable-End -->
 <!-- Pol_MSS_AutoAdminLogon-Begin -->
 ## Pol_MSS_AutoAdminLogon
 <!-- Pol_MSS_AutoAdminLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoAdminLogon-Applicability-End -->
 <!-- Pol_MSS_AutoAdminLogon-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoAdminLogon
 ```
 <!-- Pol_MSS_AutoAdminLogon-OmaUri-End -->
 <!-- Pol_MSS_AutoAdminLogon-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_AutoAdminLogon-Description-End -->
 <!-- Pol_MSS_AutoAdminLogon-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Enable Automatic Logon (not recommended).
 <!-- Pol_MSS_AutoAdminLogon-Editable-End -->
 <!-- Pol_MSS_AutoAdminLogon-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_AutoAdminLogon-DFProperties-End -->
 <!-- Pol_MSS_AutoAdminLogon-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_AutoAdminLogon-AdmxBacked-End -->
 <!-- Pol_MSS_AutoAdminLogon-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_AutoAdminLogon-Examples-End -->
 <!-- Pol_MSS_AutoAdminLogon-End -->
 <!-- Pol_MSS_AutoReboot-Begin -->
 ## Pol_MSS_AutoReboot
 <!-- Pol_MSS_AutoReboot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoReboot-Applicability-End -->
 <!-- Pol_MSS_AutoReboot-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoReboot
 ```
 <!-- Pol_MSS_AutoReboot-OmaUri-End -->
 <!-- Pol_MSS_AutoReboot-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_AutoReboot-Description-End -->
 <!-- Pol_MSS_AutoReboot-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Allow Windows to automatically restart after a system crash (recommended except for highly secure environments).
 <!-- Pol_MSS_AutoReboot-Editable-End -->
 <!-- Pol_MSS_AutoReboot-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_AutoReboot-DFProperties-End -->
 <!-- Pol_MSS_AutoReboot-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_AutoReboot-AdmxBacked-End -->
 <!-- Pol_MSS_AutoReboot-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_AutoReboot-Examples-End -->
 <!-- Pol_MSS_AutoReboot-End -->
 <!-- Pol_MSS_AutoShareServer-Begin -->
 ## Pol_MSS_AutoShareServer
 <!-- Pol_MSS_AutoShareServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoShareServer-Applicability-End -->
 <!-- Pol_MSS_AutoShareServer-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareServer
 ```
 <!-- Pol_MSS_AutoShareServer-OmaUri-End -->
 <!-- Pol_MSS_AutoShareServer-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_AutoShareServer-Description-End -->
 <!-- Pol_MSS_AutoShareServer-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Enable administrative shares on servers (recommended except for highly secure environments).
 <!-- Pol_MSS_AutoShareServer-Editable-End -->
 <!-- Pol_MSS_AutoShareServer-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_AutoShareServer-DFProperties-End -->
 <!-- Pol_MSS_AutoShareServer-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_AutoShareServer-AdmxBacked-End -->
 <!-- Pol_MSS_AutoShareServer-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_AutoShareServer-Examples-End -->
 <!-- Pol_MSS_AutoShareServer-End -->
 <!-- Pol_MSS_AutoShareWks-Begin -->
 ## Pol_MSS_AutoShareWks
 <!-- Pol_MSS_AutoShareWks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoShareWks-Applicability-End -->
 <!-- Pol_MSS_AutoShareWks-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareWks
 ```
 <!-- Pol_MSS_AutoShareWks-OmaUri-End -->
 <!-- Pol_MSS_AutoShareWks-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_AutoShareWks-Description-End -->
 <!-- Pol_MSS_AutoShareWks-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Enable administrative shares on workstations (recommended except for highly secure environments).
 <!-- Pol_MSS_AutoShareWks-Editable-End -->
 <!-- Pol_MSS_AutoShareWks-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_AutoShareWks-DFProperties-End -->
 <!-- Pol_MSS_AutoShareWks-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_AutoShareWks-AdmxBacked-End -->
 <!-- Pol_MSS_AutoShareWks-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_AutoShareWks-Examples-End -->
 <!-- Pol_MSS_AutoShareWks-End -->
 <!-- Pol_MSS_DisableSavePassword-Begin -->
 ## Pol_MSS_DisableSavePassword
 <!-- Pol_MSS_DisableSavePassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_DisableSavePassword-Applicability-End -->
 <!-- Pol_MSS_DisableSavePassword-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_DisableSavePassword
 ```
 <!-- Pol_MSS_DisableSavePassword-OmaUri-End -->
 <!-- Pol_MSS_DisableSavePassword-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_DisableSavePassword-Description-End -->
 <!-- Pol_MSS_DisableSavePassword-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Pol_MSS_DisableSavePassword-Editable-End -->
 <!-- Pol_MSS_DisableSavePassword-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_DisableSavePassword-DFProperties-End -->
 <!-- Pol_MSS_DisableSavePassword-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_DisableSavePassword-AdmxBacked-End -->
 <!-- Pol_MSS_DisableSavePassword-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 Prevent the dial-up password from being saved (recommended).
 <!-- Pol_MSS_DisableSavePassword-Examples-End -->
 <!-- Pol_MSS_DisableSavePassword-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-Begin -->
 ## Pol_MSS_EnableDeadGWDetect
 <!-- Pol_MSS_EnableDeadGWDetect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_EnableDeadGWDetect-Applicability-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_EnableDeadGWDetect
 ```
 <!-- Pol_MSS_EnableDeadGWDetect-OmaUri-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_EnableDeadGWDetect-Description-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Allow automatic detection of dead network gateways (could lead to DoS).
 <!-- Pol_MSS_EnableDeadGWDetect-Editable-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_EnableDeadGWDetect-DFProperties-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_EnableDeadGWDetect-AdmxBacked-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_EnableDeadGWDetect-Examples-End -->
 <!-- Pol_MSS_EnableDeadGWDetect-End -->
 <!-- Pol_MSS_HideFromBrowseList-Begin -->
 ## Pol_MSS_HideFromBrowseList
 <!-- Pol_MSS_HideFromBrowseList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_HideFromBrowseList-Applicability-End -->
 <!-- Pol_MSS_HideFromBrowseList-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_HideFromBrowseList
 ```
 <!-- Pol_MSS_HideFromBrowseList-OmaUri-End -->
 <!-- Pol_MSS_HideFromBrowseList-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_HideFromBrowseList-Description-End -->
 <!-- Pol_MSS_HideFromBrowseList-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Hide Computer From the Browse List (not recommended except for highly secure environments).
 <!-- Pol_MSS_HideFromBrowseList-Editable-End -->
 <!-- Pol_MSS_HideFromBrowseList-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_HideFromBrowseList-DFProperties-End -->
 <!-- Pol_MSS_HideFromBrowseList-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_HideFromBrowseList-AdmxBacked-End -->
 <!-- Pol_MSS_HideFromBrowseList-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_HideFromBrowseList-Examples-End -->
 <!-- Pol_MSS_HideFromBrowseList-End -->
 <!-- Pol_MSS_KeepAliveTime-Begin -->
 ## Pol_MSS_KeepAliveTime
 <!-- Pol_MSS_KeepAliveTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_KeepAliveTime-Applicability-End -->
 <!-- Pol_MSS_KeepAliveTime-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_KeepAliveTime
 ```
 <!-- Pol_MSS_KeepAliveTime-OmaUri-End -->
 <!-- Pol_MSS_KeepAliveTime-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_KeepAliveTime-Description-End -->
 <!-- Pol_MSS_KeepAliveTime-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Define how often keep-alive packets are sent in milliseconds.
 <!-- Pol_MSS_KeepAliveTime-Editable-End -->
 <!-- Pol_MSS_KeepAliveTime-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_KeepAliveTime-DFProperties-End -->
 <!-- Pol_MSS_KeepAliveTime-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_KeepAliveTime-AdmxBacked-End -->
 <!-- Pol_MSS_KeepAliveTime-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_KeepAliveTime-Examples-End -->
 <!-- Pol_MSS_KeepAliveTime-End -->
 <!-- Pol_MSS_NoDefaultExempt-Begin -->
 ## Pol_MSS_NoDefaultExempt
 <!-- Pol_MSS_NoDefaultExempt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_NoDefaultExempt-Applicability-End -->
 <!-- Pol_MSS_NoDefaultExempt-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NoDefaultExempt
 ```
 <!-- Pol_MSS_NoDefaultExempt-OmaUri-End -->
 <!-- Pol_MSS_NoDefaultExempt-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_NoDefaultExempt-Description-End -->
 <!-- Pol_MSS_NoDefaultExempt-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Configure IPSec exemptions for various types of network traffic.
 <!-- Pol_MSS_NoDefaultExempt-Editable-End -->
 <!-- Pol_MSS_NoDefaultExempt-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_NoDefaultExempt-DFProperties-End -->
 <!-- Pol_MSS_NoDefaultExempt-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_NoDefaultExempt-AdmxBacked-End -->
 <!-- Pol_MSS_NoDefaultExempt-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_NoDefaultExempt-Examples-End -->
 <!-- Pol_MSS_NoDefaultExempt-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Begin -->
 ## Pol_MSS_NtfsDisable8dot3NameCreation
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NtfsDisable8dot3NameCreation
 ```
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Description-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Enable the computer to stop generating 8.3 style filenames.
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Editable-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-DFProperties-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-AdmxBacked-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Examples-End -->
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-Begin -->
 ## Pol_MSS_PerformRouterDiscovery
 <!-- Pol_MSS_PerformRouterDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_PerformRouterDiscovery-Applicability-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_PerformRouterDiscovery
 ```
 <!-- Pol_MSS_PerformRouterDiscovery-OmaUri-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_PerformRouterDiscovery-Description-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS).
 <!-- Pol_MSS_PerformRouterDiscovery-Editable-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_PerformRouterDiscovery-DFProperties-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_PerformRouterDiscovery-AdmxBacked-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_PerformRouterDiscovery-Examples-End -->
 <!-- Pol_MSS_PerformRouterDiscovery-End -->
 <!-- Pol_MSS_SafeDllSearchMode-Begin -->
 ## Pol_MSS_SafeDllSearchMode
 <!-- Pol_MSS_SafeDllSearchMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_SafeDllSearchMode-Applicability-End -->
 <!-- Pol_MSS_SafeDllSearchMode-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SafeDllSearchMode
 ```
 <!-- Pol_MSS_SafeDllSearchMode-OmaUri-End -->
 <!-- Pol_MSS_SafeDllSearchMode-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_SafeDllSearchMode-Description-End -->
 <!-- Pol_MSS_SafeDllSearchMode-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Enable Safe DLL search mode (recommended).
 <!-- Pol_MSS_SafeDllSearchMode-Editable-End -->
 <!-- Pol_MSS_SafeDllSearchMode-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_SafeDllSearchMode-DFProperties-End -->
 <!-- Pol_MSS_SafeDllSearchMode-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_SafeDllSearchMode-AdmxBacked-End -->
 <!-- Pol_MSS_SafeDllSearchMode-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_SafeDllSearchMode-Examples-End -->
 <!-- Pol_MSS_SafeDllSearchMode-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-Begin -->
 ## Pol_MSS_ScreenSaverGracePeriod
 <!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_ScreenSaverGracePeriod
 ```
 <!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-Description-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 he time in seconds before the screen saver grace period expires (0 recommended).
 <!-- Pol_MSS_ScreenSaverGracePeriod-Editable-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_ScreenSaverGracePeriod-DFProperties-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-AdmxBacked-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-Examples-End -->
 <!-- Pol_MSS_ScreenSaverGracePeriod-End -->
 <!-- Pol_MSS_SynAttackProtect-Begin -->
 ## Pol_MSS_SynAttackProtect
 <!-- Pol_MSS_SynAttackProtect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_SynAttackProtect-Applicability-End -->
 <!-- Pol_MSS_SynAttackProtect-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SynAttackProtect
 ```
 <!-- Pol_MSS_SynAttackProtect-OmaUri-End -->
 <!-- Pol_MSS_SynAttackProtect-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_SynAttackProtect-Description-End -->
 <!-- Pol_MSS_SynAttackProtect-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Syn attack protection level (protects against DoS).
 <!-- Pol_MSS_SynAttackProtect-Editable-End -->
 <!-- Pol_MSS_SynAttackProtect-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_SynAttackProtect-DFProperties-End -->
 <!-- Pol_MSS_SynAttackProtect-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_SynAttackProtect-AdmxBacked-End -->
 <!-- Pol_MSS_SynAttackProtect-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_SynAttackProtect-Examples-End -->
 <!-- Pol_MSS_SynAttackProtect-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Begin -->
 ## Pol_MSS_TcpMaxConnectResponseRetransmissions
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxConnectResponseRetransmissions
 ```
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Description-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 SYN-ACK retransmissions when a connection request is not acknowledged.
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Editable-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-DFProperties-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-AdmxBacked-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Examples-End -->
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Begin -->
 ## Pol_MSS_TcpMaxDataRetransmissions
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissions
 ```
 <!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Description-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Editable-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_TcpMaxDataRetransmissions-DFProperties-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-AdmxBacked-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Examples-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissions-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Begin -->
 ## Pol_MSS_TcpMaxDataRetransmissionsIPv6
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissionsIPv6
 ```
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Description-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Editable-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-DFProperties-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-AdmxBacked-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Examples-End -->
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-End -->
 <!-- Pol_MSS_WarningLevel-Begin -->
 ## Pol_MSS_WarningLevel
 <!-- Pol_MSS_WarningLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_WarningLevel-Applicability-End -->
 <!-- Pol_MSS_WarningLevel-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_WarningLevel
 ```
 <!-- Pol_MSS_WarningLevel-OmaUri-End -->
 <!-- Pol_MSS_WarningLevel-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- Pol_MSS_WarningLevel-Description-End -->
 <!-- Pol_MSS_WarningLevel-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Percentage threshold for the security event log at which the system will generate a warning.
 <!-- Pol_MSS_WarningLevel-Editable-End -->
 <!-- Pol_MSS_WarningLevel-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- Pol_MSS_WarningLevel-DFProperties-End -->
 <!-- Pol_MSS_WarningLevel-AdmxBacked-Begin -->
 <!-- Unknown -->
 <!-- Pol_MSS_WarningLevel-AdmxBacked-End -->
 <!-- Pol_MSS_WarningLevel-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Pol_MSS_WarningLevel-Examples-End -->
 <!-- Pol_MSS_WarningLevel-End -->
 <!-- ADMX_MSS-legacy-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- ADMX_MSS-legacy-CspMoreInfo-End -->
 <!-- ADMX_MSS-legacy-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-admx-qos.md
+++ b/windows/client-management/mdm/policy-csp-admx-qos.md
--- a/windows/client-management/mdm/policy-csp-admx-sam.md
+++ b/windows/client-management/mdm/policy-csp-admx-sam.md
@ -0,0 +1,113 @@
 ---
 title: ADMX_sam Policy CSP
 description: Learn more about the ADMX_sam Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/29/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- ADMX_sam-Begin -->
 # Policy CSP - ADMX_sam
 > [!TIP]
 > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!-- ADMX_sam-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ADMX_sam-Editable-End -->
 <!-- SamNGCKeyROCAValidation-Begin -->
 ## SamNGCKeyROCAValidation
 <!-- SamNGCKeyROCAValidation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SamNGCKeyROCAValidation-Applicability-End -->
 <!-- SamNGCKeyROCAValidation-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_sam/SamNGCKeyROCAValidation
 ```
 <!-- SamNGCKeyROCAValidation-OmaUri-End -->
 <!-- SamNGCKeyROCAValidation-Description-Begin -->
 This policy setting allows you to configure how domain controllers handle Windows Hello for Business (WHfB) keys that are vulnerable to the "Return of Coppersmith's attack" (ROCA) vulnerability.
 For more information on the ROCA vulnerability, please see:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361
 https://en.wikipedia.org/wiki/ROCA_vulnerability
 If you enable this policy setting the following options are supported:
 Ignore: during authentication the domain controller will not probe any WHfB keys for the ROCA vulnerability.
 Audit: during authentication the domain controller will emit audit events for WHfB keys that are subject to the ROCA vulnerability (authentications will still succeed).
 Block: during authentication the domain controller will block the use of WHfB keys that are subject to the ROCA vulnerability (authentications will fail).
 This setting only takes effect on domain controllers.
 If not configured, domain controllers will default to using their local configuration. The default local configuration is Audit.
 A reboot is not required for changes to this setting to take effect.
 Note: to avoid unexpected disruptions this setting should not be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs.
 More information is available at https://go.microsoft.com/fwlink/?linkid=2116430.
 <!-- SamNGCKeyROCAValidation-Description-End -->
 <!-- SamNGCKeyROCAValidation-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- SamNGCKeyROCAValidation-Editable-End -->
 <!-- SamNGCKeyROCAValidation-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- SamNGCKeyROCAValidation-DFProperties-End -->
 <!-- SamNGCKeyROCAValidation-AdmxBacked-Begin -->
 **ADMX mapping**:
 | Name | Value |
 |:--|:--|
 | Name | SamNGCKeyROCAValidation |
 | Friendly Name | Configure validation of ROCA-vulnerable WHfB keys during authentication |
 | Location | Computer Configuration |
 | Path | System > Security Account Manager |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System\SAM |
 | ADMX File Name | sam.admx |
 <!-- SamNGCKeyROCAValidation-AdmxBacked-End -->
 <!-- SamNGCKeyROCAValidation-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- SamNGCKeyROCAValidation-Examples-End -->
 <!-- SamNGCKeyROCAValidation-End -->
 <!-- ADMX_sam-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- ADMX_sam-CspMoreInfo-End -->
 <!-- ADMX_sam-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
--- a/windows/client-management/mdm/policy-csp-clouddesktop.md
+++ b/windows/client-management/mdm/policy-csp-clouddesktop.md
@ -0,0 +1,80 @@
 ---
 title: CloudDesktop Policy CSP
 description: Learn more about the CloudDesktop Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/22/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- CloudDesktop-Begin -->
 # Policy CSP - CloudDesktop
 <!-- CloudDesktop-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- CloudDesktop-Editable-End -->
 <!-- BootToCloudMode-Begin -->
 ## BootToCloudMode
 <!-- BootToCloudMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows Insider Preview |
 <!-- BootToCloudMode-Applicability-End -->
 <!-- BootToCloudMode-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/CloudDesktop/BootToCloudMode
 ```
 <!-- BootToCloudMode-OmaUri-End -->
 <!-- BootToCloudMode-Description-Begin -->
 This policy is used by IT admin to set the configuration mode of cloud PC.
 <!-- BootToCloudMode-Description-End -->
 <!-- BootToCloudMode-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- BootToCloudMode-Editable-End -->
 <!-- BootToCloudMode-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 | Dependency [OverrideShellProgramDependencyGroup] | Dependency Type: `DependsOn` <br> Dependency URI: `Device/Vendor/MSFT/Policy/Config/WindowsLogon/OverrideShellProgram` <br> Dependency Allowed Value: `[1]` <br> Dependency Allowed Value Type: `Range` <br>  |
 <!-- BootToCloudMode-DFProperties-End -->
 <!-- BootToCloudMode-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Not Configured |
 | 1 | Enable Boot to Cloud Desktop |
 <!-- BootToCloudMode-AllowedValues-End -->
 <!-- BootToCloudMode-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- BootToCloudMode-Examples-End -->
 <!-- BootToCloudMode-End -->
 <!-- CloudDesktop-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- CloudDesktop-CspMoreInfo-End -->
 <!-- CloudDesktop-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-cloudpc.md
+++ b/windows/client-management/mdm/policy-csp-cloudpc.md
@ -0,0 +1,79 @@
 ---
 title: CloudPC Policy CSP
 description: Learn more about the CloudPC Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/02/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- CloudPC-Begin -->
 # Policy CSP - CloudPC
 <!-- CloudPC-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- CloudPC-Editable-End -->
 <!-- CloudPCConfiguration-Begin -->
 ## CloudPCConfiguration
 <!-- CloudPCConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Windows Insider Preview |
 <!-- CloudPCConfiguration-Applicability-End -->
 <!-- CloudPCConfiguration-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/CloudPC/CloudPCConfiguration
 ```
 <!-- CloudPCConfiguration-OmaUri-End -->
 <!-- CloudPCConfiguration-Description-Begin -->
 This policy is used by IT admin to set the configuration mode of cloud PC.
 <!-- CloudPCConfiguration-Description-End -->
 <!-- CloudPCConfiguration-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- CloudPCConfiguration-Editable-End -->
 <!-- CloudPCConfiguration-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- CloudPCConfiguration-DFProperties-End -->
 <!-- CloudPCConfiguration-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Fast Switching Configuration. |
 | 1 | Boot to cloud PC Configuration. |
 <!-- CloudPCConfiguration-AllowedValues-End -->
 <!-- CloudPCConfiguration-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- CloudPCConfiguration-Examples-End -->
 <!-- CloudPCConfiguration-End -->
 <!-- CloudPC-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- CloudPC-CspMoreInfo-End -->
 <!-- CloudPC-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@ -1,211 +1,210 @@
 ---
-title: Policy CSP - MSSLegacy
+title: MSSLegacy Policy CSP
-description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
+description: Learn more about the MSSLegacy Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 11/29/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
 manager: aaroncz
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- MSSLegacy-Begin -->
 # Policy CSP - MSSLegacy
 <hr/>
 <!--Policies-->
 ## MSSLegacy policies
 <dl>
  <dd>
    <a href="#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes">MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</a>
  </dd>
  <dd>
    <a href="#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers">MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</a>
  </dd>
  <dd>
    <a href="#msslegacy-ipsourceroutingprotectionlevel">MSSLegacy/IPSourceRoutingProtectionLevel</a>
  </dd>
  <dd>
    <a href="#msslegacy-ipv6sourceroutingprotectionlevel">MSSLegacy/IPv6SourceRoutingProtectionLevel</a>
  </dd>
 </dl>
 > [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-<hr/>
+<!-- MSSLegacy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- MSSLegacy-Editable-End -->
-<!--Policy-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Begin -->
-<a href="" id="msslegacy-allowicmpredirectstooverrideospfgeneratedroutes"></a>**MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes**
+## AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
-<!--SupportedSKUs-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-End -->
-|Edition|Windows 10|Windows 11|
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-OmaUri-Begin -->
-|--- |--- |--- |
+```Device
-|Home|No|No|
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
-|Pro|Yes|Yes|
+```
-|Windows SE|No|Yes|
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-OmaUri-End -->
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Description-Begin -->
-<hr/>
+<!-- Description-Not-Found -->
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Description-End -->
-<!--Scope-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Editable-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Allow ICMP redirects to override OSPF generated routes.
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Editable-End -->
-> [!div class = "checklist"]
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-DFProperties-Begin -->
-> * Device
+**Description framework properties**:
-<hr/>
+| Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-DFProperties-End -->
-<!--/Scope-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-AdmxBacked-Begin -->
-<!--Description-->
+<!-- Unknown -->
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-AdmxBacked-End -->
-<!--/Description-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Examples-End -->
-<!--ADMXBacked-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-End -->
 ADMX Info:
 -   GP name: *Pol_MSS_EnableICMPRedirect*
 -   GP ADMX file name: *mss-legacy.admx*
-<!--/ADMXBacked-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Begin -->
-<!--/Policy-->
+## AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
-<hr/>
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-End -->
-<!--Policy-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-OmaUri-Begin -->
-<a href="" id="msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers"></a>**MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers**
+```Device
 ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
 ```
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-OmaUri-End -->
-<!--SupportedSKUs-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Description-End -->
-|Edition|Windows 10|Windows 11|
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Editable-Begin -->
-|--- |--- |--- |
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-|Home|No|No|
+Allow the computer to ignore NetBIOS name release requests except from WINS servers.
-|Pro|Yes|Yes|
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Editable-End -->
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-DFProperties-Begin -->
-<hr/>
+**Description framework properties**:
-<!--Scope-->
+| Property name | Property value |
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+|:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-DFProperties-End -->
-> [!div class = "checklist"]
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-AdmxBacked-Begin -->
-> * Device
+<!-- Unknown -->
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-AdmxBacked-End -->
-<hr/>
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Examples-End -->
-<!--/Scope-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-End -->
 <!--Description-->
-<!--/Description-->
+<!-- IPSourceRoutingProtectionLevel-Begin -->
 ## IPSourceRoutingProtectionLevel
 <!-- IPSourceRoutingProtectionLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
 <!-- IPSourceRoutingProtectionLevel-Applicability-End -->
-<!--ADMXBacked-->
+<!-- IPSourceRoutingProtectionLevel-OmaUri-Begin -->
-ADMX Info:
+```Device
-   GP name: *Pol_MSS_NoNameReleaseOnDemand*
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPSourceRoutingProtectionLevel
-   GP ADMX file name: *mss-legacy.admx*
+```
 <!-- IPSourceRoutingProtectionLevel-OmaUri-End -->
-<!--/ADMXBacked-->
+<!-- IPSourceRoutingProtectionLevel-Description-Begin -->
-<!--/Policy-->
+<!-- Description-Not-Found -->
 <!-- IPSourceRoutingProtectionLevel-Description-End -->
-<hr/>
+<!-- IPSourceRoutingProtectionLevel-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 IP source routing protection level (protects against packet spoofing).
 <!-- IPSourceRoutingProtectionLevel-Editable-End -->
-<!--Policy-->
+<!-- IPSourceRoutingProtectionLevel-DFProperties-Begin -->
-<a href="" id="msslegacy-ipsourceroutingprotectionlevel"></a>**MSSLegacy/IPSourceRoutingProtectionLevel**
+**Description framework properties**:
-<!--SupportedSKUs-->
+| Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- IPSourceRoutingProtectionLevel-DFProperties-End -->
-|Edition|Windows 10|Windows 11|
+<!-- IPSourceRoutingProtectionLevel-AdmxBacked-Begin -->
-|--- |--- |--- |
+<!-- Unknown -->
-|Home|No|No|
+<!-- IPSourceRoutingProtectionLevel-AdmxBacked-End -->
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- IPSourceRoutingProtectionLevel-Examples-Begin -->
-<hr/>
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- IPSourceRoutingProtectionLevel-Examples-End -->
-<!--Scope-->
+<!-- IPSourceRoutingProtectionLevel-End -->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
-> [!div class = "checklist"]
+<!-- IPv6SourceRoutingProtectionLevel-Begin -->
-> * Device
+## IPv6SourceRoutingProtectionLevel
-<hr/>
+<!-- IPv6SourceRoutingProtectionLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
 <!-- IPv6SourceRoutingProtectionLevel-Applicability-End -->
-<!--/Scope-->
+<!-- IPv6SourceRoutingProtectionLevel-OmaUri-Begin -->
-<!--Description-->
+```Device
 ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel
 ```
 <!-- IPv6SourceRoutingProtectionLevel-OmaUri-End -->
-<!--/Description-->
+<!-- IPv6SourceRoutingProtectionLevel-Description-Begin -->
 <!-- Description-Not-Found -->
 <!-- IPv6SourceRoutingProtectionLevel-Description-End -->
-<!--ADMXBacked-->
+<!-- IPv6SourceRoutingProtectionLevel-Editable-Begin -->
-ADMX Info:
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-   GP name: *Pol_MSS_DisableIPSourceRouting*
+IPv6 source routing protection level (protects against packet spoofing).
-   GP ADMX file name: *mss-legacy.admx*
+<!-- IPv6SourceRoutingProtectionLevel-Editable-End -->
-<!--/ADMXBacked-->
+<!-- IPv6SourceRoutingProtectionLevel-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
-<hr/>
+| Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- IPv6SourceRoutingProtectionLevel-DFProperties-End -->
-<!--Policy-->
+<!-- IPv6SourceRoutingProtectionLevel-AdmxBacked-Begin -->
-<a href="" id="msslegacy-ipv6sourceroutingprotectionlevel"></a>**MSSLegacy/IPv6SourceRoutingProtectionLevel**
+<!-- Unknown -->
 <!-- IPv6SourceRoutingProtectionLevel-AdmxBacked-End -->
-<!--SupportedSKUs-->
+<!-- IPv6SourceRoutingProtectionLevel-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- IPv6SourceRoutingProtectionLevel-Examples-End -->
-|Edition|Windows 10|Windows 11|
+<!-- IPv6SourceRoutingProtectionLevel-End -->
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- MSSLegacy-CspMoreInfo-Begin -->
-<hr/>
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- MSSLegacy-CspMoreInfo-End -->
-<!--Scope-->
+<!-- MSSLegacy-End -->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
-> [!div class = "checklist"]
+## Related articles
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:
 -   GP name: *Pol_MSS_DisableIPSourceRoutingIPv6*
 -   GP ADMX file name: *mss-legacy.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@ -0,0 +1,96 @@
 ---
 title: SettingsSync Policy CSP
 description: Learn more about the SettingsSync Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/29/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- SettingsSync-Begin -->
 # Policy CSP - SettingsSync
 > [!TIP]
 > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!-- SettingsSync-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- SettingsSync-Editable-End -->
 <!-- DisableAccessibilitySettingSync-Begin -->
 ## DisableAccessibilitySettingSync
 <!-- DisableAccessibilitySettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
 <!-- DisableAccessibilitySettingSync-Applicability-End -->
 <!-- DisableAccessibilitySettingSync-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/SettingsSync/DisableAccessibilitySettingSync
 ```
 <!-- DisableAccessibilitySettingSync-OmaUri-End -->
 <!-- DisableAccessibilitySettingSync-Description-Begin -->
 Prevent the "accessibility" group from syncing to and from this PC. This turns off and disables the "accessibility" group on the "Windows backup" settings page in PC settings.
 If you enable this policy setting, the "accessibility", group will not be synced.
 Use the option "Allow users to turn accessibility syncing on" so that syncing is turned off by default but not disabled.
 If you do not set or disable this setting, syncing of the "accessibility" group is on by default and configurable by the user.
 <!-- DisableAccessibilitySettingSync-Description-End -->
 <!-- DisableAccessibilitySettingSync-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- DisableAccessibilitySettingSync-Editable-End -->
 <!-- DisableAccessibilitySettingSync-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- DisableAccessibilitySettingSync-DFProperties-End -->
 <!-- DisableAccessibilitySettingSync-AdmxBacked-Begin -->
 **ADMX mapping**:
 | Name | Value |
 |:--|:--|
 | Name | DisableAccessibilitySettingSync |
 | Friendly Name | Do not sync accessibility settings |
 | Location | Computer Configuration |
 | Path | Windows Components > Sync your settings |
 | Registry Key Name | Software\Policies\Microsoft\Windows\SettingSync |
 | Registry Value Name | DisableAccessibilitySettingSync |
 | ADMX File Name | SettingSync.admx |
 <!-- DisableAccessibilitySettingSync-AdmxBacked-End -->
 <!-- DisableAccessibilitySettingSync-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- DisableAccessibilitySettingSync-Examples-End -->
 <!-- DisableAccessibilitySettingSync-End -->
 <!-- SettingsSync-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- SettingsSync-CspMoreInfo-End -->
 <!-- SettingsSync-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-stickers.md
+++ b/windows/client-management/mdm/policy-csp-stickers.md
@ -0,0 +1,79 @@
 ---
 title: Stickers Policy CSP
 description: Learn more about the Stickers Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/02/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- Stickers-Begin -->
 # Policy CSP - Stickers
 <!-- Stickers-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Stickers-Editable-End -->
 <!-- EnableStickers-Begin -->
 ## EnableStickers
 <!-- EnableStickers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableStickers-Applicability-End -->
 <!-- EnableStickers-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Stickers/EnableStickers
 ```
 <!-- EnableStickers-OmaUri-End -->
 <!-- EnableStickers-Description-Begin -->
 This policy setting allows you to control whether you want to allow stickers to be edited and placed on Desktop
 <!-- EnableStickers-Description-End -->
 <!-- EnableStickers-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- EnableStickers-Editable-End -->
 <!-- EnableStickers-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- EnableStickers-DFProperties-End -->
 <!-- EnableStickers-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- EnableStickers-AllowedValues-End -->
 <!-- EnableStickers-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- EnableStickers-Examples-End -->
 <!-- EnableStickers-End -->
 <!-- Stickers-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- Stickers-CspMoreInfo-End -->
 <!-- Stickers-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
+++ b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
@ -0,0 +1,80 @@
 ---
 title: TenantDefinedTelemetry Policy CSP
 description: Learn more about the TenantDefinedTelemetry Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/02/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- TenantDefinedTelemetry-Begin -->
 # Policy CSP - TenantDefinedTelemetry
 <!-- TenantDefinedTelemetry-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- TenantDefinedTelemetry-Editable-End -->
 <!-- CustomTelemetryId-Begin -->
 ## CustomTelemetryId
 <!-- CustomTelemetryId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- CustomTelemetryId-Applicability-End -->
 <!-- CustomTelemetryId-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/TenantDefinedTelemetry/CustomTelemetryId
 ```
 <!-- CustomTelemetryId-OmaUri-End -->
 <!-- CustomTelemetryId-Description-Begin -->
 This policy is used to let mission control what type of Edition we are currently in.
 <!-- CustomTelemetryId-Description-End -->
 <!-- CustomTelemetryId-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- CustomTelemetryId-Editable-End -->
 <!-- CustomTelemetryId-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- CustomTelemetryId-DFProperties-End -->
 <!-- CustomTelemetryId-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Base |
 | 1 | Education |
 | 2 | Commercial |
 <!-- CustomTelemetryId-AllowedValues-End -->
 <!-- CustomTelemetryId-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- CustomTelemetryId-Examples-End -->
 <!-- CustomTelemetryId-End -->
 <!-- TenantDefinedTelemetry-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- TenantDefinedTelemetry-CspMoreInfo-End -->
 <!-- TenantDefinedTelemetry-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@ -0,0 +1,98 @@
 ---
 title: TenantRestrictions Policy CSP
 description: Learn more about the TenantRestrictions Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/29/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- TenantRestrictions-Begin -->
 # Policy CSP - TenantRestrictions
 > [!TIP]
 > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!-- TenantRestrictions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- TenantRestrictions-Editable-End -->
 <!-- ConfigureTenantRestrictions-Begin -->
 ## ConfigureTenantRestrictions
 <!-- ConfigureTenantRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.320] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later <br> :heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureTenantRestrictions-Applicability-End -->
 <!-- ConfigureTenantRestrictions-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions
 ```
 <!-- ConfigureTenantRestrictions-OmaUri-End -->
 <!-- ConfigureTenantRestrictions-Description-Begin -->
 This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory.
 When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant.
 Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details.
 https://go.microsoft.com/fwlink/?linkid=2148762
 Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information.
 For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230
 <!-- ConfigureTenantRestrictions-Description-End -->
 <!-- ConfigureTenantRestrictions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ConfigureTenantRestrictions-Editable-End -->
 <!-- ConfigureTenantRestrictions-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- ConfigureTenantRestrictions-DFProperties-End -->
 <!-- ConfigureTenantRestrictions-AdmxBacked-Begin -->
 **ADMX mapping**:
 | Name | Value |
 |:--|:--|
 | Name | trv2_payload |
 | Friendly Name | Cloud Policy Details |
 | Location | Computer Configuration |
 | Path | Windows Components > Tenant Restrictions |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload |
 | ADMX File Name | TenantRestrictions.admx |
 <!-- ConfigureTenantRestrictions-AdmxBacked-End -->
 <!-- ConfigureTenantRestrictions-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- ConfigureTenantRestrictions-Examples-End -->
 <!-- ConfigureTenantRestrictions-End -->
 <!-- TenantRestrictions-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- TenantRestrictions-CspMoreInfo-End -->
 <!-- TenantRestrictions-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -1,267 +1,264 @@
 ---
-title: Policy CSP - WindowsLogon
+title: WindowsLogon Policy CSP
-description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
+description: Learn more about the WindowsLogon Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 11/29/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
 manager: aaroncz
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- WindowsLogon-Begin -->
 # Policy CSP - WindowsLogon
 <hr/>
 <!--Policies-->
 ## WindowsLogon policies
 <dl>
  <dd>
    <a href="#windowslogon-allowautomaticrestartsignon">WindowsLogon/AllowAutomaticRestartSignOn</a>
  </dd>
  <dd>
    <a href="#windowslogon-configautomaticrestartsignon">WindowsLogon/ConfigAutomaticRestartSignOn</a>
  </dd>
  <dd>
    <a href="#windowslogon-disablelockscreenappnotifications">WindowsLogon/DisableLockScreenAppNotifications</a>
  </dd>
  <dd>
    <a href="#windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
  </dd>
  <dd>
    <a href="#windowslogon-enablefirstlogonanimation">WindowsLogon/EnableFirstLogonAnimation</a>
  </dd>
  <dd>
    <a href="#windowslogon-enablemprnotifications">WindowsLogon/EnableMPRNotifications</a>
  </dd>
  <dd>
    <a href="#windowslogon-enumeratelocalusersondomainjoinedcomputers">WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers</a>
  </dd>
  <dd>
    <a href="#windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
  </dd>
 </dl>
 > [!TIP]
-> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-<hr/>
+<!-- WindowsLogon-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- WindowsLogon-Editable-End -->
-<!--Policy-->
+<!-- AllowAutomaticRestartSignOn-Begin -->
-<a href="" id="windowslogon-allowautomaticrestartsignon"></a>**WindowsLogon/AllowAutomaticRestartSignOn**
+## AllowAutomaticRestartSignOn
-<!--SupportedSKUs-->
+<!-- AllowAutomaticRestartSignOn-Applicability-Begin -->
-The table below shows the applicability of Windows:
+| Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowAutomaticRestartSignOn-Applicability-End -->
-|Edition|Windows 10|Windows 11|
+<!-- AllowAutomaticRestartSignOn-OmaUri-Begin -->
-|--- |--- |--- |
+```Device
-|Home|Yes|Yes|
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/AllowAutomaticRestartSignOn
-|Pro|Yes|Yes|
+```
-|Windows SE|No|Yes|
+<!-- AllowAutomaticRestartSignOn-OmaUri-End -->
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- AllowAutomaticRestartSignOn-Description-Begin -->
-<hr/>
+This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.
-<!--Scope-->
+This only occurs if the last interactive user didn’t sign out before the restart or shutdown.
 [Scope](./policy-configuration-service-provider.md#policy-scope):
-> [!div class = "checklist"]
+If the device is joined to Active Directory or Azure Active Directory, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.
 > * Device
-<hr/>
+If you don’t configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
-<!--/Scope-->
+After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot.
 <!--Description-->
 This policy setting controls whether a device automatically signs in and locks the last interactive user after the system restarts or after a shutdown and cold boot.
-This scenario occurs only if the last interactive user didn't sign out before the restart or shutdown.
+If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts.
 <!-- AllowAutomaticRestartSignOn-Description-End -->
-If the device is joined to Active Directory or Azure Active Directory, this policy applies only to Windows Update restarts. Otherwise, this policy applies to both Windows Update restarts and user-initiated restarts and shutdowns.
+<!-- AllowAutomaticRestartSignOn-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AllowAutomaticRestartSignOn-Editable-End -->
-If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
+<!-- AllowAutomaticRestartSignOn-DFProperties-Begin -->
 **Description framework properties**:
-After enabling this policy, you can configure its settings through the [ConfigAutomaticRestartSignOn](#windowslogon-configautomaticrestartsignon) policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot.
+| Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- AllowAutomaticRestartSignOn-DFProperties-End -->
-If you disable this policy setting, the device doesn't configure automatic sign in. The user’s lock screen apps aren't restarted after the system restarts.
+<!-- AllowAutomaticRestartSignOn-AdmxBacked-Begin -->
 **ADMX mapping**:
-<!--/Description-->
+| Name | Value |
 |:--|:--|
 | Name | AutomaticRestartSignOnDescription |
 | Friendly Name | Sign-in and lock last interactive user automatically after a restart |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Logon Options |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
 | Registry Value Name | DisableAutomaticRestartSignOn |
 | ADMX File Name | WinLogon.admx |
 <!-- AllowAutomaticRestartSignOn-AdmxBacked-End -->
-<!--ADMXBacked-->
+<!-- AllowAutomaticRestartSignOn-Examples-Begin -->
-ADMX Info:
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-   GP Friendly name: *Sign-in and lock last interactive user automatically after a restart*
+<!-- AllowAutomaticRestartSignOn-Examples-End -->
 -   GP name: *AutomaticRestartSignOn*
 -   GP path: *Windows Components/Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
-<!--/ADMXBacked-->
+<!-- AllowAutomaticRestartSignOn-End -->
 <!--SupportedValues-->
-<!--/SupportedValues-->
+<!-- ConfigAutomaticRestartSignOn-Begin -->
-<!--Example-->
+## ConfigAutomaticRestartSignOn
-<!--/Example-->
+<!-- ConfigAutomaticRestartSignOn-Applicability-Begin -->
-<!--Validation-->
+| Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigAutomaticRestartSignOn-Applicability-End -->
-<!--/Validation-->
+<!-- ConfigAutomaticRestartSignOn-OmaUri-Begin -->
-<!--/Policy-->
+```Device
 ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/ConfigAutomaticRestartSignOn
 ```
 <!-- ConfigAutomaticRestartSignOn-OmaUri-End -->
-<hr/>
+<!-- ConfigAutomaticRestartSignOn-Description-Begin -->
-
+This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose “Disabled” in the “Sign-in and lock last interactive user automatically after a restart” policy, then automatic sign on will not occur and this policy does not need to be configured.
 <!--Policy-->
 <a href="" id="windowslogon-configautomaticrestartsignon"></a>**WindowsLogon/ConfigAutomaticRestartSignOn**
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting controls the configuration under which an automatic restart, sign in, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign in doesn't occur and this policy need not be configured.
 If you enable this policy setting, you can choose one of the following two options:
- Enabled if BitLocker is on and not suspended: Specifies that automatic sign in and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.
+1. “Enabled if BitLocker is on and not suspended” specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.
 BitLocker is suspended during updates if:
-    - The device doesn't have TPM 2.0 and PCR7
+- The device doesn’t have TPM 2.0 and PCR7, or
-    - The device doesn't use a TPM-only protector
+- The device doesn’t use a TPM-only protector
- Always Enabled: Specifies that automatic sign in happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign in should only be run under this condition if you're confident that the configured device is in a secure physical location.
+2. “Always Enabled” specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.
-If you disable or don't configure this setting, automatic sign in defaults to the “Enabled if BitLocker is on and not suspended” behavior.
+If you disable or don’t configure this setting, automatic sign on will default to the “Enabled if BitLocker is on and not suspended” behavior.
 <!-- ConfigAutomaticRestartSignOn-Description-End -->
-<!--/Description-->
+<!-- ConfigAutomaticRestartSignOn-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ConfigAutomaticRestartSignOn-Editable-End -->
-<!--ADMXBacked-->
+<!-- ConfigAutomaticRestartSignOn-DFProperties-Begin -->
-ADMX Info:
+**Description framework properties**:
 -   GP Friendly name: *Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot*
 -   GP name: *ConfigAutomaticRestartSignOn*
 -   GP path: *Windows Components/Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
-<!--/ADMXBacked-->
+| Property name | Property value |
-<!--SupportedValues-->
+|:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- ConfigAutomaticRestartSignOn-DFProperties-End -->
-<!--/SupportedValues-->
+<!-- ConfigAutomaticRestartSignOn-AdmxBacked-Begin -->
-<!--Example-->
+**ADMX mapping**:
-<!--/Example-->
+| Name | Value |
-<!--Validation-->
+|:--|:--|
 | Name | ConfigAutomaticRestartSignOnDescription |
 | Friendly Name | Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Logon Options |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
 | ADMX File Name | WinLogon.admx |
 <!-- ConfigAutomaticRestartSignOn-AdmxBacked-End -->
-<!--/Validation-->
+<!-- ConfigAutomaticRestartSignOn-Examples-Begin -->
-<!--/Policy-->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- ConfigAutomaticRestartSignOn-Examples-End -->
-<hr/>
+<!-- ConfigAutomaticRestartSignOn-End -->
-<!--Policy-->
+<!-- DisableLockScreenAppNotifications-Begin -->
-<a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**
+## DisableLockScreenAppNotifications
-<!--SupportedSKUs-->
+<!-- DisableLockScreenAppNotifications-Applicability-Begin -->
-The table below shows the applicability of Windows:
+| Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableLockScreenAppNotifications-Applicability-End -->
-|Edition|Windows 10|Windows 11|
+<!-- DisableLockScreenAppNotifications-OmaUri-Begin -->
-|--- |--- |--- |
+```Device
-|Home|No|No|
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/DisableLockScreenAppNotifications
-|Pro|Yes|Yes|
+```
-|Windows SE|No|Yes|
+<!-- DisableLockScreenAppNotifications-OmaUri-End -->
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- DisableLockScreenAppNotifications-Description-Begin -->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting allows you to prevent app notifications from appearing on the lock screen.
 If you enable this policy setting, no app notifications are displayed on the lock screen.
-If you disable or don't configure this policy setting, users can choose which apps display notifications on the lock screen.
+If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
 <!-- DisableLockScreenAppNotifications-Description-End -->
-<!--/Description-->
+<!-- DisableLockScreenAppNotifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- DisableLockScreenAppNotifications-Editable-End -->
-<!--ADMXBacked-->
+<!-- DisableLockScreenAppNotifications-DFProperties-Begin -->
-ADMX Info:
+**Description framework properties**:
 -   GP Friendly name: *Turn off app notifications on the lock screen*
 -   GP name: *DisableLockScreenAppNotifications*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
-<!--/ADMXBacked-->
+| Property name | Property value |
-<!--/Policy-->
+|:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- DisableLockScreenAppNotifications-DFProperties-End -->
-<hr/>
+<!-- DisableLockScreenAppNotifications-AdmxBacked-Begin -->
 **ADMX mapping**:
-<!--Policy-->
+| Name | Value |
-<a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**
+|:--|:--|
 | Name | DisableLockScreenAppNotifications |
 | Friendly Name | Turn off app notifications on the lock screen |
 | Location | Computer Configuration |
 | Path | System > Logon |
 | Registry Key Name | Software\Policies\Microsoft\Windows\System |
 | Registry Value Name | DisableLockScreenAppNotifications |
 | ADMX File Name | Logon.admx |
 <!-- DisableLockScreenAppNotifications-AdmxBacked-End -->
-<!--SupportedSKUs-->
+<!-- DisableLockScreenAppNotifications-Examples-Begin -->
-The table below shows the applicability of Windows:
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- DisableLockScreenAppNotifications-Examples-End -->
-|Edition|Windows 10|Windows 11|
+<!-- DisableLockScreenAppNotifications-End -->
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- DontDisplayNetworkSelectionUI-Begin -->
-<hr/>
+## DontDisplayNetworkSelectionUI
-<!--Scope-->
+<!-- DontDisplayNetworkSelectionUI-Applicability-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
 <!-- DontDisplayNetworkSelectionUI-Applicability-End -->
-> [!div class = "checklist"]
+<!-- DontDisplayNetworkSelectionUI-OmaUri-Begin -->
-> * Device
+```Device
 ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI
 ```
 <!-- DontDisplayNetworkSelectionUI-OmaUri-End -->
-<hr/>
+<!-- DontDisplayNetworkSelectionUI-Description-Begin -->
 This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
-<!--/Scope-->
+If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.
 <!--Description-->
 This policy setting allows you to control whether anyone can interact with available networks UI on the sign-in screen.
 If you enable this policy setting, the PC's network connectivity state can't be changed without signing into Windows.
 If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
 <!-- DontDisplayNetworkSelectionUI-Description-End -->
 <!-- DontDisplayNetworkSelectionUI-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- DontDisplayNetworkSelectionUI-Editable-End -->
 <!-- DontDisplayNetworkSelectionUI-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- DontDisplayNetworkSelectionUI-DFProperties-End -->
 <!-- DontDisplayNetworkSelectionUI-AdmxBacked-Begin -->
 **ADMX mapping**:
 | Name | Value |
 |:--|:--|
 | Name | DontDisplayNetworkSelectionUI |
 | Friendly Name | Do not display network selection UI |
 | Location | Computer Configuration |
 | Path | System > Logon |
 | Registry Key Name | Software\Policies\Microsoft\Windows\System |
 | Registry Value Name | DontDisplayNetworkSelectionUI |
 | ADMX File Name | Logon.admx |
 <!-- DontDisplayNetworkSelectionUI-AdmxBacked-End -->
 <!-- DontDisplayNetworkSelectionUI-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 Here's an example to enable this policy:
@ -287,236 +284,314 @@ Here's an example to enable this policy:
  </SyncBody>
 </SyncML>
 ```
 <!-- DontDisplayNetworkSelectionUI-Examples-End -->
-<!--/Description-->
+<!-- DontDisplayNetworkSelectionUI-End -->
-<!--ADMXBacked-->
+<!-- EnableFirstLogonAnimation-Begin -->
-ADMX Info:
+## EnableFirstLogonAnimation
 -   GP Friendly name: *Do not display network selection UI*
 -   GP name: *DontDisplayNetworkSelectionUI*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
-<!--/ADMXBacked-->
+<!-- EnableFirstLogonAnimation-Applicability-Begin -->
-<!--/Policy-->
+| Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
 <!-- EnableFirstLogonAnimation-Applicability-End -->
-<hr/>
+<!-- EnableFirstLogonAnimation-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnableFirstLogonAnimation
 ```
 <!-- EnableFirstLogonAnimation-OmaUri-End -->
-<!--Policy-->
+<!-- EnableFirstLogonAnimation-Description-Begin -->
-<a href="" id="windowslogon-enablefirstlogonanimation"></a>**WindowsLogon/EnableFirstLogonAnimation**
+This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time.  This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later.  It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in.
-<!--SupportedSKUs-->
+If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation.
 The table below shows the applicability of Windows:
-|Edition|Windows 10|Windows 11|
+If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services.
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation.
 <hr/>
-<!--Scope-->
+Note: The first sign-in animation will not be shown on Server, so this policy will have no effect.
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- EnableFirstLogonAnimation-Description-End -->
-> [!div class = "checklist"]
+<!-- EnableFirstLogonAnimation-Editable-Begin -->
-> * Device
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- EnableFirstLogonAnimation-Editable-End -->
-<hr/>
+<!-- EnableFirstLogonAnimation-DFProperties-Begin -->
 **Description framework properties**:
-<!--/Scope-->
+| Property name | Property value |
-<!--Description-->
+|:--|:--|
-This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This view applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in.
+| Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 1 |
 <!-- EnableFirstLogonAnimation-DFProperties-End -->
-If you enable this policy setting, Microsoft account users see the opt-in prompt for services, and users with other accounts see the sign-in animation.
+<!-- EnableFirstLogonAnimation-AllowedValues-Begin -->
 **Allowed values**:
-If you disable this policy setting, users don't see the animation and Microsoft account users don't see the opt-in prompt for services.
+| Value | Description |
 |:--|:--|
 | 0 | Disabled. |
 | 1 (Default) | Enabled. |
 <!-- EnableFirstLogonAnimation-AllowedValues-End -->
-If you don't configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting isn't configured, users new to this computer don't see the animation.
+<!-- EnableFirstLogonAnimation-GpMapping-Begin -->
 **Group policy mapping**:
-> [!NOTE]
+| Name | Value |
-> The first sign-in animation isn't displayed on Server, so this policy has no effect.
+|:--|:--|
 | Name | EnableFirstLogonAnimation |
 | Friendly Name | Show first sign-in animation  |
 | Location | Computer Configuration |
 | Path | System > Logon |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
 | Registry Value Name | EnableFirstLogonAnimation |
 | ADMX File Name | Logon.admx |
 <!-- EnableFirstLogonAnimation-GpMapping-End -->
-<!--/Description-->
+<!-- EnableFirstLogonAnimation-Examples-Begin -->
-<!--ADMXMapped-->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-ADMX Info:
+<!-- EnableFirstLogonAnimation-Examples-End -->
 -   GP Friendly name: *Show first sign-in animation*
 -   GP name: *EnableFirstLogonAnimation*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *Logon.admx*
-<!--/ADMXMapped-->
+<!-- EnableFirstLogonAnimation-End -->
 <!--SupportedValues-->
 Supported values:
 -   0 - disabled
 -   1 - enabled
 <!--/SupportedValues-->
 <!--Example-->
-<!--/Example-->
+<!-- EnableMPRNotifications-Begin -->
-<!--Validation-->
+## EnableMPRNotifications
-<!--/Validation-->
+<!-- EnableMPRNotifications-Applicability-Begin -->
-<!--/Policy-->
+| Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableMPRNotifications-Applicability-End -->
-<hr/>
+<!-- EnableMPRNotifications-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnableMPRNotifications
 ```
 <!-- EnableMPRNotifications-OmaUri-End -->
-<!--Policy-->
+<!-- EnableMPRNotifications-Description-Begin -->
-<a href="" id="windowslogon-enablemprnotifications"></a>**WindowsLogon/EnableMPRNotifications**
+This policy controls the configuration under which winlogon sends MPR notifications in the system.
-<!--SupportedSKUs-->
+If you enable this setting or do not configure it, winlogon sends MPR notifications if a credential manager is configured.
 The table below shows the applicability of Windows:
-|Edition|Windows 10|Windows 11|
+If you disable this setting, winlogon does not send MPR notifications.
-|--- |--- |--- |
+<!-- EnableMPRNotifications-Description-End -->
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- EnableMPRNotifications-Editable-Begin -->
-<hr/>
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- EnableMPRNotifications-Editable-End -->
-<!--Scope-->
+<!-- EnableMPRNotifications-DFProperties-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+**Description framework properties**:
-> [!div class = "checklist"]
+| Property name | Property value |
-> * Device
+|:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- EnableMPRNotifications-DFProperties-End -->
-<hr/>
+<!-- EnableMPRNotifications-AdmxBacked-Begin -->
 **ADMX mapping**:
-<!--/Scope-->
+| Name | Value |
-<!--Description-->
+|:--|:--|
-This policy allows winlogon to send MPR notifications in the system if a credential manager is configured.
+| Name | EnableMPRNotifications |
 | Friendly Name | Enable MPR notifications for the system |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Logon Options |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
 | Registry Value Name | EnableMPR |
 | ADMX File Name | WinLogon.admx |
 <!-- EnableMPRNotifications-AdmxBacked-End -->
-If you disable (0), MPR notifications will not be sent by winlogon.
+<!-- EnableMPRNotifications-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- EnableMPRNotifications-Examples-End -->
-If you enable (1) or do not configure this policy setting this policy, MPR notifications will be sent by winlogon.
+<!-- EnableMPRNotifications-End -->
-<!--/Description-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Begin -->
-<!--SupportedValues-->
+## EnumerateLocalUsersOnDomainJoinedComputers
 Supported values:
-   0 - disabled
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Applicability-Begin -->
-   1 (default)- enabled
+| Scope | Editions | Applicable OS |
-<!--/SupportedValues-->
+|:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-Applicability-End -->
-<!--/Policy-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
 ```
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-OmaUri-End -->
-<hr/>
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Description-Begin -->
 <!--Policy-->
 <a href="" id="windowslogon-enumeratelocalusersondomainjoinedcomputers"></a>**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting allows local users to be enumerated on domain-joined computers.
 If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.
-If you disable or don't configure this policy setting, the Logon UI won't enumerate local users on domain-joined computers.
+If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-Description-End -->
-<!--/Description-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-Editable-End -->
-<!--ADMXBacked-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-DFProperties-Begin -->
-ADMX Info:
+**Description framework properties**:
 -   GP Friendly name: *Enumerate local users on domain-joined computers*
 -   GP name: *EnumerateLocalUsers*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
-<!--/ADMXBacked-->
+| Property name | Property value |
-<!--/Policy-->
+|:--|:--|
 | Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-DFProperties-End -->
-<hr/>
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-AdmxBacked-Begin -->
 **ADMX mapping**:
-<!--Policy-->
+| Name | Value |
-<a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**
+|:--|:--|
 | Name | EnumerateLocalUsers |
 | Friendly Name | Enumerate local users on domain-joined computers |
 | Location | Computer Configuration |
 | Path | System > Logon |
 | Registry Key Name | Software\Policies\Microsoft\Windows\System |
 | Registry Value Name | EnumerateLocalUsers |
 | ADMX File Name | Logon.admx |
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-AdmxBacked-End -->
-<!--SupportedSKUs-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Examples-Begin -->
-The table below shows the applicability of Windows:
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-Examples-End -->
-|Edition|Windows 10|Windows 11|
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-End -->
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
-<!--/SupportedSKUs-->
+<!-- HideFastUserSwitching-Begin -->
-<hr/>
+## HideFastUserSwitching
-<!--Scope-->
+<!-- HideFastUserSwitching-Applicability-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideFastUserSwitching-Applicability-End -->
-> [!div class = "checklist"]
+<!-- HideFastUserSwitching-OmaUri-Begin -->
-> * Device
+```Device
 ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/HideFastUserSwitching
 ```
 <!-- HideFastUserSwitching-OmaUri-End -->
-<hr/>
+<!-- HideFastUserSwitching-Description-Begin -->
 This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager.
-<!--/Scope-->
+If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied.
 <!--Description-->
 This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or don't configure this policy setting, the Switch account button is accessible to the user in the three locations.
-<!--/Description-->
+The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager.
 <!--ADMXMapped-->
 ADMX Info:
 -   GP Friendly name: *Hide entry points for Fast User Switching*
 -   GP name: *HideFastUserSwitching*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *Logon.admx*
-<!--/ADMXMapped-->
+If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.
-<!--SupportedValues-->
+<!-- HideFastUserSwitching-Description-End -->
 The following list shows the supported values:
-   0 (default) - Disabled (visible).
+<!-- HideFastUserSwitching-Editable-Begin -->
-   1 - Enabled (hidden).
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- HideFastUserSwitching-Editable-End -->
-<!--/SupportedValues-->
+<!-- HideFastUserSwitching-DFProperties-Begin -->
-<!--Validation-->
+**Description framework properties**:
 To validate on Desktop, do the following steps:
-1.   Enable policy.
+| Property name | Property value |
-2.   Verify that the Switch account button in Start is hidden.
+|:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- HideFastUserSwitching-DFProperties-End -->
-<!--/Validation-->
+<!-- HideFastUserSwitching-AllowedValues-Begin -->
-<!--/Policy-->
+**Allowed values**:
 <hr/>
-<!--/Policies-->
+| Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled (visible). |
 | 1 | Enabled (hidden). |
 <!-- HideFastUserSwitching-AllowedValues-End -->
-## Related topics
+<!-- HideFastUserSwitching-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | HideFastUserSwitching |
 | Friendly Name | Hide entry points for Fast User Switching |
 | Location | Computer Configuration |
 | Path | System > Logon |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
 | Registry Value Name | HideFastUserSwitching |
 | ADMX File Name | Logon.admx |
 <!-- HideFastUserSwitching-GpMapping-End -->
 <!-- HideFastUserSwitching-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- HideFastUserSwitching-Examples-End -->
 <!-- HideFastUserSwitching-End -->
 <!-- OverrideShellProgram-Begin -->
 ## OverrideShellProgram
 <!-- OverrideShellProgram-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
 <!-- OverrideShellProgram-Applicability-End -->
 <!-- OverrideShellProgram-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/OverrideShellProgram
 ```
 <!-- OverrideShellProgram-OmaUri-End -->
 <!-- OverrideShellProgram-Description-Begin -->
 This policy is used by IT admin to override the registry based shell program.
 <!-- OverrideShellProgram-Description-End -->
 <!-- OverrideShellProgram-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- OverrideShellProgram-Editable-End -->
 <!-- OverrideShellProgram-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- OverrideShellProgram-DFProperties-End -->
 <!-- OverrideShellProgram-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Not Configured |
 | 1 | Apply Lightweight shell |
 <!-- OverrideShellProgram-AllowedValues-End -->
 <!-- OverrideShellProgram-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- OverrideShellProgram-Examples-End -->
 <!-- OverrideShellProgram-End -->
 <!-- WindowsLogon-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- WindowsLogon-CspMoreInfo-End -->
 <!-- WindowsLogon-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@ -1,5 +1,5 @@
 items:
-  - name: Configuration service provider reference
+- name: Configuration service provider reference
  href: index.yml
  expanded: true
  items:
@ -128,8 +128,6 @@ items:
          href: policy-csp-admx-eaime.md
        - name: ADMX_EncryptFilesonMove
          href: policy-csp-admx-encryptfilesonmove.md
            - name: ADMX_EventLogging
              href: policy-csp-admx-eventlogging.md
        - name: ADMX_EnhancedStorage
          href: policy-csp-admx-enhancedstorage.md
        - name: ADMX_ErrorReporting
@ -138,6 +136,8 @@ items:
          href: policy-csp-admx-eventforwarding.md
        - name: ADMX_EventLog
          href: policy-csp-admx-eventlog.md
        - name: ADMX_EventLogging
          href: policy-csp-admx-eventlogging.md
        - name: ADMX_EventViewer
          href: policy-csp-admx-eventviewer.md
        - name: ADMX_Explorer
@ -210,6 +210,8 @@ items:
          href: policy-csp-admx-msi.md
        - name: ADMX_MsiFileRecovery
          href: policy-csp-admx-msifilerecovery.md
        - name: ADMX_MSS-legacy
          href: policy-csp-admx-mss-legacy.md
        - name: ADMX_nca
          href: policy-csp-admx-nca.md
        - name: ADMX_NCSI
@ -240,6 +242,8 @@ items:
          href: policy-csp-admx-printing2.md
        - name: ADMX_Programs
          href: policy-csp-admx-programs.md
        - name: ADMX_QOS
          href: policy-csp-admx-qos.md
        - name: ADMX_Reliability
          href: policy-csp-admx-reliability.md
        - name: ADMX_RemoteAssistance
@ -248,6 +252,8 @@ items:
          href: policy-csp-admx-removablestorage.md
        - name: ADMX_RPC
          href: policy-csp-admx-rpc.md
        - name: ADMX_sam
          href: policy-csp-admx-sam.md
        - name: ADMX_Scripts
          href: policy-csp-admx-scripts.md
        - name: ADMX_sdiageng
@ -278,6 +284,8 @@ items:
          href: policy-csp-admx-startmenu.md
        - name: ADMX_SystemRestore
          href: policy-csp-admx-systemrestore.md
        - name: ADMX_TabletPCInputPanel
          href: policy-csp-admx-tabletpcinputpanel.md
        - name: ADMX_TabletShell
          href: policy-csp-admx-tabletshell.md
        - name: ADMX_Taskbar
@ -320,8 +328,6 @@ items:
          href: policy-csp-admx-wininit.md
        - name: ADMX_WinLogon
          href: policy-csp-admx-winlogon.md
            - name: ADMX-Winsrv
              href: policy-csp-admx-winsrv.md
        - name: ADMX_wlansvc
          href: policy-csp-admx-wlansvc.md
        - name: ADMX_WordWheel
@ -330,6 +336,8 @@ items:
          href: policy-csp-admx-workfoldersclient.md
        - name: ADMX_WPN
          href: policy-csp-admx-wpn.md
        - name: ADMX-Winsrv
          href: policy-csp-admx-winsrv.md
        - name: ApplicationDefaults
          href: policy-csp-applicationdefaults.md
        - name: ApplicationManagement
@ -358,14 +366,18 @@ items:
          href: policy-csp-camera.md
        - name: Cellular
          href: policy-csp-cellular.md
        - name: CloudDesktop
          href: policy-csp-clouddesktop.md
        - name: CloudPC
          href: policy-csp-cloudpc.md
        - name: Connectivity
          href: policy-csp-connectivity.md
        - name: ControlPolicyConflict
          href: policy-csp-controlpolicyconflict.md
            - name: CredentialsDelegation
              href: policy-csp-credentialsdelegation.md
        - name: CredentialProviders
          href: policy-csp-credentialproviders.md
        - name: CredentialsDelegation
          href: policy-csp-credentialsdelegation.md
        - name: CredentialsUI
          href: policy-csp-credentialsui.md
        - name: Cryptography
@ -488,10 +500,14 @@ items:
          href: policy-csp-servicecontrolmanager.md
        - name: Settings
          href: policy-csp-settings.md
        - name: SettingsSync
          href: policy-csp-settingssync.md
        - name: Speech
          href: policy-csp-speech.md
        - name: Start
          href: policy-csp-start.md
        - name: Stickers
          href: policy-csp-stickers.md
        - name: Storage
          href: policy-csp-storage.md
        - name: System
@ -502,6 +518,10 @@ items:
          href: policy-csp-taskmanager.md
        - name: TaskScheduler
          href: policy-csp-taskscheduler.md
        - name: TenantDefinedTelemetry
          href: policy-csp-tenantdefinedtelemetry.md
        - name: TenantRestrictions
          href: policy-csp-tenantrestrictions.md
        - name: TextInput
          href: policy-csp-textinput.md
        - name: TimeLanguageSettings
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@ -9,17 +9,19 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Assign applications using roles in MDT
 This article will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this article, the application we're adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
-## <a href="" id="sec01"></a>Create and assign a role entry in the database
+## Create and assign a role entry in the database
 1. On MDT01, using Deployment Workbench, in the MDT Production deployment share, expand **Advanced Configuration** and then expand **Database**.
 2. In the **Database** node, right-click **Role**, select **New**, and create a role entry with the following settings:
    1. Role name: Standard PC
    2. Applications / Lite Touch Applications:
    3. Install - Adobe Reader XI - x86
@ -28,10 +30,12 @@ This article will show you how to add applications to a role in the MDT database
 Figure 12. The Standard PC role with the application added
-## <a href="" id="sec02"></a>Associate the role with a computer in the database
+## Associate the role with a computer in the database
 After creating the role, you can associate it with one or more computer entries.
 1. Using Deployment Workbench, expand **MDT Production**, expand **Advanced Configuration**, expand **Database**, and select **Computers**.
 2. In the **Computers** node, double-click the **PC00075** entry, and add the following setting:
    - Roles: Standard PC
@ -39,13 +43,15 @@ After creating the role, you can associate it with one or more computer entries.
 Figure 13. The Standard PC role added to PC00075 (having ID 1 in the database).
-## <a href="" id="sec03"></a>Verify database access in the MDT simulation environment
+## Verify database access in the MDT simulation environment
 When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications aren't installed, but you can see which applications would be installed if you did a full deployment of the computer.
 1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2. Modify the C:\\MDT\\CustomSettings.ini file to look like below:
-    ``` 
+    ```ini
    [Settings]
    Priority=CSettings, CRoles, RApplications, Default
    [Default]
@ -110,7 +116,7 @@ When the database is populated, you can use the MDT simulation environment to si
 3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
-    ``` powershell
+    ```powershell
    Set-Location C:\MDT
    .\Gather.ps1
@ -122,10 +128,10 @@ Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe
 ## Related articles
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-<BR>[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-<BR>[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-<BR>[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-<BR>[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-<BR>[Use web services in MDT](use-web-services-in-mdt.md)
+- [Use web services in MDT](use-web-services-in-mdt.md)
-<BR>[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@ -10,12 +10,13 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Build a distributed environment for Windows 10 deployment
-**Applies to**
+**Applies to:**
 - Windows 10
 Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
@ -28,7 +29,8 @@ For the purposes of this article, we assume that MDT02 is prepared with the same
 Computers used in this article.
->HV01 is also used in this topic to host the PC0006 virtual machine.
+> [!NOTE]
 > HV01 is also used in this topic to host the PC0006 virtual machine.
 ## Replicate deployment shares
@ -55,9 +57,9 @@ On **MDT01**:
 1. Install the DFS Replication role on MDT01 by entering the following at an elevated Windows PowerShell prompt:
-```powershell
+    ```powershell
-Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
+    Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
-```
+    ```
 2. Wait for installation to complete, and then verify that the installation was successful. See the following output:
@ -75,9 +77,9 @@ On **MDT02**:
 1. Perform the same procedure on MDT02 by entering the following at an elevated Windows PowerShell prompt:
-```powershell
+    ```powershell
-Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
+    Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
-```
+    ```
 2. Wait for installation to complete, and then verify that the installation was successful. See the following  output:
@ -112,11 +114,11 @@ On **MDT02**:
 ### Configure the deployment share
-When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT that can be done by using the DefaultGateway property.
+When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT that can be done by using the **DefaultGateway** property.
 On **MDT01**:
-1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the Boostrap.ini file as follows. Under [DefaultGateway] enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (that is, server) to use. 
+1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the `Boostrap.ini` file as follows. Under `[DefaultGateway]` enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (that is, server) to use.
   ```ini
   [Settings]
@ -138,119 +140,156 @@ On **MDT01**:
   UserPassword=pass@word1
   SkipBDDWelcome=YES
   ```
   >[!NOTE]
   >The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
-2. Save the Bootstrap.ini file.
+   > [!NOTE]
   > The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
 2. Save the `Bootstrap.ini` file.
 3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. Use the default settings for the Update Deployment Share Wizard. This process will take a few minutes.
 4. After the update is complete, use the Windows Deployment Services console on MDT01. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**.
 5. Browse and select the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings.
   ![figure 5.](../images/mdt-10-fig05.png)
   Replacing the updated boot image in WDS.
- >[!TIP]
+ > [!TIP]
- >If you modify bootstrap.ini again later, be sure to repeat the process of updating the deployment share in the Deployment Workbench and replacing the boot image in the WDS console.
+ > If you modify bootstrap.ini again later, be sure to repeat the process of updating the deployment share in the Deployment Workbench and replacing the boot image in the WDS console.
-   ## Replicate the content
+## Replicate the content
-   Once the MDT01 and MDT02 servers are prepared, you're ready to configure the actual replication.
+Once the MDT01 and MDT02 servers are prepared, you're ready to configure the actual replication.
-   ### Create the replication group
+### Create the replication group
-6. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and select **New Replication Group**.
+1. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and select **New Replication Group**.
-7. On the **Replication Group Type** page, select **Multipurpose replication group**, and select **Next**.
+
-8. On the **Name and Domain** page, assign the **MDTProduction** name, and select **Next**.
+2. On the **Replication Group Type** page, select **Multipurpose replication group**, and select **Next**.
-9. On the **Replication Group Members** page, select **Add**, add **MDT01** and **MDT02**, and then select **Next**.
+
 3. On the **Name and Domain** page, assign the **MDTProduction** name, and select **Next**.
 4. On the **Replication Group Members** page, select **Add**, add **MDT01** and **MDT02**, and then select **Next**.
    ![figure 6.](../images/mdt-10-fig06.png)
    Adding the Replication Group Members.
-10. On the **Topology Selection** page, select the **Full mesh** option and select **Next**.
+5. On the **Topology Selection** page, select the **Full mesh** option and select **Next**.
 11. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and select **Next**.
 12. On the **Primary Member** page, select **MDT01** and select **Next**.
 13. On the **Folders to Replicate** page, select **Add**, enter **D:\\MDTProduction** as the folder to replicate, select **OK**, and then select **Next**.
 14. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and select **Edit**.
 15. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, select **OK**, and then select **Next**.
 16. On the **Review Settings and Create Replication Group** page, select **Create**.
 17. On the **Confirmation** page, select **Close**.
-    ### Configure replicated folders
+6. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and select **Next**.
 7. On the **Primary Member** page, select **MDT01** and select **Next**.
 8. On the **Folders to Replicate** page, select **Add**, enter **D:\\MDTProduction** as the folder to replicate, select **OK**, and then select **Next**.
 9. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and select **Edit**.
 10. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, select **OK**, and then select **Next**.
 11. On the **Review Settings and Create Replication Group** page, select **Create**.
 12. On the **Confirmation** page, select **Close**.
 ### Configure replicated folders
 1. On **MDT01**, using DFS Management, expand **Replication** and then select **MDTProduction**.
 2. In the middle pane, right-click the **MDT01** member and select **Properties**.
 3. On the **MDT01 (MDTProduction) Properties** page, configure the following and then select **OK**:
 18. On **MDT01**, using DFS Management, expand **Replication** and then select **MDTProduction**.
 19. In the middle pane, right-click the **MDT01** member and select **Properties**.
 20. On the **MDT01 (MDTProduction) Properties** page, configure the following and then select **OK**:
    1. In the **Staging** tab, set the quota to **20480 MB**.
    2. In the **Advanced** tab, set the quota to **8192 MB**.
        In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Below is a Windows PowerShell example that calculates the size of the 16 largest files in the D:\\MDTProduction deployment share:
-        ``` powershell
+        ```powershell
        (Get-ChildItem D:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
        ```
-21. In the middle pane, right-click the **MDT02** member and select **Properties**.
+4. In the middle pane, right-click the **MDT02** member and select **Properties**.
-22. On the **MDT02 (MDTProduction) Properties** page, configure the following and then select **OK**:
+
 5. On the **MDT02 (MDTProduction) Properties** page, configure the following and then select **OK**:
    1. In the **Staging** tab, set the quota to **20480 MB**.
    2. In the **Advanced** tab, set the quota to **8192 MB**.
    > [!NOTE]
    > It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly.
-23. Verify that MDT01 and MDT02 are members of the MDTProduction replication group, with MDT01 being primary as follows using an elevated command prompt:
+6. Verify that MDT01 and MDT02 are members of the MDTProduction replication group, with MDT01 being primary as follows using an elevated command prompt:
-```cmd
+    ```cmd
-C:\> dfsradmin membership list /rgname:MDTProduction /attr:MemName,IsPrimary
+    C:\> dfsradmin membership list /rgname:MDTProduction /attr:MemName,IsPrimary
-MemName  IsPrimary
+    MemName  IsPrimary
-MDT01    Yes
+    MDT01    Yes
-MDT02    No
+    MDT02    No
-```
+    ```
 ### Verify replication
 On **MDT02**:
 1. Wait until you start to see content appear in the **D:\\MDTProduction** folder.
 2. Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**.
 3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and select **Next**.
 4. On the **Path and Name** page, accept the default settings and select **Next**.
 5. On the **Members to Include** page, accept the default settings and select **Next**.
 6. On the **Options** page, accept the default settings and select **Next**.
 7. On the **Review Settings and Create Report** page, select **Create**.
 8. Open the report in Internet Explorer, and if necessary, select the **Allow blocked content** option.
-![figure 9.](../images/mdt-10-fig09.png)
+    ![figure 9.](../images/mdt-10-fig09.png)
    The DFS Replication Health Report.
-The DFS Replication Health Report.
+    > [!NOTE]
-
+    > If there are replication errors you can review the DFS event log in Event Viewer under **Applications and Services Logs**.
 >If there are replication errors you can review the DFS event log in Event Viewer under **Applications and Services Logs**.
 ## Configure Windows Deployment Services (WDS) in a remote site
 Like you did in the previous article for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
 1. On MDT02, using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
 2. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
 ## Deploy a Windows 10 client to the remote site
 Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure.
->For demonstration purposes, the following procedure uses a virtual machine (PC0006) hosted by the Hyper-V server HV01. To use the remote site server (MDT02) the VM must be assigned a default gateway that matches the one you entered in the Boostrap.ini file.
+> [!NOTE]
 > For demonstration purposes, the following procedure uses a virtual machine (PC0006) hosted by the Hyper-V server HV01. To use the remote site server (MDT02) the VM must be assigned a default gateway that matches the one you entered in the `Boostrap.ini` file.
 1. Create a virtual machine with the following settings:
-    1. Name: PC0006
+
-    2. Location: C:\\VMs
+    1. **Name**: PC0006
-    3. Generation: 2
+    2. **Location**: C:\\VMs
-    4. Memory: 2048 MB
+    3. **Generation**: 2
-    5. Hard disk: 60 GB (dynamic disk)
+    4. **Memory**: 2048 MB
    5. **Hard disk**: 60 GB (dynamic disk)
    6. Install an operating system from a network-based installation server
 2. Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from the WDS server.
 3. After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
    1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
    2. Computer Name: PC0006
    3. Applications: Select the Install - Adobe Reader
 4. Setup will now start and perform the following steps:
    1. Install the Windows 10 Enterprise operating system.
    2. Install applications.
    3. Update the operating system using your local Windows Server Update Services (WSUS) server.
@ -259,9 +298,9 @@ Now you should have a solution ready for deploying the Windows 10 client to the
 ## Related articles
-[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
+- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
+- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
+[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
+- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
+- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-[Configure MDT settings](configure-mdt-settings.md)
+- [Configure MDT settings](configure-mdt-settings.md)
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@ -9,23 +9,24 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Configure MDT deployment share rules
 In this article, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
-## <a href="" id="sec01"></a>Assign settings
+## Assign settings
 When using MDT, you can assign setting in three distinct ways:
 - You can pre-stage the information before deployment.
 - You can prompt the user or technician for information.
 - You can have MDT generate the settings automatically.
 In order to illustrate these three options, let's look at some sample configurations.
-## <a href="" id="sec02"></a>Sample configurations
+## Sample configurations
 Before adding the more advanced components like scripts, databases, and web services, consider the commonly used configurations below; they demonstrate the power of the rules engine.
@ -33,7 +34,7 @@ Before adding the more advanced components like scripts, databases, and web serv
 If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. When you have many machines, it makes sense to use the database instead.
-``` 
+```ini
 [Settings]
 Priority=MacAddress, Default
 [Default]
@ -48,7 +49,7 @@ In the preceding sample, you set the PC00075 computer name for a machine with a
 Another way to assign a computer name is to identify the machine via its serial number.
-``` 
+```ini
 [Settings]
 Priority=SerialNumber, Default
 [Default]
@ -63,7 +64,7 @@ In this sample, you set the PC00075 computer name for a machine with a serial nu
 You also can configure the rules engine to use a known property, like a serial number, to generate a computer name on the fly.
-``` 
+```ini
 [Settings]
 Priority=Default
 [Default]
@ -72,15 +73,15 @@ OSDComputerName=PC-%SerialNumber%
 ```
 In this sample, you configure the rules to set the computer name to a prefix (PC-) and then the serial number. If the serial number of the machine is CND0370RJ7, the preceding configuration sets the computer name to PC-CND0370RJ7.
 **Note**  
-Be careful when using the serial number to assign computer names. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.
+> [!NOTE]
 > Be careful when using the serial number to assign computer names. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.
 ### Generate a limited computer name based on a serial number
 To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
-``` 
+```ini
 [Settings]
 Priority=Default
 [Default]
@ -94,7 +95,7 @@ In the preceding sample, you still configure the rules to set the computer name
 In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you're deploying is a laptop, desktop, or server. In this sample, we assume you want to add laptops to different OUs in Active Directory. Note that ByLaptopType isn't a reserved word; rather, it's the name of the section to read.
-``` 
+```ini
 [Settings]
 Priority=ByLaptopType, Default
 [Default]
@ -107,16 +108,10 @@ MachineObjectOU=OU=Laptops,OU=Contoso,DC=contoso,DC=com
 ## Related articles
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-
+- [Use web services in MDT](use-web-services-in-mdt.md)
-[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
 [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
 [Use web services in MDT](use-web-services-in-mdt.md)
 [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@ -9,7 +9,7 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Configure MDT for UserExit scripts
@ -20,7 +20,7 @@ In this article, you'll learn how to configure the MDT rules engine to use a Use
 You can call a UserExit by referencing the script in your rules. Then you can configure a property to be set to the result of a function of the VBScript. In this example, we have a VBScript named Setname.vbs (provided in the book sample files, in the UserExit folder).
-``` 
+```ini
 [Settings]
 Priority=Default
 [Default]
@ -35,7 +35,7 @@ The UserExit=Setname.vbs calls the script and then assigns the computer name to
 The Setname.vbs script takes the MAC Address passed from the rules. The script then does some string manipulation to add a prefix (PC) and remove the semicolons from the MAC Address.
-``` 
+```vb
 Function UserExit(sType, sWhen, sDetail, bSkip) 
  UserExit = Success 
 End Function 
@ -48,23 +48,18 @@ Function SetName(sMac)
  SetName = "PC" & re.Replace(sMac, "")
 End Function
 ```
 The first three lines of the script make up a header that all UserExit scripts have. The interesting part is the lines between Function and End Function. Those lines add a prefix (PC), remove the colons from the MAC Address, and return the value to the rules by setting the SetName value.
->[!NOTE]  
+> [!NOTE]
->The purpose of this sample isn't to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
+> The purpose of this sample isn't to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
 ## Related articles
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-
+- [Use web services in MDT](use-web-services-in-mdt.md)
-[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
 [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
 [Use web services in MDT](use-web-services-in-mdt.md)
 [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@ -10,7 +10,7 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Configure MDT settings
@ -35,9 +35,9 @@ The computers used in this article.
 ## Related articles
-[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
+- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
+- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
+- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
+- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
+- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
+- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@ -9,31 +9,33 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Create a Windows 10 reference image
-**Applies to**
+**Applies to:**
 - Windows 10
 Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this article, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this article, you 'll have a Windows 10 reference image that can be used in your deployment solution.
->[!NOTE]
+> [!NOTE]
->For more information about the server, client, and network infrastructure used in this guide, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+> For more information about the server, client, and network infrastructure used in this guide, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 For the purposes of this article, we'll use three computers: DC01, MDT01, and HV01.
-   - DC01 is a domain controller for the contoso.com domain.
+
-   - MDT01 is a contoso.com domain member server.
+- DC01 is a domain controller for the contoso.com domain.
-   - HV01 is a Hyper-V server that will be used to build the reference image.
+- MDT01 is a contoso.com domain member server.
 - HV01 is a Hyper-V server that will be used to build the reference image.
   ![devices.](../images/mdt-08-fig01.png)
   Computers used in this article.
 ## The reference image
 The reference image described in this guide is designed primarily for deployment to physical devices. However, the reference image is typically created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are:
 - To reduce development time and can use snapshots to test different configurations quickly.
 - To rule out hardware issues. You get the best possible image, and if you've a problem, it's not likely to be hardware related.
 - To ensure that you won't have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
@ -47,19 +49,25 @@ With Windows 10, there's no hard requirement to create reference images. However
 On **MDT01**:
- Sign in as contoso\\administrator using a password of <b>pass@word1</b> (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) article).
+1. Sign in as **contoso\\administrator** using a password of **pass@word1** (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) article).
- Start the MDT deployment workbench, and pin this workbench to the taskbar for easy access.
+
- Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
+2. Start the MDT deployment workbench, and pin this workbench to the taskbar for easy access.
- Use the following settings for the New Deployment Share Wizard:
+
 3. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
 4. Use the following settings for the New Deployment Share Wizard:
   - Deployment share path: **D:\\MDTBuildLab**
   - Share name: **MDTBuildLab$**
   - Deployment share description: **MDT Build Lab**
- Accept the default selections on the Options page and select **Next**.
+
- Review the Summary page, select **Next**, wait for the deployment share to be created, then select **Finish**.
+5. Accept the default selections on the Options page and select **Next**.
- Verify that you can access the <b>\\\\MDT01\\MDTBuildLab$</b> share.
+
 6. Review the Summary page, select **Next**, wait for the deployment share to be created, then select **Finish**.
 7. Verify that you can access the **\\\\MDT01\\MDTBuildLab$** share.
   ![figure 2.](../images/mdt-08-fig02.png)
   The Deployment Workbench with the MDT Build Lab deployment share.
 ### Enable monitoring
@ -73,9 +81,10 @@ In order to read files in the deployment share and write the reference image bac
 On **MDT01**:
 1. Ensure you're signed in as **contoso\\administrator**.
 2. Modify the NTFS permissions for the **D:\\MDTBuildLab** folder by running the following command in an elevated Windows PowerShell prompt:
-    ``` powershell
+    ```powershell
    icacls "D:\MDTBuildLab" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)'
    grant-smbshareaccess -Name MDTBuildLab$ -AccountName "Contoso\MDT_BA" -AccessRight Full -force
    ```
@ -88,8 +97,8 @@ This section will show you how to populate the MDT deployment share with the Win
 MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
->[!NOTE]
+> [!NOTE]
->Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
+> Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
 ### Add Windows 10 Enterprise x64 (full source)
@ -100,16 +109,21 @@ On **MDT01**:
    ![ISO.](../images/iso-data.png)
 2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Build Lab**.
 3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
 4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
    - Full set of source files
    - Source directory: (location of your source files)
-    - Destination directory name: <b>W10EX64RTM</b>
+    - Destination directory name: **W10EX64RTM**
-5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**. See the following example.
+
 5. After adding the operating system, in the **Operating Systems** > **Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**. See the following example.
    ![Default image.](../images/deployment-workbench01.png)
->Depending on the DVD you used, there might be multiple editions available. For the purposes of this guide, we are using the Windows 10 Enterprise image, but other images will also work.
+> [!NOTE]
 > Depending on the DVD you used, there might be multiple editions available. For the purposes of this guide, we are using the Windows 10 Enterprise image, but other images will also work.
 ## Add applications
@ -120,14 +134,18 @@ On **MDT01**:
 First, create an MDT folder to store the Microsoft applications that will be installed:
 1. In the MDT Deployment Workbench, expand **Deployment Shares \\ MDT Build Lab \\ Applications**
 2. Right-click **Applications** and then select **New Folder**.
 3. Under **Folder name**, type **Microsoft**.
 4. Select **Next** twice, and then select **Finish**.
 The steps in this section use a strict naming standard for your MDT applications.
- Use the "<b>Install - </b>" prefix for typical application installations that run a setup installer of some kind, 
+
- Use the "<b>Configure - </b>" prefix when an application configures a setting in the operating system. 
+- Use the **Install -** prefix for typical application installations that run a setup installer of some kind.
- You also add an "<b> - x86</b>", "<b> - x64</b>", or "<b>- x86-x64</b>" suffix to indicate the application's architecture (some applications have installers for both architectures).
+- Use the **Configure -** prefix when an application configures a setting in the operating system.
 - You also add an **- x86**, **- x64**, or **- x86-x64** suffix to indicate the application's architecture (some applications have installers for both architectures).
 Using a script naming standard is always recommended when using MDT as it helps maintain order and consistency.
@ -142,21 +160,23 @@ In example sections, you 'll add the following applications:
 >The 64-bit version of Microsoft Office 365 Pro Plus is recommended unless you need legacy app support. For more information, see [Choose between the 64-bit or 32-bit version of Office](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261)
 Download links:
 - [Office Deployment Tool](https://www.microsoft.com/download/details.aspx?id=49117)
 - [Microsoft Visual C++ Redistributable 2019 - x86](https://aka.ms/vs/16/release/VC_redist.x86.exe)
 - [Microsoft Visual C++ Redistributable 2019 - x64](https://aka.ms/vs/16/release/VC_redist.x64.exe)
 Download all three items in this list to the D:\\Downloads folder on MDT01.
->[!NOTE]
+> [!NOTE]
->For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder, and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
+> For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder, and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
->[!NOTE]
+> [!NOTE]
->All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
+> All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
 ### Create configuration file: Microsoft Office 365 Professional Plus x64
 1. After downloading the most current version of the Office Deployment tool from the Microsoft Download Center using the link provided above, run the self-extracting executable file and extract the files to **D:\\Downloads\\Office365**. The Office Deployment Tool (setup.exe) and several sample configuration.xml files will be extracted.
 2. Using a text editor (such as Notepad), create an XML file in the D:\\Downloads\\Office365 directory with the installation settings for Microsoft 365 Apps for enterprise that are appropriate for your organization. The file uses an XML format, so the file you create must have an extension of .xml but the file can have any filename.
    For example, you can use the following configuration.xml file, which provides these configuration settings:
@ -180,8 +200,8 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
     When you use these settings, anytime you build the reference image you'll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise.
- >[!TIP]
+    > [!TIP]
- >You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file.
+    > You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file.
    For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/configuration-options-for-the-office-2016-deployment-tool) and [Overview of the Office Deployment Tool](/DeployOffice/overview-of-the-office-2016-deployment-tool).
@ -189,16 +209,19 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
    ![folder.](../images/office-folder.png)
-  Assuming you've named the file "configuration.xml" as shown above, we'll use the command "**setup.exe /configure configuration.xml**" when we create the application in MDT. This command execution will perform the installation of Microsoft 365 Apps for enterprise using the configuration settings in the configuration.xml file. Don't perform this step yet.
+Assuming you've named the file `configuration.xml` as shown above, we'll use the command **`setup.exe /configure configuration.xml`** when we create the application in MDT. This command execution will perform the installation of Microsoft 365 Apps for enterprise using the configuration settings in the configuration.xml file. Don't perform this step yet.
- >[!IMPORTANT]
+> [!IMPORTANT]
- >After Microsoft 365 Apps for enterprise is installed on the reference image, do NOT open any Office programs. if you open an Office program, you're prompted to sign-in, which activates the installation of Microsoft 365 Apps for enterprise. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Microsoft 365 Apps for enterprise installed as part of your reference image.
+> After Microsoft 365 Apps for enterprise is installed on the reference image, do NOT open any Office programs. if you open an Office program, you're prompted to sign-in, which activates the installation of Microsoft 365 Apps for enterprise. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Microsoft 365 Apps for enterprise installed as part of your reference image.
 Additional information
 - Microsoft 365 Apps for enterprise is updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you're using). That means that once you've deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
- **Note**: With the installing Office Deployment Tool being used as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user's device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won't have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
+    > [!NOTE]
- - When you're creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that process, you'll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this step, the next time you create a new reference image, you'll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
+    > With the installing Office Deployment Tool being used as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user's device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won't have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
 - When you're creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that process, you'll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this step, the next time you create a new reference image, you'll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
 ### Connect to the deployment share using Windows PowerShell
@ -209,12 +232,13 @@ On **MDT01**:
 1. Ensure you're signed in as **contoso\\Administrator**.
 2. Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
-    ``` powershell
+    ```powershell
    Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
    New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "D:\MDTBuildLab"
    ```
->[!TIP]
+
->Use "Get-Command -module MicrosoftDeploymentToolkit" to see a list of available cmdlets
+> [!TIP]
 > Use `Get-Command -module MicrosoftDeploymentToolkit` to see a list of available cmdlets
 ### Create the install: Microsoft Office 365 Pro Plus - x64
@ -223,9 +247,10 @@ In these steps, we assume that you've downloaded the Office Deployment Tool. You
 On **MDT01**:
 1. Ensure you're signed on as **contoso\\Administrator**.
 2. Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` powershell
+    ```powershell
    $ApplicationName = "Install - Office365 ProPlus - x64"
    $CommandLine = "setup.exe /configure configuration.xml"
    $ApplicationSourcePath = "D:\Downloads\Office365"
@ -233,7 +258,8 @@ On **MDT01**:
    ```
    Upon successful installation, the following text is displayed:
-    ```
+
    ```output
    VERBOSE: Performing the operation "import" on target "Application".
    VERBOSE: Beginning application import
    VERBOSE: Copying application source files from D:\Downloads\Office365 to D:\MDTBuildLab\Applications\Install -
@ -248,17 +274,18 @@ On **MDT01**:
 ### Create the install: Microsoft Visual C++ Redistributable 2019 - x86
->[!NOTE]
+> [!NOTE]
->We have abbreviated "Microsoft Visual C++ Redistributable" in the $ApplicationName below as "MSVC" to avoid the path name exceeding the maxiumum allowed length of 248 characters.
+> We have abbreviated "Microsoft Visual C++ Redistributable" in the $ApplicationName below as "MSVC" to avoid the path name exceeding the maxiumum allowed length of 248 characters.
 In these steps, we assume that you've downloaded Microsoft Visual C++ Redistributable 2019 - x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads.
 On **MDT01**:
 1. Ensure you're signed on as **contoso\\Administrator**.
 2. Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` powershell
+    ```powershell
    $ApplicationName = "Install - MSVC 2019 - x86"
    $CommandLine = "vc_redist.x86.exe /Q"
    $ApplicationSourcePath = "D:\Downloads"
@ -266,7 +293,8 @@ On **MDT01**:
    ```
    Upon successful installation, the following text is displayed:
-    ```
+
    ```output
    VERBOSE: Performing the operation "import" on target "Application".
    VERBOSE: Beginning application import
    VERBOSE: Copying application source files from D:\Downloads to D:\MDTBuildLab\Applications\Install - MSVC 2019 - x86
@ -285,9 +313,10 @@ In these steps, we assume that you've downloaded Microsoft Visual C++ Redistribu
 On **MDT01**:
 1. Ensure you're signed on as **contoso\\Administrator**.
 2. Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` powershell
+    ```powershell
    $ApplicationName = "Install - MSVC 2019 - x64"
    $CommandLine = "vc_redist.x64.exe /Q"
    $ApplicationSourcePath = "D:\Downloads"
@ -310,17 +339,19 @@ To create a Windows 10 reference image task sequence, the process is as follows:
 On **MDT01**:
 1. When you're using the Deployment Workbench, under **Deployment Shares > MDT Build Lab** right-click **Task Sequences**, and create a **New Folder** named **Windows 10**.
 2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-   1. Task sequence ID: REFW10X64-001
+
-   2. Task sequence name: Windows 10 Enterprise x64 RTM Default Image
+   1. **Task sequence ID**: REFW10X64-001
-   3. Task sequence comments: Reference Build
+   2. **Task sequence name**: Windows 10 Enterprise x64 RTM Default Image
-   4. Template: Standard Client Task Sequence
+   3. **Task sequence comments**: Reference Build
-   5. Select OS: Windows 10 Enterprise x64 RTM Default Image
+   4. **Template**: Standard Client Task Sequence
-   6. Specify Product Key: Don't specify a product key at this time
+   5. **Select OS**: Windows 10 Enterprise x64 RTM Default Image
-   7. Full Name: Contoso
+   6. **Specify Product Key**: Don't specify a product key at this time
-   8. Organization: Contoso
+   7. **Full Name**: Contoso
-   9. Internet Explorer home page: http://www.contoso.com
+   8. **Organization**: Contoso
-   10. Admin Password: Don't specify an Administrator Password at this time
+   9. **Internet Explorer home page**: `http://www.contoso.com`
   10. **Admin Password**: Don't specify an Administrator Password at this time
 ### Edit the Windows 10 task sequence
@ -329,81 +360,99 @@ The steps below walk you through the process of editing the Windows 10 reference
 On **MDT01**:
 1. In the **Task Sequences / Windows 10** folder, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence, and select **Properties**.
 2. On the **Task Sequence** tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
-    1. **State Restore > Windows Update (Pre-Application Installation)** action: Enable this action by clicking the **Options** tab and clearing the **Disable this step** check box.
+    - **State Restore > Windows Update (Pre-Application Installation)** action: Enable this action by clicking the **Options** tab and clearing the **Disable this step** check box.
-    2. **State Restore > Windows Update (Post-Application Installation)** action: Also enable this action.
+    - **State Restore > Windows Update (Post-Application Installation)** action: Also enable this action.
-    3. **State Restore**: After the **Tattoo** action, add a new **Group** action (select **Add** then select **New Group**) with the following setting:
+
    - **State Restore**: After the **Tattoo** action, add a new **Group** action (select **Add** then select **New Group**) with the following setting:
        - Name: **Custom Tasks (Pre-Windows Update)**
    4. **State Restore**: After **Windows Update (Post-Application Installation)** action, rename **Custom Tasks** to **Custom Tasks (Post-Windows Update)**.
        - **Note**: The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
    5. **State Restore > Custom Tasks (Pre-Windows Update)**: Add a new **Install Roles and Features** action with the following settings:
        1. Name: Install - Microsoft NET Framework 3.5.1
        2. Select the operating system for which roles are to be installed: Windows 10
        3. Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
-        >[!IMPORTANT]
+    - **State Restore**: After **Windows Update (Post-Application Installation)** action, rename **Custom Tasks** to **Custom Tasks (Post-Windows Update)**.
-        >This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It's installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
+        > [!NOTE]
        > The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
    - **State Restore > Custom Tasks (Pre-Windows Update)**: Add a new **Install Roles and Features** action with the following settings:
        - **Name**: Install - Microsoft NET Framework 3.5.1
        - **Select the operating system for which roles are to be installed**: Windows 10
        - **Select the roles and features that should be installed**: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
        > [!IMPORTANT]
        > This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It's installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
        ![task sequence.](../images/fig8-cust-tasks.png)
        The task sequence after creating the Custom Tasks (Pre-Windows Update) group and adding the Install - Microsoft NET Framework 3.5.1 action.
-    6. **State Restore > Custom Tasks (Pre-Windows Update)**: After the **Install - Microsoft NET Framework 3.5.1** action, add a new **Install Application** action (selected from the **General** group) with the following settings:
+    - **State Restore > Custom Tasks (Pre-Windows Update)**: After the **Install - Microsoft NET Framework 3.5.1** action, add a new **Install Application** action (selected from the **General** group) with the following settings:
-        1. Name: Microsoft Visual C++ Redistributable 2019 - x86
+
-        2. Install a Single Application: browse to **Install - MSVC 2019 - x86**
+        - **Name**: Microsoft Visual C++ Redistributable 2019 - x86
-    7.  Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Microsoft 365 Apps for enterprise as well.
+
        - **Install a Single Application**: browse to **Install - MSVC 2019 - x86**
    - Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Microsoft 365 Apps for enterprise as well.
 3. Select **OK**.
 ![apps.](../images/mdt-apps.png)
 ### Optional configuration: Add a suspend action
 The goal when creating a reference image is to automate everything. But sometimes you've a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you select the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
   ![figure 8.](../images/fig8-suspend.png)
   A task sequence with optional Suspend action (LTISuspend.wsf) added.
   ![figure 9.](../images/fig9-resumetaskseq.png)
   The Windows 10 desktop with the Resume Task Sequence shortcut.
 ### Edit the Unattend.xml file for Windows 10 Enterprise
 When using MDT, you don't need to edit the Unattend.xml file often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you 'll want to use the Internet Explorer Administration Kit (IEAK).
->[!WARNING]
+> [!WARNING]
->Don't use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
+> Don't use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
->[!NOTE]
+> [!NOTE]
->You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you're adding packages via Unattend.xml, it's version specific, so Unattend.xml must match the exact version of the operating system you're servicing.
+> You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you're adding packages via Unattend.xml, it's version specific, so Unattend.xml must match the exact version of the operating system you're servicing.
 Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
 On **MDT01**:
 1. When you're using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
 2. In the **OS Info** tab, select **Edit Unattend.xml**. MDT now generates a catalog file. This file generation process will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
    > [!IMPORTANT]
- > The ADK version 1903 has a [known issue](/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-1903) generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. To avoid this issue, [install the ADK, version 2004 or a later version](/windows-hardware/get-started/adk-install). A workaround is also available for the ADK version 1903:
+    > The ADK version 1903 has a [known issue](/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-1903) generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error **Could not load file or assembly** in in the console output. To avoid this issue, [install the ADK, version 2004 or a later version](/windows-hardware/get-started/adk-install). A workaround is also available for the ADK version 1903:
    >
    > - Close the Deployment Workbench and install the [WSIM 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334). This will update imagecat.exe and imgmgr.exe to version 10.0.18362.144.
    >
    > - Manually run imgmgr.exe (C:\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM\\imgmgr.exe).
    >
    > - Generate a catalog (Tools/Create Catalog) for the selected install.wim (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install.wim).
    >
    > - After manually creating the catalog file (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install_Windows 10 Enterprise.clg), open the Deployment Workbench and proceed to edit unattend.xml.
 3. In Windows SIM, expand the **4 specialize** node in the **Answer File** pane and select the amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral entry.
 4. In the **amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral properties** window (right-hand window), set the following values:
-  - DisableDevTools: true
+
   - **DisableDevTools**: true
 5. Save the Unattend.xml file, and close Windows SIM.
     > [!NOTE]
     > If errors are reported that certain display values are incorrect, you can ignore this message or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
 6. On the Windows 10 Enterprise x64 RTM Default Image Properties, select **OK**.
    ![figure 10.](../images/fig10-unattend.png)
    Windows System Image Manager with the Windows 10 Unattend.xml.
 ## Configure the MDT deployment share rules
@ -419,9 +468,10 @@ To configure the rules for the MDT Build Lab deployment share:
 On **MDT01**:
 1. Using the Deployment Workbench, right-click the **MDT Build Lab** deployment share and select **Properties**.
 2. Select the **Rules** tab and replace the existing content with the following information (edit the settings as needed to match your deployment). For example, If you don't have a WSUS server in your environment, delete the **WSUSServer** line from the configuration:
-    ``` 
+    ```ini
    [Settings]
    Priority=Default
@ -456,12 +506,11 @@ On **MDT01**:
    ```
    ![figure 11.](../images/mdt-rules.png)
    The server-side rules for the MDT Build Lab deployment share.
 3. Select **Edit Bootstrap.ini** and modify using the following information:
-    ``` 
+    ```ini
    [Settings]
    Priority=Default
@ -474,21 +523,27 @@ On **MDT01**:
    SkipBDDWelcome=YES
    ```
-    >[!NOTE]
+    > [!NOTE]
-    >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it's acceptable to do so in this situation. Obviously if you're not using the same password (pass@word3) that is provided in this lab, you must enter your own custom password on the Rules tab and in Bootstrap.ini.
+    > For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it's acceptable to do so in this situation. Obviously if you're not using the same password (pass@word3) that is provided in this lab, you must enter your own custom password on the Rules tab and in Bootstrap.ini.
 4. On the **Windows PE** tab, in the **Platform** drop-down list, select **x86**.
 5. In the **Lite Touch Boot Image Settings** area, configure the following settings:
-   1.  Image description: MDT Build Lab x86
+
-   2.  ISO file name: MDT Build Lab x86.iso
+   - **Image description**: MDT Build Lab x86
   - **ISO file name**: MDT Build Lab x86.iso
 6. On the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
 7. In the **Lite Touch Boot Image Settings** area, configure the following settings:
-   1.  Image description: MDT Build Lab x64
+
-   2.  ISO file name: MDT Build Lab x64.iso
+   - **Image description**: MDT Build Lab x64
   - **ISO file name**: MDT Build Lab x64.iso
 8. Select **OK**.
->[!NOTE]
+> [!NOTE]
->In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).
+> In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).
 ### Update the deployment share
@ -497,8 +552,8 @@ After the deployment share has been configured, it needs to be updated. This upd
 1. In the Deployment Workbench, right-click the **MDT Build Lab** deployment share and select **Update Deployment Share**.
 2. Use the default options for the Update Deployment Share Wizard.
->[!NOTE]
+> [!NOTE]
->The update process will take 5 to 10 minutes.
+> The update process will take 5 to 10 minutes.
 ### The rules explained
@ -508,14 +563,14 @@ The Bootstrap.ini and CustomSettings.ini files work together. The Bootstrap.ini
 The CustomSettings.ini file is normally stored on the server, in the Deployment share\\Control folder, but also can be stored on the media (when using offline media).
->[!NOTE]
+> [!NOTE]
->The settings, or properties, that are used in the rules (CustomSettings.ini and Bootstrap.ini) are listed in the MDT documentation, in the Microsoft Deployment Toolkit Reference / Properties / Property Definition section.
+> The settings, or properties, that are used in the rules (CustomSettings.ini and Bootstrap.ini) are listed in the MDT documentation, in the Microsoft Deployment Toolkit Reference / Properties / Property Definition section.
 ### The Bootstrap.ini file
 The Bootstrap.ini file is available via the deployment share's Properties dialog box, or via the D:\\MDTBuildLab\\Control folder on MDT01.
-``` 
+```ini
 [Settings]
 Priority=Default
 [Default]
@ -527,23 +582,26 @@ SkipBDDWelcome=YES
 ```
 So, what are these settings?
 -   **Priority.** This setting determines the order in which different sections are read. This Bootstrap.ini has only one section, named \[Default\].
 -   **DeployRoot.** This location is of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don't specify a value, the Windows Deployment Wizard prompts you for a location.
 -   **UserDomain, UserID, and UserPassword.** These values are used for automatic sign in to the deployment share. Again, if they aren't specified, the wizard prompts you.
-    >[!WARNING]
+- **Priority**: This setting determines the order in which different sections are read. This Bootstrap.ini has only one section, named \[Default\].
    >Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.
-   **SkipBDDWelcome.** Even if it's nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.
+- **DeployRoot**: This location is of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don't specify a value, the Windows Deployment Wizard prompts you for a location.
->[!NOTE]
+- **UserDomain, UserID, and UserPassword**: These values are used for automatic sign in to the deployment share. Again, if they aren't specified, the wizard prompts you.
->All properties beginning with "Skip" control only whether to display that pane in the Windows Deployment Wizard. Most of the panes also require you to actually set one or more values.
+
    > [!WARNING]
    > Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.
 - **SkipBDDWelcome**: Even if it's nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.
 > [!NOTE]
 > All properties beginning with "Skip" control only whether to display that pane in the Windows Deployment Wizard. Most of the panes also require you to actually set one or more values.
 ### The CustomSettings.ini file
 The CustomSettings.ini file, whose content you see on the Rules tab of the deployment share Properties dialog box, contains most of the properties used in the configuration.
-``` 
+```ini
 [Settings]
 Priority=Default
 [Default]
@ -575,37 +633,63 @@ SkipRoles=YES
 SkipCapture=NO
 SkipFinalSummary=YES
 ```
 - **Priority.** Has the same function as in Bootstrap.ini. Priority determines the order in which different sections are read. This CustomSettings.ini has only one section, named \[Default\]. In general, if you've multiple sections that set the same value, the value from the first section (higher priority) wins. The rare exceptions are listed in the ZTIGather.xml file.
 - **\_SMSTSORGNAME.** The organization name displayed in the task sequence progress bar window during deployment.
 - **UserDataLocation.** Controls the settings for user state backup. You don't need to use when building and capturing a reference image.
 - **DoCapture.** Configures the task sequence to run the System Preparation (Sysprep) tool and capture the image to a file when the operating system is installed.
 - **OSInstall.** Must be set to Y or YES (the code just looks for the Y character) for the setup to proceed.
 - **AdminPassword.** Sets the local Administrator account password.
 - **TimeZoneName.** Establishes the time zone to use. Don't confuse this value with TimeZone, which is only for legacy operating systems (Windows 7 and Windows Server 2003).
-    >[!NOTE]
+- **Priority**: Has the same function as in Bootstrap.ini. Priority determines the order in which different sections are read. This CustomSettings.ini has only one section, named \[Default\]. In general, if you've multiple sections that set the same value, the value from the first section (higher priority) wins. The rare exceptions are listed in the ZTIGather.xml file.
    >The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
- **JoinWorkgroup.** Configures Windows to join a workgroup.
+- **\_SMSTSORGNAME**: The organization name displayed in the task sequence progress bar window during deployment.
- **HideShell.** Hides the Windows Shell during deployment. This hide-operation is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
+
- **FinishAction.** Instructs MDT what to do when the task sequence is complete.
+- **UserDataLocation**: Controls the settings for user state backup. You don't need to use when building and capturing a reference image.
- **DoNotCreateExtraPartition.** Configures the task sequence not to create the extra partition for BitLocker. There's no need to do this configuration for your reference image.
+
- **WSUSServer.** Specifies which Windows Server Update Services (WSUS) server (and port, if needed) to use during the deployment. Without this option MDT will use Microsoft Update directly, which will increase deployment time and limit your options of controlling which updates are applied.
+- **DoCapture**: Configures the task sequence to run the System Preparation (Sysprep) tool and capture the image to a file when the operating system is installed.
- **SLSHARE.** Instructs MDT to copy the log files to a server share if something goes wrong during deployment, or when a deployment is successfully completed.
+
- **ApplyGPOPack.** Allows you to deploy local group policies created by Microsoft Security Compliance Manager (SCM).
+- **OSInstall**: Must be set to Y or YES (the code just looks for the Y character) for the setup to proceed.
- **SkipAdminPassword.** Skips the pane that asks for the Administrator password.
+
- **SkipProductKey.** Skips the pane that asks for the product key.
+- **AdminPassword**: Sets the local Administrator account password.
- **SkipComputerName.** Skips the Computer Name pane.
+
- **SkipDomainMemberShip.** Skips the Domain Membership pane. If set to Yes, you need to configure either the JoinWorkgroup value or the JoinDomain, DomainAdmin, DomainAdminDomain, and DomainAdminPassword properties.
+- **TimeZoneName**: Establishes the time zone to use. Don't confuse this value with TimeZone, which is only for legacy operating systems (Windows 7 and Windows Server 2003).
- **SkipUserData.** Skips the pane for user state migration.
+
- **SkipLocaleSelection.** Skips the pane for selecting language and keyboard settings.
+    > [!NOTE]
- **SkipTimeZone.** Skips the pane for setting the time zone.
+    > The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
- **SkipApplications.** Skips the Applications pane.
+
- **SkipBitLocker.** Skips the BitLocker pane.
+- **JoinWorkgroup**: Configures Windows to join a workgroup.
- **SkipSummary.** Skips the initial Windows Deployment Wizard summary pane.
+
- **SkipRoles.** Skips the Install Roles and Features pane.
+- **HideShell**: Hides the Windows Shell during deployment. This hide-operation is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
- **SkipCapture.** Skips the Capture pane.
+
- **SkipFinalSummary.** Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to select OK before the machine shuts down.
+- **FinishAction**: Instructs MDT what to do when the task sequence is complete.
 - **DoNotCreateExtraPartition**: Configures the task sequence not to create the extra partition for BitLocker. There's no need to do this configuration for your reference image.
 - **WSUSServer**: Specifies which Windows Server Update Services (WSUS) server (and port, if needed) to use during the deployment. Without this option MDT will use Microsoft Update directly, which will increase deployment time and limit your options of controlling which updates are applied.
 - **SLSHARE**: Instructs MDT to copy the log files to a server share if something goes wrong during deployment, or when a deployment is successfully completed.
 - **ApplyGPOPack**: Allows you to deploy local group policies created by Microsoft Security Compliance Manager (SCM).
 - **SkipAdminPassword**: Skips the pane that asks for the Administrator password.
 - **SkipProductKey**: Skips the pane that asks for the product key.
 - **SkipComputerName**: Skips the Computer Name pane.
 - **SkipDomainMemberShip**: Skips the Domain Membership pane. If set to Yes, you need to configure either the JoinWorkgroup value or the JoinDomain, DomainAdmin, DomainAdminDomain, and DomainAdminPassword properties.
 - **SkipUserData**: Skips the pane for user state migration.
 - **SkipLocaleSelection**: Skips the pane for selecting language and keyboard settings.
 - **SkipTimeZone**: Skips the pane for setting the time zone.
 - **SkipApplications**: Skips the Applications pane.
 - **SkipBitLocker**: Skips the BitLocker pane.
 - **SkipSummary**: Skips the initial Windows Deployment Wizard summary pane.
 - **SkipRoles**: Skips the Install Roles and Features pane.
 - **SkipCapture**: Skips the Capture pane.
 - **SkipFinalSummary**: Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to select OK before the machine shuts down.
 ## Build the Windows 10 reference image
@ -617,40 +701,46 @@ The steps below outline the process used to boot a virtual machine using an ISO
 1. Copy D:\\MDTBuildLab\\Boot\\MDT Build Lab x86.iso on MDT01 to C:\\ISO on your Hyper-V host (HV01).
-    >[!NOTE]
+    > [!NOTE]
-    >Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
+    > Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
 On **HV01**:
-2. Create a new virtual machine with the following settings:
+1. Create a new virtual machine with the following settings:
   1. Name: REFW10X64-001
   2. Store the virtual machine in a different location: C:\VM
   3. Generation 1
   4. Memory: 1024 MB
   5. Network: Must be able to connect to \\MDT01\MDTBuildLab$
-   7. Hard disk: 60 GB (dynamic disk)
+   6. Hard disk: 60 GB (dynamic disk)
-   8. Install OS with image file: C:\\ISO\\MDT Build Lab x86.iso
+   7. Install OS with image file: C:\\ISO\\MDT Build Lab x86.iso
 1. Before you start the VM, add a checkpoint for REFW10X64-001, and name it **Clean with MDT Build Lab x86 ISO**.
-    >[!NOTE]
+2. Before you start the VM, add a checkpoint for REFW10X64-001, and name it **Clean with MDT Build Lab x86 ISO**.
    >Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
-4. Start the REFW10X64-001 virtual machine and connect to it.
+    > [!NOTE]
    > Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
-    >[!NOTE]
+3. Start the REFW10X64-001 virtual machine and connect to it.
-    >Up to this point we haven't discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers.  You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario, this connectivity is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
+
    > [!NOTE]
    > Up to this point we haven't discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers. You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario, this connectivity is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
    After booting into Windows PE, complete the Windows Deployment Wizard with the following settings:
-    1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image
+
-    2. Specify whether to capture an image: Capture an image of this reference computer
+    - **Select a task sequence to execute on this computer**: Windows 10 Enterprise x64 RTM Default Image
    - **Specify whether to capture an image**: Capture an image of this reference computer
       - Location: \\\\MDT01\\MDTBuildLab$\\Captures
-    3. File name: REFW10X64-001.wim
+
    - **File name**: REFW10X64-001.wim
        ![capture image.](../images/captureimage.png)
        The Windows Deployment Wizard for the Windows 10 reference image.
-5. The setup now starts and does the following steps:
+4. The setup now starts and does the following steps:
    1. Installs the Windows 10 Enterprise operating system.
    2. Installs the added applications, roles, and features.
    3. Updates the operating system via your local Windows Server Update Services (WSUS) server.
@ -666,7 +756,7 @@ After some time, you 'll have a Windows 10 Enterprise x64 image that is fully pa
 ## Troubleshooting
 > [!IMPORTANT]
-> If you encounter errors applying the image when using a BIOS firmware type, see [Windows 10 deployments fail with Microsoft Deployment Toolkit on computers with BIOS type firmware](https://support.microsoft.com/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7). This 
+> If you encounter errors applying the image when using a BIOS firmware type, see [Windows 10 deployments fail with Microsoft Deployment Toolkit on computers with BIOS type firmware](https://support.microsoft.com/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7).
 If you [enabled monitoring](#enable-monitoring), you can check the progress of the task sequence.
@ -678,9 +768,9 @@ After some time, you 'll have a Windows 10 Enterprise x64 image that is fully pa
 ## Related articles
-[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
+- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
+- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
+- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
+- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
+- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-[Configure MDT settings](configure-mdt-settings.md)
+- [Configure MDT settings](configure-mdt-settings.md)
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@ -11,12 +11,13 @@ ms.topic: article
 ms.technology: itpro-deploy
 ms.collection: 
  - highpri
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Deploy a Windows 10 image using MDT
-**Applies to**
+**Applies to:**
 - Windows 10
 This article will show you how to take your reference image for Windows 10 (that was [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
@ -34,8 +35,8 @@ MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contos
   ![devices.](../images/mdt-07-fig01.png)
->[!NOTE]
+> [!NOTE]
->For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+> For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 ## Step 1: Configure Active Directory permissions
@ -85,7 +86,9 @@ On **MDT01**:
 The steps for creating the deployment share for production are the same as when you created the deployment share for creating the custom reference image:
 1. Ensure you're signed on as: contoso\administrator.
 2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
 3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and select **Next**.
 4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and select **Next**.
@ -93,6 +96,7 @@ The steps for creating the deployment share for production are the same as when
 5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and select **Next**.
 6. On the **Options** page, accept the default settings and select **Next** twice, and then select **Finish**.
 7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
 ### Configure permissions for the production deployment share
@ -102,10 +106,11 @@ To read files in the deployment share, you need to assign NTFS and SMB permissio
 On **MDT01**:
 1. Ensure you're signed in as **contoso\\administrator**.
 2. Modify the NTFS permissions for the **D:\\MDTProduction** folder by running the following command in an elevated Windows PowerShell prompt:
-    ``` powershell
+    ```powershell
-    icacls "D:\MDTProduction" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)'
+    icacls.exe "D:\MDTProduction" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)'
    grant-smbshareaccess -Name MDTProduction$ -AccountName "Contoso\MDT_BA" -AccessRight Full -force
    ```
@ -118,6 +123,7 @@ The next step is to add a reference image into the deployment share with the set
 In these steps, we assume that you've completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) article, so you've a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
 1. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 10**.
 2. Right-click the **Windows 10** folder and select **Import Operating System**.
 3. On the **OS Type** page, select **Custom image file** and select **Next**.
@ -127,11 +133,11 @@ In these steps, we assume that you've completed the steps in the [Create a Windo
 5. On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and select **Next**.
 6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, select **Next** twice, and then select **Finish**.
 7. After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**.
->[!NOTE]
+> [!NOTE]
->The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
+> The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
 ![imported OS.](../images/fig2-importedos.png)
@ -144,8 +150,11 @@ When you configure your MDT Build Lab deployment share, you can also add applica
 On **MDT01**:
 1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2200320282_en_US.exe) to **D:\\setup\\adobe** on MDT01.
 2. Extract the .exe file that you downloaded to a .msi (ex: .\AcroRdrDC2200320282_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
 3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
 4. Right-click the **Applications** node, and create a new folder named **Adobe**.
 5. In the **Applications** node, right-click the **Adobe** folder and select **New Application**.
@ -161,12 +170,12 @@ On **MDT01**:
 10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, select **Next** twice, and then select **Finish**.
    ![acroread image.](../images/acroread.png)
    The Adobe Reader application added to the Deployment Workbench.
 ## Step 5: Prepare the drivers repository
 In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
 - Lenovo ThinkPad T420
 - Dell Latitude 7390
 - HP EliteBook 8560w
@ -174,8 +183,8 @@ In order to deploy Windows 10 with MDT successfully, you need drivers for the bo
 For boot images, you need to have storage and network drivers; for the operating system, you need to have the full suite of drivers.
->[!NOTE]
+> [!NOTE]
->You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time.
+> You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time.
 ### Create the driver source structure in the file system
@ -187,11 +196,15 @@ On **MDT01**:
 > In the steps below, it's critical that the folder names used for various computer makes and models exactly match the results of **wmic computersystem get model,manufacturer** on the target system.
 1. Using File Explorer, create the **D:\\drivers** folder.
 2. In the **D:\\drivers** folder, create the following folder structure:
    1. WinPE x86
    2. WinPE x64
    3. Windows 10 x64
 3. In the new Windows 10 x64 folder, create the following folder structure:
   - Dell Inc.
     - Latitude E7450
   - Hewlett-Packard
@ -207,12 +220,17 @@ On **MDT01**:
 ### Create the logical driver structure in MDT
 When you import drivers to the MDT driver repository, MDT creates a single instance folder structure based on driver class names. However, you can, and should, mimic the driver structure of your driver source repository in the Deployment Workbench. This mimic is done by creating logical folders in the Deployment Workbench.
 1. On MDT01, using Deployment Workbench, select the **Out-of-Box Drivers** node.
 2. In the **Out-Of-Box Drivers** node, create the following folder structure:
    1. WinPE x86
    2. WinPE x64
    3. Windows 10 x64
 3. In the **Windows 10 x64** folder, create the following folder structure:
   - Dell Inc.
     - Latitude E7450
   - Hewlett-Packard
@ -230,36 +248,40 @@ Get-WmiObject -Class:Win32_ComputerSystem
 Or, you can use this command in a normal command prompt:
-```console
+```cmd
-wmic csproduct get name
+wmic.exe csproduct get name
 ```
 If you want a more standardized naming convention, try the **ModelAliasExit.vbs script** from the Deployment Guys blog post, entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](/archive/blogs/deploymentguys/using-and-extending-model-aliases-for-hardware-specific-application-installation).
 ![drivers.](../images/fig4-oob-drivers.png)
 The Out-of-Box Drivers structure in the Deployment Workbench.
 ### Create the selection profiles for boot image drivers
 By default, MDT adds any storage and network drivers that you import to the boot images. However, you should add only the drivers that are necessary to the boot image. You can control which drivers are added by using selection profiles.
-The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can’t locate Windows 10 drivers for your device, a Windows 7 or Windows 8.1 driver will most likely work, but Windows 10 drivers should be your first choice.
+
 The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can't locate Windows 10 drivers for your device, a Windows 7 or Windows 8.1 driver will most likely work, but Windows 10 drivers should be your first choice.
 On **MDT01**:
 1. In the Deployment Workbench, under the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**.
-2.  In the New Selection Profile Wizard, create a selection profile with the following settings:
+
-    1.  Selection Profile name: WinPE x86
+2. In the **New Selection Profile Wizard**, create a selection profile with the following settings:
-    2.  Folders: Select the WinPE x86 folder in Out-of-Box Drivers.
+
-    3. Select **Next**, **Next** and **Finish**.
+    - **Selection Profile name**: WinPE x86
    - **Folders**: Select the WinPE x86 folder in Out-of-Box Drivers.
    - Select **Next**, **Next** and **Finish**.
 3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**.
 4. In the New Selection Profile Wizard, create a selection profile with the following settings:
-    1.  Selection Profile name: WinPE x64
+
-    2.  Folders: Select the WinPE x64 folder in Out-of-Box Drivers.
+    - **Selection Profile name**: WinPE x64
-    3.  Select **Next**, **Next** and **Finish**.
+    - **Folders**: Select the WinPE x64 folder in Out-of-Box Drivers.
    - Select **Next**, **Next** and **Finish**.
    ![figure 5.](../images/fig5-selectprofile.png)
    Creating the WinPE x64 selection profile.
 ### Extract and import drivers for the x64 boot image
@ -269,10 +291,16 @@ Windows PE supports all the hardware models that we have, but here you learn to
 On **MDT01**:
 1. Download **PROWinx64.exe** from Intel.com (ex: [PROWinx64.exe](https://downloadcenter.intel.com/downloads/eula/25016/Intel-Network-Adapter-Driver-for-Windows-10?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F25016%2Feng%2FPROWinx64.exe)).
 2. Extract PROWinx64.exe to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder.
-    a. **Note**: Extracting the .exe file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the .exe terminates. 
+
    > [!NOTE]
    > Extracting the .exe file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the .exe terminates.
 3. Using File Explorer, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder.
 4. Copy the content of the **C:\\Tmp\\PROWinx64\\PRO1000\\Winx64\\NDIS64** folder to the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder.
 5. In the Deployment Workbench, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, and select **Import Drivers**, and use the following Driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**.
 ### Download, extract, and import drivers
@ -281,8 +309,7 @@ On **MDT01**:
 For the ThinkStation P500 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo ThinkStation P500 model has the 30A6003TUS model name, meaning the Machine Type is 30A6.
-> [!div class="mx-imgBorder"]
+![ThinkStation image.](../images/thinkstation.png)
 > ![ThinkStation image.](../images/thinkstation.png)
 To get the updates, download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can also download the drivers by searching PC Support on the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543).
@ -310,7 +337,7 @@ On **MDT01**:
 2. Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers:
-    **D:\\Drivers\\Windows 10 x64\\Dell Inc.\\Latitude E7450**
+    **`D:\Drivers\Windows 10 x64\Dell Inc.\Latitude E7450`**
 ### For the HP EliteBook 8560w
@ -324,7 +351,7 @@ On **MDT01**:
 2. Right-click the **HP EliteBook 8560w** folder and select **Import Drivers** and use the following Driver source directory to import drivers:
-    **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w**
+    **`D:\Drivers\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w`**
 ### For the Microsoft Surface Laptop
@ -336,7 +363,7 @@ On **MDT01**:
 2. Right-click the **Surface Laptop** folder and select **Import Drivers**; and use the following Driver source directory to import drivers:
-    **D:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Laptop**
+    **`D:\Drivers\Windows 10 x64\Microsoft\Surface Laptop`**
 ## Step 6: Create the deployment task sequence
@ -349,6 +376,7 @@ On **MDT01**:
 1. In the Deployment Workbench, under the **MDT Production** node, right-click **Task Sequences**, and create a folder named **Windows 10**.
 2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
   - Task sequence ID: W10-X64-001
   - Task sequence name: Windows 10 Enterprise x64 RTM Custom Image
   - Task sequence comments: Production Image
@ -367,12 +395,14 @@ On **MDT01**:
 2. On the **Task Sequence** tab, configure the **Windows 10 Enterprise x64 RTM Custom Image** task sequence with the following settings:
   1. Preinstall: After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings:
-       1.  Name: Set DriverGroup001
+
-       2.  Task Sequence Variable: DriverGroup001
+      - **Name**: Set DriverGroup001
-       3.  Value: Windows 10 x64\\%Make%\\%Model%
+      - **Task Sequence Variable**: DriverGroup001
      - **Value**: Windows 10 x64\\%Make%\\%Model%
   2. Configure the **Inject Drivers** action with the following settings:
-       - Choose a selection profile: Nothing
+
      - **Choose a selection profile**: Nothing
      - Install all drivers from the selection profile
        > [!NOTE]
@ -385,7 +415,6 @@ On **MDT01**:
 3. Select **OK**.
   ![drivergroup.](../images/fig6-taskseq.png)
   The task sequence for production deployment.
 ## Step 7: Configure the MDT production deployment share
@ -400,9 +429,10 @@ In this section, you'll learn how to configure the MDT Build Lab deployment shar
 On **MDT01**:
 1. Right-click the **MDT Production** deployment share and select **Properties**.
 2. Select the **Rules** tab and replace the existing rules with the following information (modify the domain name, WSUS server, and administrative credentials to match your environment):
-   ``` 
+   ```ini
   [Settings]
   Priority=Default 
@ -441,7 +471,7 @@ On **MDT01**:
 3. Select **Edit Bootstrap.ini** and modify using the following information:
-   ``` 
+   ```ini
   [Settings]
   Priority=Default
@ -483,8 +513,8 @@ On **MDT01**:
 11. Select **OK**.
-    >[!NOTE]
+    > [!NOTE]
-    >It will take a while for the Deployment Workbench to create the monitoring database and web service.
+    > It will take a while for the Deployment Workbench to create the monitoring database and web service.
    ![figure 8.](../images/mdt-07-fig08.png)
@ -500,7 +530,7 @@ You can optionally remove the **UserID** and **UserPassword** entries from Boots
 This file is the MDT Production Bootstrap.ini:
-``` 
+```ini
 [Settings]
 Priority=Default
@ -516,7 +546,7 @@ SkipBDDWelcome=YES
 This file is the CustomSettings.ini file with the new join domain information:
-``` 
+```ini
 [Settings]
 Priority=Default
@ -555,6 +585,7 @@ EventService=http://MDT01:9800
 ```
 Some properties to use in the MDT Production rules file are as follows:
 - **JoinDomain.** The domain to join.
 - **DomainAdmin.** The account to use when joining the machine to the domain.
 - **DomainAdminDomain.** The domain for the join domain account.
@ -578,7 +609,6 @@ If your organization has a Microsoft Software Assurance agreement, you also can
 If you've licensing for MDOP and DaRT, you can add DaRT to the boot images using the steps in this section. If you don't have DaRT licensing, or don't want to use it, skip to the next section, [Update the Deployment Share](#update-the-deployment-share). To enable the remote connection feature in MDT, you need to do the following steps:
 > [!NOTE]
 > DaRT 10 is part of [MDOP 2015](/microsoft-desktop-optimization-pack/#how-to-get-mdop).
 >
@ -592,23 +622,22 @@ On **MDT01**:
   ![DaRT image.](../images/dart.png)
-2. Copy the two tools CAB files from **C:\\Program Files\\Microsoft DaRT\\v10** (**Toolsx86.cab** and **Toolsx64.cab**) to the production deployment share at **D:\\MDTProduction\\Tools\\x86** and **D:\\MDTProduction\\Tools\\x64**, respectively.
+3. Copy the two tools CAB files from **C:\\Program Files\\Microsoft DaRT\\v10** (**Toolsx86.cab** and **Toolsx64.cab**) to the production deployment share at **D:\\MDTProduction\\Tools\\x86** and **D:\\MDTProduction\\Tools\\x64**, respectively.
-3. In the Deployment Workbench, right-click the **MDT Production** deployment share and select **Properties**.
+4. In the Deployment Workbench, right-click the **MDT Production** deployment share and select **Properties**.
-4. On the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected.
+5. On the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected.
-5. On the **Features** sub tab, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** checkbox.
+6. On the **Features** sub tab, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** checkbox.
   ![DaRT selection.](../images/mdt-07-fig09.png)
   Selecting the DaRT 10 feature in the deployment share.
-8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
+7. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
-9. In the **Features** sub tab, in addition to the default selected feature pack, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
+8. In the **Features** sub tab, in addition to the default selected feature pack, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
-10. Select **OK**.
+9. Select **OK**.
 ### Update the deployment share
@ -618,8 +647,8 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee
 2. Use the default options for the Update Deployment Share Wizard.
->[!NOTE]
+> [!NOTE]
->The update process will take 5 to 10 minutes.
+> The update process will take 5 to 10 minutes.
 ## Step 8: Deploy the Windows 10 client image
@ -638,7 +667,6 @@ On **MDT01**:
 3. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
   ![figure 9.](../images/mdt-07-fig10.png)
   The boot image added to the WDS console.
 ### Deploy the Windows 10 client
@ -660,7 +688,6 @@ On **HV01**:
 2. Start the PC0005 virtual machine, and press **Enter** to start the PXE boot. The VM will now load the Windows PE boot image from the WDS server.
    ![figure 10.](../images/mdt-07-fig11.png)
    The initial PXE boot process of PC0005.
 3. After Windows PE has booted, complete the Windows Deployment Wizard using the following setting:
@ -696,7 +723,6 @@ On **MDT01**:
 3. Double-click PC0005, and review the information.
    ![figure 11.](../images/mdt-07-fig13.png)
    The Monitoring node, showing the deployment progress of PC0005.
 ### Use information in the Event Viewer
@ -704,7 +730,6 @@ On **MDT01**:
 When monitoring is enabled, MDT also writes information to the event viewer on MDT01. This information can be used to trigger notifications via scheduled tasks when deployment is completed. For example, you can configure scheduled tasks to send an email when a certain event is created in the event log.
 ![figure 12.](../images/mdt-07-fig14.png)
 The Event Viewer showing a successful deployment of PC0005.
 ## Multicast deployments
@ -722,12 +747,14 @@ Setting up MDT for multicast is straightforward. You enable multicast on the dep
 On **MDT01**:
 1. In the Deployment Workbench, right-click the **MDT Production** deployment share folder and select **Properties**.
 2. On the **General** tab, select the **Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services)** check box, and select **OK**.
 3. Right-click the **MDT Production** deployment share folder and select **Update Deployment Share**.
 4. After updating the deployment share, use the Windows Deployment Services console to, verify that the multicast namespace was created.
    ![figure 13.](../images/mdt-07-fig15.png)
    The newly created multicast namespace.
 ## Use offline media to deploy Windows 10
@ -747,7 +774,7 @@ On **MDT01**:
 2. Use the following settings for the New Selection Profile Wizard:
   - General Settings
-      -   Selection profile name: Windows 10 Offline Media
+     - **Selection profile name**: Windows 10 Offline Media
   - Folders
     - Applications / Adobe
@ -764,12 +791,13 @@ In these steps, you generate offline media from the MDT Production deployment sh
 1. On MDT01, using File Explorer, create the **D:\\MDTOfflineMedia** folder.
-     >[!NOTE]
+     > [!NOTE]
-     >When creating offline media, you need to create the target folder first. It's crucial that you don't create a subfolder inside the deployment share folder because it will break the offline media.
+     > When creating offline media, you need to create the target folder first. It's crucial that you don't create a subfolder inside the deployment share folder because it will break the offline media.
 2. In the Deployment Workbench, under the **MDT Production / Advanced Configuration** node, right-click the **Media** node, and select **New Media**.
 3. Use the following settings for the New Media Wizard:
   - General Settings
     - Media path: **D:\\MDTOfflineMedia**
     - Selection profile: **Windows 10 Offline Media**
@ -791,8 +819,9 @@ On **MDT01**:
 4. On the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
 5. On the **General** sub tab, configure the following settings:
   - In the **Lite Touch Boot Image Settings** area:
-      -  Image description: MDT Production x64
+     - **Image description**: MDT Production x64
   - In the **Windows PE Customizations** area, set the Scratch space size to 128.
 6. On the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option.
@ -813,8 +842,14 @@ On **MDT01**:
 The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it's often more efficient to use USB sticks instead since they're faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.)
->[!TIP] 
+> [!TIP]
->In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. You can place the image on a different drive (ex: E:\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.swm) and then modify E:\Deploy\Control\OperatingSystems.xml to point to it. Alternatively to keep using the USB you must split the .wim file, which can be done using DISM: <br>&nbsp;<br>Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800. <br>&nbsp;<br>Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm. <br>&nbsp;<br>To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (`<SkipWimSplit>True</SkipWimSplit>`), so this must be changed and the offline media content updated.
+> In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. You can place the image on a different drive (ex: E:\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.swm) and then modify E:\Deploy\Control\OperatingSystems.xml to point to it. Alternatively to keep using the USB you must split the .wim file, which can be done using DISM:
 >
 > **`Dism.exe /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800.`**
 >
 > Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm.
 >
 > To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (`<SkipWimSplit>True</SkipWimSplit>`), so this must be changed and the offline media content updated.
 Follow these steps to create a bootable USB stick from the offline media content:
@ -840,9 +875,9 @@ The partitions when deploying an UEFI-based machine.
 ## Related articles
-[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
+- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
+- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
+- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
+- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
+- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-[Configure MDT settings](configure-mdt-settings.md)<br>
+- [Configure MDT settings](configure-mdt-settings.md)
--- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
@ -11,12 +11,13 @@ ms.topic: article
 ms.technology: itpro-deploy
 ms.collection: 
  - highpri
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Get started with MDT
-**Applies to**
+**Applies to:**
 - Windows 10
 This article provides an overview of the features, components, and capabilities of the [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/). When you have finished reviewing this information, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@ -37,39 +38,58 @@ MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Windo
 MDT has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it's considered fundamental to Windows operating system and enterprise application deployment.
 MDT has many useful features, such as:
- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
+
- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
+- **Windows Client support**: Supports Windows 7, Windows 8.1, and Windows 10.
- **Additional operating systems support.** Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/en-us/download/details.aspx?id=26558), and Windows 8.1 Embedded Industry.
+
- **UEFI support.** Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
+- **Windows Server support**: Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
- **GPT support.** Supports deployment to machines that require the new GPT partition table format. This feature is related to UEFI.
+
- **Enhanced Windows PowerShell support.** Provides support for running PowerShell scripts.
+- **Additional operating systems support**: Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/download/details.aspx?id=26558), and Windows 8.1 Embedded Industry.
 - **UEFI support**: Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
 - **GPT support**: Supports deployment to machines that require the new GPT partition table format. This feature is related to UEFI.
 - **Enhanced Windows PowerShell support**: Provides support for running PowerShell scripts.
    ![figure 2.](../images/mdt-05-fig02.png)
    The deployment share mounted as a standard PSDrive allows for administration using PowerShell.
- **Add local administrator accounts.** Allows you to add multiple user accounts to the local Administrators group on the target computers, either via settings or the deployment wizard.
+- **Add local administrator accounts**: Allows you to add multiple user accounts to the local Administrators group on the target computers, either via settings or the deployment wizard.
- **Automated participation in CEIP and WER.** Provides configuration for participation in Windows Customer Experience Improvement Program (CEIP) and Windows Error Reporting (WER).
+
- **Deploy Windows RE.** Enables deployment of a customized Windows Recovery Environment (Windows RE) as part of the task sequence.
+- **Automated participation in CEIP and WER**: Provides configuration for participation in Windows Customer Experience Improvement Program (CEIP) and Windows Error Reporting (WER).
- **Deploy to VHD.** Provides ready-made task sequence templates for deploying Windows into a virtual hard disk (VHD) file.
+
- **Improved deployment wizard.** Provides more progress information and a cleaner UI for the Lite Touch Deployment Wizard.
+- **Deploy Windows RE**: Enables deployment of a customized Windows Recovery Environment (Windows RE) as part of the task sequence.
- **Monitoring.** Allows you to see the status of currently running deployments.
+
- **Apply GPO Pack.** Allows you to deploy local group policy objects created by Microsoft Security Compliance Manager (SCM).
+- **Deploy to VHD**: Provides ready-made task sequence templates for deploying Windows into a virtual hard disk (VHD) file.
- **Partitioning routines.** Provides improved partitioning routines to ensure that deployments work regardless of the current hard drive structure.
+
- **Offline BitLocker.** Provides the capability to have BitLocker enabled during the Windows Preinstallation Environment (Windows PE) phase, thus saving hours of encryption time.
+- **Improved deployment wizard**: Provides more progress information and a cleaner UI for the Lite Touch Deployment Wizard.
- **USMT offline user-state migration.** Provides support for running the User State Migration Tool (USMT) capture offline, during the Windows PE phase of the deployment.
+
 - **Monitoring**: Allows you to see the status of currently running deployments.
 - **Apply GPO Pack**: Allows you to deploy local group policy objects created by Microsoft Security Compliance Manager (SCM).
 - **Partitioning routines**: Provides improved partitioning routines to ensure that deployments work regardless of the current hard drive structure.
 - **Offline BitLocker**: Provides the capability to have BitLocker enabled during the Windows Preinstallation Environment (Windows PE) phase, thus saving hours of encryption time.
 - **USMT offline user-state migration**: Provides support for running the User State Migration Tool (USMT) capture offline, during the Windows PE phase of the deployment.
    ![figure 3.](../images/mdt-05-fig03.png)
    The offline USMT backup in action.
- **Install or uninstall Windows roles or features.** Enables you to select roles and features as part of the deployment wizard. MDT also supports uninstall of roles and features.
+- **Install or uninstall Windows roles or features**: Enables you to select roles and features as part of the deployment wizard. MDT also supports uninstall of roles and features.
- **Microsoft System Center Orchestrator integration.** Provides the capability to use Orchestrator runbooks as part of the task sequence.
+
- **Support for DaRT.** Supports optional integration of the DaRT components into the boot image.
+- **Microsoft System Center Orchestrator integration**: Provides the capability to use Orchestrator runbooks as part of the task sequence.
- **Support for Microsoft Office.** Provides added support for deploying Microsoft Office.
+
- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
+- **Support for DaRT**: Supports optional integration of the DaRT components into the boot image.
- **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
+
- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, see the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
+- **Support for Microsoft Office**: Provides added support for deploying Microsoft Office.
 - **Support for Modern UI app package provisioning**: Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
 - **Extensibility**: Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
 - **Upgrade task sequence**: Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, see the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
 ## MDT Lite Touch components
@ -88,6 +108,7 @@ A deployment share is essentially a folder on the server that is shared and cont
 ## Rules
 The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The rules control the Windows Deployment Wizard on the client and, for example, can provide the following settings to the machine being deployed:
 - Computer name
 - Domain to join, and organizational unit (OU) in Active Directory to hold the computer object
 - Whether to enable BitLocker
@ -95,13 +116,11 @@ The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The r
 You can manage hundreds of settings in the rules. For more information, see the [Microsoft Deployment Toolkit resource center](/mem/configmgr/mdt/).
 ![figure 5.](../images/mdt-05-fig05.png)
 Example of an MDT rule. In this example, the new computer name is being calculated based on PC- plus the first seven (Left) characters from the serial number
 ## Boot images
-Boot images are the Windows Preinstallation Environment (Windows PE) images that are used to start the deployment. They can be started from a CD or DVD, an ISO file, a USB device, or over the network using a Pre-Boot Execution Environment (PXE) server. The boot images connect to the deployment 
+Boot images are the Windows Preinstallation Environment (Windows PE) images that are used to start the deployment. They can be started from a CD or DVD, an ISO file, a USB device, or over the network using a Pre-Boot Execution Environment (PXE) server. The boot images connect to the deployment share on the server and start the deployment.
 share on the server and start the deployment.
 ## Operating systems
@ -124,33 +143,44 @@ With the Deployment Workbench, you can add any Microsoft packages that you want
 Task sequences are the heart and soul of the deployment solution. When creating a task sequence, you need to select a template. The templates are located in the Templates folder in the MDT installation directory, and they determine which default actions are present in the sequence.
 You can think of a task sequence as a list of actions that need to be executed in a certain order. Each action can also have conditions. Some examples of actions are as follows:
- **Gather.** Reads configuration settings from the deployment server.
+
- **Format and Partition.** Creates the partition(s) and formats them.
+- **Gather**: Reads configuration settings from the deployment server.
- **Inject Drivers.** Finds out which drivers the machine needs and downloads them from the central driver repository.
+- **Format and Partition**: Creates the partition(s) and formats them.
- **Apply Operating System.** Uses ImageX to apply the image.
+- **Inject Drivers**: Finds out which drivers the machine needs and downloads them from the central driver repository.
- **Windows Update.** Connects to a WSUS server and updates the machine.
+- **Apply Operating System**: Applies the Windows image.
 - **Windows Update**: Connects to a WSUS server and updates the machine.
 ## Task sequence templates
 MDT comes with nine default task sequence templates. You can also create your own templates. As long as you store them in the Templates folder, they'll be available when you create a new task sequence.
- **Sysprep and Capture task sequence.** Used to run the System Preparation (Sysprep) tool and capture an image of a reference computer.
+
 - **Sysprep and Capture task sequence**: Used to run the System Preparation (Sysprep) tool and capture an image of a reference computer.
    > [!NOTE]
    > It's preferable to use a complete build and capture instead of the Sysprep and Capture task sequence. A complete build and capture can be automated, whereas Sysprep and Capture can't.
- **Standard Client task sequence.** The most frequently used task sequence. Used for creating reference images and for deploying clients in production.
+- **Standard Client task sequence**: The most frequently used task sequence. Used for creating reference images and for deploying clients in production.
- **Standard Client Replace task sequence.** Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.
+
- **Custom task sequence.** As the name implies, a custom task sequence with only one default action (one Install Application action).
+- **Standard Client Replace task sequence**: Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.
- **Standard Server task sequence.** The default task sequence for deploying operating system images to servers. The main difference between this template and the Standard Client task sequence template is that it doesn't contain any USMT actions because USMT isn't supported on servers.
+
- **Lite Touch OEM task sequence.** Used to preload operating systems images on the computer hard drive. Typically used by computer original equipment manufacturers (OEMs) but some enterprise organizations also use this feature.
+- **Custom task sequence**: As the name implies, a custom task sequence with only one default action (one Install Application action).
- **Post OS Installation task sequence.** A task sequence prepared to run actions after the operating system has been deployed. Useful for server deployments but not often used for client deployments.
+
- **Deploy to VHD Client task sequence.** Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.
+- **Standard Server task sequence**: The default task sequence for deploying operating system images to servers. The main difference between this template and the Standard Client task sequence template is that it doesn't contain any USMT actions because USMT isn't supported on servers.
- **Deploy to VHD Server task sequence.** Same as the Deploy to VHD Client task sequence but for servers.
+
- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
+- **Lite Touch OEM task sequence**: Used to preload operating systems images on the computer hard drive. Typically used by computer original equipment manufacturers (OEMs) but some enterprise organizations also use this feature.
 - **Post OS Installation task sequence**: A task sequence prepared to run actions after the operating system has been deployed. Useful for server deployments but not often used for client deployments.
 - **Deploy to VHD Client task sequence**: Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.
 - **Deploy to VHD Server task sequence**: Same as the Deploy to VHD Client task sequence but for servers.
 - **Standard Client Upgrade task sequence**: A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
 ## Selection profiles
 Selection profiles, which are available in the Advanced Configuration node, provide a way to filter content in the Deployment Workbench. Selection profiles are used for several purposes in the Deployment Workbench and in Lite Touch deployments. For example, they can be used to:
 - Control which drivers and packages are injected into the Lite Touch (and generic) boot images.
 - Control which drivers are injected during the task sequence.
 - Control what is included in any media that you create.
@ -161,8 +191,8 @@ Selection profiles, which are available in the Advanced Configuration node, prov
 MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
-**Note**  
+> [!NOTE]
-The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
+> The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
 ## Monitoring
@ -170,4 +200,4 @@ On the deployment share, you also can enable monitoring. After you enable monito
 ## See next
-[Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
+- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@ -11,12 +11,13 @@ ms.topic: article
 ms.technology: itpro-deploy
 ms.collection: 
  - highpri
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Prepare for deployment with MDT
-**Applies to**
+**Applies to:**
 - Windows 10
 This article will walk you through the steps necessary to prepare your network and server infrastructure to deploy Windows 10 with the Microsoft Deployment Toolkit (MDT). It covers the installation of the necessary system prerequisites, the creation of shared folders and service accounts, and the configuration of security permissions in the file system and in Active Directory.
@ -28,12 +29,17 @@ The procedures in this guide use the following names and infrastructure.
 ### Network and servers
 For the purposes of this article, we'll use three server computers: **DC01**, **MDT01**, and **HV01**.
 - All servers are running Windows Server 2019.
  - You can use an earlier version of Windows Server with minor modifications to some procedures.
-    - Note: Although MDT supports Windows Server 2008 R2, at least Windows Server 2012 R2 or later is required to perform the procedures in this guide.
+
- **DC01** is a domain controller, DHCP server, and DNS server for <b>contoso.com</b>, representing the fictitious Contoso Corporation.
+- **DC01** is a domain controller, DHCP server, and DNS server for **contoso.com**, representing the fictitious Contoso Corporation.
 - **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200 GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server.
  - A second MDT server (**MDT02**) configured identically to MDT01 is optionally used to [build a distributed environment](build-a-distributed-environment-for-windows-10-deployment.md) for Windows 10 deployment. This server is located on a different subnet than MDT01 and has a different default gateway.
 - **HV01** is a Hyper-V host computer that is used to build a Windows 10 reference image.
  - See [Hyper-V requirements](#hyper-v-requirements) below for more information about HV01.
@ -42,11 +48,15 @@ For the purposes of this article, we'll use three server computers: **DC01**, **
 Several client computers are referenced in this guide with hostnames of PC0001 to PC0007.
 - **PC0001**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
  - Client name: PC0001
  - IP Address: DHCP
 - **PC0002**: A computer running Windows 7 SP1 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
  - Client name: PC0002
  - IP Address: DHCP
 - **PC0003 - PC0007**: These are other client computers similar to PC0001 and PC0002 that are used in this guide and another guide for various scenarios. The device names are incremented for clarity within each scenario. For example, PC0003 and PC0004 are running Windows 7 just like PC0002, but are used for Configuration Manager refresh and replace scenarios, respectively.
 ### Storage requirements
@ -65,9 +75,9 @@ All server and client computers referenced in this guide are on the same subnet.
 The following generic credentials are used in this guide. You should replace these credentials as they appear in each procedure with your credentials.
-**Active Directory domain name**: contoso.com<br>
+- **Active Directory domain name**: contoso.com
-**Domain administrator username**: administrator<br>
+- **Domain administrator username**: administrator
-**Domain administrator password**: pass@word1
+- **Domain administrator password**: pass@word1
 ### Organizational unit structure
@ -82,22 +92,28 @@ These steps assume that you have the MDT01 member server running and configured
 On **MDT01**:
 Visit the [Download and install the Windows ADK](/windows-hardware/get-started/adk-install) page and download the following items to the **D:\\Downloads\\ADK** folder on MDT01 (you'll need to create this folder):
 - [The Windows ADK for Windows 10](https://go.microsoft.com/fwlink/?linkid=2086042)
 - [The Windows PE add-on for the ADK](https://go.microsoft.com/fwlink/?linkid=2087112)
 - [The Windows System Image Manager (WSIM) 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334)
 - (Optional) [The MDT_KB4564442 patch for BIOS firmware](https://download.microsoft.com/download/3/0/6/306AC1B2-59BE-43B8-8C65-E141EF287A5E/KB4564442/MDT_KB4564442.exe)
  - This patch is needed to resolve a bug that causes detection of BIOS-based machines as UEFI-based machines. If you have a UEFI deployment, you don't need this patch.
->[!TIP]
+> [!TIP]
->You might need to temporarily disable IE Enhanced Security Configuration for administrators in order to download files from the Internet to the server. This setting can be disabled by using Server Manager (Local Server/Properties).
+> You might need to temporarily disable IE Enhanced Security Configuration for administrators in order to download files from the Internet to the server. This setting can be disabled by using Server Manager (Local Server/Properties).
 1. On **MDT01**, ensure that you're signed in as an administrator in the CONTOSO domain.
-    - For the purposes of this guide, we're using a Domain Admin account of **administrator** with a password of <b>pass@word1</b>. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
+
   - For the purposes of this guide, we're using a Domain Admin account of **administrator** with a password of **pass@word1**. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
 2. Start the **ADK Setup** (D:\\Downloads\\ADK\\adksetup.exe), select **Next** twice to accept the default installation parameters, select **Accept** to accept the license agreement, and then on the **Select the features you want to install** page accept the default list of features by clicking **Install**. This will install deployment tools and the USMT. Verify that the installation completes successfully before moving to the next step.
 3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), select **Next** twice to accept the default installation parameters, select **Accept** to accept the license agreement, and then on the **Select the features you want to install** page select **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step.
 4. Extract the **WSIM 1903 update** (D:\\Downloads\ADK\\WSIM1903.zip) and then run the **UpdateWSIM.bat** file.
   - You can confirm that the update is applied by viewing properties of the ImageCat.exe and ImgMgr.exe files at **C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM** and verifying that the **Details** tab displays a **File version** of **10.0.18362.144** or later.
-5. If you downloaded the optional MDT_KB4564442 patch for BIOS based deployment, see [this support article](https://support.microsoft.com/en-us/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7) for instructions on how to install the patch.
+
 5. If you downloaded the optional MDT_KB4564442 patch for BIOS based deployment, see [this support article](https://support.microsoft.com/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7) for instructions on how to install the patch.
 ## Install and initialize Windows Deployment Services (WDS)
@ -107,8 +123,8 @@ On **MDT01**:
  ```powershell
  Install-WindowsFeature -Name WDS -IncludeManagementTools
-  WDSUTIL /Verbose /Progress /Initialize-Server /Server:MDT01 /RemInst:"D:\RemoteInstall"
+  WDSUTIL.exe /Verbose /Progress /Initialize-Server /Server:MDT01 /RemInst:"D:\RemoteInstall"
-  WDSUTIL /Set-Server /AnswerClients:All
+  WDSUTIL.exe /Set-Server /AnswerClients:All
  ```
 ## Optional: Install Windows Server Update Services (WSUS)
@ -117,26 +133,32 @@ If you wish to use MDT as a WSUS server using the Windows Internal Database (WID
 To install WSUS on MDT01, enter the following at an elevated Windows PowerShell prompt:
-  ```powershell
+```powershell
-  Install-WindowsFeature -Name UpdateServices, UpdateServices-WidDB, UpdateServices-Services, UpdateServices-RSAT, UpdateServices-API, UpdateServices-UI
+Install-WindowsFeature -Name UpdateServices, UpdateServices-WidDB, UpdateServices-Services, UpdateServices-RSAT, UpdateServices-API, UpdateServices-UI
-  cmd /c "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
+"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
-  ```
+```
->To use the WSUS that you have installed on MDT01, you must also [configure Group Policy](../update/waas-manage-updates-wsus.md#configure-automatic-updates-and-update-service-location) on DC01 and perform the neccessary post-installation configuration of WSUS on MDT01.
+> [!NOTE]
 > To use the WSUS that you have installed on MDT01, you must also [configure Group Policy](../update/waas-manage-updates-wsus.md#configure-automatic-updates-and-update-service-location) on DC01 and perform the necessary post-installation configuration of WSUS on MDT01.
 ## Install MDT
->[!NOTE]
+> [!NOTE]
->MDT installation requires the following:
+> MDT installation requires the following:
->-   The Windows ADK for Windows 10 (installed in the previous procedure)
+>
->-   Windows PowerShell ([version 5.1](https://www.microsoft.com/download/details.aspx?id=54616) is recommended; type **$host** to check)
+> - The Windows ADK for Windows 10 (installed in the previous procedure)
->-   Microsoft .NET Framework
+> - Windows PowerShell ([version 5.1](https://www.microsoft.com/download/details.aspx?id=54616) is recommended; enter `$host` to check)
 > - Microsoft .NET Framework
 On **MDT01**:
 1. Visit the [MDT resource page](/mem/configmgr/mdt/) and select **Download MDT**.
 2. Save the **MicrosoftDeploymentToolkit_x64.msi** file to the D:\\Downloads\\MDT folder on MDT01.
-    - **Note**: As of the publishing date for this guide, the current version of MDT is 8456 (6.3.8456.1000), but a later version will also work.
+
    > [!NOTE]
    > As of the publishing date for this guide, the current version of MDT is 8456 (6.3.8456.1000), but a later version will also work.
 3. Install **MDT** (D:\\Downloads\\MDT\\MicrosoftDeploymentToolkit_x64.exe) with the default settings.
 ## Create the OU structure
@ -187,19 +209,26 @@ To use the Active Directory Users and Computers console (instead of PowerShell):
 On **DC01**:
 1. Using the Active Directory Users and Computers console (dsa.msc), in the contoso.com domain level, create a top-level OU named **Contoso**.
 2. In the **Contoso** OU, create the following OUs:
-    1.  Accounts
+
-    2.  Computers
+   - Accounts
-    3.  Groups
+   - Computers
   - Groups
 3. In the **Contoso / Accounts** OU, create the following underlying OUs:
-    1.  Admins
+
-    2.  Service Accounts
+   - Admins
-    3.  Users
+   - Service Accounts
   - Users
 4. In the **Contoso / Computers** OU, create the following underlying OUs:
-    1.  Servers
+
-    2.  Workstations
+   - Servers
   - Workstations
 5. In the **Contoso / Groups** OU, create the following OU:
-    1.   Security Groups
+   - Security Groups
 The final result of either method is shown below. The **MDT_BA** account will be created next.
@ -212,6 +241,7 @@ To create an MDT build account, open an elevated Windows PowerShell prompt on DC
 ```powershell
 New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true
 ```
 If you have the Active Directory Users and Computers console open you can refresh the view and see this new account in the **Contoso\Accounts\Service Accounts** OU as shown in the screenshot above.
 ## Create and share the logs folder
@ -221,6 +251,7 @@ By default MDT stores the log files locally on the client. In order to capture a
 On **MDT01**:
 1. Sign in as **CONTOSO\\administrator**.
 2. Create and share the **D:\\Logs** folder by running the following commands in an elevated Windows PowerShell prompt:
    ```powershell
@ -252,8 +283,9 @@ When you've completed all the steps in this section to prepare for deployment, s
 ## Appendix
-**Sample files**
+### Sample files
 The following sample files are also available to help automate some MDT deployment tasks. This guide doesn't use these files, but they're made available here so you can see how some tasks can be automated with Windows PowerShell.
 - [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
 - [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
--- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
@ -9,17 +9,19 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Refresh a Windows 7 computer with Windows 10
-**Applies to**
+**Applies to:**
 - Windows 10
 This article will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
 For the purposes of this article, we'll use three computers: DC01, MDT01, and PC0001.
 - DC01 is a domain controller for the contoso.com domain.
 - MDT01 is domain member server that hosts your deployment share.
 - PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
@ -27,7 +29,6 @@ For the purposes of this article, we'll use three computers: DC01, MDT01, and PC
 Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more information on the setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 ![computers.](../images/mdt-04-fig01.png "Computers used in this topic")
 The computers used in this article.
 ## The computer refresh process
@ -44,17 +45,17 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w
 During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's many files.
->[!NOTE]
+> [!NOTE]
->In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
+> In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
 ### Multi-user migration
 By default, ScanState in USMT backs up all profiles on the machine, including local computer profiles. If you have a computer that has been in your environment for a while, it likely has several domain-based profiles on it, including those of former users. You can limit which profiles are backed up by configuring command-line switches to ScanState (added as rules in MDT).
-For example, the following line configures USMT to migrate only domain user profiles and not profiles from the local SAM account database: ScanStateArgs=/ue:\*\\\* /ui:CONTOSO\\\*
+For example, the following line configures USMT to migrate only domain user profiles and not profiles from the local SAM account database: `ScanStateArgs=/ue:*\* /ui:CONTOSO\*`
->[!NOTE]
+> [!NOTE]
->You also can combine the preceding switches with the /uel switch, which excludes profiles that have not been accessed within a specific number of days. For example, adding /uel:60 will configure ScanState (or LoadState) not to include profiles that haven't been accessed for more than 60 days.
+> You also can combine the preceding switches with the /uel switch, which excludes profiles that have not been accessed within a specific number of days. For example, adding /uel:60 will configure ScanState (or LoadState) not to include profiles that haven't been accessed for more than 60 days.
 ### Support for additional settings
@ -76,41 +77,46 @@ It's also assumed that you have a domain member client computer named PC0001 in
 ### Upgrade (refresh) a Windows 7 SP1 client
->[!IMPORTANT]
+> [!IMPORTANT]
->Domain join details [specified in the deployment share rules](deploy-a-windows-10-image-using-mdt.md#configure-the-rules) will be used to rejoin the computer to the domain during the refresh process.  If the Windows 7 client is domain-jonied in a different OU than the one specified by MachineObjectOU, the domain join process will initially fail and then retry without specifying an OU. If the domain account that is specified (ex: **MDT_JD**) has [permissions limited to a specific OU](deploy-a-windows-10-image-using-mdt.md#step-1-configure-active-directory-permissions) then the domain join will ultimately fail, the refresh process will proceed, and the client computer object will be orphaned in Active Directory. In the current guide, computer objects should be located in Contoso > Computers > Workstations. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed. To diagnose MDT domain join errors, see **ZTIDomainJoin.log** in the C:\Windows\Temp\DeploymentLogs directory on the client computer. 
+> Domain join details [specified in the deployment share rules](deploy-a-windows-10-image-using-mdt.md#configure-the-rules) will be used to rejoin the computer to the domain during the refresh process. If the Windows 7 client is domain-jonied in a different OU than the one specified by MachineObjectOU, the domain join process will initially fail and then retry without specifying an OU. If the domain account that is specified (ex: **MDT_JD**) has [permissions limited to a specific OU](deploy-a-windows-10-image-using-mdt.md#step-1-configure-active-directory-permissions) then the domain join will ultimately fail, the refresh process will proceed, and the client computer object will be orphaned in Active Directory. In the current guide, computer objects should be located in **Contoso** > **Computers** > **Workstations**. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed. To diagnose MDT domain join errors, see **ZTIDomainJoin.log** in the C:\Windows\Temp\DeploymentLogs directory on the client computer.
 1. On PC0001, sign in as **contoso\\Administrator** and start the Lite Touch Deploy Wizard by opening **\\\\MDT01\\MDTProduction$\\Scripts\\Litetouch.vbs**.
 2. Complete the deployment guide using the following settings:
-   * Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
+   - Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
-   * Computer name: &lt;default&gt;
+
-   * Specify where to save a complete computer backup: Don't back up the existing computer
+   - **Computer name**: *\<default\>*
-     >[!NOTE]
+
-     >Skip this optional full WIM backup that we are choosing not to perform. The USMT backup will still run.
+   - **Specify where to save a complete computer backup**: Don't back up the existing computer
-   * Select one or more applications to install: Install - Adobe Reader
+
     > [!NOTE]
     > Skip this optional full WIM backup that we are choosing not to perform. The USMT backup will still run.
   - **Select one or more applications to install**: Install - Adobe Reader
     ![Computer refresh.](../images/fig2-taskseq.png "Start the computer refresh")
-4. Setup starts and performs the following actions:
+3. Setup starts and performs the following actions:
-   * Backs up user settings and data using USMT.
+   - Backs up user settings and data using USMT.
-   * Installs the Windows 10 Enterprise x64 operating system.
+   - Installs the Windows 10 Enterprise x64 operating system.
-   * Installs any added applications.
+   - Installs any added applications.
-   * Updates the operating system using your local Windows Server Update Services (WSUS) server.
+   - Updates the operating system using your local Windows Server Update Services (WSUS) server.
-   * Restores user settings and data using USMT.
+   - Restores user settings and data using USMT.
-5. You can monitor progress of the deployment using the deployment workbench on MDT01. See the following example:
+4. You can monitor progress of the deployment using the deployment workbench on MDT01. See the following example:
     ![monitor deployment.](../images/monitor-pc0001.png)
-6. After the refresh process completes, sign in to the Windows 10 computer and verify that user accounts, data and settings were migrated.
+5. After the refresh process completes, sign in to the Windows 10 computer and verify that user accounts, data and settings were migrated.
 ## Related articles
-[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
+- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-[Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)<br>
+- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
-[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
+- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
+- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
+- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
+- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-[Configure MDT settings](configure-mdt-settings.md)
+- [Configure MDT settings](configure-mdt-settings.md)
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@ -10,17 +10,19 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Replace a Windows 7 computer with a Windows 10 computer
-**Applies to**
+**Applies to:**
 - Windows 10
 A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
 For the purposes of this article, we'll use four computers: DC01, MDT01, PC0002, and PC0007.
 - DC01 is a domain controller for the contoso.com domain.
 - MDT01 is domain member server that hosts your deployment share.
 - PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007.
@ -29,7 +31,6 @@ For the purposes of this article, we'll use four computers: DC01, MDT01, PC0002,
 For more details on the setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 ![The computers used in this topic.](../images/mdt-03-fig01.png)
 The computers used in this article.
 >HV01 is also used in this topic to host the PC0007 virtual machine for demonstration purposes, however typically PC0007 is a physical computer.
@ -43,7 +44,9 @@ The computers used in this article.
 On **MDT01**:
 1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, select **Properties**, and then select the **Rules** tab.
 2. Change the **SkipUserData=YES** option to **NO**, and select **OK**.
 3. Right-click on **MDT Production** and select **Update Deployment Share**. Then select **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings.
 ### Create and share the MigData folder
@ -51,23 +54,25 @@ On **MDT01**:
 On **MDT01**:
 1. Create and share the **D:\\MigData** folder by running the following three commands in an elevated Windows PowerShell prompt:
-   ``` powershell
+
   ```powershell
   New-Item -Path D:\MigData -ItemType directory
   New-SmbShare -Name MigData$ -Path D:\MigData -ChangeAccess EVERYONE
   icacls D:\MigData /grant '"MDT_BA":(OI)(CI)(M)'
   ```
   ### Create a backup only (replace) task sequence
-2. In Deployment Workbench, under the **MDT Production** deployment share, select the **Task Sequences** node and create a new folder named **Other**.
+### Create a backup only (replace) task sequence
-3. Right-click the **Other** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+1. In Deployment Workbench, under the **MDT Production** deployment share, select the **Task Sequences** node and create a new folder named **Other**.
-   * Task sequence ID: REPLACE-001
+2. Right-click the **Other** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
   * Task sequence name: Backup Only Task Sequence
   * Task sequence comments: Run USMT to back up user data and settings
   * Template: Standard Client Replace Task Sequence
-4. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions.
+   - Task sequence ID: REPLACE-001
   - Task sequence name: Backup Only Task Sequence
   - Task sequence comments: Run USMT to back up user data and settings
   - Template: Standard Client Replace Task Sequence
 3. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions.
   ![The Backup Only Task Sequence action list.](../images/mdt-03-fig02.png "The Backup Only Task Sequence action list")
@ -78,6 +83,7 @@ On **MDT01**:
 During a computer replace, the following are the high-level steps that occur:
 1. On the computer you're replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
 2. On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
 ### Run the replace task sequence
@ -85,28 +91,30 @@ During a computer replace, the following are the high-level steps that occur:
 On **PC0002**:
 1. Sign in as **CONTOSO\\Administrator** and verify that you have write access to the **\\\\MDT01\\MigData$** share.
 2. Run **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**.
 3.  Complete the Windows Deployment Wizard using the following settings:
-    1.  Select a task sequence to execute on this computer: Backup Only Task Sequence
+3. Complete the **Windows Deployment Wizard** using the following settings:
        * Specify where to save your data and settings: Specify a location
        * Location: \\\\MDT01\\MigData$\\PC0002
-        >[!NOTE]
+   - **Select a task sequence to execute on this computer**: Backup Only Task Sequence
        >If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
-    2.  Specify where to save a complete computer backup: Don't back up the existing computer
+   - **Specify where to save your data and settings**: Specify a location
     - **Location**: \\\\MDT01\\MigData$\\PC0002
        > [!NOTE]
        > If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
   - **Specify where to save a complete computer backup**: Don't back up the existing computer
    The task sequence will now run USMT (Scanstate.exe) to capture user data and settings of the computer.
    ![The new task sequence.](../images/mdt-03-fig03.png "The new task sequence")
    The new task sequence running the Capture User State action on PC0002.
 4. On **MDT01**, verify that you have a USMT.MIG compressed backup file in the **D:\\MigData\\PC0002\\USMT** folder.
    ![The USMT backup.](../images/mdt-03-fig04.png "The USMT backup")
    The USMT backup of PC0002.
 ### Deploy the replacement computer
@ -117,12 +125,12 @@ On **HV01**:
 1. Create a virtual machine with the following settings:
-    * Name: PC0007
+   - **Name**: PC0007
-    * Location: C:\\VMs
+   - **Location**: C:\\VMs
-    * Generation: 2
+   - **Generation**: 2
-    * Memory: 2048 MB
+   - **Memory**: 2048 MB
-    * Hard disk: 60 GB (dynamic disk)
+   - **Hard disk**: 60 GB (dynamic disk)
-    * Install an operating system from a network-based installation server
+   - Install an operating system from a network-based installation server
 2. Start the PC0007 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from MDT01 (or MDT02 if at a remote site).
@ -132,20 +140,20 @@ On **HV01**:
 3. After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
-    * Select a task sequence to execute on this computer:
+   - Select a task sequence to execute on this computer:
-        * Windows 10 Enterprise x64 RTM Custom Image
+     - Windows 10 Enterprise x64 RTM Custom Image
-        * Computer Name: PC0007
+     - **Computer Name**: PC0007
-        * Move Data and Settings: Don't move user data and settings.
+     - **Move Data and Settings**: Don't move user data and settings.
-        * User Data (Restore) > Specify a location: \\\\MDT01\\MigData$\\PC0002
+     - **User Data (Restore)** > **Specify a location**: \\\\MDT01\\MigData$\\PC0002
-        * Applications: Adobe > Install - Adobe Reader
+     - **Applications**: Adobe > Install - Adobe Reader
 4. Setup now starts and does the following actions:
-    * Partitions and formats the disk.
+    - Partitions and formats the disk.
-    * Installs the Windows 10 Enterprise operating system.
+    - Installs the Windows 10 Enterprise operating system.
-    * Installs the application.
+    - Installs the application.
-    * Updates the operating system via your local Windows Server Update Services (WSUS) server.
+    - Updates the operating system via your local Windows Server Update Services (WSUS) server.
-    * Restores the USMT backup from PC0002.
+    - Restores the USMT backup from PC0002.
 You can view progress of the process by clicking the Monitoring node in the Deployment Workbench on MDT01.
@ -153,9 +161,9 @@ You can view progress of the process by clicking the Monitoring node in the Depl
 ## Related articles
-[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
+- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
+- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
+- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
+- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
+- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-[Configure MDT settings](configure-mdt-settings.md)
+- [Configure MDT settings](configure-mdt-settings.md)
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@ -10,7 +10,7 @@ author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-mar2020
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Set up MDT for BitLocker
@ -18,6 +18,7 @@ ms.date: 10/28/2022
 This article will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
 - A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password. Technically, you can also use a USB stick to store the protector, but it's not a practical approach as the USB stick can be lost or stolen. We, therefore, recommend that you instead use a TPM chip and/or a password.
 - Multiple partitions on the hard drive.
 To configure your environment for BitLocker, you'll need to do the following actions:
@ -29,10 +30,8 @@ To configure your environment for BitLocker, you'll need to do the following act
 > [!NOTE]
 > Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery password in Active Directory. For more information about this feature, see [Backing Up BitLocker and TPM Recovery Information to AD DS](/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds).
-If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
+>
-
+> If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
 > [!NOTE]
 > Backing up TPM to Active Directory was supported only on Windows 10 version 1507 and 1511.
 For the purposes of this article, we'll use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this article, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
@ -54,18 +53,24 @@ The BitLocker Recovery information on a computer object in the contoso.com domai
 The BitLocker Drive Encryption Administration Utilities are added as features via Server Manager (or Windows PowerShell):
 1. On DC01, log on as **CONTOSO\\Administrator**, and, using Server Manager, select **Add roles and features**.
 2. On the **Before you begin** page, select **Next**.
 3. On the **Select installation type** page, select **Role-based or feature-based installation**, and select **Next**.
 4. On the **Select destination server** page, select **DC01.contoso.com** and select **Next**.
 5. On the **Select server roles** page, select **Next**.
 6. On the **Select features** page, expand **Remote Server Administration Tools**, expand **Feature Administration Tools**, select the following features, and then select **Next**:
    1. BitLocker Drive Encryption Administration Utilities
    2. BitLocker Drive Encryption Tools
    3. BitLocker Recovery Password Viewer
 7. On the **Confirm installation selections** page, select **Install**, and then select **Close**.
 ![figure 3.](../images/mdt-09-fig03.png)
 Selecting the BitLocker Drive Encryption Administration Utilities.
 ### Create the BitLocker Group Policy
@ -73,32 +78,41 @@ Selecting the BitLocker Drive Encryption Administration Utilities.
 Following these steps, you enable the backup of BitLocker and TPM recovery information to Active Directory. You also enable the policy for the TPM validation profile.
 1. On DC01, using Group Policy Management, right-click the **Contoso** organizational unit (OU), and select **Create a GPO in this domain, and Link it here**.
 2. Assign the name **BitLocker Policy** to the new Group Policy.
-3. Expand the **Contoso** OU, right-click the **BitLocker Policy**, and select **Edit**. Configure the following policy settings:
+
-    Computer Configuration / Policies / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives
+3. Expand the **Contoso** OU, right-click the **BitLocker Policy**, and select **Edit**. Configure the following policy settings found under **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives**
   1. Enable the **Choose how BitLocker-protected operating system drives can be recovered** policy, and configure the following settings:
-        1. Allow data recovery agent (default)
+
-        2. Save BitLocker recovery information to Active Directory Domain Services (default)
+      - Allow data recovery agent (default)
-        3. Don't enable BitLocker until recovery information is stored in AD DS for operating system drives
+      - Save BitLocker recovery information to Active Directory Domain Services (default)
      - Don't enable BitLocker until recovery information is stored in AD DS for operating system drives
   2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy.
   3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy.
 > [!NOTE]
-> If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using.
+> If you consistently get the error:
 >
 > **Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system.**
 >
 > after encrypting a computer with BitLocker, you might have to change the various **Configure TPM platform validation profile** Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using.
 ### Set permissions in Active Directory for BitLocker
 In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you've downloaded the [Add-TPMSelfWriteACE.vbs script](https://raw.githubusercontent.com/DeploymentArtist/DF4/master/BitLocker%20and%20TPM/Add-TPMSelfWriteACE.vbs) to C:\\Setup\\Scripts on DC01.
 1. On DC01, start an elevated PowerShell prompt (run as Administrator).
 2. Configure the permissions by running the following command:
-    ```dos
+    ```cmd
-    cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
+    cscript.exe C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
    ```
 ![figure 4.](../images/mdt-09-fig04.png)
 Running the Add-TPMSelfWriteACE.vbs script on DC01.
 ## Add BIOS configuration tools from Dell, HP, and Lenovo
@ -113,7 +127,7 @@ If you want to automate enabling the TPM chip as part of the deployment process,
 The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here's a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
-```dos
+```cmd
 BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
 ```
@ -135,7 +149,7 @@ Embedded Security Device Availability
 The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here's a sample command to enable TPM using the Lenovo tools:
-```dos
+```cmd
 cscript.exe SetConfig.vbs SecurityChip Active
 ```
@ -146,21 +160,24 @@ When configuring a task sequence to run any BitLocker tool, either directly or u
 In the following task sequence, we added five actions:
 - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
 - **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip isn't already activated. Use the properties from the ZTICheckforTPM.wsf.
    > [!NOTE]
    > It is common for organizations to wrap these tools in scripts to get additional logging and error handling.
 - **Restart computer.** Self-explanatory, reboots the computer.
 - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time.
 - **Enable BitLocker.** Runs the built-in action to activate BitLocker.
 ## Related articles
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)<br>
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)<br>
+- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)<br>
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)<br>
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-[Use web services in MDT](use-web-services-in-mdt.md)<br>
+- [Use web services in MDT](use-web-services-in-mdt.md)
-[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@ -9,7 +9,7 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Simulate a Windows 10 deployment in a test environment
@ -19,7 +19,9 @@ This article will walk you through the process of creating a simulated environme
 ## Test environment
 - A Windows 10 client named **PC0001** will be used to simulate deployment. The client is joined to the contoso.com domain and has access to the Internet to required download tools and scripts.
 - It's assumed that you've performed (at least) the following procedures so that you have an MDT service account and an MDT production deployment share:
  - [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
  - [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
  - [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
@ -29,6 +31,7 @@ This article will walk you through the process of creating a simulated environme
 On **PC0001**:
 1. Sign as **contoso\\Administrator**.
 2. Copy the following to a PowerShell script named gather.ps1 and copy it to a directory named **C:\MDT** on PC0001.
    ```powershell
@ -48,15 +51,22 @@ On **PC0001**:
    ```
 3. Download and install the free [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool.
 4. Using Local Users and Groups (lusrmgr.msc), add the **contoso\\MDT\_BA** user account to the local **Administrators** group.
 5. Sign off, and then sign on to PC0001 as **contoso\\MDT\_BA**.
 6. Open the **\\\\MDT01\\MDTProduction$\\Scripts** folder and copy the following files to **C:\\MDT**:
-   1.  ZTIDataAccess.vbs
+
-   2.  ZTIGather.wsf
+   - ZTIDataAccess.vbs
-   3.  ZTIGather.xml
+   - ZTIGather.wsf
-   4.  ZTIUtility.vbs
+   - ZTIGather.xml
   - ZTIUtility.vbs
 7. From the **\\\\MDT01\\MDTProduction$\\Control** folder, copy the CustomSettings.ini file to **C:\\MDT**.
 8. In the **C:\\MDT** folder, create a subfolder named **X64**.
 9. From the **\\\\MDT01\\MDTProduction$\\Tools\\X64** folder, copy the Microsoft.BDD.Utility.dll file to **C:\\MDT\\X64**.
   ![files.](../images/mdt-09-fig06.png)
@ -64,16 +74,19 @@ On **PC0001**:
   The C:\\MDT folder with the files added for the simulation environment.
 10. Type the following at an elevated Windows PowerShell prompt:
-    ``` powershell
+
    ```powershell
    Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force
    Set-Location C:\MDT
    .\Gather.ps1
    ```
    When prompted, press **R** to run the gather script.
 11. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder using CMTrace.
-    **Note**  
+
-    Warnings or errors regarding the Wizard.hta are expected. If the log file looks okay, you're ready to try a real deployment.
+    > [!NOTE]
    > Warnings or errors regarding the Wizard.hta are expected. If the log file looks okay, you're ready to try a real deployment.
   ![ztigather.](../images/mdt-09-fig07.png)
@ -81,10 +94,10 @@ On **PC0001**:
 ## Related articles
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)<br>
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)<br>
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)<br>
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)<br>
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-[Use web services in MDT](use-web-services-in-mdt.md)<br>
+- [Use web services in MDT](use-web-services-in-mdt.md)
-[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@ -9,18 +9,19 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Perform an in-place upgrade to Windows 10 with MDT
-**Applies to**
+**Applies to:**
 - Windows 10
 The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
->[!TIP]
+> [!TIP]
->In-place upgrade is the preferred method to use when migrating from Windows 10 to a later release of Windows 10, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple. 
+> In-place upgrade is the preferred method to use when migrating from Windows 10 to a later release of Windows 10, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple.
 In-place upgrade differs from [computer refresh](refresh-a-windows-7-computer-with-windows-10.md) in that you can't use a custom image to perform the in-place upgrade. In this article, we'll add a default Windows 10 image to the production deployment share specifically to perform an in-place upgrade.
@ -31,39 +32,50 @@ Three computers are used in this article: DC01, MDT01, and PC0002.
 - PC0002 is a domain member computer running Windows 7 SP1, targeted for the Windows 10 upgrade
 ![computers.](../images/mdt-upgrade.png)
 The computers used in this article.
->[!NOTE]
+> [!NOTE]
->For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+> For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
-
+>
 >If you have already completed all the steps in [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md), then you already have a production deployment share and you can skip to [Add Windows 10 Enterprise x64 (full source)](#add-windows-10-enterprise-x64-full-source).
 ## Create the MDT production deployment share
 On **MDT01**:
-1. Ensure you're signed on as: contoso\administrator.
+1. Ensure you're signed on as **contoso\administrator**.
 2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
 3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and select **Next**.
 4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and select **Next**.
 5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and select **Next**.
 6. On the **Options** page, accept the default settings and select **Next** twice, and then select **Finish**.
 7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
 ## Add Windows 10 Enterprise x64 (full source)
->If you have already have a Windows 10 [reference image](create-a-windows-10-reference-image.md) in the **MDT Build Lab** deployment share, you can use the deployment workbench to copy and paste this image from the MDT Build Lab share to the MDT Production share and skip the steps in this section.
+> [!NOTE]
 > If you have already have a Windows 10 [reference image](create-a-windows-10-reference-image.md) in the **MDT Build Lab** deployment share, you can use the deployment workbench to copy and paste this image from the MDT Build Lab share to the MDT Production share and skip the steps in this section.
 On **MDT01**:
 1. Sign in as contoso\\administrator and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
 2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**.
 3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
 4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
    - Full set of source files
-    - Source directory: (location of your source files)
+    - **Source directory**: (location of your source files)
-    - Destination directory name: <b>W10EX64RTM</b>
+    - **Destination directory name**: `W10EX64RTM`
 5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**.
 ## Create a task sequence to upgrade to Windows 10 Enterprise
@ -71,14 +83,16 @@ On **MDT01**:
 On **MDT01**:
 1. Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, then create a folder named **Windows 10**.
-2.  Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+
-    -   Task sequence ID: W10-X64-UPG
+2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the **New Task Sequence Wizard**:
-    -   Task sequence name: Windows 10 Enterprise x64 RTM Upgrade
+
-    -   Template: Standard Client Upgrade Task Sequence
+    - **Task sequence ID**: W10-X64-UPG
-    -   Select OS: Windows 10 Enterprise x64 RTM Default Image
+    - **Task sequence name**: Windows 10 Enterprise x64 RTM Upgrade
-    -   Specify Product Key: Don't specify a product key at this time
+    - **Template**: Standard Client Upgrade Task Sequence
-    -   Organization: Contoso
+    - **Select OS**: Windows 10 Enterprise x64 RTM Default Image
-    -   Admin Password: Don't specify an Administrator password at this time
+    - **Specify Product Key**: Don't specify a product key at this time
    - **Organization**: Contoso
    - **Admin Password**: Don't specify an Administrator password at this time
 ## Perform the Windows 10 upgrade
@ -87,24 +101,24 @@ To initiate the in-place upgrade, perform the following steps on PC0002 (the dev
 On **PC0002**:
 1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**
 2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then select **Next**.
 3. Select one or more applications to install (will appear if you use custom image): Install - Adobe Reader
 4. On the **Ready** tab, select **Begin** to start the task sequence.
-   When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
+
 When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
 ![upgrade1.](../images/upgrademdt-fig5-winupgrade.png)
 <br>
 ![upgrade2.](../images/mdt-upgrade-proc.png)
 <br>
 ![upgrade3.](../images/mdt-post-upg.png)
 After the task sequence completes, the computer will be fully upgraded to Windows 10.
 ## Related articles
-[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
+- [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
-[Microsoft Deployment Toolkit downloads and resources](/mem/configmgr/mdt/)
+- [Microsoft Deployment Toolkit downloads and resources](/mem/configmgr/mdt/)
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@ -9,38 +9,49 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ms.date: 11/28/2022
 ---
 # Use Orchestrator runbooks with MDT
 This article will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
 MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
->[!Note]
+> [!NOTE]
->If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
+> If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
-## <a href="" id="sec01"></a>Orchestrator terminology
+## Orchestrator terminology
 Before diving into the core details, here's a quick course in Orchestrator terminology:
 -   **Orchestrator Server.** This is a server that executes runbooks.
 -   **Runbooks.** A runbook is similar to a task sequence; it's a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
 -   **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
 -   **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
 -   **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
 -   **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
 -   **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
-**Note**  
+- **Orchestrator Server**: This is a server that executes runbooks.
 To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](/previous-versions/system-center/packs/hh295851(v=technet.10)).
-## <a href="" id="sec02"></a>Create a sample runbook
+- **Runbooks**: A runbook is similar to a task sequence; it's a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
 - **Orchestrator Designer**: This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
 - **Subscriptions**: These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
 - **Orchestrator Console**: This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
 - **Orchestrator web services**: These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
 - **Integration packs**: These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
 > [!NOTE]
 > To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](/previous-versions/system-center/packs/hh295851(v=technet.10)).
 ## Create a sample runbook
 This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01.
 1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS).
 2. In the **E:\\Logfile** folder, create the DeployLog.txt file.
-   **Note**  
+
-   Make sure File Explorer is configured to show known file extensions so the file isn't named DeployLog.txt.txt.
+   > [!NOTE]
   > Make sure File Explorer is configured to show known file extensions so the file isn't named DeployLog.txt.txt.
   ![figure 23.](../images/mdt-09-fig23.png)
@ -53,11 +64,16 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
   Figure 24. Folder created in the Runbooks node.
 4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**.
 5. On the ribbon bar, select **Check Out**.
 6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**.
 7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane:
-   1.  Runbook Control / Initialize Data
+
-   2.  Text File Management / Append Line
+   - Runbook Control / Initialize Data
   - Text File Management / Append Line
 8. Connect **Initialize Data** to **Append Line**.
   ![figure 25.](../images/mdt-09-fig25.png)
@ -65,6 +81,7 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
   Figure 25. Activities added and connected.
 9. Right-click the **Initialize Data** activity, and select **Properties**
 10. On **the Initialize Data Properties** page, select **Add**, change **Parameter 1** to **OSDComputerName**, and then select **Finish**.
    ![figure 26.](../images/mdt-09-fig26.png)
@ -72,8 +89,11 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
    Figure 26. The Initialize Data Properties window.
 11. Right-click the **Append Line** activity, and select **Properties**.
 12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**.
 13. In the **File** encoding drop-down list, select **ASCII**.
 14. In the **Append** area, right-click inside the **Text** text box and select **Expand**.
    ![figure 27.](../images/mdt-09-fig27.png)
@ -87,7 +107,9 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
    Figure 28. Subscribing to data.
 16. In the **Published Data** window, select the **OSDComputerName** item, and select **OK**.
 17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**.
 18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and select **OK**.
    ![figure 29.](../images/mdt-09-fig29.png)
@ -95,14 +117,21 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
    Figure 29. The expanded text box after all subscriptions have been added.
 19. On the **Append Line Properties** page, select **Finish**.
-    ## <a href="" id="sec03"></a>Test the demo MDT runbook
+## Test the demo MDT runbook
-    After the runbook is created, you're ready to test it.
+
-20. On the ribbon bar, select **Runbook Tester**.
+After the runbook is created, you're ready to test it.
-21. Select **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then select **OK**:
+
-    -   OSDComputerName: PC0010
+1. On the ribbon bar, select **Runbook Tester**.
-22. Verify that all activities are green (for more information, see each target).
+
-23. Close the **Runbook Tester**.
+2. Select **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then select **OK**:
-24. On the ribbon bar, select **Check In**.
+
    - **OSDComputerName**: PC0010
 3. Verify that all activities are green (for more information, see each target).
 4. Close the **Runbook Tester**.
 5. On the ribbon bar, select **Check In**.
 ![figure 30.](../images/mdt-09-fig30.png)
@ -111,21 +140,31 @@ Figure 30. All tests completed.
 ## Use the MDT demo runbook from MDT
 1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**.
-2.  Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+
-    1.  Task sequence ID: OR001
+2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the **New Task Sequence Wizard**:
-    2.  Task sequence name: Orchestrator Sample
+
-    3.  Task sequence comments: &lt;blank&gt;
+   - **Task sequence ID**: OR001
-    4.  Template: Custom Task Sequence
+   - **Task sequence name**: Orchestrator Sample
   - **Task sequence comments**: *\<blank\>*
   - **Template**: Custom Task Sequence
 3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab.
 4. Remove the default **Application Install** action.
 5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option.
 6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings:
-    1.  Name: Set Task Sequence Variable
+
-    2.  Task Sequence Variable: OSDComputerName
+   - **Name**: Set Task Sequence Variable
-    3.  Value: %hostname%
+   - **Task Sequence Variable**: OSDComputerName
   - **Value**: %hostname%
 7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings:
-    1.  Orchestrator Server: OR01.contoso.com
+
-    2.  Use Browse to select **1.0 MDT / MDT Sample**.
+   - **Orchestrator Server**: OR01.contoso.com
   - Use **Browse** to select **1.0 MDT / MDT Sample**.
 8. Select **OK**.
 ![figure 31.](../images/mdt-09-fig31.png)
@ -135,21 +174,28 @@ Figure 31. The ready-made task sequence.
 ## Run the orchestrator sample task sequence
 Since this task sequence just starts a runbook, you can test the task sequence on the PC0001 client that you used for the MDT simulation environment.
-**Note**  
+
-Make sure the account you're using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](/previous-versions/system-center/system-center-2012-R2/hh403774(v=sc.12)).
+> [!NOTE]
 > Make sure the account you're using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](/previous-versions/system-center/system-center-2012-R2/hh403774(v=sc.12)).
 1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2. Using an elevated command prompt (run as Administrator), type the following command:
-    ``` syntax
+    ```cmd
-    cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
+    cscript.exe \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
    ```
-3.  Complete the Windows Deployment Wizard using the following information:
+
-    1.  Task Sequence: Orchestrator Sample
+3. Complete the **Windows Deployment Wizard** using the following information:
-    2.  Credentials:
+
-        1.  User Name: MDT\_BA
+    1. **Task Sequence**: Orchestrator Sample
-        2.  Password: P@ssw0rd
+
-        3.  Domain: CONTOSO
+    2. **Credentials**:
      - **User Name**: MDT\_BA
      - **Password**: P@ssw0rd
      - **Domain**: CONTOSO
 4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated.
 ![figure 32.](../images/mdt-09-fig32.png)
@ -158,16 +204,10 @@ Figure 32. The ready-made task sequence.
 ## Related articles
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-
+- [Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+- [Use web services in MDT](use-web-services-in-mdt.md)
 [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
 [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
 [Use web services in MDT](use-web-services-in-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@ -9,45 +9,52 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Use the MDT database to stage Windows 10 deployment information
 This article is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many more settings for the machines.
-## <a href="" id="sec01"></a>Database prerequisites
+## Database prerequisites
 MDT can use either SQL Server Express or full SQL Server. However, since the deployment database isn't large, even in large enterprise environments, we recommend using the free SQL Server 2012 SP1 Express database in your environment.
->[!NOTE]
+> [!NOTE]
->Be sure to enable Named Pipes when configuring the SQL Server 2012 SP1 Express database. Although it is a legacy protocol, Named Pipes has proven to work well when connecting from Windows Preinstallation Environment (Windows PE) to the SQL Server database.
+> Be sure to enable Named Pipes when configuring the SQL Server 2012 SP1 Express database. Although it is a legacy protocol, Named Pipes has proven to work well when connecting from Windows Preinstallation Environment (Windows PE) to the SQL Server database.
-## <a href="" id="sec02"></a>Create the deployment database
+## Create the deployment database
 The MDT database is by default created and managed from the Deployment Workbench. In these steps, we assume you have installed SQL Server 2012 SP1 Express on MDT01.
->[!NOTE]
+> [!NOTE]
->Since SQL Server 2012 SP1 Express runs by default on a separate instance (SQLEXPRESS), the SQL Server Browser service must be running, and the firewall configured to allow traffic to it. Port 1433 TCP and port 1434 UDP need to be opened for inbound traffic on MDT01.
+> Since SQL Server 2012 SP1 Express runs by default on a separate instance (SQLEXPRESS), the SQL Server Browser service must be running, and the firewall configured to allow traffic to it. Port 1433 TCP and port 1434 UDP need to be opened for inbound traffic on MDT01.
 1. On MDT01, using Deployment Workbench, expand the MDT Production deployment share, expand **Advanced Configuration**, right-click **Database**, and select **New Database**.
 2. In the New DB Wizard, on the **SQL Server Details** page, enter the following settings and select **Next**:
    1. SQL Server Name: MDT01
    2. Instance: SQLEXPRESS
    3. Port: &lt;blank&gt;
    4. Network Library: Named Pipes
 3. On the **Database** page, select **Create a new database**; in the **Database** field, type **MDT** and select **Next**.
 4. On the **SQL Share** page, in the **SQL Share** field, type **Logs$** and select **Next**. Select **Next** again and then select **Finish**.
 ![figure 8.](../images/mdt-09-fig08.png)
 Figure 8. The MDT database added to MDT01.
-## <a href="" id="sec03"></a>Configure database permissions
+## Configure database permissions
 After creating the database, you need to assign permissions to it. In MDT, the account you used to run the deployment is used to access the database. In this environment, the network access account is MDT\_BA.
 1. On MDT01, start SQL Server Management Studio.
 2. In the **Connect to Server** dialog box, in the **Server name** list, select **MDT01\\SQLEXPRESS** and select **Connect**.
 3. In the **Object Explorer** pane, expand the top-level **Security** node, right-click **Logins**, and select **New Login**.
    ![figure 9.](../images/mdt-09-fig09.png)
@ -55,20 +62,25 @@ After creating the database, you need to assign permissions to it. In MDT, the a
    Figure 9. The top-level Security node.
 4. On the **Login - New** page, next to the **Login** name field, select **Search**, and search for **CONTOSO\\MDT\_BA**. Then in the left pane, select **User Mapping**. Select the **MDT** database, and assign the following roles:
    1. db\_datareader
    2. db\_datawriter
    3. public (default)
 5. Select **OK**, and close SQL Server Management Studio.
 ![figure 10.](../images/mdt-09-fig10.png)
 Figure 10. Creating the login and settings permissions to the MDT database.
-## <a href="" id="sec04"></a>Create an entry in the database
+## Create an entry in the database
 To start using the database, you add a computer entry and assign a description and computer name. Use the computer's MAC Address as the identifier.
 1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, expand **Advanced Configuration**, and expand **Database**.
 2. Right-click **Computers**, select **New**, and add a computer entry with the following settings:
    1. Description: New York Site - PC00075
    2. MacAddress: &lt;PC00075 MAC Address in the 00:00:00:00:00:00 format&gt;
    3. Details Tab / OSDComputerName: PC00075
@ -79,16 +91,10 @@ Figure 11. Adding the PC00075 computer to the database.
 ## Related articles
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-
+- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-
+- [Use web services in MDT](use-web-services-in-mdt.md)
-[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
 [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
 [Use web services in MDT](use-web-services-in-mdt.md)
 [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@ -9,7 +9,7 @@ ms.localizationpriority: medium
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 11/28/2022
 ---
 # Use web services in MDT
@ -17,79 +17,96 @@ ms.date: 10/28/2022
 In this article, you'll learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. Web services provide a powerful way to assign settings during a deployment. Web services are web applications that run code on the server side, and MDT has built-in functions to call these web services.
 Using a web service in MDT is straightforward, but it does require that you've enabled the Web Server (IIS) role on the server. Developing web services involves some coding, but for most web services used with MDT, you can use the free Microsoft Visual Studio Express 2013 for Web.
-## <a href="" id="sec01"></a>Create a sample web service
+## Create a sample web service
 In these steps, we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects.
 1. On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
 2. On the ribbon bar, verify that Release is selected.
 3. In the **Debug** menu, select the **Build MDTSample** action.
 4. On MDT01, create a folder structure for **E:\\MDTSample\\bin**.
 5. From PC0001, copy the C:\\Projects\\MDTSample\\obj\\Release\\MDTSample.dll file to the **E:\\MDTSample\\bin** folder on MDT01.
 6. From PC0001, copy the following files from C:\\Projects\\MDTSample file to the **E:\\MDTSample** folder on MDT01:
    1.  Web.config
    2.  mdtsample.asmx
-![figure 15.](../images/mdt-09-fig15.png)
+   - Web.config
   - mdtsample.asmx
-Figure 15. The sample project in Microsoft Visual Studio Express 2013 for Web.
+    ![figure 15.](../images/mdt-09-fig15.png)
-## <a href="" id="sec02"></a>Create an application pool for the web service
+    Figure 15. The sample project in Microsoft Visual Studio Express 2013 for Web.
 ## Create an application pool for the web service
 This section assumes that you've enabled the Web Server (IIS) role on MDT01.
 1. On MDT01, using Server Manager, install the **IIS Management Console** role (available under Web Server (IIS) / Management Tools).
 2. Using Internet Information Services (IIS) Manager, expand the **MDT01 (CONTOSO\\Administrator)** node. If prompted with the **Do you want to get started with Microsoft Web Platform?** question, select the **Do not show this message** check box and then select **No**.
 3. Right-click **Application Pools**, select **Add Application Pool**, and configure the new application pool with the following settings:
    1.  Name: MDTSample
    2.  .NET Framework version: .NET Framework 4.0.30319
    3.  Manage pipeline mode: Integrated
    4.  Select the **Start application pool immediately** check box.
    5.  Select **OK**.
-![figure 16.](../images/mdt-09-fig16.png)
+   - **Name**: MDTSample
   - **.NET Framework version**: .NET Framework 4.0.30319
   - **Manage pipeline mode**: Integrated
   - Select the **Start application pool immediately** check box.
   - Select **OK**.
-Figure 16. The new MDTSample application.
+    ![figure 16.](../images/mdt-09-fig16.png)
-## <a href="" id="sec03"></a>Install the web service
+    Figure 16. The new MDTSample application.
 ## Install the web service
 1. On MDT01, using Internet Information Services (IIS) Manager, expand **Sites**, right-click **Default Web Site**, and select **Add Application**. Use the following settings for the application:
-    1.  Alias: MDTSample
+
-    2.  Application pool: MDTSample
+   - **Alias**: MDTSample
-    3.  Physical Path: E:\\MDTSample
+   - **Application pool**: MDTSample
   - **Physical Path**: E:\\MDTSample
    ![figure 17.](../images/mdt-09-fig17.png)
    Figure 17. Adding the MDTSample web application.
 2. In the **Default Web Site** node, select the MDTSample web application, and in the right pane, double-click **Authentication**. Use the following settings for the **Authentication** dialog box:
    1.  Anonymous Authentication: Enabled
    2.  ASP.NET Impersonation: Disabled
-![figure 18.](../images/mdt-09-fig18.png)
+   - **Anonymous Authentication**: Enabled
   - **ASP.NET Impersonation**: Disabled
-Figure 18. Configuring Authentication for the MDTSample web service.
+    ![figure 18.](../images/mdt-09-fig18.png)
-## <a href="" id="sec04"></a>Test the web service in Internet Explorer
+    Figure 18. Configuring Authentication for the MDTSample web service.
 ## Test the web service in Internet Explorer
 1. On PC0001, using Internet Explorer, navigate to: **`http://MDT01/MDTSample/mdtsample.asmx'**.
 1.  On PC0001, using Internet Explorer, navigate to: **http://MDT01/MDTSample/mdtsample.asmx**.
 2. Select the **GetComputerName** link.
    ![figure 19.](../images/mdt-09-fig19.png)
    Figure 19. The MDT Sample web service.
 3. On the **GetComputerName** page, type in the following settings, and select **Invoke**:
    1.  Model: Hewlett-Packard
    2.  SerialNumber: 123456789
-![figure 20.](../images/mdt-09-fig20.png)
+   - **Model**: Hewlett-Packard
   - **SerialNumber**: 123456789
-Figure 20. The result from the MDT Sample web service.
+    ![figure 20.](../images/mdt-09-fig20.png)
-## <a href="" id="sec05"></a>Test the web service in the MDT simulation environment
+    Figure 20. The result from the MDT Sample web service.
 ## Test the web service in the MDT simulation environment
 After verifying the web service using Internet Explorer, you're ready to do the same test in the MDT simulation environment.
 1. On PC0001, edit the CustomSettings.ini file in the **C:\\MDT** folder to look like the following:
-   ``` 
+
   ```ini
   [Settings]
   Priority=Default, GetComputerName
   [Default]
@ -99,35 +116,32 @@ After verifying the web service using Internet Explorer, you're ready to do the
   Parameters=Model,SerialNumber
   OSDComputerName=string
   ```
   ![figure 21.](../images/mdt-09-fig21.png)
   Figure 21. The updated CustomSettings.ini file.
 2. Save the CustomSettings.ini file.
 3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
-   ``` 
+
   ```powershell
   Set-Location C:\MDT
   .\Gather.ps1
   ```
 4. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder.
-![figure 22.](../images/mdt-09-fig22.png)
+    ![figure 22.](../images/mdt-09-fig22.png)
-Figure 22. The OSDCOMPUTERNAME value obtained from the web service.
+    Figure 22. The OSDCOMPUTERNAME value obtained from the web service.
 ## Related articles
-[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
+- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-
+- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
+- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-
+- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
+- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-
+- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
+- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
 [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
 [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
 [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@ -29,9 +29,6 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr
 | ----- | ------ | ----- |
 | Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.Read.Write.All</li></ul> |
 > [!NOTE]
 > Enterprise application authentication is only available on tenants enrolled after July 9th, 2022. For tenants enrolled before this date, Enterprise Application authentication will be made available for enrollment soon.
 ### Service principal
 Windows Autopatch will create a service principal in your tenant allowing the service to establish an identity and restrict access to what resources the service has access to within the tenant. For more information, see [Application and service principal objects in Azure Active Directory](/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object). The service principal created by Windows Autopatch is: