diff --git a/education/index.yml b/education/index.yml
index adc8d30041..1da8d77fdb 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -8,7 +8,7 @@ metadata:
title: Microsoft 365 Education Documentation
description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
ms.topic: hub-page
- ms.date: 11/06/2023
+ ms.date: 07/22/2024
productDirectory:
title: For IT admins
diff --git a/education/windows/index.yml b/education/windows/index.yml
index 0cd20e659d..1c2008d3c9 100644
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@@ -12,16 +12,16 @@ metadata:
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
- ms.date: 10/30/2023
+ ms.date: 07/22/2024
highlightedContent:
items:
- title: Get started with Windows 11 SE
itemType: get-started
url: windows-11-se-overview.md
- - title: Windows 11, version 22H2
+ - title: Windows 11, version 23H2
itemType: whats-new
- url: /windows/whats-new/whats-new-windows-11-version-22H2
+ url: /windows/whats-new/whats-new-windows-11-version-23h2
- title: Explore all Windows trainings and learning paths for IT pros
itemType: learn
url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md
new file mode 100644
index 0000000000..a914eb1c31
--- /dev/null
+++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md
@@ -0,0 +1,20 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 07/11/2024
+ms.topic: include
+---
+
+### Hide entry points for Fast User Switching
+
+With this policy setting you can prevent multiple users to sign in at the same time, using the Fast User Switching feature.
+
+- If enabled, only one user can sign in at a time. The Fast User Switching entry points are hidden from the sign-in screen, the Start menu, and the Task Manager. If multiple users want to sign in, the current user must sign out first
+- If disabled or not configured, multiple users can sign in at the same time. The Fast User Switching entry points are available from the sign-in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in
+
+| | Path |
+|--|--|
+| **CSP** | `./Device/Vendor/MSFT/Policy/Config/WindowsLogon/`[HideFastUserSwitching](/windows/client-management/mdm/policy-csp-windowslogon#hidefastuserswitching) |
+| **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **Logon** > **Hide entry points for Fast User Switching** |
+
+To learn more, see [Fast User Switching](/windows/win32/shell/fast-user-switching).
diff --git a/windows/configuration/start/includes/hide-lock.md b/windows/configuration/start/includes/hide-lock.md
index e43dff0cfa..52a8be809e 100644
--- a/windows/configuration/start/includes/hide-lock.md
+++ b/windows/configuration/start/includes/hide-lock.md
@@ -9,5 +9,5 @@ ms.topic: include
| | Path |
|--|--|
-| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideSignOut](/windows/client-management/mdm/policy-csp-start#hidelock) |
+| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideLock](/windows/client-management/mdm/policy-csp-start#hidelock) |
| **GPO** | Not available. |
diff --git a/windows/configuration/start/includes/hide-switch-account.md b/windows/configuration/start/includes/hide-switch-user.md
similarity index 53%
rename from windows/configuration/start/includes/hide-switch-account.md
rename to windows/configuration/start/includes/hide-switch-user.md
index 5bbe1c5e7a..49188235e2 100644
--- a/windows/configuration/start/includes/hide-switch-account.md
+++ b/windows/configuration/start/includes/hide-switch-user.md
@@ -5,7 +5,12 @@ ms.date: 04/10/2024
ms.topic: include
---
-### Hide Switch account
+### Hide Switch user
+
+With this policy setting you can hide the **Switch user** option from the user tile in the start menu:
+
+- If enabled, the **Switch user** option is hidden
+- If disabled or not configured, the **Switch user** option is available
| | Path |
|--|--|
diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md
index 9dd5437ffc..5d0b4b6bf0 100644
--- a/windows/configuration/start/policy-settings.md
+++ b/windows/configuration/start/policy-settings.md
@@ -2,7 +2,7 @@
title: Start policy settings
description: Learn about the policy settings to configure the Windows Start menu.
ms.topic: reference
-ms.date: 04/10/2024
+ms.date: 07/10/2024
appliesto:
zone_pivot_groups: windows-versions-11-10
---
@@ -132,19 +132,37 @@ Select one of the tabs to see the list of available settings:
#### [:::image type="icon" source="../images/icons/user.svg"::: **Account options**](#tab/user)
+::: zone pivot="windows-11"
+|Policy name| CSP | GPO |
+|-|-|-|
+|[Hide **Change account settings**](#hide-change-account-settings)|✅|❌|
+|[Hide **Sign out**](#hide-sign-out)|✅|✅|
+|[Hide **Switch user**](#hide-switch-user)|✅|❌|
+|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅|
+|[Hide user tile](#hide-user-tile)|✅|❌|
+::: zone-end
+
+::: zone pivot="windows-10"
|Policy name| CSP | GPO |
|-|-|-|
|[Hide **Change account settings**](#hide-change-account-settings)|✅|❌|
|[Hide **Lock**](#hide-lock)|✅|❌|
|[Hide **Sign out**](#hide-sign-out)|✅|✅|
-|[Hide **Switch account**](#hide-switch-account)|✅|❌|
+|[Hide **Switch user**](#hide-switch-user)|✅|❌|
+|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅|
|[Hide user tile](#hide-user-tile)|✅|❌|
+::: zone-end
[!INCLUDE [hide-change-account-settings](includes/hide-change-account-settings.md)]
+
+::: zone pivot="windows-10"
[!INCLUDE [hide-lock](includes/hide-lock.md)]
+::: zone-end
+
[!INCLUDE [hide-signout](includes/hide-signout.md)]
-[!INCLUDE [hide-switch-user](includes/hide-switch-account.md)]
-[!INCLUDE [hide-switch-user](includes/hide-user-tile.md)]
+[!INCLUDE [hide-switch-user](includes/hide-switch-user.md)]
+[!INCLUDE [hide-lock](includes/hide-entry-points-for-fast-user-switching.md)]
+[!INCLUDE [hide-user-tile](includes/hide-user-tile.md)]
#### [:::image type="icon" source="../images/icons/folder.svg"::: **Pinned folders**](#tab/folders)
@@ -174,6 +192,21 @@ Select one of the tabs to see the list of available settings:
#### [:::image type="icon" source="../images/icons/power.svg"::: **Power options**](#tab/power)
+
+::: zone pivot="windows-11"
+|Policy name| CSP | GPO |
+|-|-|-|
+|[Hide **Hibernate** ](#hide-hibernate)|✅|❌|
+|[Hide **Lock**](#hide-lock)|✅|❌|
+|[Hide **Power** button](#hide-power-button)|✅|❌|
+|[Hide **Restart**](#hide-restart)|✅|❌|
+|[Hide **Shut down**](#hide-shut-down)|✅|❌|
+|[Hide **Sleep**](#hide-sleep)|✅|❌|
+|[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅|
+::: zone-end
+
+::: zone pivot="windows-10"
+
|Policy name| CSP | GPO |
|-|-|-|
|[Hide **Hibernate** ](#hide-hibernate)|✅|❌|
@@ -183,7 +216,12 @@ Select one of the tabs to see the list of available settings:
|[Hide **Sleep**](#hide-sleep)|✅|❌|
|[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅|
+::: zone-end
+
[!INCLUDE [hide-hibernate](includes/hide-hibernate.md)]
+::: zone pivot="windows-11"
+[!INCLUDE [hide-lock](includes/hide-lock.md)]
+::: zone-end
[!INCLUDE [hide-power-button](includes/hide-power-button.md)]
[!INCLUDE [hide-restart](includes/hide-restart.md)]
[!INCLUDE [hide-shut-down](includes/hide-shut-down.md)]
diff --git a/windows/deployment/do/delivery-optimization-configure.md b/windows/deployment/do/delivery-optimization-configure.md
index e3546abb50..0fb34cf04f 100644
--- a/windows/deployment/do/delivery-optimization-configure.md
+++ b/windows/deployment/do/delivery-optimization-configure.md
@@ -16,17 +16,19 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Delivery Optimization
-ms.date: 07/01/2024
+ms.date: 07/23/2024
---
# Configure Delivery Optimization (DO) for Windows
+This article describes the different configuration considerations to optimize Delivery Optimization (DO) in your environment.
+
## Delivery Optimization set up considerations
Use this checklist to guide you through different aspects when modifying Delivery Optimization configurations for your environment.
-1. Pre-requisites to allow Delivery Optimization communication
-1. Evaluate Delivery Optimization policies based on the following:
+1. Prerequisites to allow Delivery Optimization communication
+1. Evaluate Delivery Optimization policies based on the follwoing items:
* Network topology
* Organization size
@@ -36,7 +38,7 @@ Use this checklist to guide you through different aspects when modifying Deliver
1. Using Connected Cache (MCC)
1. Choose where to set Delivery Optimization policies
-## 1. Pre-requisites to allow Delivery Optimization communication
+## 1. Prerequisites to allow Delivery Optimization communication
:::image type="content" source="images/do-setup-allow-communication.png" alt-text="Screenshot of the considerations to allow Delivery Optimization communication." lightbox="images/do-setup-allow-communication.png":::
@@ -50,11 +52,11 @@ There are service endpoints that you need to permit through your Firewall to com
### Proxy
-To allow peer-to-peer (P2P) to work properly you need to allow direct calls to the Delivery Optimization service from your devices. When using a proxy, you want to bypass calls from the Delivery Optimization service (*.prod.do.dsp.mp.microsoft.com).
+To allow peer-to-peer (P2P) to work properly, you need to allow direct calls to the Delivery Optimization service from your devices. When using a proxy, you want to bypass calls from the Delivery Optimization service (*.prod.do.dsp.mp.microsoft.com).
#### Local proxy
-For downloads from HTTP sources, Delivery Optimization can use the automatic proxy discovery capability of WinHttp to handle communication with the proxy server. It’s important to know, Delivery Optimization uses byte range requests, so you’ll want to make sure your proxy allows this capability. [Learn more](delivery-optimization-proxy.md) about using Delivery Optimization with a proxy server.
+For downloads from HTTP sources, Delivery Optimization can use the automatic proxy discovery capability of WinHttp to handle communication with the proxy server. It's important to know that Delivery Optimization uses byte range requests, so you'll want to make sure your proxy allows this capability. [Learn more](delivery-optimization-proxy.md) about using Delivery Optimization with a proxy server.
#### Cloud proxy
@@ -78,7 +80,7 @@ There are a range of [Delivery Optimization settings](waas-delivery-optimization
:::image type="content" source="images/do-setup-network-topology.png" alt-text="Screenshot of Delivery Optimization network topology considerations." lightbox="images/do-setup-network-topology.png":::
-Peer groups can be defined in Delivery Optimization using a combination of settings such as [DODownloadMode](waas-delivery-optimization-reference.md#download-mode), [DOGroupID](waas-delivery-optimization-reference.md#group-id), [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids), and [DORestrictPeerSelection](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection). *The combination of settings used will depend on your desired peer group(s) and your network topology.*
+Peer groups can be defined in Delivery Optimization using a combination of settings such as [DODownloadMode](waas-delivery-optimization-reference.md#download-mode), [DOGroupID](waas-delivery-optimization-reference.md#group-id), [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids), and [DORestrictPeerSelection](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection). *The combination of settings used depends on your desired peer group(s) and your network topology.*
#### Peering setup options
@@ -93,7 +95,7 @@ To define a peer group limited to your LAN, choose [DODownloadMode](waas-deliver
##### Wide area network (WAN)
-To achieve peer groups across NATs within the same site, over the WAN, or to have more control in your local environment, use download mode ‘2’, Group-mode. Group download mode allows you to define a unique GUID Group ID or use existing logical groupings (e.g. AD Site) in your enterprise with the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) setting to identify a peer group.
+To achieve peer groups across NATs within the same site, over the WAN, or to have more control in your local environment, use download mode '2', Group-mode. Group download mode allows you to define a unique GUID Group ID or use existing logical groupings (for example, AD Site) in your enterprise with the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) setting to identify a peer group.
##### GroupIDSource default behavior
@@ -108,16 +110,16 @@ There are several options for identifying your Group ID using the [DOGroupIDSour
If your environment requires a more granular approach, you can use the restrict peer discovery setting alongside the download mode to achieve more control. For example, if you have several different subnets behind the same NAT but want to limit your peer groups to a single subnet, choose [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) (1) and [DORestrictPeerSelection](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection) (Subnet). This setting can be used with any of the peer-related download modes (1, 2, or 3).
-#### Non-peering options
+#### Nonpeering options
-There are two valid download modes that don't use P2P functionality to deliver content; download modes (0) and (99). download mode (0) uses additional metadata provided by the Delivery Optimization services for a peerless, reliable, and efficient download experience. Download mode (99) will provide a reliable download experience over HTTP from the download's original source or Microsoft, with no other checks.
+There are two valid download modes that don't use P2P functionality to deliver content; download modes (0) and (99). Download mode (0) uses additional metadata provided by the Delivery Optimization services for a peerless, reliable, and efficient download experience. Download mode (99) will provide a reliable download experience over HTTP from the download's original source or Microsoft, with no other checks.
#### Peering with VPN
-By default, if Delivery Optimization detects a VPN, peering is not used. To change this behavior, use the [DOAllowVPNPeerCaching](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. The Delivery Optimization client looks in the network adapter’s ‘Description’ and ‘FriendlyName’ strings to determine VPN usage. To allow greater flexibility for VPN identification, use the [DOVpnKeywords](waas-delivery-optimization-reference.md#vpn-keywords) to add descriptors for a particular VPN you use in your organization.
+By default, if Delivery Optimization detects a VPN, peering isn't used. To change this behavior, use the [DOAllowVPNPeerCaching](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. The Delivery Optimization client looks in the network adapter's 'Description' and 'FriendlyName' strings to determine VPN usage. To allow greater flexibility for VPN identification, use the [DOVpnKeywords](waas-delivery-optimization-reference.md#vpn-keywords) to add descriptors for a particular VPN you use in your organization.
> [!NOTE]
-> The default keyword list is “VPN”, “Secure”, and “Virtual Private Network”. For example, “MYVPN” matches the “VPN” keyword and would be detected as a VPN connection.
+> The default keyword list is "VPN", "Secure", and "Virtual Private Network". For example, "MYVPN" matches the "VPN" keyword and would be detected as a VPN connection.
### 2b. Organization size
@@ -145,7 +147,7 @@ Alter the minimum disk size (default is 32 GB) a device must have to use peering
#### Optimize cache size
-You can also manage the amount of space the Delivery Optimization cache uses with the following settings: [DOMaxCacheSize](waas-delivery-optimization-reference.md#max-cache-size) (default is 20%) and [DOAbsoluteMaxCacheSize](waas-delivery-optimization-reference.md#absolute-max-cache-size) (default is not configured).
+You can also manage the amount of space the Delivery Optimization cache uses with the following settings: [DOMaxCacheSize](waas-delivery-optimization-reference.md#max-cache-size) (default is 20%) and [DOAbsoluteMaxCacheSize](waas-delivery-optimization-reference.md#absolute-max-cache-size) (default isn't configured).
#### RAM size
@@ -161,8 +163,12 @@ In an environment with devices that are plugged in and have ample free disk spac
Looking to improve P2P efficiency? Some of the most powerful settings you can change that could have a significant impact within your environment include:
-* Help optimize peer connection over HTTP connections using the [DOMinBackgroundQoS](waas-delivery-optimization-reference.md#minimum-background-qos) policy. A good value for the [DOMinBackgroundQoS](waas-delivery-optimization-reference.md#minimum-background-qos) policy is something lower than the average download speed seen in your network. For example, if your average speed is 1000 KB/s, set this policy to 500 KB/s.
-* Improve chances of downloading from peers and/or cache server by delaying the time DO attempts to make connections before falling back to the HTTP source. The set of delay-related policies include: [DODelayBackgroundDownloadFromHttp](waas-delivery-optimization-reference.md#delay-background-download-from-http-in-secs), [DODelayForegroundDownloadFromHttp](waas-delivery-optimization-reference.md#delay-foreground-download-from-http-in-secs). To improve efficiencies from peers or a dedicated cache server, a good starting point is 60 seconds for background settings and 30 seconds for foreground settings.
+- Help optimize peer connection over HTTP connections using the [DOMinBackgroundQoS](waas-delivery-optimization-reference.md#minimum-background-qos) policy. A good value for the [DOMinBackgroundQoS](waas-delivery-optimization-reference.md#minimum-background-qos) policy is something lower than the average download speed seen in your network. For example, if your average speed is 1000 KB/s, set this policy to 500 KB/s.
+- Improve chances of downloading from peers and/or cache server by delaying the time DO attempts to make connections before falling back to the HTTP source. The set of delay-related policies include:
+ - [DODelayBackgroundDownloadFromHttp](waas-delivery-optimization-reference.md#delay-background-download-from-http-in-secs)
+ - [DODelayForegroundDownloadFromHttp](waas-delivery-optimization-reference.md#delay-foreground-download-from-http-in-secs)
+
+ To improve efficiencies from peers or a dedicated cache server, a good starting point is 60 seconds for background settings and 30 seconds for foreground settings.
> [!NOTE]
> Not all content types are eligible for P2P. Refer to the [complete list](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization) to learn more.
@@ -171,8 +177,14 @@ Looking to improve P2P efficiency? Some of the most powerful settings you can ch
Regardless of P2P, consider setting the following policies to avoid network disruption.
-* Manage network usage as a percentage or absolute value. These policies include: [DOPercentageMaxBackgroundBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth), [DOPercentageMaxForegroundBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth), [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs), and [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs).
-* Reduce disruptions by throttling differently at different times of day, using the business hours policies, [DOSetHoursToLimitBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-background-download-bandwidth) and [DOSetHoursToLimitForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-foreground-download-bandwidth).
+- Manage network usage as a percentage or absolute value. These policies include:
+ - [DOPercentageMaxBackgroundBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth)
+ - [DOPercentageMaxForegroundBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth)
+ - [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs)
+ - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs)
+- Reduce disruptions by throttling differently at different times of day, using the following business hours policies:
+ - [DOSetHoursToLimitBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-background-download-bandwidth)
+ - [DOSetHoursToLimitForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-foreground-download-bandwidth).
> [!NOTE]
> The absolute policies are recommended in low bandwidth environments.
@@ -181,10 +193,10 @@ Regardless of P2P, consider setting the following policies to avoid network disr
:::image type="content" source="images/do-setup-connected-cache.png" alt-text="Screenshot of Delivery Optimization options when using Connected Cache." lightbox="images/do-setup-connected-cache.png":::
-* [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname) is the list of cache host server names, separated with commas. *Delivery Optimization client connects to the listed Microsoft Connected Cache servers in the order as they're listed.*
-* [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source) can be used to dynamically discover cache host servers on the network, using DHCP.
-* [DelayCacheServerFallbackBackground](waas-delivery-optimization-reference.md#delay-background-download-cache-server-fallback-in-secs) and [DelayCacheServerFallbackForeground](waas-delivery-optimization-reference.md#delay-foreground-download-cache-server-fallback-in-secs) are the delay policies to help improve chances of pulling content from the network cache host servers. (See recommended values in [Improve P2P efficiency](#2d-improve-p2p-efficiency) section above).
-* [DODisallowCacheServerDownloadsOnVPN](waas-delivery-optimization-reference.md#disallow-cache-server-downloads-on-vpn) allows control of the cache host server to supply content, when device is on a VPN connection.
+- [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname) is the list of cache host server names, separated with commas. *Delivery Optimization client connects to the listed Microsoft Connected Cache servers in the order as they're listed.*
+- [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source) can be used to dynamically discover cache host servers on the network, using DHCP.
+- [DelayCacheServerFallbackBackground](waas-delivery-optimization-reference.md#delay-background-download-cache-server-fallback-in-secs) and [DelayCacheServerFallbackForeground](waas-delivery-optimization-reference.md#delay-foreground-download-cache-server-fallback-in-secs) are the delay policies to help improve chances of pulling content from the network cache host servers. (See recommended values in [Improve P2P efficiency](#2d-improve-p2p-efficiency) section above).
+- [DODisallowCacheServerDownloadsOnVPN](waas-delivery-optimization-reference.md#disallow-cache-server-downloads-on-vpn) allows control of the cache host server to supply content, when device is on a VPN connection.
## 4. Choose where to set Delivery Optimization policies
@@ -204,15 +216,15 @@ Use MDM to manage Delivery Optimization settings here,
Delivery Optimization is integrated with both Microsoft Endpoint Manager and Configuration Manager.
-* [Microsoft Endpoint Manager (MEM)](/mem/intune/configuration/delivery-optimization-windows)
-* [Microsoft Endpoint Configuration Manager (MECM)](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery)
+- [Microsoft Endpoint Manager (MEM)](/mem/intune/configuration/delivery-optimization-windows)
+- [Microsoft Endpoint Configuration Manager (MECM)](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery)
## Summary of basic configuration recommendations
| Use case | Policy | Recommended value |
| ----- | ----- | ----------------- |
| Use P2P | DownloadMode | 1 or 2 |
-| Do not use P2P | DownloadMode | 0 |
+| Don't use P2P | DownloadMode | 0 |
| Number of devices in the organization | MinFileSizeToCache | 1 MB for peer group > 100 devices |
| Idle system resources | MaxCacheAge | 7 days (604800 seconds) |
| Improve P2P efficiency | MinBackgroundQoS and DelayBackgroundDownloadFromHttp / DelayForegroundDownloadFromHttp | 500 KB/s and 60/30 seconds |
@@ -220,11 +232,11 @@ Delivery Optimization is integrated with both Microsoft Endpoint Manager and Con
## Monitor Delivery Optimization
-Whether you opt for the default Delivery Optimization configurations or tailor them to suit your environment, you will want to track the outcomes to see how they improve your efficiency. [Learn more](waas-delivery-optimization-monitor.md) about the monitoring options for Delivery Optimization.
+Whether you opt for the default Delivery Optimization configurations or tailor them to suit your environment, you'll want to track the outcomes to see how they improve your efficiency. [Learn more](waas-delivery-optimization-monitor.md) about the monitoring options for Delivery Optimization.
## Troubleshoot Delivery Optimization
-There could be many different reasons why Delivery Optimization is not working in your environment. [Learn more](delivery-optimization-troubleshoot.md) about the DO Troubleshooter and common problems and solutions to help improve the experience of using Delivery Optimization.
+There could be many different reasons why Delivery Optimization isn't working in your environment. [Learn more](delivery-optimization-troubleshoot.md) about the DO Troubleshooter and common problems and solutions to help improve the experience of using Delivery Optimization.
## Test Delivery Optimization
diff --git a/windows/deployment/do/delivery-optimization-troubleshoot.md b/windows/deployment/do/delivery-optimization-troubleshoot.md
index 1c9186808c..5ade7e311f 100644
--- a/windows/deployment/do/delivery-optimization-troubleshoot.md
+++ b/windows/deployment/do/delivery-optimization-troubleshoot.md
@@ -16,14 +16,16 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Delivery Optimization
-ms.date: 07/01/2024
+ms.date: 07/23/2024
---
# Troubleshoot Delivery Optimization
+This article discusses how to troubleshoot Delivery Optimization.
+
## DO Troubleshooter
-[Check out](https://aka.ms/do-fix) the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the available switches:
+[Check out](https://aka.ms/do-fix) for the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the available switches:
- -HealthCheck: Provides an overall check of the device setup to ensure Delivery Optimization communication is possible on the device.
- -P2P: Provides output specific to P2P settings, efficiency, and errors.
@@ -35,7 +37,7 @@ This section summarizes common problems and some solutions to try.
### If you don't see any bytes from peers
-If you don't see any bytes coming from peers the cause might be one of the following issues:
+If you don't see any bytes coming from peers, the cause might be one of the following issues:
- Clients aren't able to reach the Delivery Optimization cloud services.
- The cloud service doesn't see other peers on the network.
diff --git a/windows/security/book/cloud-services-protect-your-work-information.md b/windows/security/book/cloud-services-protect-your-work-information.md
index 789ac396b8..97aafdbec1 100644
--- a/windows/security/book/cloud-services-protect-your-work-information.md
+++ b/windows/security/book/cloud-services-protect-your-work-information.md
@@ -232,7 +232,7 @@ Universal Print has integrated with Administrative Units in Microsoft Entra ID t
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
- [Universal Print](https://www.microsoft.com/microsoft-365/windows/universal-print)
-- [Data storage in Universal Print](/universal-print/fundamentals/universal-print-encryption)
+- [Data handling in Universal Print](/universal-print/data-handling)
- [Delegate Printer Administration with Administrative Units](/universal-print/portal/delegated-admin)
For customers who want to stay on Print Servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM.
diff --git a/windows/security/introduction.md b/windows/security/introduction.md
index 073a4309b9..53edc2cc2c 100644
--- a/windows/security/introduction.md
+++ b/windows/security/introduction.md
@@ -1,24 +1,17 @@
---
title: Introduction to Windows security
description: System security book.
-ms.date: 09/01/2023
-ms.topic: tutorial
+ms.date: 07/22/2024
+ms.topic: overview
ms.author: paoloma
-ms.collection:
- - essentials-security
-content_well_notification:
- - AI-contribution
author: paolomatarazzo
-appliesto:
- - ✅ Windows 11
-ai-usage: ai-assisted
---
# Introduction to Windows security
The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks.
-Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the [security baselines](operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) with new requirements for advanced hardware and software protection that extends from chip to cloud.
+Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the security baselines with new requirements for advanced hardware and software protection that extends from chip to cloud.
## How Windows 11 enables Zero Trust protection
@@ -44,11 +37,11 @@ In Windows 11, hardware and software work together to protect the operating syst
To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
-In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
+In Windows 11, [Microsoft Defender Application Guard](application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
### Secured identities
-Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
+Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) and [passkeys](identity-protection/passkeys/index.md) for passwordless authentication.
### Connecting to cloud services
@@ -58,4 +51,4 @@ Microsoft offers comprehensive cloud services for identity, storage, and access
To learn more about the security features included in Windows 11, read the [Windows 11 Security Book](book/index.md).
-
+
diff --git a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
index 368b0d1c10..61a6b9a820 100644
--- a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
+++ b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
@@ -1,7 +1,7 @@
---
title: Encrypted hard drives
description: Learn how encrypted hard drives use the rapid encryption that is provided by BitLocker to enhance data security and management.
-ms.date: 10/18/2023
+ms.date: 07/22/2024
ms.topic: concept-article
---
@@ -75,7 +75,7 @@ To configure encrypted hard drives as startup drives, use the same methods as st
There are three policy settings to manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption:
-- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives)
+- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives)
- [Configure use of hardware-based encryption for removable data drives](bitlocker/configure.md?tabs=removable#configure-use-of-hardware-based-encryption-for-removable-data-drives)
- [Configure use of hardware-based encryption for operating system drives](bitlocker/configure.md?tabs=os#configure-use-of-hardware-based-encryption-for-operating-system-drives)