Merge branch 'main' into v-mathavale-6063796

2025-05-17 07:47:22 +00:00 · 2022-07-13 18:04:57 +05:30 · 2022-07-13 18:04:57 +05:30 · 326f558673
commit 326f558673
parent 342c3735d8 c00a314088
305 changed files with 1454 additions and 2038 deletions
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@ -1,421 +1,261 @@
-{
+{
-  "build_entry_point": "",
+  "build_entry_point": "",
-  "docsets_to_publish": [
+  "docsets_to_publish": [
-    {
+    {
-      "docset_name": "education",
+      "docset_name": "education",
-      "build_source_folder": "education",
+      "build_source_folder": "education",
-      "build_output_subfolder": "education",
+      "build_output_subfolder": "education",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": false,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "hololens",
+      "docset_name": "internet-explorer",
-      "build_source_folder": "devices/hololens",
+      "build_source_folder": "browsers/internet-explorer",
-      "build_output_subfolder": "hololens",
+      "build_output_subfolder": "internet-explorer",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": true,
+      "open_to_public_contributors": false,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "internet-explorer",
+      "docset_name": "microsoft-edge",
-      "build_source_folder": "browsers/internet-explorer",
+      "build_source_folder": "browsers/edge",
-      "build_output_subfolder": "internet-explorer",
+      "build_output_subfolder": "microsoft-edge",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": false,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "keep-secure",
+      "docset_name": "smb",
-      "build_source_folder": "windows/keep-secure",
+      "build_source_folder": "smb",
-      "build_output_subfolder": "keep-secure",
+      "build_output_subfolder": "smb",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": false,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "microsoft-edge",
+      "docset_name": "store-for-business",
-      "build_source_folder": "browsers/edge",
+      "build_source_folder": "store-for-business",
-      "build_output_subfolder": "microsoft-edge",
+      "build_output_subfolder": "store-for-business",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": false,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "release-information",
+      "docset_name": "win-app-management",
-      "build_source_folder": "windows/release-information",
+      "build_source_folder": "windows/application-management",
-      "build_output_subfolder": "release-information",
+      "build_output_subfolder": "win-app-management",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": false,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "smb",
+      "docset_name": "win-client-management",
-      "build_source_folder": "smb",
+      "build_source_folder": "windows/client-management",
-      "build_output_subfolder": "smb",
+      "build_output_subfolder": "win-client-management",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "store-for-business",
+      "docset_name": "win-configuration",
-      "build_source_folder": "store-for-business",
+      "build_source_folder": "windows/configuration",
-      "build_output_subfolder": "store-for-business",
+      "build_output_subfolder": "win-configuration",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": false,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "win-access-protection",
+      "docset_name": "win-deployment",
-      "build_source_folder": "windows/access-protection",
+      "build_source_folder": "windows/deployment",
-      "build_output_subfolder": "win-access-protection",
+      "build_output_subfolder": "win-deployment",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": true,
+      "open_to_public_contributors": true,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "win-app-management",
+      "docset_name": "windows-hub",
-      "build_source_folder": "windows/application-management",
+      "build_source_folder": "windows/hub",
-      "build_output_subfolder": "win-app-management",
+      "build_output_subfolder": "windows-hub",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "win-client-management",
+      "docset_name": "windows-privacy",
-      "build_source_folder": "windows/client-management",
+      "build_source_folder": "windows/privacy",
-      "build_output_subfolder": "win-client-management",
+      "build_output_subfolder": "windows-privacy",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": true,
+      "open_to_public_contributors": true,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "win-configuration",
+      "docset_name": "windows-security",
-      "build_source_folder": "windows/configuration",
+      "build_source_folder": "windows/security",
-      "build_output_subfolder": "win-configuration",
+      "build_output_subfolder": "windows-security",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    },
-    {
+    {
-      "docset_name": "win-deployment",
+      "docset_name": "win-whats-new",
-      "build_source_folder": "windows/deployment",
+      "build_source_folder": "windows/whats-new",
-      "build_output_subfolder": "win-deployment",
+      "build_output_subfolder": "win-whats-new",
-      "locale": "en-us",
+      "locale": "en-us",
-      "monikers": [],
+      "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [],
-      "open_to_public_contributors": true,
+      "open_to_public_contributors": true,
-      "type_mapping": {
+      "type_mapping": {
-        "Conceptual": "Content",
+        "Conceptual": "Content",
-        "ManagedReference": "Content",
+        "ManagedReference": "Content",
-        "RestApi": "Content"
+        "RestApi": "Content"
-      },
+      },
-      "build_entry_point": "docs",
+      "build_entry_point": "docs",
-      "template_folder": "_themes"
+      "template_folder": "_themes"
-    },
+    }
-    {
+  ],
-      "docset_name": "win-device-security",
+  "notification_subscribers": [
-      "build_source_folder": "windows/device-security",
+    "elizapo@microsoft.com"
-      "build_output_subfolder": "win-device-security",
+  ],
-      "locale": "en-us",
+  "sync_notification_subscribers": [
-      "monikers": [],
+    "dstrome@microsoft.com"
-      "moniker_ranges": [],
+  ],
-      "open_to_public_contributors": true,
+  "branches_to_filter": [
-      "type_mapping": {
+    ""
-        "Conceptual": "Content",
+  ],
-        "ManagedReference": "Content",
+  "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs",
-        "RestApi": "Content"
+  "git_repository_branch_open_to_public_contributors": "public",
-      },
+  "skip_source_output_uploading": false,
-      "build_entry_point": "docs",
+  "need_preview_pull_request": true,
-      "template_folder": "_themes"
+  "resolve_user_profile_using_github": true,
-    },
+  "dependent_repositories": [
-    {
+    {
-      "docset_name": "windows-configure",
+      "path_to_root": "_themes.pdf",
-      "build_source_folder": "windows/configure",
+      "url": "https://github.com/Microsoft/templates.docs.msft.pdf",
-      "build_output_subfolder": "windows-configure",
+      "branch": "main",
-      "locale": "en-us",
+      "branch_mapping": {}
-      "monikers": [],
+    },
-      "moniker_ranges": [],
+    {
-      "open_to_public_contributors": false,
+      "path_to_root": "_themes",
-      "type_mapping": {
+      "url": "https://github.com/Microsoft/templates.docs.msft",
-        "Conceptual": "Content",
+      "branch": "main",
-        "ManagedReference": "Content",
+      "branch_mapping": {}
-        "RestApi": "Content"
+    }
-      },
+  ],
-      "build_entry_point": "docs",
+  "branch_target_mapping": {
-      "template_folder": "_themes"
+    "live": [
-    },
+      "Publish",
-    {
+      "Pdf"
-      "docset_name": "windows-deploy",
+    ],
-      "build_source_folder": "windows/deploy",
+    "main": [
-      "build_output_subfolder": "windows-deploy",
+      "Publish",
-      "locale": "en-us",
+      "Pdf"
-      "monikers": [],
+    ]
-      "moniker_ranges": [],
+  },
-      "open_to_public_contributors": true,
+  "targets": {
-      "type_mapping": {
+    "Pdf": {
-        "Conceptual": "Content",
+      "template_folder": "_themes.pdf"
-        "ManagedReference": "Content",
+    }
-        "RestApi": "Content"
+  },
-      },
+  "docs_build_engine": {},
-      "build_entry_point": "docs",
+  "need_generate_pdf_url_template": true,
-      "template_folder": "_themes"
+  "contribution_branch_mappings": {},
-    },
+  "need_generate_pdf": false,
-    {
+  "need_generate_intellisense": false
      "docset_name": "windows-hub",
      "build_source_folder": "windows/hub",
      "build_output_subfolder": "windows-hub",
      "locale": "en-us",
      "monikers": [],
      "moniker_ranges": [],
      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
        "RestApi": "Content"
      },
      "build_entry_point": "docs",
      "template_folder": "_themes"
    },
    {
      "docset_name": "windows-plan",
      "build_source_folder": "windows/plan",
      "build_output_subfolder": "windows-plan",
      "locale": "en-us",
      "monikers": [],
      "moniker_ranges": [],
      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
        "RestApi": "Content"
      },
      "build_entry_point": "docs",
      "template_folder": "_themes"
    },
    {
      "docset_name": "windows-privacy",
      "build_source_folder": "windows/privacy",
      "build_output_subfolder": "windows-privacy",
      "locale": "en-us",
      "monikers": [],
      "moniker_ranges": [],
      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
        "RestApi": "Content"
      },
      "build_entry_point": "docs",
      "template_folder": "_themes"
    },
    {
      "docset_name": "windows-security",
      "build_source_folder": "windows/security",
      "build_output_subfolder": "windows-security",
      "locale": "en-us",
      "monikers": [],
      "moniker_ranges": [],
      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
        "RestApi": "Content"
      },
      "build_entry_point": "docs",
      "template_folder": "_themes"
    },
    {
      "docset_name": "windows-update",
      "build_source_folder": "windows/update",
      "build_output_subfolder": "windows-update",
      "locale": "en-us",
      "monikers": [],
      "moniker_ranges": [],
      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
        "RestApi": "Content"
      },
      "build_entry_point": "docs",
      "template_folder": "_themes"
    },
    {
      "docset_name": "win-threat-protection",
      "build_source_folder": "windows/threat-protection",
      "build_output_subfolder": "win-threat-protection",
      "locale": "en-us",
      "monikers": [],
      "moniker_ranges": [],
      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
        "RestApi": "Content"
      },
      "build_entry_point": "docs",
      "template_folder": "_themes"
    },
    {
      "docset_name": "win-whats-new",
      "build_source_folder": "windows/whats-new",
      "build_output_subfolder": "win-whats-new",
      "locale": "en-us",
      "monikers": [],
      "moniker_ranges": [],
      "open_to_public_contributors": true,
      "type_mapping": {
        "Conceptual": "Content",
        "ManagedReference": "Content",
        "RestApi": "Content"
      },
      "build_entry_point": "docs",
      "template_folder": "_themes"
    }
  ],
  "notification_subscribers": [
    "elizapo@microsoft.com"
  ],
  "sync_notification_subscribers": [
    "dstrome@microsoft.com"
  ],
  "branches_to_filter": [
    ""
  ],
  "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs",
  "git_repository_branch_open_to_public_contributors": "public",
  "skip_source_output_uploading": false,
  "need_preview_pull_request": true,
  "resolve_user_profile_using_github": true,
  "dependent_repositories": [
    {
      "path_to_root": "_themes.pdf",
      "url": "https://github.com/Microsoft/templates.docs.msft.pdf",
      "branch": "main",
      "branch_mapping": {}
    },
    {
      "path_to_root": "_themes",
      "url": "https://github.com/Microsoft/templates.docs.msft",
      "branch": "main",
      "branch_mapping": {}
    }
  ],
  "branch_target_mapping": {
    "live": [
      "Publish",
      "Pdf"
    ],
    "main": [
      "Publish",
      "Pdf"
    ]
  },
  "need_generate_pdf_url_template": true,
  "targets": {
    "Pdf": {
      "template_folder": "_themes.pdf"
    }
  },
  "docs_build_engine": {},
  "contribution_branch_mappings": {},
  "need_generate_pdf": false,
  "need_generate_intellisense": false
 }
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -19559,6 +19559,11 @@
      "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md",
      "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
      "redirect_document_id": false
     },
     {
      "source_path": "education/windows/get-minecraft-device-promotion.md",
      "redirect_url": "/education/windows/get-minecraft-for-education",
      "redirect_document_id": false
     }
  ]
 }
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@ -138,7 +138,7 @@ Before you can start to collect your data, you must run the provided PowerShell
 -OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
 ### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
 You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
@ -235,7 +235,7 @@ After you’ve collected your data, you’ll need to get the local files off of
 -OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
 ### Collect your hardware inventory using the MOF Editor while connected to a client device
 You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
@ -277,8 +277,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f
 4.  Click **OK** to close the default windows.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
 **To collect your inventory**
@ -352,14 +352,14 @@ You can collect your hardware inventory using the using the Systems Management S
    Your environment is now ready to collect your hardware inventory and review the sample reports.
 ## View the sample reports with your collected data
-The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
+The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
-### SCCM Report Sample – ActiveX.rdl
+### Configuration Manager Report Sample – ActiveX.rdl
 Gives you a list of all of the ActiveX-related sites visited by the client computer.
 ![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer.](images/configmgractivexreport.png)
-### SCCM Report Sample – Site Discovery.rdl
+### Configuration Manager Report Sample – Site Discovery.rdl
 Gives you a list of all of the sites visited by the client computer.
 ![Site Discovery.rdl report, lists all websites visited by the client computer.](images/ie-site-discovery-sample-report.png)
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@ -142,7 +142,7 @@ Before you can start to collect your data, you must run the provided PowerShell
 -OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
 ### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
 You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
@ -239,7 +239,7 @@ After you’ve collected your data, you’ll need to get the local files off of
 -OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
 ### Collect your hardware inventory using the MOF Editor while connected to a client device
 You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
@ -281,8 +281,8 @@ You can collect your hardware inventory using the MOF Editor and a .MOF import f
 4.  Click **OK** to close the default windows.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
 **To collect your inventory**
@ -356,14 +356,14 @@ You can collect your hardware inventory using the using the Systems Management S
    Your environment is now ready to collect your hardware inventory and review the sample reports.
 ## View the sample reports with your collected data
-The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
+The sample reports, **Configuration Manager Report Sample – ActiveX.rdl** and **Configuration Manager Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
-### SCCM Report Sample – ActiveX.rdl
+### Configuration Manager Report Sample – ActiveX.rdl
 Gives you a list of all of the ActiveX-related sites visited by the client computer.
 ![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer.](images/configmgractivexreport.png)
-### SCCM Report Sample – Site Discovery.rdl
+### Configuration Manager Report Sample – Site Discovery.rdl
 Gives you a list of all of the sites visited by the client computer.
 ![Site Discovery.rdl report, lists all websites visited by the client computer.](images/ie-site-discovery-sample-report.png)
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@ -75,7 +75,7 @@ If you use Automatic Updates in your company, but want to stop your users from a
    > [!NOTE]
    >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-for-it-pros-ie11.yml).
-   **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
+-   **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
 > [!NOTE]
 > If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
@ -22,7 +22,7 @@ summary: |
  Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
  > [!Important]
-  > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
+  > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
  - [Automatic updates delivery process](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#automatic-updates-delivery-process)
@ -47,7 +47,7 @@ sections:
      - question: |
          Whtools cI use to manage Windows Updates and Microsoft Updates in my company?
        answer: |
-          We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
+          We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
      - question: |
          How long does the blocker mechanism work?
--- a/education/docfx.json
+++ b/education/docfx.json
@ -32,7 +32,6 @@
      "ms.topic": "article",
      "ms.technology": "windows",
      "manager": "dansimp",
      "audience": "ITPro",
      "breadcrumb_path": "/education/breadcrumb/toc.json",
      "ms.date": "05/09/2017",
      "feedback_system": "None",
@ -51,6 +50,9 @@
        "Kellylorenebaker",
        "jborsecnik",
        "tiburd",
        "AngelaMotherofDragons",
        "dstrome",
        "v-dihans",
        "garycentric"
      ]
    },
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@ -2,39 +2,9 @@
-## Week of May 02, 2022
+## Week of June 27, 2022
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 5/3/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
+| 6/30/2022 | Get Minecraft Education Edition with your Windows 10 device promotion | removed |
 | 5/3/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified |
 | 5/3/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified |
 | 5/3/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
 | 5/3/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified |
 | 5/3/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
 | 5/3/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
 | 5/3/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
 | 5/3/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
 | 5/3/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified |
 | 5/3/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified |
 | 5/3/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified |
 | 5/3/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
 | 5/3/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified |
 ## Week of April 25, 2022
 | Published On |Topic title | Change |
 |------|------------|--------|
 | 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
 | 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
 ## Week of April 18, 2022
 | Published On |Topic title | Change |
 |------|------------|--------|
 | 4/21/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
--- a/education/windows/TOC.yml
+++ b/education/windows/TOC.yml
@ -53,8 +53,6 @@
          href: teacher-get-minecraft.md
        - name: "For IT administrators: get Minecraft Education Edition"
          href: school-get-minecraft.md
        - name: "Get Minecraft: Education Edition with Windows 10 device promotion"
          href: get-minecraft-device-promotion.md
    - name: Test Windows 10 in S mode on existing Windows 10 education devices
      href: test-windows10s-for-edu.md
    - name: Enable Windows 10 in S mode on Surface Go devices
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@ -135,7 +135,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 | New or changed topic | Description|
 | --- | --- |
 | [Windows 10 editions for education customers](windows-editions-for-education-customers.md)  | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. |
-|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use SCCM, Intune, and Group Policy to manage devices. |
+|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use Configuration Manager, Intune, and Group Policy to manage devices. |
 ## June 2016
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@ -485,8 +485,8 @@ Table 9. Management systems and deployment resources
 |--- |--- |
 |Windows provisioning packages| <li> [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package) <li>[Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) <li> [Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)|
 |Group Policy|<li> [Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11)) <li> [Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"|
-|Configuration Manager| <li> [Site Administration for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10)) <li> [Deploying Clients for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
+|Configuration Manager| <li> [Site Administration for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10)) <li> [Deploying Clients for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
-|Intune| <li> [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262) <li> [Configuration Manager &  Windows Intune](/learn/?l=fCzIjVKy_6404984382)|
+|Intune| <li> [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262) <li> [System Center 2012 R2 Configuration Manager &amp;amp; Windows Intune](/learn/?l=fCzIjVKy_6404984382)|
 |MDT| <li> [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)|
 If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
--- a/education/windows/get-minecraft-device-promotion.md
+++ b/education/windows/get-minecraft-device-promotion.md
@ -1,90 +0,0 @@
 ---
 title: Get Minecraft Education Edition with your Windows 10 device promotion
 description: Windows 10 device promotion for Minecraft Education Edition licenses
 keywords: school, Minecraft, education edition
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
 author: dansimp
 searchScope: 
  - Store
 ms.author: dansimp
 ms.date: 06/05/2018
 ms.reviewer: 
 manager: dansimp
 ---
 # Get Minecraft: Education Edition with Windows 10 device promotion
 **Applies to:**
 -   Windows 10  
 The **Minecraft: Education Edition** with Windows 10 device promotion ended January 31, 2018.
 Qualifying customers that received one-year subscriptions for Minecraft: Education Edition as part of this program and wish to continue using the game in their schools can purchase new subscriptions in Microsoft Store for Education. 
 For more information on purchasing Minecraft: Education Edition, see [Add Minecraft to your Store for Education](./school-get-minecraft.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json). 
 >[!Note]
 >**Minecraft: Education Edition** with Windows 10 device promotion subscriptions are valid for 1 year from the time 
 of redemption. At the end of 1 year, the promotional subscriptions will expire and any people using these subscriptions will be reverted to a trial license of **Minecraft: Education Edition**. 
 To prevent being reverted to a trial license, admins or teachers need to purchase new **Minecraft: Education Edition** subscriptions from Store for Education, and assign licenses to users who used a promotional subscription. 
 <!---
 For qualifying customers, receive a one-year, single-user subscription for Minecraft: Education Edition for each Windows 10 device you purchase for your K-12 school. You’ll need your invoice or receipt, so be sure to keep track of that. For more information including terms of use, see [Minecraft: Education Edition promotion](https://info.microsoft.com/Minecraft-Education-Edition-Signup.html). 
 ## Requirements
 - Qualified Educational Users in K-12 education institutions
 - Windows 10 devices purchased from May 2, 2017 - January 31, 2018
 - Redeem Minecraft: Education Edition licenses from July 1, 2017 - March 17, 2018
 - Microsoft Store for Education admin must submit request for Minecraft: Education Edition licenses
 - Proof of device purchase is required (invoice required) 
 Full details available at [Minecraft: Education Edition promotion](https://info.microsoft.com/Minecraft-Education-Edition-Signup.html). 
 ## Redeem Minecraft: Education Edition licenses
 Redeeming your licenses takes just a few steps:
 - Visit the device promotion page
 - Submit a device purchase statement
 - Provide proof of your device purchase
 After that, we’ll add the appropriate number of Minecraft: Education Edition licenses to your product inventory in **Microsoft Store for Education** as **Minecraft: Education Edition [subscription]**.
 **To redeem Minecraft: Education Edition licenses**
 1. Visit [Minecraft: Education Edition and Windows 10 device promotion](https://educationstore.microsoft.com/store/mee-device-promo?setflight=wsfb_devicepromo) in **Microsoft Store for Education**. 
     ![Minecraft: Education Edition page in Microsoft Store for Education.](images/get-mcee-promo.png)
 2. Sign in to **Microsoft Store for Education** using a school account. If you don’t have one, we’ll help you set one up. <br>
 -or-
    If you're already signed in to Microsoft Store for Education, the device special offer is available on **Benefits**. </br> 
    Click **Manage**, **Benefits**, and then click **Minecraft: Education Edition Device Promotion**.
 3. **On Minecraft Windows 10 device special offer**, click **Submit a device purchase**. 
    ![Windows 10 device special offer page for Minecraft: Education Edition. Submit a device purchase is highlighted to show customers how to submit info about the devices you purchased.](images/mcee-benefits.png)
 4. Provide info for **Proof of Purchase**. Be sure to include a .pdf or .jpg of your invoice, and then click **Next**.
    > [!NOTE]
    > Your one-year subscription starts when you submit your proof-of-purchase info. Be sure to submit your request when you'll be using licenses in the classroom. 
    ![Proof of purchase page with Invoice area highlighted.](images/proof-of-purchase.png)
 5. Accept the **Promotion Terms of use**, and then click **Submit**. </br>
    Success look like this!
    ![Proof of purchase page with Invoice area highlighted.](images/msfe-device-promo-success.png)
 6. Click **Actions** and then click **Manage** to go to the management page for **Minecraft: Education Edition** and distribute licenses.   
 ## Distribute Minecraft: Education Edition licenses      
 Teachers or admins can distribute the licenses:
 - [Learn how teachers can distribute **Minecraft: Education Edition**](teacher-get-minecraft.md#distribute-minecraft)
 - [Learn how IT administrators can distribute **Minecraft: Education Edition**](school-get-minecraft.md#distribute-minecraft)
 -->
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@ -56,11 +56,11 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
 |FortiClient	                        |7.0.1.0083	|Win32    |Fortinet|
 |Free NaturalReader	                    |16.1.2	    |Win32    |Natural Soft|
 |GoGuardian	                            |1.4.4	   |Win32     |GoGuardian|
-|Google Chrome	                        |100.0.4896.127|Win32	|Google|
+|Google Chrome	                        |102.0.5005.115|Win32	|Google|
 |Illuminate Lockdown Browser	        |2.0.5	    |Win32    |Illuminate Education|
 |Immunet	                            |7.5.0.20795 |Win32   |Immunet|
 |JAWS for Windows	                    |2022.2112.24 |Win32  |Freedom Scientific|
-|Kite Student Portal	                |8.0.1	    |Win32    |Dynamic Learning Maps|
+|Kite Student Portal	                |8.0.3.0	    |Win32    |Dynamic Learning Maps|
 |Kortext	                            |2.3.433.0  |Store	    |Kortext|
 |Kurzweil 3000 Assistive Learning	    |20.13.0000	|Win32    |Kurzweil Educational Systems|
 |LanSchool	                            |9.1.0.46	|Win32    |Stoneware|
@ -83,7 +83,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
 |Safe Exam Browser                   	|3.3.2.413	  |Win32  |Safe Exam Browser|
 |Secure Browser	                    |14.0.0	   |Win32     |Cambium Development|
 |Secure Browser	                        |4.8.3.376	  |Win32  |Questar, Inc|
-|Senso.Cloud	                    |2021.11.15.0	|Win32|Senso.Cloud|
+|Senso.Cloud	                    |2021.11.15.0 |Win32|Senso.Cloud|
 |SuperNova Magnifier & Screen Reader	|21.02	     |Win32   |Dolphin Computer Access|
 |Zoom	                                |5.9.1 (2581)|Win32	|Zoom|
 |ZoomText Fusion	                    |2022.2109.10|Win32	|Freedom Scientific|
--- a/education/windows/windows-11-se-settings-list.md
+++ b/education/windows/windows-11-se-settings-list.md
@ -30,22 +30,24 @@ The following table lists and describes the settings that can be changed by admi
 | Setting  | Description |
 | --- | --- |
-| Block manual unenrollment  | Default: Blocked<br/><br/>Users can't unenroll their devices from device management services. <br/><br/>[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)|
+| Block manual unenrollment  | Default: Blocked <br/> <br/> Users can't unenroll their devices from device management services. <br/> <br/> [Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment) |
-| Allow option to Show Network  | Default: Allowed<br/><br/>Gives users the option to see the **Show Network** folder in File Explorer. |
+| Allow option to Show Network  | Default: Allowed <br/> <br/> Gives users the option to see the **Show Network** folder in File Explorer. |
-| Allow option to Show This PC  | Default: Allowed<br/><br/>Gives user the option to see the **Show This PC** folder in File Explorer. |
+| Allow option to Show This PC  | Default: Allowed <br/> <br/> Gives user the option to see the **Show This PC** folder in File Explorer. |
-| Set Allowed Folder location  | Default folders: Documents, Desktop, Pictures, and Downloads<br/><br/>Gives user access to these folders. |
+| Set Allowed Folder location  | Default folders: Documents, Desktop, Pictures, and Downloads <br/> <br/> Gives user access to these folders. |
-| Set Allowed Storage Locations  | Default: Blocks Local Drives and Network Drives<br/><br/>Blocks user access to these storage locations. |
+| Set Allowed Storage Locations  | Default: Blocks local drives and network drives <br/> <br/> Blocks user access to these storage locations. |
-| Allow News and Interests | Default: Hide<br/><br/>Hides Widgets. |
+| Allow News and Interests | Default: Hide <br/> <br/> Hides widgets. |
-| Disable advertising ID  | Default: Disabled<br/><br/>Blocks apps from using usage data to tailor advertisements. <br/><br/>[Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) |
+| Disable advertising ID  | Default: Disabled <br/> <br/> Blocks apps from using usage data to tailor advertisements. <br/> <br/> [Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) |
-| Visible settings pages  | Default: <br/><br/> | 
+| Visible settings pages  | Default: <br/> <br/> |
-| Enable App Install Control  | Default: Turned On<br/><br/>Users can’t download apps from the internet.<br/><br/>[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
+| Enable App Install Control  | Default: Turned On <br/><br/> Users can't download apps from the internet.<br/> <br/> [SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
-| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days<br/><br/>If a file hasn’t been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again. <br/><br/>[Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) |
+| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days<br/> <br/> If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again. <br/> <br/> [Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) |
-| Allow Telemetry  | Default: Required Telemetry Only<br/><br/>Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date. <br/><br/>[System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |
+| Allow Telemetry  | Default: Required Telemetry Only <br/> <br/> Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date. <br/> <br/> [System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |
-| Allow Experimentation  | Default: Disabled<br/><br/>Microsoft can't experiment with the product to study user preferences or device behavior. <br/><br/>[System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) |
+| Allow Experimentation  | Default: Disabled <br/> <br/> Microsoft can't experiment with the product to study user preferences or device behavior. <br/> <br/>[System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) |
-| Block external extensions  | Default: Blocked<br/><br/>In Microsoft Edge, users can't install external extensions. <br/><br/>[BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions)|
+| Block external extensions  | Default: Blocked <br/> <br/> In Microsoft Edge, users can't install external extensions. <br/> <br/> [BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions) |
-| Configure new tab page  | Default: `Office.com`<br/><br/>In Microsoft Edge, the new tab page defaults to `office.com`. <br/><br/>[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url)|
+| Configure new tab page  | Default: `Office.com` <br/> <br/> In Microsoft Edge, the new tab page defaults to `Office.com`. <br/> <br/> [Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) |
-| Configure homepage  | Default: `Office.com`<br/><br/>In Microsoft Edge, the homepage defaults to `office.com`. <br/><br/>[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage)|
+| Configure homepage  | Default: `Office.com` <br/> <br/> In Microsoft Edge, the homepage defaults to `Office.com`. <br/> <br/> [HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) |
-| Prevent SmartScreen prompt override  | Default: Enabled<br/><br/>In Microsoft Edge, users can't override Windows Defender SmartScreen warnings. <br/><br/>[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|
+| Prevent SmartScreen prompt override  | Default: Enabled <br/> <br/> In Microsoft Edge, users can't override Windows Defender SmartScreen warnings. <br/> <br/>[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride) |
 | Wallpaper Image Customization  | Default: <br/> <br/> Specify a jpg, jpeg, or png image to be used as the desktop image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image. <br/> <br/>[DesktopImageUrl](/windows/client-management/mdm/personalization-csp) |
 | Lock Screen Image Customization  | Default: <br/> <br/> Specify a jpg, jpeg, or png image to be used as lock screen image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image. <br/> <br/>[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) |
 ## Settings that can't be changed
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@ -34,7 +34,7 @@ You can also manage your App-V environment using an electronic software distribu
 * **Standalone model**—The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone mode only needs the sequencer and the client; no extra components are required. Applications are prepared for virtualization using a process called sequencing. For more information, see [Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md). The standalone model is recommended for the following scenarios:
    * When there are disconnected remote users who can't connect to the App-V infrastructure.
-    * When you're running a software management system, such as System Center 2012 Configuration Manager.
+    * When you're running a software management system, such as Configuration Manager.
    * When network bandwidth limitations inhibit electronic software distribution.
 * **Full infrastructure model**—The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V full infrastructure model consists of one or more App-V management servers that can be used to publish applications to all clients. Publishing places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about how to install the management server, see [Planning for App-V Server deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@ -31,7 +31,7 @@ The following table shows the App-V versions, methods of Office package creation
 ## Creating Office 2010 App-V using the sequencer
-Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
+Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. For more information, see [How to Sequence a New Application with App-V 5.0](/microsoft-desktop-optimization-pack/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030).
 ## Creating Office 2010 App-V packages using package accelerators
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@ -119,7 +119,7 @@ See the Windows or Windows Server documentation for the hardware requirements.
 ## Supported versions of Microsoft Endpoint Configuration Manager
-The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
+The App-V client works with Configuration Manager versions starting with Technical Preview for Configuration Manager, version 1606.
 ## Related articles
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@ -26,7 +26,7 @@ This article discusses the Company Portal app installation options, adding organ
 ## Before you begin
-The Company Portal app is included with Microsoft Endpoint Manager (MEM). Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
+The Company Portal app is included with Microsoft Endpoint Manager. Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
 If you're not managing your devices using an MDM provider, the following resources may help you get started:
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@ -150,9 +150,9 @@ Scope is dynamic. Supported operation is Get.
 Value type is char.
-## Microsoft Endpoint Manager (MEM) Intune Usage Guidance  
+## Microsoft Endpoint Manager Intune Usage Guidance  
-For customers using Intune standalone or hybrid management with Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
+For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
 ## Generic MDM Server Usage Guidance
@ -301,7 +301,7 @@ An example of Delete command is:
 ## PowerShell and WMI Bridge Usage Guidance
-The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
+The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
 ### Setup for using the WMI Bridge
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@ -472,7 +472,7 @@ Default is 1, meaning the MDM enrollment is the “winning” authority for conf
 Support operations are Get and Set.
 <a href="" id="provider-providerid-linkedenrollment-enroll"></a>**Provider/*ProviderID*/LinkedEnrollment/Enroll**
-This is an execution node and will trigger a silent MMP-C enrollment, using the AAD device token pulled from the AADJ’ed device. There is no user interaction needed.
+This is an execution node and will trigger a silent MMP-C enrollment, using the Azure Active Directory device token pulled from the Azure AD-joined device. There is no user interaction needed.
 Support operation is Exec.
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@ -1660,7 +1660,7 @@ The XML below is for Windows 10, version 1803.
                    <Replace />
                  </AccessType>
                  <DefaultValue>0</DefaultValue>
-                  <Description>Device Only.  This node determines whether or not the MDM progress page is blocking in the AADJ or DJ++ case, as well as which remediation options are available.</Description>
+                  <Description>Device Only.  This node determines whether or not the MDM progress page is blocking in the Azure Active Directory-joined or DJ++ case, as well as which remediation options are available.</Description>
                  <DFFormat>
                    <int />
                  </DFFormat>
@ -1739,7 +1739,7 @@ The XML below is for Windows 10, version 1803.
                    <Replace />
                  </AccessType>
                  <DefaultValue>true</DefaultValue>
-                  <Description>Device only.  This node decides wheter or not the MDM device progress page skips after AADJ or Hybrid AADJ in OOBE.</Description>
+                  <Description>Device only.  This node decides whether or not the MDM device progress page skips after Azure Active Directory-joined or Hybrid Azure AD-joined in OOBE.</Description>
                  <DFFormat>
                    <bool />
                  </DFFormat>
@ -1765,7 +1765,7 @@ The XML below is for Windows 10, version 1803.
                    <Replace />
                  </AccessType>
                  <DefaultValue>false</DefaultValue>
-                  <Description>Device only.  This node decides wheter or not the MDM user progress page skips after AADJ or DJ++ after user login.</Description>
+                  <Description>Device only.  This node decides wheter or not the MDM user progress page skips after Azure Active Directory-joined or DJ++ after user login.</Description>
                  <DFFormat>
                    <bool />
                  </DFFormat>
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@ -129,7 +129,7 @@ For information about EAP settings, see <https://technet.microsoft.com/library/h
 For information about generating an EAP XML, see the EAP configuration article.
-For more information about extended key usage (EKU), see <http://tools.ietf.org/html/rfc5280#section-4.2.1.12>.
+For more information about extended key usage (EKU), see <https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12>.
 For information about adding EKU to a certificate, see <https://technet.microsoft.com/library/cc731792.aspx>.
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@ -376,7 +376,7 @@ For Intune standalone environment, the MSI package will determine the MSI execut
 |User|Install the MSI per-user<br>LocURI contains a User prefix, such as ./User|Install the MSI per-device<br>LocURI contains a Device prefix, such as ./Device|Install the MSI per-user<br>LocURI contains a User prefix, such as ./User|
 |System|Install the MSI per-user<br>LocURI contains a User prefix, such as ./User|Install the MSI per-device<br>LocURI contains a Device prefix, such as ./Device|Install the MSI per-user<br>LocURI contains a User prefix, such as ./User|
-The following table applies to SCCM hybrid environment.
+The following table applies to Configuration Manager hybrid environment:
 |Target|Per-user MSI|Per-machine MSI|Dual mode MSI|
 |--- |--- |--- |--- |
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@ -834,9 +834,8 @@ When the MDM-Server receives the above data, it must:
 - Forward (HTTP Post) the XML data struct (including the nonce that was appended in the previous step) to the assigned DHA-Service that runs on:
-  - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: [https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3](https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3)
+  - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: `https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3`
-  - DHA-OnPrem or DHA-EMC: [https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3](https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3)
+  - DHA-OnPrem or DHA-EMC: `https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3`
 ### <a href="" id="receive-has-response"></a>Step 7: Receive response from the DHA-service
 When the Microsoft Device Health Attestation Service receives a request for verification, it performs the following steps:
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@ -273,7 +273,7 @@ The deep link used for connecting your device to work will always use the follow
 | Parameter | Description                                                  | Supported Value for Windows 10|
 |-----------|--------------------------------------------------------------|----------------------------------------------|
-| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory Joined (AADJ).                                       |
+| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory-joined.                                       |
 |username  | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string |
 | servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string|
 | accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
@ -282,7 +282,7 @@ The deep link used for connecting your device to work will always use the follow
 | ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
 > [!NOTE]
-> AWA and AADJ values for mode are only supported on Windows 10, version 1709 and later. 
+> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later. 
 ### Connect to MDM using a deep link
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -88,7 +88,7 @@ For information about EAP Settings, see <https://technet.microsoft.com/library/h
 For information about generating an EAP XML, see [EAP configuration](eap-configuration.md).
-For more information about extended key usage, see <http://tools.ietf.org/html/rfc5280#section-4.2.1.12>.
+For more information about extended key usage, see <https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12>.
 For information about adding extended key usage (EKU) to a certificate, see <https://technet.microsoft.com/library/cc731792.aspx>.
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
-ms.date: 06/26/2017
+ms.date: 06/28/2022
 ms.reviewer: 
 manager: dansimp
 ---
@ -19,7 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|No|
-|Windows SE|No|No|
+|Windows SE|No|Yes|
 |Business|No|No|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@ -327,7 +327,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and won't interfere with their workflows.
+This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or Configuration Manager), and won't interfere with their workflows.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-newsandinterests.md
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@ -34,11 +34,11 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|Yes|Yes|
+|Pro|No|Yes|
 |Windows SE|No|Yes|
-|Business|Yes|Yes|
+|Business|No|Yes|
-|Enterprise|Yes|Yes|
+|Enterprise|No|Yes|
-|Education|Yes|Yes|
+|Education|No|Yes|
 <!--/SupportedSKUs-->
 <hr/>
@ -83,4 +83,4 @@ ADMX Info:
 ## Related topics
-[Policy configuration service provider](policy-configuration-service-provider.md)
+[Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 03/18/2022
+ms.date: 06/15/2022
 ms.reviewer: 
 manager: dansimp
 ms.collection: highpri
@ -3478,7 +3478,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourcefordriver"></a>**Update/SetPolicyDrivenUpdateSourceForDriver**  
+<a href="" id="update-setpolicydrivenupdatesourcefordriver"></a>**Update/SetPolicyDrivenUpdateSourceForDriverUpdates**  
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
@ -3508,12 +3508,12 @@ The table below shows the applicability of Windows:
 Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 If you configure this policy, also configure the scan source policies for other update types:
- SetPolicyDrivenUpdateSourceForFeature
+- SetPolicyDrivenUpdateSourceForFeatureUpdates
- SetPolicyDrivenUpdateSourceForQuality
+- SetPolicyDrivenUpdateSourceForQualityUpdates
- SetPolicyDrivenUpdateSourceForOther
+- SetPolicyDrivenUpdateSourceForOtherUpdates
 >[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point  your WSUS server, this policy will have no effect. 
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
 <!--/Description-->
 <!--ADMXMapped-->
@ -3536,7 +3536,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourceforfeature"></a>**Update/SetPolicyDrivenUpdateSourceForFeature**  
+<a href="" id="update-setpolicydrivenupdatesourceforfeature"></a>**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates**  
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
@ -3566,12 +3566,12 @@ The table below shows the applicability of Windows:
 Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 If you configure this policy, also configure the scan source policies for other update types:
- SetPolicyDrivenUpdateSourceForQuality
+- SetPolicyDrivenUpdateSourceForQualityUpdates
- SetPolicyDrivenUpdateSourceForDriver
+- SetPolicyDrivenUpdateSourceForDriverUpdates
- SetPolicyDrivenUpdateSourceForOther
+- SetPolicyDrivenUpdateSourceForOtherUpdates
 >[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point  your WSUS server, this policy will have no effect. 
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
 <!--/Description-->
 <!--ADMXMapped-->
@ -3594,7 +3594,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourceforother"></a>**Update/SetPolicyDrivenUpdateSourceForOther**  
+<a href="" id="update-setpolicydrivenupdatesourceforother"></a>**Update/SetPolicyDrivenUpdateSourceForOtherUpdates**  
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
@ -3624,12 +3624,12 @@ The table below shows the applicability of Windows:
 Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 If you configure this policy, also configure the scan source policies for other update types:
- SetPolicyDrivenUpdateSourceForFeature
+- SetPolicyDrivenUpdateSourceForFeatureUpdates
- SetPolicyDrivenUpdateSourceForQuality
+- SetPolicyDrivenUpdateSourceForQualityUpdates
- SetPolicyDrivenUpdateSourceForDriver
+- SetPolicyDrivenUpdateSourceForDriverUpdates
 >[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. 
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
 <!--/Description-->
 <!--ADMXMapped-->
@ -3652,7 +3652,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourceforquality"></a>**Update/SetPolicyDrivenUpdateSourceForQuality**  
+<a href="" id="update-setpolicydrivenupdatesourceforquality"></a>**Update/SetPolicyDrivenUpdateSourceForQualityUpdates**  
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
@ -3682,12 +3682,12 @@ The table below shows the applicability of Windows:
 Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 If you configure this policy, also configure the scan source policies for other update types:
- SetPolicyDrivenUpdateSourceForFeature
+- SetPolicyDrivenUpdateSourceForFeatureUpdates
- SetPolicyDrivenUpdateSourceForDriver
+- SetPolicyDrivenUpdateSourceForDriverUpdates
- SetPolicyDrivenUpdateSourceForOther
+- SetPolicyDrivenUpdateSourceForOtherUpdates
 >[!NOTE]
->If you have not properly configured Update/UpdateServiceUrl correctly to point your WSUS server, this policy will have no effect. 
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
 <!--/Description-->
 <!--ADMXMapped-->
@ -4013,4 +4013,4 @@ ADMX Info:
 ## Related topics
-[Policy configuration service provider](policy-configuration-service-provider.md)
+[Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@ -6,7 +6,7 @@ ms.topic: troubleshooting
 author: Deland-Han
 ms.localizationpriority: medium
 ms.author: delhan
-ms.date: 8/22/2019
+ms.date: 07/12/2022
 ms.reviewer: dcscontentpm
 manager: dansimp
 ---
@ -183,6 +183,63 @@ To specify that you don't want to overwrite any previous kernel or complete memo
 - Set the **Overwrite** DWORD value to **0**.
 #### Automatic Memory Dump
 This is the default option. An Automatic Memory Dump contains the same information as a Kernel Memory Dump. The difference between the two is in the way that Windows sets the size of the system paging file. If the system paging file size is set to **System managed size**, and the kernel-mode crash dump is set to **Automatic Memory Dump**, then Windows can set the size of the paging file to less than the size of RAM. In this case, Windows sets the size of the paging file large enough to ensure that a kernel memory dump can be captured most of the time.
 If the computer crashes and the paging file is not large enough to capture a kernel memory dump, Windows increases the size of the paging file to at least the size of RAM. For more information, see [Automatic Memory Dump](/windows-hardware/drivers/debugger/automatic-memory-dump).
 To specify that you want to use an automatic memory dump file, run the following command or modify the registry value:
 - ```cmd
  wmic recoveros set DebugInfoType = 7
  ```
 - Set the **CrashDumpEnabled** DWORD value to **7**.
 To specify that you want to use a file as your memory dump file, run the following command or modify the registry value:
 - ```cmd
  wmic recoveros set DebugFilePath = <filepath>
  ```
 - Set the **DumpFile** Expandable String Value to \<filepath\>.
 To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
 - ```cmd
  wmic recoveros set OverwriteExistingDebugFile = 0
  ```
 - Set the **Overwrite** DWORD value to **0**.
 #### Active Memory Dump
 An Active Memory Dump is similar to a Complete Memory Dump, but it filters out pages that are not likely to be relevant to troubleshooting problems on the host machine. Because of this filtering, it is typically significantly smaller than a Complete Memory Dump.
 This dump file includes any memory allocated to user-mode applications. It also includes memory allocated to the Windows kernel and hardware abstraction layer, as well as memory allocated to kernel-mode drivers and other kernel-mode programs. The dump includes active pages mapped into the kernel or user space that are useful for debugging, as well as selected Pagefile-backed Transition, Standby, and Modified pages such as the memory allocated with VirtualAlloc or page-file-backed sections. Active dumps do not include pages on the free and zeroed lists, the file cache, guest VM pages, and various other types of memory that are not likely to be useful during debugging. For more information, see [Active Memory Dump](/windows-hardware/drivers/debugger/active-memory-dump).
 To specify that you want to use an active memory dump file, modify the registry value:
 - Set the **CrashDumpEnabled** DWORD value to **1**.
 - Set the **FilterPages** DWORD value to **1**.
 To specify that you want to use a file as your memory dump file, run the following command or modify the registry value:
 - ```cmd
  wmic recoveros set DebugFilePath = <filepath>
  ```
 - Set the DumpFile Expandable String Value to \<filepath\>.
 To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
 - ```cmd
  wmic recoveros set OverwriteExistingDebugFile = 0
  ```
 - Set the **Overwrite** DWORD value to **0**.
 >[!Note]
 >If you contact Microsoft Support about a Stop error, you might be asked for the memory dump file that is generated by the Write Debugging Information option. 
@ -191,6 +248,7 @@ To view system failure and recovery settings for your local computer, type **wmi
 >[!Note]
 >To successfully use these Wmic.exe command line examples, you must be logged on by using a user account that has administrative rights on the computer. If you are not logged on by using a user account that has administrative rights on the computer, use the **/user:user_name** and **/password:password** switches.
 ### Tips
 - To take advantage of the dump file feature, your paging file must be on the boot volume. If you've moved the paging file to another volume, you must move it back to the boot volume before you use this feature.
@ -201,4 +259,4 @@ To view system failure and recovery settings for your local computer, type **wmi
 ## References
-[Varieties of Kernel-Mode Dump Files](/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
+[Varieties of Kernel-Mode Dump Files](/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@ -225,7 +225,7 @@ If the physical computer is still running in a frozen state, follow these steps
 Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.
-For more information, see [How to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/topic/4f4a05c2-ef8a-fca4-3ae0-670b940af398).
+For more information, see [Using PoolMon to Find a Kernel-Mode Memory Leak](/windows-hardware/drivers/debugger/using-poolmon-to-find-a-kernel-mode-memory-leak) and [PoolMon Examples](/windows-hardware/drivers/devtest/poolmon-examples).
 ### Use memory dump to collect data for the virtual machine that's running in a frozen state
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@ -49,7 +49,7 @@ The settings storage location is defined by setting the SettingsStoragePath conf
 -   Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-   With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+-   With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
 -   With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@ -31,7 +31,7 @@ You can configure the sync method in these ways:
 -   Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-   With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+-   With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
 -   With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@ -13,11 +13,12 @@ ms.custom: seo-marvel-apr2020
 # Deploy Windows To Go in your organization
 **Applies to**
 -   Windows 10
-This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
+This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
 > [!IMPORTANT]
 > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@ -26,28 +27,28 @@ This topic helps you to deploy Windows To Go in your organization. Before you be
 The following is a list of items that you should be aware of before you start the deployment process:
-* Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
+* Only use recommended USB drives for Windows To Go. Use of other drives isn't supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
 * After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
 * When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
-* System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
+* Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
-* If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
+* If you're planning on using a USB drive duplicator to duplicate Windows To Go drives, don't configure offline domain join or BitLocker on the drive.
 ## Basic deployment steps
-Unless you are using a customized operating system image, your initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
+Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
-Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
+Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For more information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
 >[!WARNING]
 >If you plan to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
 ### Create the Windows To Go workspace
-In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools.
+In this step we're creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using a combination of Windows PowerShell and command-line tools.
 >[!WARNING]
 >The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
@ -69,7 +70,7 @@ In this step we are creating the operating system image that will be used on the
 6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
-7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
+7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
 r
    >[!WARNING]
@ -77,7 +78,7 @@ r
    If you choose to encrypt the Windows To Go drive now:
-    - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
+    - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware doesn't support non-ASCII characters.
 ~~~
@ -100,7 +101,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
 1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
-2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
+2. In the Windows PowerShell session type, the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
    ```
   # The following command will set $Disk to all USB drives with >20 GB of storage
--- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
@ -12,7 +12,6 @@ ms.custom: seo-marvel-apr2020
 # Deployment considerations for Windows To Go
 **Applies to**
 - Windows 10
@ -42,7 +41,7 @@ The following diagrams illustrate the two different methods you could use to pro
 ![initial boot on-premises.](images/wtg-first-boot-work.gif)
-When a Windows To Go workspace is first used at the workplace, the Windows To Go workspace can be joined to the domain through the normal procedures that occur when a new computer is introduced. It obtains a lease, applicable policies are applied and set, and user account tokens are placed appropriately. BitLocker protection can be applied and the BitLocker recovery key automatically stored in Active Directory Domain Services. The user can access network resources to install software and get access to data sources. When the workspace is subsequently booted at a different location either on or off premises, the configuration required for it to connect back to the work network using either DirectAccess or a virtual private network connection can be configured. It is not necessary to configure the workspace for offline domain join. DirectAccess can make connecting to organizational resources easier, but is not required.
+When a Windows To Go workspace is first used at the workplace, the Windows To Go workspace can be joined to the domain through the normal procedures that occur when a new computer is introduced. It obtains a lease, applicable policies are applied and set, and user account tokens are placed appropriately. BitLocker protection can be applied and the BitLocker recovery key automatically stored in Active Directory Domain Services. The user can access network resources to install software and get access to data sources. When the workspace is subsequently booted at a different location either on or off premises, the configuration required for it to connect back to the work network using either DirectAccess or a virtual private network connection can be configured. It isn't necessary to configure the workspace for offline domain join. DirectAccess can make connecting to organizational resources easier, but isn't required.
 ![initial boot off-premises.](images/wtg-first-boot-home.gif)
@ -51,26 +50,26 @@ When the Windows To Go workspace is going to be used first on an off-premises co
 > [!TIP]
 > Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn306081(v=ws.11)).
-DirectAccess can be used to ensure that the user can log in with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831520(v=ws.11)) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134200(v=ws.11)). If you do not want to use DirectAccess as an alternative user could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
+DirectAccess can be used to ensure that the user can log in with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831520(v=ws.11)) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134200(v=ws.11)). If you don't want to use DirectAccess as an alternative user could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
 ### <a href="" id="wtg-imagedep"></a>Image deployment and drive provisioning considerations
-The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using System Center 2012 Configuration Manager Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive.
+The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using Configuration Manager Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive.
 ![windows to go image deployment.](images/wtg-image-deployment.gif)
-The simplest way to provision a Windows To Go drive is to use the Windows To Go Creator. After a single Windows To Go workspace has been created, it can be duplicated as many times as necessary using widely available USB duplicator products as long as the device has not been booted. After the Windows To Go drive is initialized, it should not be duplicated. Alternatively, Windows To Go Workspace Creator can be run multiple times to create multiple Windows To Go drives.
+The simplest way to provision a Windows To Go drive is to use the Windows To Go Creator. After a single Windows To Go workspace has been created, it can be duplicated as many times as necessary using widely available USB duplicator products as long as the device hasn't been booted. After the Windows To Go drive is initialized, it shouldn't be duplicated. Alternatively, Windows To Go Workspace Creator can be run multiple times to create multiple Windows To Go drives.
 > [!TIP]
 > When you create your Windows To Go image use sysprep /generalize, just as you do when you deploy Windows 10 to a standard PC. In fact, if appropriate, use the same image for both deployments.
 **Driver considerations**
-Windows includes most of the drivers that you will need to support a wide variety of host computers. However, you will occasionally need to download drivers from Windows Update to take advantage of the full functionality of a device. If you are using Windows To Go on a set of known host computers, you can add any additional drivers to the image used on Windows To Go to make Windows To Go drives more quickly usable by your employees. Especially ensure that network drivers are available so that the user can connect to Windows Update to get additional drivers if necessary.
+Windows includes most of the drivers that you'll need to support a wide variety of host computers. However, you'll occasionally need to download drivers from Windows Update to take advantage of the full functionality of a device. If you're using Windows To Go on a set of known host computers, you can add any more drivers to the image used on Windows To Go to make Windows To Go drives more quickly usable by your employees. Especially ensure that network drivers are available so that the user can connect to Windows Update to get more drivers if necessary.
 Wi-Fi network adapter drivers are one of the most important drivers to make sure that you include in your standard image so that users can easily connect to the internet for any additional updates. IT administrators that are attempting to build Windows 10 images for use with Windows To Go should consider adding additional Wi-Fi drivers to their image to ensure that their users have the best chance of still having basic network connectivity when roaming between systems.
-The following list of commonly used Wi-Fi network adapters that are not supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image.
+The following list of commonly used Wi-Fi network adapters that aren't supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image.
 |Vendor name|Product description|HWID|Windows Update availability|
 |--- |--- |--- |--- |
@ -94,11 +93,11 @@ The following list of commonly used Wi-Fi network adapters that are not supporte
 |Ralink|Wireless LAN Card V1|pci\ven_1814&dev_0302&subsys_3a711186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)|
 |Ralink|D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)|pci\ven_1814&dev_0302&subsys_3c091186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)|
-IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)).
+IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that isn't supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)).
 ### <a href="" id="wtg-appinstall"></a>Application installation and domain join
-Unless you are using a customized Windows image that includes unattended installation settings, the initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications
+Unless you're using a customized Windows image that includes unattended installation settings, the initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications
 ### <a href="" id="bkmk-wtggp"></a>Management of Windows To Go using Group Policy
@ -110,20 +109,20 @@ The use of the Store on Windows To Go workspaces that are running Windows 8 can
 - **Allow hibernate (S4) when started from a Windows To Go workspace**
-    This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it is important that the hardware attached to the system, as well as the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace is not being used to roam between host PCs.
+    This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it's important that the hardware attached to the system, and the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace isn't being used to roam between host PCs.
    > [!IMPORTANT]
    > For the host-PC to resume correctly when hibernation is enabled the Windows To Go workspace must continue to use the same USB port.
 - **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace**
-    This policy setting specifies whether the PC can use standby sleep states (S1–S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it is shut down. It could be very easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown, which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC, which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace cannot use the standby states to cause the PC to enter sleep mode. If you disable or do not configure this policy setting, the Windows To Go workspace can place the PC in sleep mode.
+    This policy setting specifies whether the PC can use standby sleep states (S1–S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it's shut down. It could be easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown, which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC, which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace can't use the standby states to cause the PC to enter sleep mode. If you disable or don't configure this policy setting, the Windows To Go workspace can place the PC in sleep mode.
 **Settings for host PCs**
 - **Windows To Go Default Startup Options**
-    This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users will not be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog.
+    This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users won't be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the firmware. If you don't configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog.
    > [!IMPORTANT]
    > Enabling this policy setting will cause PCs running Windows to attempt to boot from any USB device that is inserted into the PC before it is started.
@ -135,7 +134,7 @@ The biggest hurdle for a user wanting to use Windows To Go is configuring their
 > [!NOTE]
 > Enabling a system to always boot from USB first has implications that you should consider. For example, a USB device that includes malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to cause a boot conflict. For this reason, the Windows To Go startup options are disabled by default. In addition, administrator privileges are required to configure Windows To Go startup options.
-If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
+If you're going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
 ### <a href="" id="stg-firmware"></a>Roaming between different firmware types
@ -143,9 +142,9 @@ Windows supports two types of PC firmware: Unified Extensible Firmware Interface
 ![bios layout.](images/wtg-mbr-bios.gif)![uefi layout](images/wtg-gpt-uefi.gif)
-This presented a unique challenge for Windows To Go because the firmware type is not easily determined by end users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware.
+This presented a unique challenge for Windows To Go because the firmware type isn't easily determined by end users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware.
-To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command:
+To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually, you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command:
 ![firmware roaming disk layout.](images/wtg-mbr-firmware-roaming.gif)
@ -153,7 +152,7 @@ This is the only supported disk configuration for Windows To Go. With this disk
 ### <a href="" id="wtg-startup"></a>Configure Windows To Go startup options
-Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured.
+Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options, you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured.
 **To configure Windows To Go startup options**
@ -170,7 +169,7 @@ Windows To Go Startup Options is a setting available on Windows 10-based PCs tha
 ### <a href="" id="wtg-changefirmware"></a>Change firmware settings
-If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer you will need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7 you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you do not suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode.
+If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer, you'll need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7, you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you don't suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode.
 ## Related topics
--- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
+++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
@ -162,7 +162,7 @@ sections:
      - question: |
          Can the user self-provision Windows To Go?
        answer: |
-          Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
+          Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
      - question: |
          How can Windows To Go be managed in an organization?
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@ -18,7 +18,7 @@ ms.topic: article
 - Windows 10
 - Windows 11
-This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within MEM itself. Configuring devices for Update Compliance in MEM breaks down to the following steps:
+This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps:
 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured.
 2. [Deploy the configuration script](#deploy-the-configuration-script) as a Win32 app to those same devices, so additional checks can be performed to ensure devices are correctly configured.
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@ -46,7 +46,7 @@ The table breaks down the number of bytes from each download source into specifi
 The download sources that could be included are:
 - LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network
 - Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the "Group" download mode is used)
- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates.
+- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an Configuration Manager Distribution Point for Express Updates.
 <!--Using include file, waas-delivery-optimization-monitor.md, for shared content on DO monitoring-->
 [!INCLUDE [Monitor Delivery Optimization](../do/includes/waas-delivery-optimization-monitor.md)]
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@ -12,17 +12,18 @@ ms.topic: article
 # WaaSDeploymentStatus
 WaaSDeploymentStatus records track a specific update's installation progress on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, and one tracking a Windows Quality Update, at the same time.
 |Field |Type |Example |Description |
 |-|-|-----|------------------------|
 |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enroll devices in Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
 |**DeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |The deferral policy for this content type or `UpdateCategory` (Windows `Feature` or `Quality`). |
-|**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. |
+|**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there's either no string matching the error or there's no error. |
-|**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. |
+|**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there's either no error or there's *no error code*, meaning that the issue raised doesn't correspond to an error, but some inferred issue. |
-|**DeploymentStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Failed` |The high-level status of installing this update on this device. Possible values are:<br><li> **Update completed**: Device has completed the update installation.<li> **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.<li> **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.<li> **Canceled**: The update was canceled.<li> **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.<li> **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`.<li> **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. <li> **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.|
+|**DeploymentStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Failed` |The high-level status of installing this update on this device. Possible values are:<br><li> **Update completed**: Device has completed the update installation.<li> **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.<li> **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.<li> **Canceled**: The update was canceled.<li> **Blocked**: There's a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.<li> **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that haven't sent any deployment data for that update will have the status `Unknown`.<li> **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. <li> **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.|
-|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:<br><li> **Not Started**: Update hasn't started because the device is not targeting the latest 2 builds<li> **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.<li> **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.<li> **Update offered**: The device has been offered the update, but has not begun downloading it.<li> **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.<li> **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds).<li> **Download started**: The update has begun downloading on the device.<li> **Download Succeeded**: The update has successfully completed downloading. <li> **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.<li> **Install Started**: Installation of the update has begun.<li> **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.<li> **Reboot Pending**: The device has a scheduled reboot to apply the update.<li> **Reboot Initiated**: The scheduled reboot has been initiated.<li> **Commit**: Changes are being committed post-reboot. This is another step of the installation process.<li> **Update Completed**: The update has successfully installed.|
+|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:<br><li> **Not Started**: Update hasn't started because the device isn't targeting the latest 2 builds<li> **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.<li> **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.<li> **Update offered**: The device has been offered the update, but hasn't begun downloading it.<li> **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.<li> **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and won't resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds).<li> **Download started**: The update has begun downloading on the device.<li> **Download Succeeded**: The update has successfully completed downloading. <li> **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.<li> **Install Started**: Installation of the update has begun.<li> **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.<li> **Reboot Pending**: The device has a scheduled reboot to apply the update.<li> **Reboot Initiated**: The scheduled reboot has been initiated.<li> **Commit**: Changes are being committed post-reboot. This is another step of the installation process.<li> **Update Completed**: The update has successfully installed.|
 |**ExpectedInstallDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. |
 |**LastScan** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. |
 |**OriginBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. |
@ -30,7 +31,7 @@ WaaSDeploymentStatus records track a specific update's installation progress on
 |**OSRevisionNumber** |[int](/azure/kusto/query/scalar-data-types/int) |`719` |The revision of the OSBuild installed on the device. |
 |**OSServicingBranch** |[string](/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](./waas-overview.md#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
 |**OSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**PauseState** |[string](/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.<br><li> **Expired**: The pause period has expired.<li> **NotConfigured**: Pause is not configured.<li> **Paused**: The device was last reported to be pausing this content type.<li> **NotPaused**: The device was last reported to not have any pause on this content type. |
+|**PauseState** |[string](/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.<br><li> **Expired**: The pause period has expired.<li> **NotConfigured**: Pause isn't configured.<li> **Paused**: The device was last reported to be pausing this content type.<li> **NotPaused**: The device was last reported to not have any pause on this content type. |
 |**RecommendedAction** |[string](/azure/kusto/query/scalar-data-types/string) | |The recommended action to take in the event this device needs attention, if any. |
 |**ReleaseName** |[string](/azure/kusto/query/scalar-data-types/string) |`KB4551762` |The KB Article corresponding to the TargetOSRevision, if any. |
 |**TargetBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.720` |The target OSBuild, the update being installed or considered as part of this WaaSDeploymentStatus record. |
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@ -18,7 +18,7 @@ WaaSInsiderStatus records contain device-centric data and acts as the device rec
 |Field |Type |Example |Description |
 |--|--|---|--|
 |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this value appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This value is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This value is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
 |**OSArchitecture** |[string](/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
 |**OSName** |[string](/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This value will always be Windows 10 for Update Compliance. |
 |**OSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This value typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This value maps to the `Major` portion of OSBuild. |
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@ -17,7 +17,7 @@ WaaSUpdateStatus records contain device-centric data and acts as the device reco
 |Field |Type |Example |Description |
 |--|-|----|------------------------|
 |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
 |**DownloadMode** |[string](/azure/kusto/query/scalar-data-types/string) |`Simple (99)` |The device's Delivery Optimization DownloadMode. To learn about possible values, see [Delivery Optimization Reference - Download mode](../do/waas-delivery-optimization-reference.md#download-mode) |
 |**FeatureDeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0`                        |The on-client Windows Update for Business Deferral Policy days.<br> - **<0**: A value below 0 indicates the policy is disabled. <br> - **0**: A value of 0 indicates the policy is enabled, but the deferral period is zero days.<br> - **1+**: A value of 1 and above indicates the deferral setting, in days. |
 |**FeaturePauseDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |*Deprecated* This provides the count of days left in a pause |
--- a/windows/deployment/update/update-compliance-schema-wudostatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudostatus.md
@ -22,7 +22,7 @@ These fields are briefly described in this article, to learn more about Delivery
 |Field |Type |Example |Description |
 |-|-|-|-|
 |**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
 |**City** |[string](/azure/kusto/query/scalar-data-types/string) | |Approximate city device was in while downloading content, based on IP Address. |
 |**Country** |[string](/azure/kusto/query/scalar-data-types/string) | |Approximate country device was in while downloading content, based on IP Address. |
 |**ISP** |[string](/azure/kusto/query/scalar-data-types/string) | |The Internet Service Provider estimation. |
--- a/windows/deployment/update/update-compliance-v2-enable.md
+++ b/windows/deployment/update/update-compliance-v2-enable.md
@ -52,7 +52,7 @@ Update Compliance is offered as an Azure Marketplace application that's linked t
 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this page.
 1. Select **Get it now**.
-1. Select **Continue** to agree to the [terms of use](https://azure.microsoft.com/[support/legal/) and the [privacy policy](https://privacy.microsoft.com/en-us/privacystatement) to create the app in Azure.
+1. Select **Continue** to agree to the [terms of use](https://azure.microsoft.com/support/legal/) and the [privacy policy](https://privacy.microsoft.com/en-us/privacystatement) to create the app in Azure.
 1. Sign into the [Azure portal](https://portal.azure.com) to finish creating the Update Compliance solution.
 1. Select the following settings:
   - **Subscription**: The Azure subscription to use.
--- a/windows/deployment/update/update-compliance-v2-prerequisites.md
+++ b/windows/deployment/update/update-compliance-v2-prerequisites.md
@ -8,7 +8,7 @@ author: mestew
 ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
-ms.date: 06/06/2022
+ms.date: 06/30/2022
 ---
 # Update Compliance prerequisites
@ -66,11 +66,15 @@ For more information about what's included in different diagnostic levels, see [
 > [!NOTE]
 > Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription.
-## Microsoft 365 admin center permissions (optional)
+## Microsoft 365 admin center permissions (currently optional)
-When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also recommended:
+When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also needed:
-   - To configure settings for the **Software Updates** page: [Global Admin role](/microsoft-365/admin/add-users/about-admin-roles)
+
-   - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles)
+- To configure settings and view the **Software Updates** page: 
  - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
  - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
 - To view the **Software Updates** page:
  - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
 ## Log Analytics prerequisites
--- a/windows/deployment/update/update-status-admin-center.md
+++ b/windows/deployment/update/update-status-admin-center.md
@ -10,7 +10,7 @@ ms.collection:
  - M365-analytics
  - highpri
 ms.topic: article
-ms.date: 05/07/2022
+ms.date: 06/20/2022
 ---
 # Microsoft admin center software updates (preview) page
@ -34,8 +34,12 @@ The **Software updates** page has following tabs to assist you in monitoring upd
 - [Update Compliance](update-compliance-v2-overview.md) needs to be enabled with clients sending data to the solution
 - An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com)
-   - To configure settings for the **Software Updates** page: [Global Admin role](/microsoft-365/admin/add-users/about-admin-roles)
+   - To configure settings and view the **Software Updates** page: 
-   - To view the **Software Updates** page: [Global Reader role](/microsoft-365/admin/add-users/about-admin-roles)
+      - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
      - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
   - To view the **Software Updates** page: 
      - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
 ## Limitations
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@ -79,7 +79,7 @@ See the following general troubleshooting procedures associated with a result co
 |0x80070522|The user doesn’t have required privilege or credentials to upgrade.|Ensure that you've signed in as a local administrator or have local administrator privileges.|
 |0xC1900107|A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.|Restart the device and run setup again. If restarting the device doesn't resolve the issue, then use the Disk Cleanup utility to clean up the temporary files and the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68).|
 |0xC1900209|The user has chosen to cancel because the system doesn't pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.|Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe) for more information.<p>You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.|
-|0x8007002|This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)<p>The error 80072efe means that the connection with the server was terminated abnormally.<p>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.|
+|0x8007002|This error is specific to upgrades using Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)<p>The error 80072efe means that the connection with the server was terminated abnormally.<p>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.|
 |0x80240FFF|Occurs when update synchronization fails. It can occur when you're using Windows Server Update Services on its own or when it's integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.|You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:<ol><li>Disable the Upgrades classification.<li>Install hotfix 3095113.<li>Delete previously synched updates.<li>Enable the Upgrades classification.<li>Perform a full synch.</ol><p>For detailed information on how to run these steps check out How to delete upgrades in WSUS.|
 |0x8007007E|Occurs when update synchronization fails because you don't have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you're using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.|Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.<p>Stop the Windows Update service. <li>Sign in as a user with administrative privileges, and then do the following:<li>Open Administrative Tools from the Control Panel.<li>Double-click Services.<li>Find the Windows Update service, right-click it, and then select Stop. If prompted, enter your credentials.<p>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.<p>Restart the Windows Update service.|
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@ -13,7 +13,7 @@ ms.collection:
 search.appverid:
 - MET150
 ms.topic: article
-ms.date: 06/16/2022
+ms.date: 07/12/2022
 ---
 # Windows 10/11 Subscription Activation
@ -26,9 +26,11 @@ Windows 10 Pro supports the Subscription Activation feature, enabling users to "
 With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
 If you have devices that are licensed for Windows 7, 8, and 8.1 Professional, Microsoft 365 Business Premium provides an upgrade to Windows 10 Pro, which is the prerequisite for deploying [Windows 10 Business](/microsoft-365/business-premium/microsoft-365-business-faqs#what-is-windows-10-business).
 The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.  
-See the following articles:
+For more information, see the following articles:
 - [Subscription Activation](#subscription-activation-for-windows-1011-enterprise): An introduction to Subscription Activation for Windows 10/11 Enterprise.
 - [Subscription Activation for Education](#subscription-activation-for-windows-1011-enterprise): Information about Subscription Activation for Windows 10/11 Education.
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@ -17,8 +17,9 @@
          href: prepare/windows-autopatch-configure-network.md
        - name: Enroll your tenant
          href: prepare/windows-autopatch-enroll-tenant.md
-        - name: Fix issues found by the Readiness assessment tool
+          items:
-          href: prepare/windows-autopatch-fix-issues.md
+            - name: Fix issues found by the Readiness assessment tool
              href: prepare/windows-autopatch-fix-issues.md
    - name: Deploy
      href: deploy/index.md
      items:
@ -32,33 +33,48 @@
        - name: Update management
          href: operate/windows-autopatch-update-management.md
          items:
-            - name: Windows quality updates
+            - name: Windows updates
-              href: operate/windows-autopatch-wqu-overview.md
+              href:
-              items: 
+              items:
-                - name: Windows quality end user experience
+                - name: Windows quality updates
-                  href: operate/windows-autopatch-wqu-end-user-exp.md
+                  href: operate/windows-autopatch-wqu-overview.md
-                - name: Windows quality update signals
+                  items:
-                  href: operate/windows-autopatch-wqu-signals.md
+                    - name: Windows quality end user experience
-                - name: Windows quality update communications
+                      href: operate/windows-autopatch-wqu-end-user-exp.md
                    - name: Windows quality update signals
                      href: operate/windows-autopatch-wqu-signals.md
                - name: Windows feature updates
                  href: operate/windows-autopatch-fu-overview.md
                  items:
                    - name: Windows feature end user experience
                      href: operate/windows-autopatch-fu-end-user-exp.md
                - name: Windows quality and feature update communications
                  href: operate/windows-autopatch-wqu-communications.md
                - name: Conflicting and unsupported policies
                  href: operate/windows-autopatch-wqu-unsupported-policies.md
            - name: Microsoft 365 Apps for enterprise
              href: operate/windows-autopatch-microsoft-365-apps-enterprise.md
            - name: Microsoft Edge
              href: operate/windows-autopatch-edge.md
            - name: Microsoft Teams
              href: operate/windows-autopatch-teams.md
-        - name: Deregister a device
+        - name: Maintain the Windows Autopatch environment
-          href: operate/windows-autopatch-deregister-devices.md
+          href: operate/windows-autopatch-maintain-environment.md
        - name: Submit a support request
          href: operate/windows-autopatch-support-request.md
        - name: Deregister a device
          href: operate/windows-autopatch-deregister-devices.md
        - name: Unenroll your tenant
          href: operate/windows-autopatch-unenroll-tenant.md
    - name: Reference
      href:
      items:
        - name: Update policies
          href:
          items:
            - name: Windows update policies
              href: operate/windows-autopatch-wqu-unsupported-policies.md
            - name: Microsoft 365 Apps for enterprise update policies
              href: references/windows-autopatch-microsoft-365-policies.md
        - name: Privacy
          href: references/windows-autopatch-privacy.md
        - name: Windows Autopatch preview addendum
-          href: references/windows-autopatch-preview-addendum.md
+          href: references/windows-autopatch-preview-addendum.md
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
@ -14,9 +14,6 @@ msreviewer: hathind
 # Add and verify admin contacts
 > [!IMPORTANT]
 > The Admin contacts blade isn't available during public preview. However, we'll use the admin contacts provided by you during public preview onboarding.
 There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch.
 > [!IMPORTANT]
@ -34,7 +31,7 @@ Your admin contacts will receive notifications about support request updates and
 | Area of focus | Description |
 | ----- | ----- |
 | Devices | <uL><li>Device registration</li><li>Device health</li></ul> |
-| Updates | <ul><li>Windows quality updates</li><li>Microsoft 365 Apps for enterprise</li><li>Microsoft Teams updates</li><li>Microsoft Edge</li></ul> |
+| Updates | <ul><li>Windows quality updates</li><li>Windows feature updates</li><li>Microsoft 365 Apps for enterprise updates</li><li>Microsoft Edge updates</li><li>Microsoft Teams updates</li></ul> |
 **To add admin contacts:**
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@ -1,7 +1,7 @@
 ---
 title: Register your devices
 description:  This article details how to register devices in Autopatch
-ms.date: 06/15/2022
+ms.date: 07/06/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: how-to
@ -50,6 +50,17 @@ Azure AD groups synced up from:
 > [!TIP]
 > You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the Windows Autopatch Device Registration Azure AD group on demand.
 ### Clean up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant
 An [Azure AD dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) occurs when a device is initially connected to Azure AD as an [Azure AD Registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but as a [Hybrid Azure AD device](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
 In the dual state, you end up having two Azure AD device records with different join types for the same device. In this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale.
 It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](/azure/active-directory/devices/manage-stale-devices).
 > [!WARNING]
 > If you don't clean up stale devices in Azure AD before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** pre-requisite check  in the **Not ready** tab because it's expected that these stale Azure AD devices are not enrolled into the Intune service anymore.
 ## Prerequisites for device registration
 To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites:
@ -57,16 +68,17 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
 - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client)
 - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported).
 - Managed by Microsoft Endpoint Manager.
-    - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements).
+    - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
-        - [Switch Microsoft Endpoint Manager-Configuration Manager Co-management workloads to Microsoft Endpoint Manager-Intune](/mem/configmgr/comanage/how-to-switch-workloads) (either set to Pilot Intune or Intune). This includes the following workloads:
+        - Must switch the following Microsoft Endpoint Manager-Configuration Manager [Co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
            - Windows updates policies
            - Device configuration
            - Office Click-to-run
- Last Intune device check-in completed within the last 28 days.
+- Last Intune device check in completed within the last 28 days.
 - Devices must have Serial Number, Model and Manufacturer.
 	> [!NOTE]
 	> Windows Autopatch doesn't support device emulators that don't generate Serial number, Model and Manufacturer. Devices that use a non-supported device emulator fail the **Intune or Cloud-Attached** pre-requisite check. Additionally, devices with duplicated serial numbers will fail to register with Windows Autopatch.
-For more information on how Configuration Manager workloads work, see [How to switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads).
+See [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md) for more details.
 See [Prerequisites](../prepare/windows-autopatch-prerequisites.md) for more details.
 ## About the Ready and Not ready tabs
@ -82,11 +94,10 @@ Windows Autopatch introduces a new user interface to help IT admins detect and t
 A role defines the set of permissions granted to users assigned to that role. You can use one of the following built-in roles in Windows Autopatch to register devices:
 - Azure AD Global Administrator
 - Service Support Administrator
 - Intune Service Administrator
 - Modern Workplace Intune Administrator
-For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and  [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
+For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
 > [!NOTE]
 > The Modern Workplace Intune Admin role is a custom created role during the Windows Autopatch tenant enrollment process. This role can assign administrators to Endpoint Manager roles, and allows you to create and configure custom Endpoint Manager roles.
@ -100,7 +111,9 @@ Registering your devices in Windows Autopatch does the following:
 ## Steps to register devices
-**To register devices into Windows Autopatch:**
+### Physical devices
 **To register physical devices into Windows Autopatch:**
 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
 2. Select **Windows Autopatch** from the left navigation menu.
@ -111,12 +124,43 @@ Registering your devices in Windows Autopatch does the following:
 > [!NOTE]
 > The **Windows Autopatch Device Registration** hyperlink is in the center of the Ready tab when there's no devices registered with the Windows Autopatch service. Once you have one or more devices registered with the Windows Autopatch service, the **Windows Autopatch Device registration** hyperlink is at the top of both Ready and Not ready tabs.
-Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices and runs software-based prerequisite checks to try to register them with its service.
+Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices, and runs software-based prerequisite checks to try to register them with its service.
-> [!IMPORTANT]
+### Virtual devices
 > It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab during the public preview.
-## Additional device management lifecycle scenarios
+#### Windows Autopatch on Windows 365 Enterprise Workloads
 With Windows 365 Enterprise, you can include Windows Autopatch onboarding as part of your provision process providing a seamless experience for admins and users to ensure your Cloud PCs are always up to date.
 #### Deploy Windows Autopatch on a Windows 365 Provisioning Policy
 For general guidance, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
 **To deploy Windows Autopatch on a Windows 365 Provisioning Policy:**
 1. Go to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) admin center.
 1. In the left pane, select **Devices**.
 1. Navigate to Provisioning > **Windows 365**.
 1. Select Provisioning policies > **Create policy**.
 1. Provide a policy name and select **Join Type**. For more information, see [Device join types](/windows-365/enterprise/identity-authentication#device-join-types).  
 1. Select **Next**.
 1. Choose the desired image and select **Next**.
 1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) cannot manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) to continue.
 1. Assign your policy accordingly and select **Next**.
 1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch.
 #### Deploy Autopatch on Windows 365 for existing Cloud PC
 All your existing Windows 365 Enterprise workloads can be registered into Windows Autopatch by leveraging the same method as your physical devices. For more information, see [Physical devices](#physical-devices).
 #### Contact support
 Support is available either through Windows 365, or Windows Autopatch for update related incidents.
 - For Windows 365 support, see [Get support](/mem/get-support).  
 - For Windows Autopatch support, see [Submit a support request](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request).  
 ## Device management lifecycle scenarios
 There's a few more device lifecycle management scenarios to consider when planning to register devices in Windows Autopatch.
--- a/windows/deployment/windows-autopatch/media/windows-feature-force-update.png
+++ b/windows/deployment/windows-autopatch/media/windows-feature-force-update.png
--- a/windows/deployment/windows-autopatch/media/windows-feature-release-process-timeline.png
+++ b/windows/deployment/windows-autopatch/media/windows-feature-release-process-timeline.png
--- a/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png
+++ b/windows/deployment/windows-autopatch/media/windows-feature-typical-update-experience.png
--- a/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png
+++ b/windows/deployment/windows-autopatch/media/windows-feature-update-grace-period.png
--- a/windows/deployment/windows-autopatch/operate/index.md
+++ b/windows/deployment/windows-autopatch/operate/index.md
@ -14,12 +14,15 @@ msreviewer: hathind
 # Operating with Windows Autopatch
-This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, and how to contact the Windows Autopatch Service Engineering Team:
+This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, maintaining your Windows Autopatch environment, how to contact the Windows Autopatch Service Engineering Team, and unenrolling your tenant:
 - [Update management](windows-autopatch-update-management.md)
 - [Windows quality updates](windows-autopatch-wqu-overview.md)
 - [Windows feature updates](windows-autopatch-fu-overview.md)
 - [Microsoft 365 Apps for enterprise updates](windows-autopatch-microsoft-365-apps-enterprise.md)
 - [Microsoft Edge updates](windows-autopatch-edge.md)
 - [Microsoft Teams updates](windows-autopatch-teams.md)
 - [Maintain the Windows Autopatch environment](windows-autopatch-maintain-environment.md)
 - [Deregister devices](windows-autopatch-deregister-devices.md)
 - [Submit a support request](windows-autopatch-support-request.md)
 - [Unenroll your tenant](windows-autopatch-unenroll-tenant.md)
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
@ -14,7 +14,7 @@ msreviewer: andredm7
 # Deregister a device
-To avoid end-user disruption, device de-registration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity.
+To avoid end-user disruption, device deregistration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity.
 **To deregister a device:**
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
@ -0,0 +1,73 @@
 ---
 title: Windows feature update end user experience
 description:  This article explains the Windows feature update end user experience
 ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 msreviewer: hathind
 ---
 # Windows feature update end user experience
 Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing reboots during business hours.
 ## User notifications  
 In this section we'll review what an end user would see in the following three scenarios:
 1. Typical update experience
 2. Feature update deadline forces an update
 3. Feature update grace period
 > [!NOTE]
 > Windows Autopatch doesn't yet support feature updates without notifying end users.
 ### Typical update experience
 In this example, we'll be discussing a device in the First ring. The Autopatch service updates the First ring’s DSS policy to target the next version of Windows 30 days after the start of the release. When the policy is applied to the device, the device will download the update, and notify end users that the new version of Windows is ready to install. The end user can either:
 1. Restart immediately to install the updates
 1. Schedule the installation, or
 1. Snooze (the device will attempt to install outside of active hours.)
 In the following example, the user schedules the restart and is notified 15 minutes prior to the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline.
 :::image type="content" source="../media/windows-feature-typical-update-experience.png" alt-text="Typical Windows feature update experience":::
 ### Feature update deadline forces an update
 The following example builds on the scenario outlined in the typical user experience, but the user ignores the notification and selects snooze. Further notifications are received, which the user ignores. The device is also unable to install the updates outside of active hours.
 The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device will ignore the active hours and force a restart to complete the installation. The user will receive a 15-minute warning, after which, the device will install the update and restart.
 :::image type="content" source="../media/windows-feature-force-update.png" alt-text="Force Windows feature update":::
 ### Feature update grace period
 In the following example, the user is on holiday and the device is offline beyond the feature update deadline. The user then returns to work and the device is turned back on.
 Since the deadline has already passed, the device is granted a two-day grace period to install the update and restart. The user will be notified of a pending installation and given options to choose from. Once the two-day grace period has expired, the user is forced to restart with a 15-minute warning notification.
 :::image type="content" source="../media/windows-feature-update-grace-period.png" alt-text="Window feature update grace period":::
 ## Servicing window
 Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. Device restarts occur outside of active hours until the deadline is reached. By default, active hours are configured dynamically based on device usage patterns. If you wish to specify active hours for your organization, you can do so by deploying both the following policies:
 | Policy | Description |
 | ----- | ----- |
 | [Active hours start](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) | This policy controls the start of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. |
 | [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | This policy controls the end of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
 > [!IMPORTANT]
 > Both policies must be deployed for them to work as expected.
 A device won't restart during active hours unless it has passed the date specified by the update deadline policy. Once the device has passed the deadline policy, the device will update as soon as possible.
 > [!IMPORTANT]
 > If your devices must be updated at a specific date or time, they aren't suitable for Windows Autopatch. Allowing you to choose specific dates to update devices would disrupt the rollout schedule and prevent us from delivering the service level objective. The use of any of the following CSPs on a managed device will render it ineligible for management: <ul><li>[Update/ScheduledInstallDay](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)</li><li>[Update/ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek)</li><li>[Update/ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek)</li><li>[Update/ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek)</li><li>[Update/ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek)</li><li>[Update/ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek)</li><li>[Update/ScheduledInstallTime](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)</li></ul>
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
@ -0,0 +1,106 @@
 ---
 title: Windows feature updates
 description:  This article explains how Windows feature updates are managed in Autopatch
 ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 msreviewer: hathind
 ---
 # Windows feature updates
 ## Service level objective
 Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows so that they can continue receiving Windows feature updates.
 ## Device eligibility
 For a device to be eligible for Windows feature updates as a part of Windows Autopatch it must meet the following criteria:
 | Criteria | Description |
 | ----- | ----- |
 | Activity | Devices must have at least six hours of usage, with at least two hours being continuous since the start of the update. |
 | Intune sync | Devices must have checked with Intune within the last five days. |
 | Storage space | Devices must have more than one GB (GigaBytes) of free storage space. |
 | Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
 | Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
 | Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). |
 | Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy) |
 ## Windows feature update releases
 When the service decides to move to a new version of Windows, the following update schedule is indicative of the minimum amount of time between rings during a rollout.
 The final release schedule is communicated prior to release and may vary a little from the following schedule to account for business weeks or other scheduling considerations. For example, Autopatch may decide to release to the Fast Ring after 62 days instead of 60, if 60 days after the release start was a weekend.  
 | Ring | Timeline |
 | ----- | ----- |
 | Test | Release start |
 | First | Release start + 30 days |
 | Fast | Release start + 60 days |
 | Broad | Release start + 90 days |
 :::image type="content" source="../media/windows-feature-release-process-timeline.png" alt-text="Windows feature release timeline":::
 ## New devices to Windows Autopatch
 If a device is enrolled and it's below Autopatch's currently targeted Windows feature update, that device will update to the service's target version within five days of meeting eligibility criteria.  
 If a device is enrolled and it's on, or above the currently targeted Windows feature update, there won't be any change to that device.  
 ## Feature update configuration
 When releasing a feature update, there are two policies that are configured by the service to create the update schedule described in the previous section. You’ll see four of each of the following policies in your tenant, one for each ring:  
 - **Modern Workplace DSS Policy**: This policy is used to control the target version of Windows.  
 - **Modern Workplace Update Policy**: This policy is used to control deferrals and deadlines for feature and quality updates.  
 | Ring | Target version (DSS) Policy | Feature update deferral | Feature update deadline | Feature update grace period |
 | ----- | ----- | ----- | ----- | ----- |
 | Test | 21H2 | 0 | 5 | 0 |
 | First | 21H2 | 0 | 5 | 0 |
 | Fast | 21H2 | 0 | 5 | 2 |
 | Broad | 21H2 | 0 | 5 | 2 |
 > [!NOTE]
 > Customers are not able to select a target version for their tenant.
 During a release, the service modifies the Modern Workplace DSS policy to change the target version for a specific ring in Intune. That change is deployed to devices and updates the devices prior to the update deadline.  
 To understand how devices will react to the change in the Modern Workplace DSS policy, it's important to understand how deferral, deadline, and grace periods effect devices.
 | Policy | Description |
 | ----- | ----- |
 | [Deferrals](/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) | The deferral policy determines how many days after a release the feature update is offered to a device. The service maximizes control over feature updates by creating individual DSS policies for each ring and modifying the ring's DSS policy to change the target update version. Therefore, the feature update deferral policy for all rings is set to zero days so that a change in the DSS policy is released as soon as possible.   |
 | [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays)    | Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device.  |
 | [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online.  |
 > [!IMPORTANT]
 > Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will render a device ineligible for management. Also, if any update related to group policy settings are detected, the device will also be ineligible for management.
 ## Windows 11 testing
 To allow customers to test Windows 11 in their environment, there's a separate DSS policy that enables you to test Windows 11 before broadly adopting within your environment. When you add devices to the **Modern Workplace - Windows 11 Pre-Release Test Devices** group they'll update to Windows 11.  
 > [!IMPORTANT]
 > This group is intended for testing purposes only and shouldn't be used to broadly update to Windows 11 in your environment.
 ## Pausing and resuming a release
 You can pause or resume a Windows feature update from the Release management tab in Microsoft Endpoint Manager.
 ## Rollback
 Windows Autopatch doesn't support the rollback of feature updates.
 ## Incidents and outages
 If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Windows feature updates, Autopatch will raise an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring those devices onto the latest version of Windows.
 If you're experiencing other issues related to Windows feature updates, [submit a support request](../operate/windows-autopatch-support-request.md).
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md
@ -0,0 +1,30 @@
 ---
 title: Maintain the Windows Autopatch environment
 description:  This article details how to maintain the Windows Autopatch environment
 ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 msreviewer: hathind
 ---
 # Maintain the Windows Autopatch environment
 After you've completed enrollment in Windows Autopatch, some management settings might need to be adjusted. Use the following steps:
 1. Review the [Microsoft Intune settings](#microsoft-intune-settings) described in the following section.
 1. If any of the items apply to your environment, make the adjustments as described.
 > [!NOTE]
 > As your operations continue in the following months, if you make changes after enrollment to policies in Microsoft Intune, Azure Active Directory, or Microsoft 365 that affect Windows Autopatch, it's possible that Windows Autopatch could stop operating properly. To avoid problems with the service, check the specific settings described in [Fix issues found by the readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) before you change the policies listed there.
 ## Microsoft Intune settings
 | Setting | Description |
 | ----- | ----- |
 | Conditional access policies | If you create any new conditional access or multi-factor authentication policies related to Azure AD, or Microsoft Intune after Windows Autopatch enrollment, exclude the Modern Workplace Service Accounts Azure AD group from them. For more information, see [Conditional Access: Users and groups](/azure/active-directory/conditional-access/concept-conditional-access-users-groups). Windows Autopatch maintains separate conditional access policies to restrict access to these accounts.<p>**To review the Windows Autopatch conditional access policy (Modern Workplace – Secure Workstation):**</p><p>Go to Microsoft Endpoint Manager and navigate to **Conditional Access** in **Endpoint Security**. Do **not** modify any Azure AD conditional access policies created by Windows Autopatch that have "**Modern Workplace**" in the name.</p> |
 | Update rings for Windows 10 or later | For any update rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign update rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).<p>Windows Autopatch will also have created some update ring policies. all of which The policies will have "**Modern Workplace**" in the name. For example:</p><ul><li>Modern Workplace Update Policy [Broad]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Fast]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [First]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Test]-[Windows Autopatch]</li></ul><p>When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.</p><p>**To resolve the Not ready result:**</p><p>After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p><p>**To resolve the Advisory result:**</p><ol><li>Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.</li> <li>If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).</li></ol><p>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p> |
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
@ -82,27 +82,11 @@ Windows Autopatch will either:
 Since quality updates are bundled together into a single release in the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview), we can't roll back only a portion of the update for Microsoft 365 Apps for enterprise.  
-## Conflicting and unsupported policies
+## Compatibility with Servicing Profiles
-Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
+[Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
-### Update policies
+A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management.
 Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management.
 | Update setting | Value | Usage reason |
 | ----- | ----- | ----- |
 | Set updates to occur automatically | Enabled | Enable automatic updates |
 | Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch |
 | Update branch | Monthly Enterprise | Supported branch for Windows Autopatch |
 | Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs |
 | Set a deadline by when updates must be applied | 3 | Update deadline |
 | Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated |
 | Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates |
 ## Microsoft 365 Apps servicing profiles
 A service profile takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management.
 However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [update type](windows-autopatch-update-management.md#update-types), see the Device eligibility section of each respective update type.
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
@ -0,0 +1,57 @@
 ---
 title: Unenroll your tenant
 description:  This article explains what unenrollment means for your organization and what actions you must take. 
 ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: how-to
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 msreviewer: hathind
 ---
 # Unenroll your tenant
 If you're looking to unenroll your tenant from Windows Autopatch, this article details what unenrollment means for your organization and what actions you must take.
 > [!IMPORTANT]
 > You must be a Global Administrator to unenroll your tenant.
 Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will:  
 - Remove Windows Autopatch access to your tenant.
 - Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in Deregister a device.
 - Delete all data that we've stored in the Windows Autopatch data storage.
 > [!NOTE]
 > We will **not** delete any of your customer or Intune data.
 ## Microsoft's responsibilities during unenrollment
 | Responsibility | Description |
 | ----- | ----- |
 | Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../references/windows-autopatch-privacy.md). |
 | Windows Autopatch cloud service accounts | Windows Autopatch will remove the cloud service accounts created during the enrollment process. The accounts are:<ul><li>MsAdmin</li><li>MsAdminInt</li><li>MsTest</li></ul> |
 | Conditional access policy | Windows Autopatch will remove the Modern Workplace – Secure Workstation conditional access policy. |
 | Microsoft Endpoint Manager roles | Windows Autopatch will remove the Modern Workplace Intune Admin role. |
 ## Your responsibilities after unenrolling your tenant
 | Responsibility | Description |
 | ----- | ----- |
 | Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices.  You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. |
 | Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. |
 ## Unenroll from Windows Autopatch
 **To unenroll from Windows Autopatch:**
 1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service.
 1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service.  
    1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team.
    2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner.
 1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment).
 1. The Windows Autopatch Service Engineering Team will inform you when unenrollment is complete.
 1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant).
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
@ -20,7 +20,8 @@ Keeping your devices up to date is a balance of speed and stability. Windows Aut
 | Update type | Description |
 | ----- | ----- |
-| Window quality update | Windows Autopatch uses four update rings to manage Windows quality updates. For more detailed information, see [Windows quality updates](../operate/windows-autopatch-wqu-overview.md). |
+| Windows quality update | Windows Autopatch uses four update rings to manage Windows quality updates. For more detailed information, see [Windows quality updates](../operate/windows-autopatch-wqu-overview.md). |
 | Windows feature update | Windows Autopatch uses four update rings to manage Windows feature updates. For more detailed information, see [Windows feature updates](windows-autopatch-fu-overview.md).
 | Anti-virus definition | Updated with each scan. |
 | Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). |
 | Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). |
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
@ -1,5 +1,5 @@
 ---
-title: End user experience
+title: Windows quality update end user experience
 description:  This article explains the Windows quality update end user experience
 ms.date: 05/30/2022
 ms.prod: w11
@ -12,7 +12,7 @@ manager: dougeby
 msreviewer: hathind
 ---
-# End user experience
+# Windows quality update end user experience
 Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing reboots during business hours.
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
@ -72,8 +72,11 @@ If Windows Autopatch detects a [significant issue with a release](../operate/win
 If we pause the release, a policy will be deployed which prevents devices from updating while the issue is investigated. Once the issue is resolved, the release will be resumed.
-> [!NOTE]
+You can pause or resume a Windows quality update from the Release management tab in Microsoft Endpoint Manager.
-> Windows Autopatch doesn't allow you to request that a release be paused or resumed during public preview.
+
 ## Rollback
 Windows Autopatch will rollback updates if we detect a [significant issue with a release](../operate/windows-autopatch-wqu-signals.md).
 ## Incidents and outages
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
@ -1,7 +1,7 @@
 ---
-title: Conflicting and unsupported policies
+title: Windows update policies
-description:  This article explains the conflicting and unsupported policies in Windows quality updates
+description:  This article explains Windows update policies in Windows Autopatch
-ms.date: 05/30/2022
+ms.date: 07/07/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
@ -12,11 +12,94 @@ manager: dougeby
 msreviewer: hathind
 ---
-# Conflicting and unsupported policies
+# Windows update policies
 ## Update rings for Windows 10 and later
 The following policies contain settings which apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention:
 **Modern Workplace Update Policy [ring name] – [Windows Autopatch]**
 ### Windows 10 and later update settings
 | Setting name | Test | First | Fast | Broad |
 | ----- | ----- | ----- | ----- | ----- |
 | Microsoft product updates | Allow | Allow | Allow | Allow |
 | Windows drivers | Allow | Allow | Allow | Allow |
 | Quality update deferral period | 0 | 1 | 6 | 9 |
 | Feature update deferral period | 0 | 0 | 0 | 0 |
 | Upgrade Windows 10 to latest Windows 11 release | No | No | No | No |
 | Set feature update uninstall period | 30 days | 30 days | 30 days | 30 days |
 | Servicing channel | General availability |  General availability |  General availability |  General availability |
 ### Windows 10 and later user experience settings
 | Setting name | Test | First | Fast | Broad |
 | ----- | ----- | ----- | ----- | ----- |
 | Automatic update behaviour | Reset to default | Reset to default | Reset to default | Reset to default |
 | Restart checks | Allow | Allow | Allow | Allow |
 | Option to pause updates | Disable | Disable | Disable | Disable |
 | Option to check for Windows updates | Default |  Default | Default | Default |
 | Change notification update level | Default | Default |  Default | Default |
 | Deadline for feature updates | 5 | 5 | 5 | 5 |
 | Deadline for quality updates | 0 | 2 | 2 | 5 |
 | Grace period | 0 | 2 | 2 | 2 |
 | Auto-restart before deadline | Yes | Yes | Yes | Yes |
 ### Windows 10 and later assignments
 | Setting name | Test | First | Fast | Broad |
 | ----- | ----- | ----- | ----- | ----- |
 | Included groups | Modern Workplace Devices–Windows Autopatch-Test | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad |
 | Excluded groups | None | None | None | None |
 ## Feature update policies
 The service deploys policies using Microsoft Intune to control how feature updates are deployed to devices.  
 ### Feature updates for Windows 10 and later
 These policies control the minimum target version of Windows which a device is meant to accept. Throughout the rest of the article, you will see these policies referred to as DSS policies. After onboarding there will be four of these policies in your tenant with the following naming convention:
 **Modern Workplace DSS Policy [ring name]**
 #### Feature update deployment settings
 | Setting name | Test | First | Fast | Broad |
 | ----- | ----- | ----- | ----- | ----- |
 | Name | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows |
 | Rollout options | Immediate start | Immediate start | Immediate start | Immediate start |
 #### Feature update policy assignments
 | Setting name | Test | First | Fast | Broad |
 | ----- | ----- | ----- | ----- | ----- |
 | Included groups | Modern Workplace Devices–Windows Autopatch-Test  | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad |
 | Excluded groups | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices |
 #### Windows 11 testing
 To allow customers to test Windows 11 in their environment, there's a separate DSS policy which enables you to test Windows 11 before broadly adopting within your environment.
 ##### Windows 11 deployment setting
 | Setting name | Test |
 | ----- | ----- |
 | Name | Windows 11 |
 | Rollout options | Immediate start |
 ##### Windows 11 assignments
 | Setting name | Test |
 | ----- | ----- |
 | Included groups | Modern Workplace – Windows 11 Pre-Release Test Devices |
 | Excluded groups | None |
 ## Conflicting and unsupported policies
 Deploying any of the following policies to a Windows Autopatch device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
-## Update policies
+### Update policies
 Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices will be excluded from management.
@ -26,7 +109,7 @@ Window Autopatch deploys mobile device management (MDM) policies to configure de
 | [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | Update/ActiveHoursEnd | This policy controls the end of the protected window where devices won't reboot.<p><p>Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
 | [Active hours max range](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange) | Update/ActiveHoursMaxRange | Allows the IT admin to specify the max active hours range.<p><p>This value sets the maximum number of active hours from the start time. Supported values are from eight through to 18. |
-## Group policy
+### Group policy
 Group policy takes precedence over mobile device management (MDM) policies. For Windows quality updates, if any group policies are detected which modify the following hive in the registry, the device will be ineligible for management:
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@ -4,7 +4,7 @@ metadata:
  description: Answers to frequently asked questions about Windows Autopatch.
  ms.prod: w11
  ms.topic: faq
-  ms.date: 06/02/2022
+  ms.date: 07/06/2022
  audience: itpro
  ms.localizationpriority: medium
  manager: dougeby
@ -43,7 +43,7 @@ sections:
          - [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
          - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
          Additional pre-requisites for devices managed by Configuration Manager: 
-          - [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements)
+          - [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements)
          - [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions)
          - [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.)
      - question: What are the licensing requirements for Windows Autopatch?
@ -59,6 +59,15 @@ sections:
      - question: Can Autopatch customers individually approve or deny devices?
        answer: |
          No you can't individually approve or deny devices. Once a device is registered with Windows Autopatch, updates are rolled out to the devices according to its ring assignment. Individual device level control isn't supported.
      - question: Does Autopatch on Windows 365 Cloud PCs have any feature difference from a physical device?
        answer: |
          No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
      - question: Do my Cloud PCs appear any differently in the Windows Autopatch admin center?
        answer: |
          Cloud PC displays the model as the license type you have provisioned. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
      - question: Can I run Autopatch on my Windows 365 Business Workloads?
        answer: |
          No. Autopatch is only available on enterprise workloads. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
  - name: Update Management
    questions: 
      - question: What systems does Windows Autopatch update?
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
@ -1,7 +1,7 @@
 ---
-title: What is Windows Autopatch? (preview)
+title: What is Windows Autopatch?
 description:  Details what the service is and shortcuts to articles
-ms.date: 05/30/2022
+ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
@ -12,10 +12,7 @@ manager: dougeby
 msreviewer: hathind
 ---
-# What is Windows Autopatch? (preview)
+# What is Windows Autopatch?
 > [!IMPORTANT]
 > **Windows Autopatch is in public preview**. It's actively being developed and may not be complete. You can test and use these features in production environments and [provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch).
 Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
@ -39,6 +36,7 @@ The goal of Windows Autopatch is to deliver software updates to registered devic
 | Management area | Service level objective |
 | ----- | ----- |
 | [Windows quality updates](../operate/windows-autopatch-wqu-overview.md) | Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release. |
 | [Windows feature updates](../operate/windows-autopatch-fu-overview.md) | Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows so that they can continue receiving Windows feature updates. |
 | [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC). |
 | [Microsoft Edge](../operate/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. |
 | [Microsoft Teams](../operate/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. |
@ -59,33 +57,13 @@ Microsoft remains committed to the security of your data and the [accessibility]
 ## Need more details?
-### Prepare
+| Area | Description |
 | ----- | ----- |
 | Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:<ul><li>[Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li><li>[Configure your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)</li><li>[Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li></ul> |
 | Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li></ul> |
 | Operate | This section includes the following information about your day-to-day life with the service:<ul><li>[Update management](../operate/windows-autopatch-update-management.md)</li><li>[Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)</li><li>[Submit a support request](../operate/windows-autopatch-support-request.md)</li><li>[Deregister a device](../operate/windows-autopatch-deregister-devices.md)</li></ul>
 | References | This section includes the following articles:<ul><li>[Windows update policies](../operate/windows-autopatch-wqu-unsupported-policies.md)</li><li>[Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)</li><li>[Privacy](../references/windows-autopatch-privacy.md)</li><li>[Windows Autopatch Preview Addendum](../references/windows-autopatch-preview-addendum.md)</li></ul> |
-The following articles describe the mandatory steps to prepare for enrollment, including:
+### Have feedback or would like to start a discussion?
- [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
+You can [provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch).
 - [Configure your network](../prepare/windows-autopatch-configure-network.md)
 - [Enroll your tenant with Windows Autopatch](../prepare/windows-autopatch-enroll-tenant.md)
 - [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)
 ### Deploy
 Once you're ready to enroll, this section includes the following articles:
 - [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)
 - [Register your devices](../deploy/windows-autopatch-register-devices.md)
 ### Operate
 This section includes the following information about your day-to-day life with the service:
 - [Update management](../operate/windows-autopatch-update-management.md)
 - [Submit a support request](../operate/windows-autopatch-support-request.md)
 - [Deregister a device](../operate/windows-autopatch-deregister-devices.md)
 ### References
 This section includes the following articles:
 - [Privacy](../references/windows-autopatch-privacy.md)
 - [Windows Autopatch Preview Addendum](../references/windows-autopatch-preview-addendum.md)
--- a/windows/deployment/windows-autopatch/prepare/index.md
+++ b/windows/deployment/windows-autopatch/prepare/index.md
@ -19,4 +19,4 @@ The following articles describe the steps you must take to onboard with Windows
 1. [Review the prerequisites](windows-autopatch-prerequisites.md)
 1. [Configure your network](windows-autopatch-configure-network.md)
 1. [Enroll your tenant](windows-autopatch-enroll-tenant.md)
-1. [Fix issues found in the Readiness assessment tool](windows-autopatch-fix-issues.md)
+    1. [Fix issues found in the Readiness assessment tool](windows-autopatch-fix-issues.md)
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
@ -32,7 +32,7 @@ The Windows Autopatch URL is used for anything our service runs on the customer
 | Microsoft service | URLs required on allowlist |
 | ----- | ----- |
-| Windows Autopatch | <ul><li>mmdcustomer.microsoft.com</li><li>mmdls.microsoft.com</li></ul>|
+| Windows Autopatch | <ul><li>mmdcustomer.microsoft.com</li><li>mmdls.microsoft.com</li><li>logcollection.mmd.microsoft.com</li><li>support.mmd.microsoft.com</li></ul>|
 ### Required Microsoft product endpoints
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
@ -1,7 +1,7 @@
 ---
 title: Enroll your tenant
 description:  This article details how to enroll your tenant
-ms.date: 05/30/2022
+ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: how-to
@ -16,7 +16,10 @@ msreviewer: hathind
 Before you enroll in Windows Autopatch, there are settings and other parameters you must set ahead of time.
-The Readiness assessment tool, accessed through the [Windows Autopatch admin center](https://endpoint.microsoft.com/), checks management or configuration -related settings. This tool allows you to check the relevant settings and detailed steps to fix any settings that aren't configured properly for Windows Autopatch.  
+> [!IMPORTANT]
 > You must be a Global Administrator to enroll your tenant.
 The Readiness assessment tool, accessed through the [Windows Autopatch admin center](https://endpoint.microsoft.com/), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.  
 ## Step 1: Review all prerequisites
@ -27,18 +30,18 @@ To start using the Windows Autopatch service, ensure you meet the [Windows Autop
 > [!IMPORTANT]
 > The online Readiness assessment tool helps you check your readiness to enroll in Windows Autopatch for the first time. Once you enroll, you'll no longer be able to access the  tool again.
-The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager](#microsoft-intune-settings) (specifically, Microsoft Intune) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Co-management requirements](../prepare/windows-autopatch-prerequisites.md#co-management-requirements).
+The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager](#microsoft-intune-settings) (specifically, Microsoft Intune) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
 **To access and run the Readiness assessment tool:**
 > [!IMPORTANT]
-> You must be a Global Administrator to enroll your tenant.
+> You must be a Global Administrator to run the Readiness assessment tool.
 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
 2. In the left pane, select Tenant administration and then navigate to Windows Autopatch > **Tenant enrollment**.
 > [!IMPORTANT]
-> If you don't see the Tenant enrollment blade, this is because you don't meet the prerequisites or the proper licenses. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md).
+> If you don't see the Tenant enrollment blade, this is because you don't meet the prerequisites or the proper licenses. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md#more-about-licenses).
 A Global Administrator should be used to run this tool. Other roles, such as the Global Reader and Intune Administrator have insufficient permissions to complete the checks on Conditional Access Policies and Multi-factor Authentication. For more information about the extra permissions, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies).
@ -50,8 +53,8 @@ The following are the Microsoft Intune settings:
 | Check | Description |
 | ----- | ----- |
-| Update rings for Windows 10 or later | Verifies that Intune's Update rings for Windows 10 or later policy doesn't target all users or all devices. The policy shouldn't target any Windows Autopatch devices. |
+| Update rings for Windows 10 or later | Verifies that Intune's Update rings for Windows 10 or later policy doesn't target all users or all devices. Policies of this type shouldn't target any Windows Autopatch devices. For more information, see [Configure update rings for Windows 10 and later in Intune](/mem/intune/protect/windows-10-update-rings). |
-| Unlicensed admin | Verifies that this setting is enabled to avoid a "lack of permissions" error when we interact with your Azure Active Directory (AD) organization. |
+| Unlicensed admin | Verifies that this setting is enabled to avoid a "lack of permissions" error when we interact with your Azure Active Directory (AD) organization. For more information, see [Unlicensed admins in Microsoft Intune](/mem/intune/fundamentals/unlicensed-admins). |
 ### Azure Active Directory settings
@ -59,38 +62,27 @@ The following are the Azure Active Directory settings:
 | Check | Description |
 | ----- | ----- |
-| Conditional access | Verifies that conditional access policies and multi-factor authentication aren't assigned to all users.<p><p>Conditional access policies shouldn't be assigned to Windows Autopatch service accounts. For more information on steps to take, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies). |
+| Conditional access | Verifies that conditional access policies and multi-factor authentication aren't assigned to all users.<p><p>Your conditional access policies must not prevent our service accounts from accessing the service and must not require multi-factor authentication. For more information, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies). |
-| Windows Autopatch service accounts | Checks that no usernames conflict with ones that Windows Autopatch reserves for its own use. |
+| Windows Autopatch cloud service accounts | Checks that no usernames conflict with ones that Windows Autopatch reserves for its own use. The cloud service accounts are:<ul><li>MsAdmin</li><li>MsAdminInt</li><li>MsTest</li></ul> For more information, see [Tenant access](../references/windows-autopatch-privacy.md#tenant-access). |
 | Security defaults | Checks whether your Azure Active Directory organization has security defaults enabled. |
 | Licenses | Checks that you've obtained the necessary [licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). |
 ### Check results
 For each check, the tool will report one of four possible results:  
 | Result | Meaning |
 | ----- | ----- |
 | Ready | No action is required before completing enrollment. |
 | Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
-| Not ready | Enrollment will fail if you don't fix these issues. Follow the steps in the tool or this article to resolve them. |
+| Not ready | You must fix these issues before enrollment. You won’t be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
 | Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permissions to run this check. |
-### Seeing issues with your tenant?
+## Step 3: Fix issues with your tenant
 If the Readiness assessment tool is displaying issues with your tenant, see [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) for more information on how to remediate.  
-### Delete data collected from the Readiness assessment tool
+## Step 4: Enroll your tenant
 Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a de-identified form. You can choose to delete the data we collect directly within the Readiness assessment tool.
 > [!NOTE]
 > Windows Autopatch will only delete the results we collect within the Readiness assessment tool; Autopatch won't delete any other tenant-level data.
 **To delete the data we collect:**
 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
 2. Navigate to Windows Autopatch > **Tenant enrollment**.
 3. Select **Delete all data**.
 ## Step 3: Enroll your tenant
 > [!IMPORTANT]
 > You must be a Global Administrator to enroll your tenant.
@ -105,4 +97,24 @@ Within the Readiness assessment tool, you'll now see the **Enroll** button. By s
 - Provide Windows Autopatch with IT admin contacts.
 - Setup of the Windows Autopatch service on your tenant. This step is where we'll create the policies, groups and accounts necessary to run the service.
-Once these actions are complete, you've now successfully enrolled your tenant. Ensure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md) before you [register your devices](../deploy/windows-autopatch-register-devices.md).
+Once these actions are complete, you've now successfully enrolled your tenant.
 ### Delete data collected from the Readiness assessment tool
 You can choose to delete the data we collect directly within the Readiness assessment tool.
 Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a de-identified form.
 > [!NOTE]
 > Windows Autopatch will only delete the results we collect within the Readiness assessment tool; Autopatch won't delete any other tenant-level data.
 **To delete the data we collect:**
 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
 2. Navigate to Windows Autopatch > **Tenant enrollment**.
 3. Select **Delete all data**.
 ## Next steps
 1. Maintain your [Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md).
 1. Ensure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md) before you [register your devices](../deploy/windows-autopatch-register-devices.md).
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
@ -14,13 +14,17 @@ msreviewer: hathind
 # Fix issues found by the Readiness assessment tool
 Seeing issues with your tenant? This article details how to remediate issues found with your tenant.
 ## Check results
 For each check, the tool will report one of four possible results:
 | Result | Meaning |
 | ----- | ----- |
 | Ready | No action is required before completing enrollment. |
 | Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
-| Not ready | Enrollment will fail if you don't fix these issues. Follow the steps in the tool or this article to resolve them. |
+| Not ready | You must fix these issues before enrollment. You won’t be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
 | Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permissions to run this check. |
 > [!NOTE]
@ -44,8 +48,8 @@ Your "Windows 10 update ring" policy in Intune must not target any Windows Autop
 | Result | Meaning |
 | ----- | ----- |
-| Not ready | You have an "update ring" policy that targets all devices, all users, or both. Change the policy to use an assignment that targets a specific Azure Active Directory (AD) group that doesn't include any Windows Autopatch devices.<p><p>After enrolling into Autopatch, make sure that any update ring policies you have exclude the **Modern Workplace Devices - All** Azure Active Directory (AD) group.</p><p>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p>|
+| Not ready | You have an "update ring" policy that targets all devices, all users, or both.<p>To resolve, change the policy to use an assignment that targets a specific Azure Active Directory (AD) group that doesn't include any Windows Autopatch devices.</p><p>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p> |
-| Advisory | Both the **Modern Workplace Devices - All** and **Modern Workplace - All** Azure AD groups are groups that we create after you enroll in Windows Autopatch. This advisory is flagging an action you should take after enrolling into the service:<ol><li>Make sure that any update ring policies you have exclude the **Modern Workplace Devices - All** Azure Active Directory (AD) group.</li><li>If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also exclude the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).</li></ol><br>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure). |
+| Advisory | Both the **Modern Workplace Devices - All** and **Modern Workplace - All** Azure AD groups are groups that we create after you enroll in Windows Autopatch.<p>You can continue with enrollment. However, you must resolve the advisory prior to deploying your first device. To resolve the advisory, see [Maintain the Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md).</p>|
 ## Azure Active Directory settings
@ -68,13 +72,13 @@ Windows Autopatch requires the following licenses:
 | ----- | ----- |
 | Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium, and Microsoft Intune are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). |
-### Windows Autopatch service accounts
+### Windows Autopatch cloud service accounts
 Certain account names could conflict with account names created  by Windows Autopatch.
 | Result | Meaning |
 | ----- | ----- |
-| Not ready | You have at least one account name that will conflict with account names created by Windows Autopatch. Work with your Microsoft account representative to exclude these account names. We don't list the account names publicly to minimize security risk. |
+| Not ready | You have at least one account name that will conflict with account names created by Windows Autopatch. The cloud service accounts are:<ul><li>MsAdmin</li><li>MsAdminInt</li><li>MsTest</li></ul><p>You must either rename or remove conflicting accounts to move forward with enrolling to the Windows Autopatch service as we'll create these accounts as part of running our service. For more information, see [Tenant Access](../references/windows-autopatch-privacy.md#tenant-access).</p> |
 ### Security defaults
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@ -1,7 +1,7 @@
 ---
 title: Prerequisites
 description:  This article details the prerequisites needed for Windows Autopatch
-ms.date: 05/30/2022
+ms.date: 06/30/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
@ -21,7 +21,9 @@ Getting started with Windows Autopatch has been designed to be easy. This articl
 | Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).<p><p>For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).<p><p>For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). |
 | Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.<p><p>For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). |
 | Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.<br><ul><li>For more information, see [Azure Active Directory Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Hybrid Azure Active Directory join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)</li><li>For more information on supported Azure Active Directory Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).</li></ul> |
-| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p><p>At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.<p>Other device management prerequisites include:<ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices managed only by Microsoft Endpoint Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the last 28 days. Otherwise, the devices won't be registered with Autopatch.</li><li>Devices must be connected to the internet.</li></ul><p>For more information on co-management, see [Co-management for Windows devices](/mem/configmgr/comanage/overview). |
+| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p><p>At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.<p>Other device management prerequisites include:<ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices must be managed by either Intune or Configuration Manager Co-management. Devices only managed by Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.</li><li>Devices must be connected to the internet.</li><li>Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate these fail to meet **Intune or Clout-attached** pre-requisite check.</li></ul><p>See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device pre-requisites and on how the device registration process works.
 For more information on co-management, see [Co-management for Windows devices](/mem/configmgr/comanage/overview). |
 | Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../references/windows-autopatch-privacy.md). |
 ## More about licenses
@ -42,7 +44,7 @@ The following Windows 64-bit editions are required for Windows Autopatch:
 - Windows 10/11 Enterprise
 - Windows 10/11 Pro for Workstations
-## Co-management requirements
+## Configuration Manager Co-management requirements
 Windows Autopatch fully supports co-management. The following co-management requirements apply:
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
@ -0,0 +1,33 @@
 ---
 title: Microsoft 365 Apps for enterprise update policies
 description:  This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
 ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 msreviewer: hathind
 ---
 # Microsoft 365 Apps for enterprise update policies
 ## Conflicting and unsupported policies
 Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
 ### Update policies
 Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management.
 | Update setting | Value | Usage reason |
 | ----- | ----- | ----- |
 | Set updates to occur automatically | Enabled | Enable automatic updates |
 | Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch |
 | Update branch | Monthly Enterprise | Supported branch for Windows Autopatch |
 | Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs |
 | Set a deadline by when updates must be applied | 3 | Update deadline |
 | Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated |
 | Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates |
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
@ -28,7 +28,7 @@ The sources include Azure Active Directory (AD), Microsoft Intune, and Microsoft
 | [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) | Uses Windows 10 Enterprise diagnostic data to provide additional information on Windows 10/11 update. |
 | [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) | Device management and to keep your data secure. The following data sources fall under Microsoft Endpoint Manager:<br><ul><li>[Microsoft Azure Active Directory](/azure/active-directory/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul>
 | [Windows Autopatch](https://endpoint.microsoft.com/#home) | Data provided by the customer or generated by the service during running of the service. |
-| [Microsoft 365 Apps for enterprise](/microsoft-365/enterprise/compare-office-365-plans?rtc=1)| Management of Microsoft 365 Apps. |
+| [Microsoft 365 Apps for enterprise](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)| Management of Microsoft 365 Apps. |
 ## Windows Autopatch data process and storage
@ -58,11 +58,21 @@ Windows Autopatch only processes and stores system-level data from Windows 10 op
 For more information about the diagnostic data collection of Microsoft Windows 10, see the [Where we store and process personal data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement.
 ## Tenant access
 Windows Autopatch creates and uses guest accounts leveraging just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts.
 | Account name | Usage | Mitigating controls |
 | ----- | ----- | -----|
 | MsAdmin@tenantDomain.onmicrosoft.com | <ul><li>This is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.</li><li>This account doesn't have interactive login permissions. The account performs operations only through the service.</li></ul> | Audited sign-ins |
 | MsAdminInt@tenantDomain.onmicrosoft.com |<ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.</li><li>This account is used for interactive login to the customer’s tenant.</li><li>The use of this account is extremely limited as most operations are exclusively through MsAdmin (non-interactive) account.</li></ul> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy</li><li>Audited sign-ins</li</ul> |
 | MsTest@tenantDomain.onmicrosoft.com | This is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
 ## Microsoft Windows Update for Business
 Microsoft Windows Update for Business uses data from Windows diagnostics to analyze update status and failures. Windows Autopatch uses this data and uses it to mitigate, and resolve problems to ensure that all registered devices are up to date based on a predefined update cadence.
-## Microsft Azure Active Directory
+## Microsoft Azure Active Directory
 Identifying data used by Windows Autopatch is stored by Azure Active Directory (Azure AD) in a geographical location. The geographical location is based on the location provided by the organization upon subscribing to Microsoft online services, such as Microsoft Apps for Enterprise and Azure. For more information on where your Azure AD data is located, see [Azure Active Directory - Where is your data located?](https://msit.powerbi.com/view?r=eyJrIjoiODdjOWViZDctMWRhZS00ODUzLWI4MmQtNWM5NjBkZTBkNjFlIiwidCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImMiOjV9)
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@ -613,7 +613,7 @@ To use the device (or VM) for other purposes after completion of this lab, you n
 ### Delete (deregister) Autopilot device
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the Microsoft Endpoint Manager admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1.](images/delete-device1.png)
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@ -1309,9 +1309,9 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise System Center Configuration Manager (SCCM) environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier.
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier.
 ### Census.Firmware
@ -3135,7 +3135,7 @@ The following fields are available:
 - **RemediationNoisyHammerUserLoggedInAdmin**  TRUE if there is the user currently logged in is an Admin.
 - **RemediationShellDeviceManaged**  TRUE if the device is WSUS managed or Windows Updated disabled.
 - **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
- **RemediationShellDeviceSccm**  TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm**  TRUE if the device is managed by Configuration Manager.
 - **RemediationShellDeviceZeroExhaust**  TRUE if the device has opted out of Windows Updates completely.
 - **RemediationTargetMachine**  Indicates whether the device is a target of the specified fix.
 - **RemediationTaskHealthAutochkProxy**  True/False based on the health of the AutochkProxy task.
@ -4407,7 +4407,7 @@ The following fields are available:
 - **DeviceIsMdmManaged**  This device is MDM managed.
 - **IsNetworkAvailable**  If the device network is not available.
 - **IsNetworkMetered**  If network is metered.
- **IsSccmManaged**  This device is SCCM managed.
+- **IsSccmManaged**  This device is managed by Configuration Manager .
 - **NewlyInstalledOs**  OS is newly installed quiet period.
 - **PausedByPolicy**  Updates are paused by policy.
 - **RecoveredFromRS3**  Previously recovered from RS3.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@ -1377,9 +1377,9 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
 ### Census.Firmware
@ -3143,7 +3143,7 @@ The following fields are available:
 - **RemediationNoisyHammerUserLoggedInAdmin**  TRUE if there is the user currently logged in is an Admin.
 - **RemediationShellDeviceManaged**  TRUE if the device is WSUS managed or Windows Updated disabled.
 - **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
- **RemediationShellDeviceSccm**  TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm**  TRUE if the device is managed by Configuration Manager.
 - **RemediationShellDeviceZeroExhaust**  TRUE if the device has opted out of Windows Updates completely.
 - **RemediationTargetMachine**  Indicates whether the device is a target of the specified fix.
 - **RemediationTaskHealthAutochkProxy**  True/False based on the health of the AutochkProxy task.
@ -4252,7 +4252,7 @@ The following fields are available:
 - **DeviceIsMdmManaged**  This device is MDM managed.
 - **IsNetworkAvailable**  If the device network is not available.
 - **IsNetworkMetered**  If network is metered.
- **IsSccmManaged**  This device is SCCM managed.
+- **IsSccmManaged**  This device is managed by Configuration Manager.
 - **NewlyInstalledOs**  OS is newly installed quiet period.
 - **PausedByPolicy**  Updates are paused by policy.
 - **RecoveredFromRS3**  Previously recovered from RS3.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@ -1434,9 +1434,9 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
 ### Census.Firmware
@ -4545,7 +4545,7 @@ The following fields are available:
 - **RemediationNoisyHammerUserLoggedInAdmin**  TRUE if there is the user currently logged in is an Admin.
 - **RemediationShellDeviceManaged**  TRUE if the device is WSUS managed or Windows Updated disabled.
 - **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
- **RemediationShellDeviceSccm**  TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm**  TRUE if the device is managed by Configuration Manager.
 - **RemediationShellDeviceZeroExhaust**  TRUE if the device has opted out of Windows Updates completely.
 - **RemediationTargetMachine**  Indicates whether the device is a target of the specified fix.
 - **RemediationTaskHealthAutochkProxy**  True/False based on the health of the AutochkProxy task.
@ -5487,7 +5487,7 @@ The following fields are available:
 - **DeviceIsMdmManaged**  This device is MDM managed.
 - **IsNetworkAvailable**  If the device network is not available.
 - **IsNetworkMetered**  If network is metered.
- **IsSccmManaged**  This device is SCCM managed.
+- **IsSccmManaged**  This device is managed by Configuration Manager.
 - **NewlyInstalledOs**  OS is newly installed quiet period.
 - **PausedByPolicy**  Updates are paused by policy.
 - **RecoveredFromRS3**  Previously recovered from RS3.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@ -2166,9 +2166,9 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
 ### Census.Firmware
@ -3357,7 +3357,7 @@ The following fields are available:
 - **IsDeviceNetworkMetered**  Indicates whether the device is connected to a metered network.
 - **IsDeviceOobeBlocked**  Indicates whether user approval is required to install updates on the device.
 - **IsDeviceRequireUpdateApproval**  Indicates whether user approval is required to install updates on the device.
- **IsDeviceSccmManaged**  Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date.
+- **IsDeviceSccmManaged**  Indicates whether the device is running the Configuration Manager to keep the operating system and applications up to date.
 - **IsDeviceUninstallActive**  Indicates whether the OS (operating system) on the device was recently updated.
 - **IsDeviceUpdateNotificationLevel**  Indicates whether the device has a set policy to control update notifications.
 - **IsDeviceUpdateServiceManaged**  Indicates whether the device uses WSUS (Windows Server Update Services).
@ -6053,7 +6053,7 @@ The following fields are available:
 - **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
 - **RemediationShellDeviceProSku**  Indicates whether a Windows 10 Professional edition is detected.
 - **RemediationShellDeviceQualityUpdatesPaused**  Indicates whether Quality Updates are paused on the device.
- **RemediationShellDeviceSccm**  TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm**  TRUE if the device is managed by Configuration Manager.
 - **RemediationShellDeviceSedimentMutexInUse**  Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use.
 - **RemediationShellDeviceSetupMutexInUse**  Indicates whether device setup is in progress.
 - **RemediationShellDeviceWuRegistryBlocked**  Indicates whether the Windows Update is blocked on the device via the registry.
@ -6815,7 +6815,7 @@ The following fields are available:
 - **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
 - **IsWUfBDualScanEnabled**  Indicates whether Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
 - **MsiAction**  The stage of MSI installation where it failed.
 - **MsiProductCode**  The unique identifier of the MSI installer.
@ -6870,9 +6870,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -6931,8 +6931,8 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -9565,7 +9565,7 @@ The following fields are available:
 - **UnifiedInstallerDeviceAADJoinedHresult**  The result code after checking if device is Azure Active Directoryjoined.
 - **UnifiedInstallerDeviceInDssPolicy**  Boolean indicating whether the device is found to be in a DSS policy.
 - **UnifiedInstallerDeviceInDssPolicyHresult**  The result code for checking whether the device is found to be in a DSS policy.
- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is AADJ.
+- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is Azure Active Directory-joined.
 - **UnifiedInstallerDeviceIsAdJoined**  Boolean indicating whether a device is AD joined.
 - **UnifiedInstallerDeviceIsAdJoinedHresult**  The result code for checking whether a device is AD joined.
 - **UnifiedInstallerDeviceIsEducationSku**  Boolean indicating whether a device is Education SKU.
@ -9577,8 +9577,8 @@ The following fields are available:
 - **UnifiedInstallerDeviceIsMdmManagedHresult**  The result code from checking whether a device is MDM managed.
 - **UnifiedInstallerDeviceIsProSku**  Boolean indicating whether a device is Pro SKU.
 - **UnifiedInstallerDeviceIsProSkuHresult**  The result code from checking whether a device is Pro SKU.
- **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is SCCM managed.
+- **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is managed by Configuration Manager.
- **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is SCCM managed.
+- **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is managed by Configuration Manager.
 - **UnifiedInstallerDeviceWufbManaged**  Boolean indicating whether a device is Windows Update for Business managed.
 - **UnifiedInstallerDeviceWufbManagedHresult**  The result code from checking whether a device is Windows Update for Business managed.
 - **UnifiedInstallerPlatformResult**  The result code from checking what platform type the device is.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@ -2350,9 +2350,9 @@ The following fields are available:
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MDMServiceProvider**  A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
 ### Census.Firmware
@ -3618,7 +3618,7 @@ The following fields are available:
 - **IsDeviceNetworkMetered**  Indicates whether the device is connected to a metered network.
 - **IsDeviceOobeBlocked**  Indicates whether the OOBE (Out of Box Experience) is blocked on the device.
 - **IsDeviceRequireUpdateApproval**  Indicates whether user approval is required to install updates on the device.
- **IsDeviceSccmManaged**  Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date.
+- **IsDeviceSccmManaged**  Indicates whether the device is running the Configuration Manager to keep the operating system and applications up to date.
 - **IsDeviceUninstallActive**  Indicates whether the OS (operating system) on the device was recently updated.
 - **IsDeviceUpdateNotificationLevel**  Indicates whether the device has a set policy to control update notifications.
 - **IsDeviceUpdateServiceManaged**  Indicates whether the device uses WSUS (Windows Server Update Services).
@ -6237,7 +6237,7 @@ The following fields are available:
 - **UnifiedInstallerDeviceAADJoinedHresult**  The result code after checking if device is Azure Active Directory-joined.
 - **UnifiedInstallerDeviceInDssPolicy**  Boolean indicating whether the device is found to be in a DSS policy.
 - **UnifiedInstallerDeviceInDssPolicyHresult**  The result code for checking whether the device is found to be in a DSS policy.
- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is AADJ.
+- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is Azure Active Directory-joined.
 - **UnifiedInstallerDeviceIsAdJoined**  Boolean indicating whether a device is AD joined.
 - **UnifiedInstallerDeviceIsAdJoinedHresult**  The result code for checking whether a device is AD joined.
 - **UnifiedInstallerDeviceIsEducationSku**  Boolean indicating whether a device is Education SKU.
@ -6250,8 +6250,8 @@ The following fields are available:
 - **UnifiedInstallerDeviceIsMdmManagedHresult**  The result code from checking whether a device is MDM managed.
 - **UnifiedInstallerDeviceIsProSku**  Boolean indicating whether a device is Pro SKU.
 - **UnifiedInstallerDeviceIsProSkuHresult**  The result code from checking whether a device is Pro SKU.
- **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is SCCM managed.
+- **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is managed by Configuration Manager.
- **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is SCCM managed.
+- **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is managed by Configuration Manager.
 - **UnifiedInstallerDeviceWufbManaged**  Boolean indicating whether a device is Windows Update for Business managed.
 - **UnifiedInstallerDeviceWufbManagedHresult**  The result code from checking whether a device is Windows Update for Business managed.
 - **UnifiedInstallerPlatformResult**  The result code from checking what platform type the device is.
@ -6609,7 +6609,7 @@ The following fields are available:
 - **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
 - **IsWUfBFederatedScanDisabled**  Indicates if Windows Update for Business federated scan is disabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
 - **MSIError**  The last error that was encountered during a scan for updates.
 - **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
@ -6734,7 +6734,7 @@ The following fields are available:
 - **IsDependentSet**  Indicates whether a driver is a part of a larger System Hardware/Firmware Update
 - **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **NetworkCost**  A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
 - **NetworkCostBitMask**  Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
 - **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
@ -6868,7 +6868,7 @@ The following fields are available:
 - **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
 - **IsWUfBDualScanEnabled**  Indicates whether Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
 - **MsiAction**  The stage of MSI installation where it failed.
 - **MsiProductCode**  The unique identifier of the MSI installer.
@ -6923,9 +6923,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -6985,9 +6985,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@ -74,18 +74,59 @@ The following provides information on the current configurations:
 - [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data)
 - [Desktop Analytics](/mem/configmgr/desktop-analytics/overview)
-## New Windows diagnostic data processor configuration
+## Significant changes coming to the Windows diagnostic data processor configuration
-> [!IMPORTANT]
+Currently, to enroll devices in the [Window diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) option, IT admins can use policies, such as the “Allow commercial data pipeline” policy, at the individual device level.
 > There are some significant changes planned for the Windows diagnostic data processor configuration.  To learn more, [review this information](configure-windows-diagnostic-data-in-your-organization.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
-Enterprise customers have an option for controlling their Windows diagnostic data for their Azure Active Directory-joined devices. This configuration option is supported on the following versions of Windows:
+To enable efficiencies and help us implement our plan to [store and process EU Data for European enterprise customers in the EU](https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/), we'll be introducing the following significant change for enterprise Windows devices that have diagnostic data turned on.
- Windows 11 Enterprise, Professional, and Education
+***We’ll stop using policies, such as the “Allow commercial data pipeline” policy, to configure the processor option. Instead, we’ll be introducing an organization-wide configuration based on Azure Active Directory (Azure AD) to determine Microsoft’s role in data processing.***
 - Windows 10, Enterprise, Professional, and Education, version 1809 with at least the July 2021 update.
-Previously, enterprise customers had two options in managing their Windows diagnostic data: 1) allow Microsoft to be the [controller](/compliance/regulatory/gdpr#terminology) of that data and responsible for determining the purposes and means of the processing of Windows diagnostic data in order to improve the Windows operating system and deliver analytical services, or 2) turn off diagnostic data flows altogether.
+We’re making this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way, and in the same geographic region.
-Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
+### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA)
-This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe.
 From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows).
 ### Devices in Azure AD tenants with a billing address outside of the EU and EFTA
 For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data:
 - [Update Compliance](/windows/deployment/update/update-compliance-monitor)
 - [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)
 - [Microsoft Managed Desktop](/managed-desktop/intro/)
 - [Endpoint analytics (in Microsoft Endpoint Manager)](/mem/analytics/overview)
 *(Additional licensing requirements may apply to use these services.)*
 If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data.
 > [!NOTE]
 > In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
 ### Rollout plan for this change
 This change will roll out initially to Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program no earlier than July 2022. Once the rollout is initiated, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option.
 During this initial rollout, the following conditions apply to devices in the Dev Channel that are joined to an Azure AD tenant with a billing address outside of the EU or EFTA:
 - Devices can't be enabled for the Windows diagnostic data processor configuration at this time.
 - The processor configuration will be disabled in any devices that were previously enabled.
 - Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
 It's recommended Insiders on these devices pause flighting if these changes aren't acceptable.
 For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
 For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022.  
 To prepare for this change, ensure that you meet the [prerequisites](configure-windows-diagnostic-data-in-your-organization.md#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD (can be a hybrid Azure AD join), and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services.
 As part of this change, the following policies will no longer be supported to configure the processor option:
 - Allow commercial data pipeline
 - Allow Desktop Analytics Processing
 - Allow Update Compliance Processing
 - Allow WUfB Cloud Processing
 - Configure the Commercial ID
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@ -85,7 +85,7 @@ The following table lists the endpoints related to how you can manage the collec
 |Connected User Experiences and Telemetry | v10.events.data.microsoft.com <br></br> v10c.events.data.microsoft.com <br></br> v10.vortex-win.data.microsoft.com |
 | [Windows Error Reporting](/windows/win32/wer/windows-error-reporting) | watson.telemetry.microsoft.com <br></br> umwatsonc.events.data.microsoft.com <br></br> *-umwatsonc.events.data.microsoft.com <br></br> ceuswatcab01.blob.core.windows.net <br></br> ceuswatcab02.blob.core.windows.net <br></br> eaus2watcab01.blob.core.windows.net <br></br> eaus2watcab02.blob.core.windows.net <br></br> weus2watcab01.blob.core.windows.net <br></br> weus2watcab02.blob.core.windows.net |
 |Authentication | login.live.com <br></br> <br></br> IMPORTANT: This endpoint is used for device authentication. We do not recommend disabling this endpoint.|
-| [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.microsoft.com <br></br> kmwatsonc.telemetry.microsoft.com <br></br> *-kmwatsonc.telemetry.microsoft.com |
+| [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.telemetry.microsoft.com <br></br> oca.microsoft.com <br></br> kmwatsonc.events.data.microsoft.com <br></br> *-kmwatsonc.events.data.microsoft.com |
 |Settings | settings-win.data.microsoft.com <br></br> <br></br> IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data. |
 ### Data access
@ -256,7 +256,7 @@ Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm
 ## Enable Windows diagnostic data processor configuration
 > [!IMPORTANT]
-> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
 The Windows diagnostic data processor configuration enables you to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from your Windows devices that meet the configuration requirements.
@ -267,7 +267,7 @@ The Windows diagnostic data processor configuration enables you to be the contro
  - Enterprise
  - Professional
  - Education
- The device must be joined to Azure Active Directory.
+- The device must be joined to Azure Active Directory (can be a hybrid Azure AD join).
 For the best experience, use the most current build of any operating system specified above. Configuration functionality and availability may vary on older systems. See [Lifecycle Policy](/lifecycle/products/windows-10-enterprise-and-education)
@ -325,63 +325,6 @@ Windows Update for Business:
 - [How to enable deployment protections](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections)
 ### Significant changes coming to the Windows diagnostic data processor configuration
 Currently, to enroll devices in the Window diagnostic data processor configuration option, IT admins can use policies, such as the “Allow commercial data pipeline” policy, at the individual device level.
 To enable efficiencies and help us implement our plan to [store and process EU Data for European enterprise customers in the EU](https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/), we'll be introducing the following significant change for enterprise Windows devices that have diagnostic data turned on.
 ***We’ll stop using policies, such as the “Allow commercial data pipeline” policy, to configure the processor option. Instead, we’ll be introducing an organization-wide configuration based on Azure Active Directory (Azure AD) to determine Microsoft’s role in data processing.***
 We’re making this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way, and in the same geographic region.
 #### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA)
 For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe.
 From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows).
 #### Devices in Azure AD tenants with a billing address outside of the EU and EFTA
 For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data:
 - [Update Compliance](/windows/deployment/update/update-compliance-monitor)
 - [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)
 - [Microsoft Managed Desktop](/managed-desktop/intro/)
 - [Endpoint analytics (in Microsoft Endpoint Manager)](/mem/analytics/overview)
 *(Additional licensing requirements may apply to use these services.)*
 If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data.
 > [!NOTE]
 > In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
 #### Rollout plan for this change
 This change will roll out initially to Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program no earlier than July 2022. Once the rollout is initiated, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option.
 During this initial rollout, the following conditions apply to devices in the Dev Channel that are joined to an Azure AD tenant with a billing address outside of the EU or EFTA:
 - Devices can't be enabled for the Windows diagnostic data processor configuration at this time.
 - The processor configuration will be disabled in any devices that were previously enabled.
 - Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
 It's recommended Insiders on these devices pause flighting if these changes aren't acceptable.
 For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
 For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022.  
 To prepare for this change, ensure that you meet the [prerequisites](#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD, and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services.
 As part of this change, the following policies will no longer be supported to configure the processor option:
 - Allow commercial data pipeline
 - Allow Desktop Analytics Processing
 - Allow Update Compliance Processing
 - Allow WUfB Cloud Processing
 - Configure the Commercial ID
 ## Limit optional diagnostic data for Desktop Analytics
 For more information about how to limit the diagnostic data to the minimum required by Desktop Analytics, see [Enable data sharing for Desktop Analytics](/mem/configmgr/desktop-analytics/enable-data-sharing).
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
@ -114,7 +114,7 @@ Collects Office metadata through UTC to compare with equivalent data collected t
 Applicable to all Win32 applications. Helps us understand the status of the update process of the office suite (Success or failure with error details).
 - **build:** App version
- **channel:** Is this part of GA Channel or SAC-T?
+- **channel:** Is this part of GA Channel?
 - **errorCode:** What error occurred during the upgrade process?
 - **errorMessage:** what was the error message during the upgrade process?
 - **status:** Was the upgrade successful or not?
@ -205,7 +205,7 @@ This event is fired when the telemetry engine within an office application has p
 - **SessionID:** ID of the session
 ## Microsoft.Office.TelemetryEngine.ShutdownStart
-This event is fired when the telemetry engine within an office application been uninitialized, and the application is shutting down. Useful for understanding whether a particular crash is happening during an app-shutdown, and could potentially lead in data loss or not.
+This event is fired when the telemetry engine within an office application has been uninitialized, and the application is shutting down. Useful for understanding whether a particular crash is happening during an app-shutdown, and could potentially lead in data loss or not.
 - **appVersionBuild:** Third part of the version *.*.XXXXX.*
 - **appVersionMajor:** First part of the version X.*.*.*
--- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
@ -74,7 +74,7 @@ The following fields are available:
 - **PackageSpecifiers**  The map of Intelligent Delivery region specifiers present in the installing package.
 - **PlanId**  The ID of the streaming plan being used to install the content.
 - **ProductId**  The product ID of the application associated with this event.
- **RelatedCv**  The related correlation vector. This optional value contains the correlation vector for this install if the Cv value is representing an actiuon tracked by a correlation vector.
+- **RelatedCv**  The related correlation vector. This optional value contains the correlation vector for this install if the Cv value is representing an action tracked by a correlation vector.
 - **RequestSpecifiers**  The map of Intelligent Delivery region specifiers requested by the system/user/title as a part of the install activity.
 - **SourceHardwareID**  The hardware ID of the source device, if it is external storage. Empty if not an external storage device.
 - **SourcePath**  The source path we are installing from. May be a CDN (Content Delivery Network) or a local disk drive.
@ -483,7 +483,7 @@ The following fields are available:
 - **SdbBlockUpgradeUntilUpdate**  The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
 - **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
 - **SdbReinstallUpgradeWarn**  The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
- **SoftBlock**  The file is softblocked in the SDB and has a warning.
+- **SoftBlock**  The file is soft blocked in the SDB and has a warning.
 ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
@ -1770,7 +1770,7 @@ The following fields are available:
 - **RunAppraiser**  Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
 - **RunDate**  The date that the diagnostic data run was stated, expressed as a filetime.
 - **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **RunOnline**  Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
+- **RunOnline**  Indicates if appraiser was able to connect to Windows Update and therefore is making decisions using up-to-date driver coverage information.
 - **RunResult**  The hresult of the Appraiser diagnostic data run.
 - **ScheduledUploadDay**  The day scheduled for the upload.
 - **SendingUtc**  Indicates whether the Appraiser client is sending events during the current diagnostic data run.
@ -1856,7 +1856,7 @@ The following fields are available:
 - **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear.
 - **InternalBatteryCapacityDesign**  Represents the theoretical capacity of the battery when new, in mWh.
 - **InternalBatteryNumberOfCharges**  Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
- **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
+- **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected. Boolean value.
 ### Census.Enterprise
@ -1869,7 +1869,7 @@ The following fields are available:
 - **AzureOSIDPresent**  Represents the field used to identify an Azure machine.
 - **AzureVMType**  Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
 - **CDJType**  Represents the type of cloud domain joined for the machine.
- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
+- **CommercialId**  Represents the GUID for the commercial entity that the device is a member of.  Will be used to reflect insights back to customers.
 - **ContainerType**  The type of container, such as process or virtual machine hosted.
 - **EnrollmentType**  Defines the type of MDM enrollment on the device.
 - **HashedDomain**  The hashed representation of the user domain used for login.
@ -1880,9 +1880,9 @@ The following fields are available:
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MDMServiceProvider**  A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
 ### Census.Firmware
@ -4866,7 +4866,7 @@ The following fields are available:
 - **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
 - **IsWUfBFederatedScanDisabled**  Indicates if Windows Update for Business federated scan is disabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
 - **MSIError**  The last error that was encountered during a scan for updates.
 - **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
@ -4960,7 +4960,7 @@ The following fields are available:
 - **IPVersion**  Indicates whether the download took place over IPv4 or IPv6.
 - **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **NetworkCost**  A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
 - **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
 - **PackageFullName**  The package name of the content.
@ -5070,7 +5070,7 @@ The following fields are available:
 - **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
 - **IsWUfBDualScanEnabled**  Indicates whether Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
 - **MsiAction**  The stage of MSI installation where it failed.
 - **MsiProductCode**  The unique identifier of the MSI installer.
@ -5122,9 +5122,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -5187,9 +5187,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -6806,9 +6806,9 @@ The following fields are available:
 - **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
 - **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
 - **IPVersion**  Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-For-Business target version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business target version is enabled on the device.
 - **MetadataIntegrityMode**  Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
 - **NumberOfApplicationsCategoryScanEvaluated**  Number of categories (apps) for which an app update scan checked.
 - **NumberOfLoop**  Number of roundtrips the scan required.
@ -6854,9 +6854,9 @@ The following fields are available:
 - **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
 - **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
 - **IPVersion**  Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-For-Business target version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business target version is enabled on the device.
 - **MetadataIntegrityMode**  Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
 - **MSIError**  The last error encountered during a scan for updates.
 - **NetworkConnectivityDetected**  0 when IPv4 is detected, 1 when IPv6 is detected.
@ -6896,9 +6896,9 @@ The following fields are available:
 - **ExtendedStatusCode**  Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
 - **FeatureUpdatePause**  Failed Parse actions.
 - **IPVersion**  Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business targeted version is enabled on the device.
 - **MetadataIntegrityMode**  Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
 - **NumberOfApplicationsCategoryScanEvaluated**  Number of categories (apps) for which an app update scan checked.
 - **NumberOfLoop**  Number of roundtrips the scan required.
@ -6957,10 +6957,10 @@ The following fields are available:
 - **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
 - **EventInstanceID**  A globally unique identifier for event instance.
 - **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBFederatedScanDisabled**  Flag indicated is WU-for-Business FederatedScan is disabled on the device.
+- **IsWUfBFederatedScanDisabled**  Flag indicated is Windows Update for Business FederatedScan is disabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business targeted version is enabled on the device.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
 - **RelatedCV**  The previous correlation vector that was used by the client, before swapping with a new one.
@ -6994,9 +6994,9 @@ The following fields are available:
 - **FeatureUpdatePausePeriod**  Pause duration configured for feature OS updates on the device, in days.
 - **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
 - **IPVersion**  Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business targeted version is enabled on the device.
 - **MetadataIntegrityMode**  Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
 - **NumberOfApplicableUpdates**  Number of updates which were ultimately deemed applicable to the system after detection process is complete.
 - **NumberOfApplicationsCategoryScanEvaluated**  Number of categories (apps) for which an app update scan checked.
@ -7131,9 +7131,9 @@ The following fields are available:
 - **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
 - **HostName**  Identifies the hostname.
 - **IPVersion**  Identifies the IP Connection Type version.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **NetworkCost**  Identifies the network cost.
 - **NetworkRestrictionStatus**  When download is done, identifies whether network switch happened to restricted.
 - **PackageFullName**  Package name of the content.
@ -7187,9 +7187,9 @@ The following fields are available:
 - **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
 - **HostName**  Identifies the hostname.
 - **IPVersion**  Identifies the IP Connection Type version.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **NetworkCost**  Identifies the network cost.
 - **NetworkRestrictionStatus**  When download is done, identifies whether network switch happened to restricted.
 - **PackageFullName**  The package name of the content.
@ -7229,9 +7229,9 @@ The following fields are available:
 - **FlightBuildNumber**  Indicates the build number of that flight.
 - **FlightId**  The specific id of the flight the device is getting.
 - **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business targeted version is enabled on the device.
 - **PackageFullName**  The package name of the content.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -7264,9 +7264,9 @@ The following fields are available:
 - **FlightBuildNumber**  Indicates the build number of that flight.
 - **FlightId**  The specific id of the flight the device is getting.
 - **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business targeted version is enabled on the device.
 - **PackageFullName**  The package name of the content.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -7312,9 +7312,9 @@ The following fields are available:
 - **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
 - **HostName**  The hostname URL the content is downloading from.
 - **IPVersion**  Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6)
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag indicated is WU-for-Business targeted version is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag indicated is Windows Update for Business targeted version is enabled on the device.
 - **NetworkCost**  A flag indicating the cost of the network being used for downloading the update content. That could be one of the following values0x0 : Unkown0x1 : Network cost is unrestricted0x2 : Network cost is fixed0x4 : Network cost is variable0x10000 : Network cost over data limit0x20000 : Network cost congested0x40000 : Network cost roaming0x80000 : Network cost approaching data limit.
 - **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be “metered”.
 - **PackageFullName**  The package name of the content.
@ -7355,9 +7355,9 @@ The following fields are available:
 - **FlightBuildNumber**  Indicates the build number of that flight.
 - **FlightId**  The specific id of the flight the device is getting.
 - **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **PackageFullName**  The package name of the content.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -7404,9 +7404,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **MsiAction**  Stage of MSI installation where it failed.
 - **MsiProductCode**  Unique identifier of the MSI installer.
@ -7460,9 +7460,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **MsiAction**  Stage of MSI installation where it failed.
 - **MsiProductCode**  Unique identifier of the MSI installer.
@ -7516,9 +7516,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **MsiAction**  Stage of MSI installation where it failed.
 - **MsiProductCode**  Unique identifier of the MSI installer.
@ -7572,9 +7572,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **MsiAction**  Stage of MSI installation where it failed.
 - **MsiProductCode**  Unique identifier of the MSI installer.
@ -7628,9 +7628,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **MsiAction**  Stage of MSI installation where it failed.
 - **MsiProductCode**  Unique identifier of the MSI installer.
@ -7681,9 +7681,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -7730,9 +7730,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -7779,9 +7779,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates if this event signal the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicated is WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicated is Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicated is WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicated is Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@ -1886,9 +1886,9 @@ The following fields are available:
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MDMServiceProvider**  A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
 ### Census.Firmware
@ -4849,7 +4849,7 @@ The following fields are available:
 - **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
 - **IsWUfBFederatedScanDisabled**  Indicates if Windows Update for Business federated scan is disabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
 - **MSIError**  The last error that was encountered during a scan for updates.
 - **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
@ -4966,7 +4966,7 @@ The following fields are available:
 - **IsDependentSet**  Indicates whether a driver is a part of a larger System Hardware/Firmware Update
 - **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **NetworkCost**  A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
 - **NetworkCostBitMask**  Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
 - **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
@ -5088,7 +5088,7 @@ The following fields are available:
 - **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
 - **IsWUfBDualScanEnabled**  Indicates whether Windows Update for Business dual scan is enabled on the device.
 - **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
 - **MsiAction**  The stage of MSI installation where it failed.
 - **MsiProductCode**  The unique identifier of the MSI installer.
@ -5140,9 +5140,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -5205,9 +5205,9 @@ The following fields are available:
 - **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
 - **IsFirmware**  Indicates whether an update was a firmware update.
 - **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBDualScanEnabled**  Flag indicating whether Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled**  Flag that indicates if the WU-for-Business target version policy is enabled on the device.
+- **IsWUfBTargetVersionEnabled**  Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
 - **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
 - **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
 - **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
@ -5769,7 +5769,7 @@ The following fields are available:
 - **UnifiedInstallerDeviceAADJoinedHresult**  The result code after checking if device is Azure Active Directory-joined.
 - **UnifiedInstallerDeviceInDssPolicy**  Boolean indicating whether the device is found to be in a DSS policy.
 - **UnifiedInstallerDeviceInDssPolicyHresult**  The result code for checking whether the device is found to be in a DSS policy.
- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is AADJ.
+- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is Azure Active Directory-joined.
 - **UnifiedInstallerDeviceIsAdJoined**  Boolean indicating whether a device is AD joined.
 - **UnifiedInstallerDeviceIsAdJoinedHresult**  The result code for checking whether a device is AD joined.
 - **UnifiedInstallerDeviceIsEducationSku**  Boolean indicating whether a device is Education SKU.
@ -5782,8 +5782,8 @@ The following fields are available:
 - **UnifiedInstallerDeviceIsMdmManagedHresult**  The result code from checking whether a device is MDM managed.
 - **UnifiedInstallerDeviceIsProSku**  Boolean indicating whether a device is Pro SKU.
 - **UnifiedInstallerDeviceIsProSkuHresult**  The result code from checking whether a device is Pro SKU.
- **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is SCCM managed.
+- **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is managed by Configuration Manager.
- **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is SCCM managed.
+- **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is managed by Configuration Manager.
 - **UnifiedInstallerDeviceWufbManaged**  Boolean indicating whether a device is Windows Update for Business managed.
 - **UnifiedInstallerDeviceWufbManagedHresult**  The result code from checking whether a device is Windows Update for Business managed.
 - **UnifiedInstallerPlatformResult**  The result code from checking what platform type the device is.
@ -5824,7 +5824,7 @@ The following fields are available:
 - **CV**  Correlation vector.
 - **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
 - **PackageVersion**  Current package version of remediation.
- **UpdateHealthToolsDeviceSccmManaged**  Device is managed by SCCM.
+- **UpdateHealthToolsDeviceSccmManaged**  Device is managed by Configuration Manager.
 - **UpdateHealthToolsDeviceUbrChanged**  1 if the Ubr just changed, 0 otherwise.
 - **UpdateHealthToolsDeviceUri**  The URI to be used for push notifications on this device.
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@ -147,7 +147,7 @@ An administrator can disable a user’s ability to delete their device’s diagn
 #### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_
 > [!IMPORTANT]
-> There are some significant changes planned for the Windows diagnostic data processor configuration.  To learn more, [review this information](configure-windows-diagnostic-data-in-your-organization.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> There are some significant changes planned for the Windows diagnostic data processor configuration.  To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
 **Applies to:**
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@ -2,10 +2,6 @@
 title: Access Control Overview (Windows 10)
 description: Access Control Overview
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@ -2,10 +2,6 @@
 title: Active Directory Accounts (Windows 10)
 description: Active Directory Accounts
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@ -2,10 +2,6 @@
 title: Active Directory Security Groups
 description: Active Directory Security Groups
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/dynamic-access-control.md
+++ b/windows/security/identity-protection/access-control/dynamic-access-control.md
@ -2,10 +2,6 @@
 title: Dynamic Access Control Overview (Windows 10)
 description: Learn about Dynamic Access Control and its associated elements, which were introduced in Windows Server 2012 and Windows 8.
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@ -2,10 +2,6 @@
 title: Local Accounts (Windows 10)
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/microsoft-accounts.md
+++ b/windows/security/identity-protection/access-control/microsoft-accounts.md
@ -2,10 +2,6 @@
 title: Microsoft Accounts (Windows 10)
 description: Microsoft Accounts
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/security-identifiers.md
+++ b/windows/security/identity-protection/access-control/security-identifiers.md
@ -2,10 +2,6 @@
 title: Security identifiers (Windows 10)
 description: Security identifiers
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/security-principals.md
+++ b/windows/security/identity-protection/access-control/security-principals.md
@ -2,10 +2,6 @@
 title: Security Principals (Windows 10)
 description: Security Principals
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/service-accounts.md
+++ b/windows/security/identity-protection/access-control/service-accounts.md
@ -2,10 +2,6 @@
 title: Service Accounts (Windows 10)
 description: Service Accounts
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/access-control/special-identities.md
+++ b/windows/security/identity-protection/access-control/special-identities.md
@ -3,10 +3,6 @@ title: Special Identities (Windows 10)
 description: Special Identities
 ms.prod: m365-security
 ms.technology: windows-sec
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@ -1,14 +1,8 @@
 ---
 title: Configure S/MIME for Windows
 description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
 ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05
 ms.reviewer: 
 keywords: encrypt, digital signature
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@ -2,11 +2,7 @@
 title: Additional mitigations
 description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
 ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@ -2,11 +2,7 @@
 title: Advice while using Windows Defender Credential Guard (Windows)
 description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows.
 ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 author: dansimp
 ms.author: dansimp
 manager: dansimp
@ -26,27 +22,27 @@ ms.reviewer:
 Passwords are still weak. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
-Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported.
+Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, aren't supported.
 ## Wi-fi and VPN Considerations
-When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You will be forced to enter your credentials to use these protocols and cannot save the credentials for future use. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS.
+When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You'll be forced to enter your credentials to use these protocols and can't save the credentials for future use. If you're using WiFi and VPN endpoints that are based on MS-CHAPv2, they're subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS.
 ## Kerberos Considerations
 When you enable Windows Defender Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. Use constrained or resource-based Kerberos delegation instead.
 ## 3rd Party Security Support Providers Considerations
-Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it does not allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested with Windows Defender Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](/windows/win32/secauthn/restrictions-around-registering-and-installing-a-security-package) on MSDN.
+Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it doesn't allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs aren't supported. We recommend that custom implementations of SSPs/APs are tested with Windows Defender Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API isn't supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](/windows/win32/secauthn/restrictions-around-registering-and-installing-a-security-package) on MSDN.
 ## Upgrade Considerations
 As the depth and breadth of protections provided by Windows Defender Credential Guard are increased, subsequent releases of Windows 10 with Windows Defender Credential Guard running may impact scenarios that were working in the past. For example, Windows Defender Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities. Test scenarios required for operations in an organization before upgrading a device using Windows Defender Credential Guard.
 ### Saved Windows Credentials Protected
-Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials: Windows credentials, certificate-based credentials, and generic credentials. Generic credentials such as user names and passwords that you use to log on to websites are not protected since the applications require your cleartext password. If the application does not need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network. The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager:
+Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials: Windows credentials, certificate-based credentials, and generic credentials. Generic credentials such as user names and passwords that you use to log on to websites aren't protected since the applications require your cleartext password. If the application doesn't need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network. The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager:
-* Windows credentials saved by Remote Desktop Client cannot be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message "Logon attempt failed."
+* Windows credentials saved by Remote Desktop Client can't be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message "Logon attempt failed."
 * Applications that extract Windows credentials fail.
-* When credentials are backed up from a PC that has Windows Defender Credential Guard enabled, the Windows credentials cannot be restored. If you need to back up your credentials, you must do this before you enable Windows Defender Credential Guard. Otherwise, you cannot restore those credentials.
+* When credentials are backed up from a PC that has Windows Defender Credential Guard enabled, the Windows credentials can't be restored. If you need to back up your credentials, you must do this before you enable Windows Defender Credential Guard. Otherwise, you can't restore those credentials.
 ## Clearing TPM Considerations
 Virtualization-based Security (VBS) uses the TPM to protect its key. So when the TPM is cleared then the TPM protected key used to encrypt VBS secrets is lost.
@ -61,17 +57,17 @@ As a result Credential Guard can no longer decrypt protected data. VBS creates a
 > Credential Guard obtains the key during initialization. So the data loss will only impact persistent data and occur after the next system startup.
 ### Windows credentials saved to Credential Manager
-Since Credential Manager cannot decrypt saved Windows Credentials, they are deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard.
+Since Credential Manager can't decrypt saved Windows Credentials, they're deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard.
 ### Domain-joined device’s automatically provisioned public key
 Beginning with Windows 10 and Windows Server 2016, domain-devices automatically provision a bound public key, for more information about automatic public key provisioning, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
-Since Credential Guard cannot decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it cannot authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
+Since Credential Guard can't decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it can't authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
 Also if any access control checks including authentication policies require devices to have either the KEY TRUST IDENTITY (S-1-18-4) or FRESH PUBLIC KEY IDENTITY (S-1-18-3) well-known SIDs, then those access checks fail. For more information about authentication policies, see [Authentication Policies and Authentication Policy Silos](/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos). For more information about well-known SIDs, see [[MS-DTYP] Section 2.4.2.4 Well-known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
 ### Breaking DPAPI on domain-joined devices
-On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery is not possible.
+On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery isn't possible.
 >[!IMPORTANT]
 > Best practice when clearing a TPM on a domain-joined device is to be on a network with connectivity to domain controllers. This ensures DPAPI functions and the user does not experience strange behavior. <br>
@ -79,11 +75,11 @@ Auto VPN configuration is protected with user DPAPI. User may not be able to use
 If you must clear the TPM on a domain-joined device without connectivity to domain controllers, then you should consider the following.
-Domain user sign-in on a domain-joined device after clearing a TPM for as long as there is no connectivity to a domain controller:
+Domain user sign-in on a domain-joined device after clearing a TPM for as long as there's no connectivity to a domain controller:
 |Credential Type | Windows version | Behavior
 |---|---|---|
-| Certificate (smart card or Windows Hello for Business) | All | All data protected with user DPAPI is unusable and user DPAPI does not work at all. |
+| Certificate (smart card or Windows Hello for Business) | All | All data protected with user DPAPI is unusable and user DPAPI doesn't work at all. |
 | Password | Windows 10 v1709 or later | If the user signed-in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected.
 | Password | Windows 10 v1703 | If the user signed-in with a password prior to clearing the TPM, then they can sign-in with that password and are unaffected.
 | Password | Windows 10 v1607 or earlier | Existing user DPAPI protected data is unusable. User DPAPI is able to protect new data.
@ -91,7 +87,7 @@ Domain user sign-in on a domain-joined device after clearing a TPM for as long a
 Once the device has connectivity to the domain controllers, DPAPI recovers the user's key and data protected prior to clearing the TPM can be decrypted.
 #### Impact of DPAPI failures on Windows Information Protection
-When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection.  The impact includes: Outlook 2016 is unable to start and work protected documents cannot be opened.  If DPAPI is working, then newly created work data is protected and can be accessed.
+When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection.  The impact includes: Outlook 2016 is unable to start and work protected documents can't be opened.  If DPAPI is working, then newly created work data is protected and can be accessed.
 **Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
--- a/Show More
+++ b/Show More