Merge pull request #5765 from MicrosoftDocs/master

Publish 10/01/21, 3:30 PM
2025-05-12 21:37:22 +00:00 · 2021-10-01 16:06:46 -07:00 · 2021-10-01 16:06:46 -07:00 · 3ac31580cd
commit 3ac31580cd
parent e727c2286e a543d5d70f
61 changed files with 3842 additions and 3494 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -18959,8 +18959,67 @@
      "source_path": "windows/security/identity-protection/change-history-for-access-protection.md",
      "redirect_url": "/windows/security/",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/waas-servicing-differences.md",
      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/wufb-autoupdate.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/wufb-basics.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/wufb-managedrivers.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/wufb-manageupdate.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/wwufb-onboard.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/feature-update-conclusion.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/waas-wufb-intune.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/feature-update-maintenance-window.md",
      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/feature-update-mission-critical.md",
      "redirect_url": "/windows/deployment/waas-manage-updates-wufb",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
      "redirect_url": "/windows/deployment/deploy-whats-new",
      "redirect_document_id": true
    }    
 	]
 }
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@ -853,6 +853,14 @@ ms.date: 10/08/2020
 - [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
 - [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
 - [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
 - [ADMX_PreviousVersions/DisableLocalPage_1](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_1)
 - [ADMX_PreviousVersions/DisableLocalPage_2](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_2)
 - [ADMX_PreviousVersions/DisableRemotePage_1](./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_1)
 - [ADMX_PreviousVersions/DisableRemotePage_2](./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_2)
 - [ADMX_PreviousVersions/HideBackupEntries_1](./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_1)
 - [ADMX_PreviousVersions/HideBackupEntries_2](./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_2)
 - [ADMX_PreviousVersions/DisableLocalRestore_1](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_1)
 - [ADMX_PreviousVersions/DisableLocalRestore_2](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_2)
 - [ADMX_Printing/AllowWebPrinting](./policy-csp-admx-printing.md#admx-printing-allowwebprinting)
 - [ADMX_Printing/ApplicationDriverIsolation](./policy-csp-admx-printing.md#admx-printing-applicationdriverisolation)
 - [ADMX_Printing/CustomizedSupportUrl](./policy-csp-admx-printing.md#admx-printing-customizedsupporturl)
@ -896,7 +904,6 @@ ms.date: 10/08/2020
 - [ADMX_Programs/NoProgramsCPL](./policy-csp-admx-programs.md#admx-programs-noprogramscpl)
 - [ADMX_Programs/NoWindowsFeatures](./policy-csp-admx-programs.md#admx-programs-nowindowsfeatures)
 - [ADMX_Programs/NoWindowsMarketplace](./policy-csp-admx-programs.md#admx-programs-nowindowsmarketplace)
 - [ADMX_Radar/WdiScenarioExecutionPolicy](./policy-csp-admx-radar.md#admx-radar-wdiscenarioexecutionpolicy)
 - [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
 - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
 - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
@ -1112,6 +1119,10 @@ ms.date: 10/08/2020
 - [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails)
 - [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders)
 - [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders)
 - [ADMX_TouchInput/TouchInputOff_1](./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_1)
 - [ADMX_TouchInput/TouchInputOff_2](./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_2)
 - [ADMX_TouchInput/PanningEverywhereOff_1](./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_1)
 - [ADMX_TouchInput/PanningEverywhereOff_2](./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_2)
 - [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name)
 - [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name)
 - [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name)
@ -1263,9 +1274,13 @@ ms.date: 10/08/2020
 - [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
 - [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
 - [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
 - [ADMX_WDI/WdiDpsScenarioExecutionPolicy](./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenarioexecutionpolicy)
 - [ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy](./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenariodatasizelimitpolicy)
 - [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
 - [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
 - [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
 - [ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1](./policy-csp-admx-windowscolorsystem.md#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1]
 - [ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2](./policy-csp-admx-windowscolorsystem.md#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2]
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
 - [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -3057,6 +3057,35 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
  </dd>
 </dl>
 ### ADMX_PreviousVersions policies
 </dl>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_1" id="admx-previousversions-disablelocalpage_1">ADMX_PreviousVersions/DisableLocalPage_1</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_2" id="admx-previousversions-disablelocalpage_2">ADMX_PreviousVersions/DisableLocalPage_2</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_1" id="admx-previousversions-disableremotepage_1">ADMX_PreviousVersions/DisableRemotePage_1</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_2" id="admx-previousversions-disableremotepage_2">ADMX_PreviousVersions/DisableRemotePage_2</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_1" id="admx-previousversions-hidebackupentries_1">ADMX_PreviousVersions/HideBackupEntries_1</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_2" id="admx-previousversions-hidebackupentries_2">ADMX_PreviousVersions/HideBackupEntries_2</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_1" id="admx-previousversions-disablelocalrestore_1">ADMX_PreviousVersions/DisableLocalRestore_1</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_2" id="admx-previousversions-disablelocalrestore_2">ADMX_PreviousVersions/DisableLocalRestore_2</a>
  </dd>
 </dl>
 ### ADMX_Printing policies  
 <dl>
@ -3199,13 +3228,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
  </dd>
 </dl>
 ### ADMX_Radar policies
 <dl>
  <dd>
    <a href="./policy-csp-admx-radar.md#admx-radar-wdiscenarioexecutionpolicy" id="admx-radar-wdiscenarioexecutionpolicy">ADMX_Radar/WdiScenarioExecutionPolicy</a>
  </dd>
 <dl>
 ### ADMX_Reliability policies
 <dl>
@ -3978,6 +4000,23 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
  </dd>
 </dl>
 ### ADMX_TouchInput policies
 <dl>
  <dd>
    <a href="./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_1" id="admx-touchinput-touchinputoff_1">ADMX_TouchInput/TouchInputOff_1</a>
  </dd>  
  <dd>
    <a href="./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_2" id="admx-touchinput-touchinputoff_2">ADMX_TouchInput/TouchInputOff_2</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_1" id="admx-touchinput-panningeverywhereoff_1">ADMX_TouchInput/PanningEverywhereOff_1</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_2" id="admx-touchinput-panningeverywhereoff_2">ADMX_TouchInput/PanningEverywhereOff_2</a>
  </dd>
 </dl>
 ### ADMX_TPM policies  
 <dl>
@ -4456,6 +4495,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
  </dd>
 </dl>
 ### ADMX_WDI Policies
 <dl>
  <dd>
    <a href="./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenarioexecutionpolicy" id="admx-wdi-wdidpsscenarioexecutionpolicy">ADMX_WDI/WdiDpsScenarioExecutionPolicy</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenariodatasizelimitpolicy" id="admx-wdi-wdidpsscenariodatasizelimitpolicy">ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy</a>
  </dd>
 <dl>
 ### ADMX_WinCal policies  
 <dl>
@ -4475,6 +4525,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
  </dd>
 </dl>
 ### ADMX_WindowsColorSystem policies
 <dl>
  <dd>
    <a href="./policy-csp-admx-windowscolorsystem.md#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1" id="admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1">ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1</a>
  </dd>
  <dd>
    <a href="./policy-csp-admx-windowscolorsystem.md#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2" id="admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2">ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2</a>
  </dd>
 </dl>
 ### ADMX_WindowsConnectNow policies  
 <dl>
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@ -14,14 +14,19 @@ manager: dansimp
 # Policy CSP - ADMX_EventForwarding
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 <hr/>
 <!--Policies-->
 ## ADMX_EventForwarding policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx_eventforwarding-forwarderresourceusage">ADMX_EventForwarding/ForwarderResourceUsage</a>
@ -40,28 +45,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -78,7 +89,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
+This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
 If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.
@ -87,12 +98,7 @@ If you disable or do not configure this policy setting, forwarder resource usage
 This setting applies across all subscriptions for the forwarder (source computer).
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -113,29 +119,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 </table>
 <!--/SupportedSKUs-->
@ -151,7 +162,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
+This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
 If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
@ -167,12 +178,6 @@ When using the HTTP protocol, use port 5985.
 If you disable or do not configure this policy setting, the Event Collector computer will not be specified.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -185,8 +190,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@ -13,14 +13,19 @@ manager: dansimp
 ---
 # Policy CSP - ADMX_Explorer
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 <hr/>
 <!--Policies-->
 ## ADMX_Explorer policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx-explorer-admininfourl">ADMX_Explorer/AdminInfoUrl</a>
@ -48,28 +53,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -86,15 +97,9 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
+Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -113,28 +118,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -163,14 +174,6 @@ If you disable or do not configure this policy setting, the menu bar will not be
 > [!NOTE]
 > When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Display the menu bar in File Explorer*
@ -188,28 +191,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -226,17 +235,11 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values.
+This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values.
 If you enable this policy setting on a machine that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -255,28 +258,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -293,7 +302,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
+This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
 If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
@ -303,12 +312,6 @@ If you disable or do not configure this policy setting, users will be able to ad
 > Enabling this policy setting does not prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -327,28 +330,33 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
-</tr>
+    <td>No</td>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -365,15 +373,9 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy is similar to settings directly available to computer users.  Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
+This policy is similar to settings directly available to computer users.  Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -386,6 +388,4 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@ -13,9 +13,13 @@ manager: dansimp
 ---
 # Policy CSP - ADMX_FileRecovery
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <hr/>
 <!--Policies-->
@ -34,28 +38,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -75,12 +85,7 @@ manager: dansimp
 > This policy setting applies to all sites in Trusted zones.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -90,8 +95,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@ -13,8 +13,13 @@ manager: dansimp
 ---
 # Policy CSP - ADMX_FileServerVSSProvider
-> [!WARNING]
+
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <hr/>
@ -36,28 +41,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -74,7 +85,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
+This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
 VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.
@ -84,12 +95,6 @@ By default, the RPC protocol message between File Server VSS provider and File S
 > To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -102,8 +107,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@ -13,14 +13,19 @@ manager: dansimp
 ---
 # Policy CSP - ADMX_FileSys
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 <hr/>
 <!--Policies-->
 ## ADMX_FileSys policies 
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). 
 <dl>
  <dd>
    <a href="#admx-filesys-disablecompression">ADMX_FileSys/DisableCompression</a>
@ -55,28 +60,33 @@ manager: dansimp
 <a href="" id="admx-filesys-disablecompression"></a>**ADMX_FileSys/DisableCompression**  
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -93,15 +103,10 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. 
+Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. 
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -119,28 +124,34 @@ ADMX Info:
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -157,19 +168,13 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
+Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
 A value of 0, the default, will enable delete notifications for all volumes.
 A value of 1 will disable delete notifications for all volumes.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -186,28 +191,34 @@ ADMX Info:
 <a href="" id="admx-filesys-disableencryption"></a>**ADMX_FileSys/DisableEncryption**  
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -224,15 +235,8 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
+Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -249,28 +253,34 @@ ADMX Info:
 <a href="" id="admx-filesys-enablepagefileencryption"></a>**ADMX_FileSys/EnablePagefileEncryption**  
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -287,15 +297,9 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
+Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -312,28 +316,34 @@ ADMX Info:
 <a href="" id="admx-filesys-longpathsenabled"></a>**ADMX_FileSys/LongPathsEnabled**  
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -350,15 +360,9 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
+Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -375,28 +379,34 @@ ADMX Info:
 <a href="" id="admx-filesys-shortnamecreationsettings"></a>**ADMX_FileSys/ShortNameCreationSettings**  
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes<td>
    <td>Yes</td>
 </tr>
 </table>
@ -413,17 +423,11 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
+This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
 If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -441,28 +445,34 @@ ADMX Info:
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -479,7 +489,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:  
+Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:  
 - Local Link to a Local Target
 - Local Link to a Remote Target
@ -492,12 +502,6 @@ For more information, refer to the Windows Help section.
 > If this policy is disabled or not configured, local administrators may select the types of symbolic links to be evaluated.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -514,28 +518,34 @@ ADMX Info:
 <a href="" id="admx-filesys-txfdeprecatedfunctionality"></a>**ADMX_FileSys/TxfDeprecatedFunctionality**  
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -552,15 +562,10 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
+TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -573,8 +578,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@ -13,14 +13,19 @@ manager: dansimp
 ---
 # Policy CSP - ADMX_FolderRedirection
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 <hr/>
 <!--Policies-->
 ## ADMX_FolderRedirection policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx-folderredirection-disablefradminpin">ADMX_FolderRedirection/DisableFRAdminPin</a>
@ -53,28 +58,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -91,7 +102,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
+This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
 If you enable this policy setting, users must manually select the files they wish to make available offline.  
@ -105,12 +116,6 @@ If you disable or do not configure this policy setting, redirected shell folders
 > If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline".
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -128,28 +133,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -166,7 +177,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether individual redirected shell folders are available offline by default.
+This policy setting allows you to control whether individual redirected shell folders are available offline by default.
 For the folders affected by this setting, users must manually select the files they wish to make available offline.
@ -178,12 +189,6 @@ If you disable or do not configure this policy setting, all redirected shell fol
 > The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline".
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -202,28 +207,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -240,19 +251,13 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.
+This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.
 If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location.
 If you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -271,28 +276,33 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
-</tr>
+    <td>Yes</td>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -309,7 +319,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
+This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
 If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
@ -319,12 +329,6 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
 > This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -343,28 +347,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -381,7 +391,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
+This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
 If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
@ -391,12 +401,6 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
 > This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -414,28 +418,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -452,7 +462,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
+This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
 To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.
@ -464,12 +474,6 @@ If you disable or do not configure this policy setting and the user has redirect
 > If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -487,28 +491,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -525,7 +535,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
+This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
 To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.
@ -537,12 +547,7 @@ If you disable or do not configure this policy setting and the user has redirect
 > If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.
 <!--/Description-->
-> [!TIP]
+
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
@ -555,8 +560,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@ -0,0 +1,646 @@
 ---
 title: Policy CSP - ADMX_PreviousVersions
 description: Policy CSP - ADMX_PreviousVersions
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.date: 12/01/2020
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - ADMX_PreviousVersions
 <hr/>
 <!--Policies-->
 ## ADMX_PreviousVersions policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx-previousversions-disablelocalpage_1">ADMX_PreviousVersions/DisableLocalPage_1</a>
  </dd>
  <dd>
    <a href="#admx-previousversions-disablelocalpage_2">ADMX_PreviousVersions/DisableLocalPage_2</a>
  </dd>
  <dd>
    <a href="#admx-previousversions-disableremotepage_1">ADMX_PreviousVersions/DisableRemotePage_1</a>
  </dd>
  <dd>
    <a href="#admx-previousversions-disableremotepage_2">ADMX_PreviousVersions/DisableRemotePage_2</a>
  </dd>
  <dd>
    <a href="#admx-previousversions-hidebackupentries_1">ADMX_PreviousVersions/HideBackupEntries_1</a>
  </dd>
  <dd>
    <a href="#admx-previousversions-hidebackupentries_2">ADMX_PreviousVersions/HideBackupEntries_2</a>
  </dd>
  <dd>
    <a href="#admx-previousversions-disablelocalrestore_1">ADMX_PreviousVersions/DisableLocalRestore_1</a>
  </dd>
  <dd>
    <a href="#admx-previousversions-disablelocalrestore_2">ADMX_PreviousVersions/DisableLocalRestore_2</a>
  </dd> 
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-disablelocalpage_1"></a>**ADMX_PreviousVersions/DisableLocalPage_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.  
 - If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.  
 - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. 
 - If the user clicks the Restore button, Windows attempts to restore the file from the local disk.  
 - If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prevent restoring local previous versions*
 -   GP name: *DisableLocalPage_1*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-disablelocalpage_2"></a>**ADMX_PreviousVersions/DisableLocalPage_2**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.  
 - If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.  
 - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. 
 - If the user clicks the Restore button, Windows attempts to restore the file from the local disk.  
 - If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prevent restoring local previous versions*
 -   GP name: *DisableLocalPage_2*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-disableremotepage_1"></a>**ADMX_PreviousVersions/DisableRemotePage_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
 - If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
 - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
 - If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
 - If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prevent restoring remote previous versions*
 -   GP name: *DisableRemotePage_1*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-disableremotepage_2"></a>**ADMX_PreviousVersions/DisableRemotePage_2**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
 - If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
 - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
 - If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
 - If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prevent restoring remote previous versions*
 -   GP name: *DisableRemotePage_1*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-hidebackupentries_1"></a>**ADMX_PreviousVersions/HideBackupEntries_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.  
 - If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.  
 - If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. 
 If you do not configure this policy setting, it is disabled by default.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Hide previous versions of files on backup location*
 -   GP name: *HideBackupEntries_1*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-hidebackupentries_2"></a>**ADMX_PreviousVersions/HideBackupEntries_2**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.  
 - If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.  
 - If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. 
 If you do not configure this policy setting, it is disabled by default.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Hide previous versions of files on backup location*
 -   GP name: *HideBackupEntries_2*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-disablelocalrestore_1"></a>**ADMX_PreviousVersions/DisableLocalRestore_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
 - If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
 - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
 - If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
 - If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prevent restoring remote previous versions*
 -   GP name: *DisableLocalRestore_1*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-previousversions-disablelocalrestore_2"></a>**ADMX_PreviousVersions/DisableLocalRestore_2**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
 - If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
 - If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
 - If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
 - If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prevent restoring remote previous versions*
 -   GP name: *DisableLocalRestore_2*
 -   GP path: *Windows Components\File Explorer\Previous Versions*
 -   GP ADMX file name: *PreviousVersions.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@ -0,0 +1,103 @@
 ---
 title: Policy CSP - ADMX_PushToInstall
 description: Policy CSP - ADMX_PushToInstall
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.date: 12/01/2020
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - ADMX_PushToInstall
 <hr/>
 <!--Policies-->
 ## ADMX_PushToInstall policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx-pushtoinstall-disablepushtoinstall">ADMX_PushToInstall/DisablePushToInstall</a>
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="admx-pushtoinstall-disablepushtoinstall"></a>**ADMX_PushToInstall/DisablePushToInstall**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Turn off Push To Install service*
 -   GP name: *DisablePushToInstall*
 -   GP path: *Windows Components\Push To Install*
 -   GP ADMX file name: *PushToInstall.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@ -0,0 +1,331 @@
 ---
 title: Policy CSP - ADMX_TouchInput
 description: Policy CSP - ADMX_TouchInput
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.date: 09/23/2020
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - ADMX_TouchInput
 <hr/>
 <!--Policies-->
 ## ADMX_TouchInput policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx-touchinput-touchinputoff_1">ADMX_TouchInput/TouchInputOff_1</a>
  </dd>
  <dd>
    <a href="#admx-touchinput-touchinputoff_2">ADMX_TouchInput/TouchInputOff_2</a>
  </dd>
  <dd>
    <a href="#admx-touchinput-panningeverywhereoff_1">ADMX_TouchInput/PanningEverywhereOff_1</a>
  </dd>
  <dd>
    <a href="#admx-touchinput-panningeverywhereoff_2">ADMX_TouchInput/PanningEverywhereOff_2</a>
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="admx-touchinput-touchinputoff_1"></a>**ADMX_TouchInput/TouchInputOff_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.  
 - If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
 - If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.  
 If you do not configure this setting, touch input is on by default.  Note: Changes to this setting will not take effect until the user logs off.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Turn off Tablet PC touch input*
 -   GP name: *TouchInputOff_1*
 -   GP path: *Windows Components\Tablet PC\Touch Input*
 -   GP ADMX file name: *TouchInput.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <!--Policy-->
 <a href="" id="admx-touchinput-touchinputoff_2"></a>**ADMX_TouchInput/TouchInputOff_2**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.  
 - If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
 - If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.  
 If you do not configure this setting, touch input is on by default.  Note: Changes to this setting will not take effect until the user logs off.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Turn off Tablet PC touch input*
 -   GP name: *TouchInputOff_2*
 -   GP path: *Windows Components\Tablet PC\Touch Input*
 -   GP ADMX file name: *TouchInput.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-touchinput-panningeverywhereoff_1"></a>**ADMX_TouchInput/PanningEverywhereOff_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Turn off Panning  Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.  
 - If you enable this setting, the user will not be able to pan windows by touch.  
 - If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Panning is on by default.  
 > [!NOTE]
 > Changes to this setting will not take effect until the user logs off.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Turn off Touch Panning*
 -   GP name: *PanningEverywhereOff_1*
 -   GP path: *Windows Components\Tablet PC\Touch Input*
 -   GP ADMX file name: *TouchInput.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <a href="" id="admx-touchinput-panningeverywhereoff_2"></a>**ADMX_TouchInput/PanningEverywhereOff_2**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Turn off Panning  Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.  
 - If you enable this setting, the user will not be able to pan windows by touch.  
 - If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Panning is on by default.  
 > [!NOTE]
 > Changes to this setting will not take effect until the user logs off.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Turn off Touch Panning*
 -   GP name: *PanningEverywhereOff_2*
 -   GP path: *Windows Components\Tablet PC\Touch Input*
 -   GP ADMX file name: *TouchInput.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@ -0,0 +1,185 @@
 ---
 title: Policy CSP - ADMX_WDI
 description: Policy CSP - ADMX_WDI
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.date: 11/09/2020
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - ADMX_WDI
 <hr/>
 <!--Policies-->
 ## ADMX_WDI policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx-wdi-wdidpsscenarioexecutionpolicy">ADMX_WDI/WdiDpsScenarioExecutionPolicy</a>
  </dd>
  <dd>
    <a href="#admx-wdi-wdidpsscenariodatasizelimitpolicy">ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy</a>
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="admx-wdi-wdidpsscenarioexecutionpolicy"></a>**ADMX_WDI/WdiDpsScenarioExecutionPolicy**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.  
 - If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.  
 - If you disable or do not configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size.  
 No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.  
 This policy setting will only take effect when the Diagnostic Policy Service is in the running state.  
 When the service is stopped or disabled, diagnostic scenario data will not be deleted.  
 The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Diagnostics: Configure scenario retention*
 -   GP name: *WdiDpsScenarioExecutionPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics*
 -   GP ADMX file name: *WDI.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-wdi-wdidpsscenariodatasizelimitpolicy"></a>**ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.  
 - If you enable this policy setting, you must select an execution level from the drop-down menu. 
 If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.  
 - If you disable this policy setting, Windows cannot detect, troubleshoot, or resolve any problems that are handled by the DPS. 
 If you do not configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it is enabled or disabled.  Scenario-specific policy settings only take effect if this policy setting is not configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Diagnostics: Configure scenario execution level*
 -   GP name: *WdiDpsScenarioDataSizeLimitPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics*
 -   GP ADMX file name: *WDI.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@ -0,0 +1,182 @@
 ---
 title: Policy CSP - ADMX_WindowsColorSystem
 description: Policy CSP - ADMX_WindowsColorSystem
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.date: 10/27/2020
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - ADMX_WindowsColorSystem
 <hr/>
 <!--Policies-->
 ## ADMX_WindowsColorSystem policies  
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <dl>
  <dd>
    <a href="#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1">ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1</a>
  </dd>
  <dd>
    <a href="#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2">ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2</a>
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1"></a>**WindowsColorSystem/ProhibitChangingInstalledProfileList_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting affects the ability of users to install or uninstall color profiles.  
 - If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.  
 - If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prohibit installing or uninstalling color profiles*
 -   GP name: *ProhibitChangingInstalledProfileList_1*
 -   GP path: *Windows Components\Windows Color System*
 -   GP ADMX file name: *WindowsColorSystem.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2"></a>**WindowsColorSystem/ProhibitChangingInstalledProfileList_2**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting affects the ability of users to install or uninstall color profiles.  
 - If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.  
 - If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Prohibit installing or uninstalling color profiles*
 -   GP name: *ProhibitChangingInstalledProfileList_2*
 -   GP path: *Windows Components\Windows Color System*
 -   GP ADMX file name: *WindowsColorSystem.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--/Policies-->
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@ -561,14 +561,14 @@ items:
              href: policy-csp-admx-power.md
            - name: ADMX_PowerShellExecutionPolicy
              href: policy-csp-admx-powershellexecutionpolicy.md
            - name: ADMX_PreviousVersions
              href: policy-csp-admx-previousversions.md  
            - name: ADMX_Printing
              href: policy-csp-admx-printing.md
            - name: ADMX_Printing2
              href: policy-csp-admx-printing2.md
            - name: ADMX_Programs
              href: policy-csp-admx-programs.md
            - name: ADMX_Radar
              href: policy-csp-admx-radar.md  
            - name: ADMX_Reliability
              href: policy-csp-admx-reliability.md
            - name: ADMX_RemoteAssistance
@ -619,6 +619,8 @@ items:
              href: policy-csp-admx-terminalserver.md 
            - name: ADMX_Thumbnails
              href: policy-csp-admx-thumbnails.md
            - name: ADMX_TouchInput
              href: policy-csp-admx-touchinput.md  
            - name: ADMX_TPM
              href: policy-csp-admx-tpm.md
            - name: ADMX_UserExperienceVirtualization
@ -629,10 +631,14 @@ items:
              href: policy-csp-admx-w32time.md
            - name: ADMX_WCM
              href: policy-csp-admx-wcm.md
            - name: ADMX_WDI
              href: policy-csp-admx-wdi.md  
            - name: ADMX_WinCal
              href: policy-csp-admx-wincal.md
            - name: ADMX_WindowsAnytimeUpgrade
              href: policy-csp-admx-windowsanytimeupgrade.md
            - name: ADMX_WindowsColorSystem
              href: policy-csp-admx-windowscolorsystem.md
            - name: ADMX_WindowsConnectNow
              href: policy-csp-admx-windowsconnectnow.md
            - name: ADMX_WindowsExplorer
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@ -15,9 +15,8 @@
          href: update/quality-updates.md
        - name: Basics of Windows updates, channels, and tools
          href: update/get-started-updates-channels-tools.md
-        - name: Servicing the Windows 10 operating system
+        - name: Prepare servicing strategy for Windows client updates
          href: update/waas-servicing-strategy-windows-10-updates.md
        - name: Deployment proof of concept
          items: 
            - name: Demonstrate Autopilot deployment on a VM
@ -47,15 +46,13 @@
          href: update/plan-determine-app-readiness.md 
        - name: Define your servicing strategy
          href: update/plan-define-strategy.md
-        - name: Delivery Optimization for Windows 10 updates
+        - name: Delivery Optimization for Windows client updates
          href: update/waas-delivery-optimization.md
          items:
            - name: Using a proxy with Delivery Optimization
              href: update/delivery-optimization-proxy.md
            - name: Delivery Optimization client-service communication
              href: update/delivery-optimization-workflow.md
        - name: Best practices for feature updates on mission-critical devices
          href: update/feature-update-mission-critical.md
        - name: Windows 10 deployment considerations
          href: planning/windows-10-deployment-considerations.md
        - name: Windows 10 infrastructure requirements
@ -79,15 +76,15 @@
      items: 
        - name: Prepare for Windows 11
          href: /windows/whats-new/windows-11-prepare
-        - name: Prepare to deploy Windows 10 updates
+        - name: Prepare to deploy Windows client updates
          href: update/prepare-deploy-windows.md
        - name: Evaluate and update infrastructure
          href: update/update-policies.md
        - name: Update Baseline
          href: update/update-baseline.md
-        - name: Set up Delivery Optimization for Windows 10 updates
+        - name: Set up Delivery Optimization for Windows client updates
          href: update/waas-delivery-optimization-setup.md
-        - name: Configure BranchCache for Windows 10 updates
+        - name: Configure BranchCache for Windows client updates
          href: update/waas-branchcache.md
        - name: Prepare your deployment tools
          items:
@ -97,8 +94,6 @@
              href: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
        - name: Build a successful servicing strategy
          items:
            - name: Build deployment rings for Windows 10 updates
              href: update/waas-deployment-rings-windows-10-updates.md
            - name: Check release health
              href: update/check-release-health.md
            - name: Prepare updates using Windows Update for Business
@ -142,7 +137,7 @@
                  href: vda-subscription-activation.md
                - name: Deploy Windows 10/11 Enterprise licenses
                  href: deploy-enterprise-licenses.md
-        - name: Deploy Windows 10 updates
+        - name: Deploy Windows client updates
          items:
            - name: Assign devices to servicing channels
              href: update/waas-servicing-channels-windows-10-updates.md
@ -154,20 +149,18 @@
              href: update/waas-manage-updates-wsus.md
            - name: Deploy updates with Group Policy
              href: update/waas-wufb-group-policy.md
-            - name: Update Windows 10 media with Dynamic Update
+            - name: Update Windows client media with Dynamic Update
              href: update/media-dynamic-update.md
            - name: Migrating and acquiring optional Windows content
              href: update/optional-content.md
            - name: Safeguard holds
              href: update/safeguard-holds.md
-            - name: Manage the Windows 10 update experience
+            - name: Manage the Windows client update experience
              items:              
                - name: Manage device restarts after updates
                  href: update/waas-restart.md
                - name: Manage additional Windows Update settings
                  href: update/waas-wu-settings.md 
                - name: Deploy feature updates during maintenance windows
                  href: update/feature-update-maintenance-window.md  
                - name: Deploy feature updates for user-initiated installations
                  href: update/feature-update-user-install.md        
        - name: Use Windows Update for Business
@ -189,7 +182,7 @@
              href: update/waas-wufb-group-policy.md
            - name: 'Walkthrough: use Intune to configure Windows Update for Business'
              href: update/deploy-updates-intune.md
-        - name: Monitor Windows 10 updates
+        - name: Monitor Windows client updates
          items:
            - name: Monitor Delivery Optimization
              href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization
@ -238,7 +231,7 @@
          items:
            - name: Resolve upgrade errors
              items:
-                - name: Resolve Windows 10 upgrade errors
+                - name: Resolve Windows client upgrade errors
                  href: upgrade/resolve-windows-10-upgrade-errors.md
                - name: Quick fixes
                  href: upgrade/quick-fixes.md
@ -254,7 +247,7 @@
                  href: upgrade/log-files.md
                - name: Resolution procedures
                  href: upgrade/resolution-procedures.md
-                - name: Submit Windows 10 upgrade errors
+                - name: Submit Windows client upgrade errors
                  href: upgrade/submit-errors.md
            - name: Troubleshoot Windows Update
              items:
@ -275,9 +268,9 @@
      items:
        - name: How does Windows Update work?
          href: update/how-windows-update-works.md
-        - name: Windows 10 upgrade paths
+        - name: Windows client upgrade paths
          href: upgrade/windows-10-upgrade-paths.md
-        - name: Windows 10 edition upgrade
+        - name: Windows client edition upgrade
          href: upgrade/windows-10-edition-upgrades.md
        - name: Deploy Windows 10 with Microsoft 365
          href: deploy-m365.md
@ -289,11 +282,11 @@
          href: update/waas-wu-settings.md
        - name: Delivery Optimization reference
          href: update/waas-delivery-optimization-reference.md
-        - name: Windows 10 in S mode
+        - name: Windows client in S mode
          href: s-mode.md
-        - name: Switch to Windows 10 Pro or Enterprise from S mode
+        - name: Switch to Windows client Pro or Enterprise from S mode
          href: windows-10-pro-in-s-mode.md
-        - name: Windows 10 deployment tools
+        - name: Windows client deployment tools
          items:
            - name: Windows client deployment scenarios and tools
              items:
@ -580,5 +573,5 @@
                - name: "Appendix: Information sent to Microsoft during activation "
                  href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
-        - name: Install fonts in Windows 10
+        - name: Install fonts in Windows client
          href: windows-10-missing-fonts.md
--- a/windows/deployment/update/change-history-for-update-windows-10.md
+++ b/windows/deployment/update/change-history-for-update-windows-10.md
@ -1,51 +0,0 @@
 ---
 title: Change history for Update Windows 10 (Windows 10)
 description: This topic lists new and updated topics in the Update Windows 10 documentation for Windows 10.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 author: jaimeo
 ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ---
 # Change history for Update Windows 10
 This topic lists new and updated topics in the [Update Windows 10](index.md) documentation for [Deploy and Update Windows 10](/windows/deployment).
 >If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
 ## September 2018
 | New or changed topic | Description |
 | --- | --- |
 | [Get started with Windows Update](windows-update-overview.md) | New |
 ## RELEASE: Windows 10, version 1709
 The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). 
 ## September 2017
 | New or changed topic | Description |
 | --- | --- |
 | [Olympia Corp](olympia/olympia-enrollment-guidelines.md) | New |
 ## July 2017
 All topics were updated to reflect the new [naming changes](waas-overview.md#naming-changes).
 ## May 2017
 | New or changed topic | Description |
 | --- | --- |
 | [Manage additional Windows Update settings](waas-wu-settings.md) | New |
 ## RELEASE: Windows 10, version 1703
 The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:
 * [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started)
 * [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-register)
--- a/windows/deployment/update/delivery-optimization-proxy.md
+++ b/windows/deployment/update/delivery-optimization-proxy.md
@ -15,7 +15,10 @@ ms.topic: article
 # Using a proxy with Delivery Optimization
-**Applies to**: Windows 10
+**Applies to**
 - Windows 10
 - Windows 11
 When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls. 
--- a/windows/deployment/update/feature-update-conclusion.md
+++ b/windows/deployment/update/feature-update-conclusion.md
@ -1,25 +0,0 @@
 ---
 title: Best practices for feature updates - conclusion
 description: This article includes final thoughts about how to deploy and stay up-to-date with Windows 10 feature updates.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.collection: M365-modern-desktop
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ---
 # Conclusion
 **Applies to**: Windows 10
 Mission critical devices that need to be online 24x7 pose unique challenges for the IT Pro looking to stay current with the latest Windows 10 feature update. Because these devices are online continually, providing mission critical services, with only a small window of time available to apply feature updates, specific procedures are required to effectively keep these devices current, with as little downtime as possible. 
 Whether you have defined servicing windows at your disposal where feature updates can be installed automatically, or you require user initiated installs by a technician, this whitepaper provides guidelines for either approach. Improvements are continually being made to Windows 10 setup to reduce device offline time for feature updates. This whitepaper will be updated as enhancements become available to improve the overall servicing approach and experience.   
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@ -1,264 +0,0 @@
 ---
 title: Best practices - deploy feature updates during maintenance windows
 description: Learn how to configure maintenance windows and how to deploy feature updates during a maintenance window.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.collection: M365-modern-desktop
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ---
 # Deploy feature updates during maintenance windows
 **Applies to**: Windows 10
 Use the following information to deploy feature updates during a maintenance window.
 ## Get ready to deploy feature updates
 ### Step 1: Configure maintenance windows
 1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**. 
 2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s). 
 3. On the **Home** tab, in the **Properties** group, choose **Properties**. 
 4. In the **Maintenance Windows** tab of the `<collection name>` Properties dialog box, choose the New icon. 
 5. Complete the `<new>` Schedule dialog. 
 6. Select from the Apply this schedule to drop-down list. 
 7. Choose **OK** and then close the **\<collection name\> Properties** dialog box.
 ### Step 2: Review computer restart device settings
 If you're not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration. 
 For example, by default, 90 minutes will be honored before the system is rebooted after the feature update install. If users will not be impacted by the user logoff or restart, there is no need to wait a full 90 minutes before rebooting the computer. If a delay and notification is needed, ensure that the maintenance window takes this into account along with the total time needed to install the feature update.
 >[!NOTE]
 > The following settings must be shorter in duration than the shortest maintenance window applied to the computer. 
 >- **Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes).**
 >- **Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged off or the computer restarts (minutes).**
 ### Step 3: Enable Peer Cache
 Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
 [Enable Configuration Manager client in full OS to share content](/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update). 
 ### Step 4: Override the default Windows setup priority (Windows 10, version 1709 and later)
 If you're deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted. 
 **%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini**
 ```
 [SetupConfig]
 Priority=Normal
 ```
 You can use the new [Run Scripts](/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices. 
 ```powershell
 #Parameters
 Param(
  [string] $PriorityValue = "Normal"
  )
 #Variable for ini file path
 $iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
 #Variables for SetupConfig
 $iniSetupConfigSlogan = "[SetupConfig]"
 $iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
 #Init SetupConfig content
 $iniSetupConfigContent = @"
 $iniSetupConfigSlogan
 "@
 #Build SetupConfig content with settings
 foreach ($k in $iniSetupConfigKeyValuePair.Keys) 
 {
    $val = $iniSetupConfigKeyValuePair[$k]
    $iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
 }
 #Write content to file 
 New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
 <#
 Disclaimer 
 Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is 
 provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without 
 limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk 
 arising out of the use or performance of the sample script and documentation remains with you. In no event shall 
 Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable 
 for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
 loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script 
 or documentation, even if Microsoft has been advised of the possibility of such damages.
 #>
 ```
 > [!NOTE]
 > If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
 ## Manually deploy feature updates
 The following sections provide the steps to manually deploy a feature update.
 ### Step 1: Specify search criteria for feature updates
 There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy.
 1. In the Configuration Manager console, click **Software Library**.
 2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed.
 3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
   - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
   - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English.
 4. Save the search for future use.
 ### Step 2: Download the content for the feature updates
 Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
 1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
 2. Choose the **feature update(s)** to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**.
   The **Download Software Updates Wizard** opens.
 3. On the **Deployment Package** page, configure the following settings:
   **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
     - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters.
     - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
     - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
   > [!NOTE]
   > The deployment package source location that you specify cannot be used by another software deployment package.
   > [!IMPORTANT]
   > The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
   > [!IMPORTANT]
   > You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
   Click **Next**.
 4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
   > [!NOTE]
   > The Distribution Points page is available only when you create a new software update deployment package.
 5. On the **Distribution Settings** page, specify the following settings:
   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
   - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
     - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
     - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
     - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting.
     For more information about prestaging content to distribution points, see [Use Prestaged content](/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
   Click **Next**.
 6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
   - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
     > [!NOTE]
     > When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
   Click **Next**.
 7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
 8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates.
 9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close.
 #### To monitor content status
 1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
 2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
 3. Select the feature update package that you previously identified to download the feature updates.
 4. On the **Home** tab, in the Content group, click **View Status**.
 ### Step 3: Deploy the feature update(s)
 After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
 1. In the Configuration Manager console, click **Software Library**.
 2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
 3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
   The **Deploy Software Updates Wizard** opens.
 4. On the General page, configure the following settings:
   - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>**
   - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
   - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
   - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
   - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
 5. On the Deployment Settings page, configure the following settings:
   - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
     > [!IMPORTANT]
     > After you create the software update deployment, you cannot later change the type of deployment.
     > [!NOTE]
     > A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required.
     > [!WARNING]
     > Before you can use this option, computers and networks must be configured for Wake On LAN.
   - **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
 6. On the Scheduling page, configure the following settings:
   - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
     > [!NOTE]
     > When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time.
   - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients:
     - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation.
   - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
     > [!NOTE]
     > You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
   - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links.
   > [!NOTE]
   > The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](/sccm/core/clients/deploy/about-client-settings#computer-agent).
 7. On the User Experience page, configure the following settings:
   - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**.
   - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](/sccm/core/clients/manage/collections/use-maintenance-windows).
   - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
     > [!IMPORTANT]
     > Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
   - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
     > [!NOTE]
     > When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
   - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
 8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
   > [!NOTE]
   > You can review recent software updates alerts from the Software Updates node in the Software Library workspace.
 9. On the Download Settings page, configure the following settings:
   - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
   - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
   - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
     > [!NOTE]
     > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source priority](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#content-source-priority).
 10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
 11. Click **Next** to deploy the feature update(s).
 ### Step 4: Monitor the deployment status
 After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
 1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
 2. Click the software update group or software update for which you want to monitor the deployment status.
 3. On the **Home** tab, in the **Deployment** group, click **View Status**.
--- a/windows/deployment/update/feature-update-mission-critical.md
+++ b/windows/deployment/update/feature-update-mission-critical.md
@ -1,44 +0,0 @@
 ---
 title: Best practices and recommendations for deploying Windows 10 Feature updates to mission-critical devices
 description: Learn how to use the Microsoft Endpoint Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.collection: M365-modern-desktop
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ---
 # Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
 **Applies to**: Windows 10
 Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren't the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the Microsoft Endpoint Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates. 
 For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, see [Manage Windows as a service using Configuration Manager](/configmgr/osd/deploy-use/manage-windows-as-a-service). 
 Devices and shared workstations that are online and available 24 hours a day, 7 days a week, can be serviced via one of two primary methods:
 - **Service during maintenance windows** – Devices that have established maintenance windows will need to have feature updates scheduled to fit within these windows.
 - **Service only when manually initiated** – Devices that need physical verification of the availability to update will need to have updates manually initiated by a technician.
 You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example:
 - **Upgrade to the next LTSC release.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade.
 - **Additional required tasks.** When deploying a feature update requires additional steps (for example, suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
 - **Language pack installations.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs.
 If you need to use a task sequence to deploy feature updates, see [Manage Windows as a service using Configuration Manager](/configmgr/osd/deploy-use/manage-windows-as-a-service) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks performed pre-install or pre-commit, see the new [run custom actions](/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You might find this option useful in deploying software updates. 
 Use the following information:
 - [Deploy feature updates during maintenance windows](feature-update-maintenance-window.md)
 - [Deploy feature updates for user-initiated installations](feature-update-user-install.md)
 - [Conclusion](feature-update-conclusion.md)
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@ -1,5 +1,5 @@
 ---
-title: Windows 10 updates, channels, and tools
+title: Windows client updates, channels, and tools
 description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them
 keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
 ms.prod: w10
@ -12,7 +12,12 @@ manager: laurawi
 ms.topic: article
 ---
-# Windows 10 updates, channels, and tools
+# Windows client updates, channels, and tools
 **Applies to**
 - Windows 10
 - Windows 11
 ## How Windows updates work
@ -30,34 +35,31 @@ version of the software.
 We include information here about many different update types you'll hear about, but the two overarching types that you have the most direct control over are *feature updates* and *quality updates*. 
- **Feature updates:** Released twice per year, during the first half and second half of each calendar year. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
+- **Feature updates:** Released as soon as they become available. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
- **Quality updates:** Quality updates deliver both security and non-security fixes to Windows 10. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
+- **Quality updates:** Quality updates deliver both security and non-security fixes. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
 - **Servicing stack updates:** The "servicing stack" is the code component that actually installs Windows updates. From time to time, the servicing stack itself needs to be updated in order to function smoothly. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. Servicing stack updates are not necessarily included in *every* monthly quality update, and occasionally are released out of band to address a late-breaking issue. Always install the latest available quality update to catch any servicing stack updates that might have been released. The servicing stack also contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). For more detail about servicing stack updates, see [Servicing stack updates](servicing-stack-updates.md).
 - **Driver updates**: These update drivers applicable to your devices. Driver updates are turned off by default in Windows Server Update Services (WSUS), but for cloud-based update methods, you can control whether they are installed or not.
 - **Microsoft product updates:** These update other Microsoft products, such as Office. You can enable or disable Microsoft updates by using policies controlled by various servicing tools.
 ## Servicing channels
-Windows 10 offers three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows 10 "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
+There are three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
 The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Endpoint Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
-### Semi-annual Channel
+### General Availability Channel
-In the Semi-annual Channel, feature updates are available as soon as Microsoft releases them, twice per year. As long as a device isn't set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it's released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.
+In the General Availability Channel, feature updates are available as soon as Microsoft releases them. As long as a device isn't set to defer feature updates, any device in this channel will install a feature update as soon as it's released. If you use Windows Update for Business, the channel provides three months of additional total deployment time before being required to update to the next release.
 > [!NOTE]
 > All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
 ### Windows Insider Program for Business
 Insider preview releases are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. There are actually three options within the Windows Insider Program for Business channel:
- Windows Insider Fast
+- Windows Insider Dev
- Windows Insider Slow
+- Windows Insider Beta
 - Windows Insider Release Preview
 We recommend that you use the Windows Insider Release Preview channel for validation activities.
@ -67,10 +69,10 @@ We recommend that you use the Windows Insider Release Preview channel for valida
 The **Long-Term Servicing Channel** is designed to be used only for specialized devices (which typically don't run Office) such as ones that control medical equipment or ATMs. Devices on this channel receive new feature releases every two to three years. LTSB releases service a special LTSB edition of Windows 10 and are only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-The Semi-Annual Channel is the default servicing channel for all Windows 10 devices except those with the LTSB edition installed. The following table shows the servicing channels available to each Windows 10 edition. 
+The General Availability Channel is the default servicing channel for all Windows devices except those with the LTSB edition installed. The following table shows the servicing channels available to each edition. 
-| Windows 10 edition | Semi-Annual Channel | Insider Program | Long-Term Servicing Channel |
+| Edition | General Availability Channel | Insider Program | Long-Term Servicing Channel |
 | --- | --- | --- | --- |
 | Home | ![yes.](images/checkmark.png)|![no](images/crossmark.png)    | ![no](images/crossmark.png)|
 | Pro | ![yes.](images/checkmark.png) | ![yes](images/checkmark.png) |  ![no](images/crossmark.png)|
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@ -1,6 +1,6 @@
 ---
 title: How Windows Update works 
-description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 devices.
+description: In this article, learn about the process Windows Update uses to download and install updates on a Windows client devices.
 ms.prod: w10
 ms.mktglfcycl: 
 audience: itpro
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@ -1,6 +1,6 @@
 ---
-title: Update Windows 10 in enterprise deployments (Windows 10)
+title: Update Windows client in enterprise deployments
-description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows 10.
+description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows client.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@ -10,19 +10,18 @@ ms.author: jaimeo
 ms.topic: article
 ---
-# Update Windows 10 in enterprise deployments
+# Update Windows client in enterprise deployments
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
-Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows 10 devices in your environment. In addition, with the Windows 10 operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. 
+Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. 
 >[!TIP]
 >See [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history) for details about each Windows 10 update released to date. 
@ -30,20 +29,18 @@ Windows as a service provides a new way to think about building, deploying, and
 | Topic | Description|
 | --- | --- |
-| [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the new servicing model for Windows 10. |
+| [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the servicing model for Windows client. |
-| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
+| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows client; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
-| [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy.  |
+| [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy.  |
-| [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates.  |
+| [Assign devices to servicing branches for Windows client updates](/waas-servicing-channels-windows-10-updates.md) | Explains how to assign devices to the General Availability Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
 | [Assign devices to servicing branches for Windows 10 updates](./waas-servicing-channels-windows-10-updates.md) | Explains how to assign devices to the Semi-Annual Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
 | [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Update Compliance to monitor and manage Windows Updates on devices in your organization.  |
-| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution.  |
+| [Optimize update delivery](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution.  |
 | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.  |
-| [Deploy Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
+| [Deploy Windows client updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows client updates. |
-| [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows 10 updates.  |
+| [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates.  |
 | [Manage device restarts after updates](waas-restart.md) | Explains how to manage update related device restarts. |
 | [Manage additional Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
 | [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started) | Explains how the Windows Insider Program for Business works and how to become an insider. |
 >[!TIP]
->Windows servicing is changing, but for disaster recovery scenarios and bare-metal deployments of Windows 10, you still can use traditional imaging software such as Microsoft Endpoint Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows 10 images is similar to deploying previous versions of Windows.
+>For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Endpoint Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows.
 >With each release of a new feature update for CB, Microsoft makes available new .iso files for use in updating your custom images. Each Windows 10 build has a finite servicing lifetime, so it’s important that images stay up to date with the latest build. For detailed information about how to deploy Windows 10 to bare-metal machines or to upgrade to Windows 10 from previous builds of Windows, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md). Additionally, Windows 10 clients can move from any supported version of Windows 10 (i.e. Version 1511) to the latest version directly (i.e 1709).
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@ -14,6 +14,11 @@ ms.collection: m365initiative-coredeploy
 # Define update strategy with a calendar
 **Applies to**
 - Windows 10
 - Windows 11
 Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
 Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
@ -21,7 +26,7 @@ Today, more organizations are treating deployment as a continual process of upda
 Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, and so you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
 ## Calendar approaches
-You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
+You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
 ### Annual
 Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Manager and Microsoft 365 Apps release cycles:
@ -38,14 +43,4 @@ This cadence might be most suitable for you if any of these conditions apply:
 - You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
 ### Rapid
 This calendar shows an example schedule that installs each feature update as it is released, twice per year:
 [ ![Update calendar showing a faster update cadence.](images/rapid-calendar.png) ](images/rapid-calendar.png#lightbox)
 This cadence might be best for you if these conditions apply:
 - You have a strong appetite for change.
 - You want to continuously update supporting infrastructure and unlock new scenarios.
 - Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office.
 - You have experience with feature updates for Windows 10.
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@ -39,10 +39,6 @@ update is published plus any deferral. In addition, this policy includes a confi
 to opt out of automatic restarts until the deadline is reached (although we recommend always allowing automatic
 restarts for maximum update velocity).
 > [!IMPORTANT]
 > If you use the new **Specify deadlines for automatic updates and restarts** setting in Windows 10,
 > version 1903, you must disable the [older deadline policies](wufb-compliancedeadlines.md#prior-to-windows-10-version-1709) because they could conflict.
 We recommend you set deadlines as follows:
 - Quality update deadline, in days: 3
 - Feature update deadline, in days: 7
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@ -1,5 +1,5 @@
 ---
-title: Configure Windows Update for Business (Windows 10)
+title: Configure Windows Update for Business
 ms.reviewer: 
 manager: laurawi
 description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
@ -19,13 +19,14 @@ ms.topic: article
 **Applies to**
 - Windows 10
 - Windows 11
 - Windows Server 2016
 - Windows Server 2019
 - Windows Server 2022
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
-
+You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).  
 You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).  
 > [!IMPORTANT]
 > Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
@ -33,7 +34,7 @@ You can use Group Policy or your mobile device management (MDM) service to confi
 ## Start by grouping devices
-By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be as a quality control measure as updates are deployed in Windows 10.  With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization. For more information, see [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md).  
+By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be as a quality control measure as updates are deployed.  With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization.  
 >[!TIP]
 >In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft’s design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/). 
@ -43,13 +44,13 @@ By grouping devices with similar deferral periods, administrators are able to cl
 ## Configure devices for the appropriate service channel
-With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the Semi-Annual Channel servicing branch. For more information on this servicing model, see [Windows 10 servicing options](waas-overview.md#servicing-channels). 
+With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the General Availability Channel servicing branch. For more information on this servicing model, see [Servicing channels](waas-overview.md#servicing-channels). 
 **Release branch policies**
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when feature updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
 | MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**BranchReadinessLevel** | \Microsoft\PolicyManager\default\Update\BranchReadinessLevel |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**RequireDeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
@ -64,9 +65,9 @@ Starting with Windows 10, version 1703, users can configure the branch readiness
 ## Configure when devices receive feature updates
-After you configure the servicing branch (Windows Insider Preview or Semi-Annual Channel), you can then define if, and for how long, you would like to defer receiving Feature Updates following their availability from Microsoft on Windows Update. You can defer receiving these Feature Updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.  
+After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.  
-For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
+For example, a device on the General Availability Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
 </br></br>
@ -74,7 +75,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when feature updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
 | MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferFeatureUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
@ -84,7 +85,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
 ## Pause feature updates
-You can also pause a device from receiving Feature Updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, you can then pause Feature Updates for the device again.
+You can also pause a device from receiving feature updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable feature updates. Following this scan, you can then pause feature updates for the device again.
 Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. 
@ -98,20 +99,20 @@ In cases where the pause policy is first applied after the configured start date
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when feature updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
 | MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
-You can check the date that Feature Updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
+You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
-The local group policy editor (GPEdit.msc) will not reflect whether the Feature Update pause period has expired. Although the device will resume Feature Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking Feature Updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
+The local group policy editor (GPEdit.msc) will not reflect whether the feature update pause period has expired. Although the device will resume feature updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking feature updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
 | Value | Status|
 | --- | --- |
-| 0 | Feature Updates not paused |
+| 0 | feature updates not paused |
-| 1 | Feature Updates paused |
+| 1 | feature updates paused |
-| 2 | Feature Updates have auto-resumed after being paused |
+| 2 | feature updates have auto-resumed after being paused |
 >[!NOTE]
 >If not configured by policy, individual users can pause feature updates by using **Settings > Update & security > Windows Update > Advanced options**.
@ -122,9 +123,9 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
 - Any pending update installations are canceled.
 - Any update installation running when pause is activated will attempt to roll back.
-## Configure when devices receive Quality Updates
+## Configure when devices receive quality updates
-Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
+Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
 You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
@ -160,15 +161,15 @@ In cases where the pause policy is first applied after the configured start date
 | MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
-You can check the date that quality Updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
+You can check the date that quality updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
-The local group policy editor (GPEdit.msc) will not reflect whether the quality Update pause period has expired. Although the device will resume quality Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
+The local group policy editor (GPEdit.msc) will not reflect whether the quality update pause period has expired. Although the device will resume quality updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
 | Value | Status|
 | --- | --- |
-| 0 | Quality Updates not paused |
+| 0 | quality updates not paused |
-| 1 | Quality Updates paused |
+| 1 | quality updates paused |
-| 2 | Quality Updates have auto-resumed after being paused |
+| 2 | quality updates have auto-resumed after being paused |
 >[!NOTE]
 >If not configured by policy, individual users can pause quality updates by using **Settings > Update & security > Windows Update > Advanced options**.
@ -193,8 +194,8 @@ The **Manage preview builds** setting gives administrators control over enabling
 >* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds**
 >* MDM: **System/AllowBuildPreview**
-The policy settings to **Select when Feature Updates are received** allows you to choose between preview flight rings, and allows you to defer or pause their delivery.
+The policy settings to **Select when feature updates are received** allows you to choose between preview flight rings, and allows you to defer or pause their delivery.
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
+* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and feature updates are received*
 * MDM: **Update/BranchReadinessLevel**
 ## Exclude drivers from quality updates
@ -216,7 +217,7 @@ The following are quick-reference tables of the supported policy values for Wind
 | GPO Key |	Key type | Value |
 | --- | --- | --- |
-| BranchReadinessLevel	| REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
+| BranchReadinessLevel	| REG_DWORD | 2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709)</br></br>Other value or absent: receive all applicable updates |
 | DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: don’t defer quality updates | 
 | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
 | PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
@ -230,7 +231,7 @@ The following are quick-reference tables of the supported policy values for Wind
 | MDM Key | Key type | Value |
 | --- | --- | --- |
-| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
+| BranchReadinessLevel | REG_DWORD |2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709) </br>32: systems take feature updates from General Availability Channel </br>Note: Other value or absent: receive all applicable updates |
 | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
 | PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
 | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
@ -253,20 +254,3 @@ When a device running a newer version sees an update available on Windows Update
 | PauseFeatureUpdates | PauseFeatureUpdatesStartTime |
 | PauseQualityUpdates | PauseQualityUpdatesStartTime |
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
 - [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
 - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@ -20,6 +20,7 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for more Group Policy settings?** See the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158).
@ -116,8 +117,11 @@ Download mode dictates which download sources clients are allowed to use when do
 | Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. |
 |Bypass (100) |	Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using Configuration Manager. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. |
 > [!NOTE]
 > Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of Download Mode is no longer used.
 >[!NOTE]
->Group mode is a best-effort optimization and should not be relied on for an authentication of identity of devices participating in the group.
+>When you use AAD tenant, AD Site, or AD Domain as source of group IDs, that the association of devices participating in the group should not be relied on for an authentication of identity of those devices.
 ### Group ID
@ -160,7 +164,7 @@ In environments configured for Delivery Optimization, you might want to set an e
 ### Max Cache Size
-This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows 10 client device that has 100 GB of available drive space, then Delivery Optimization will use up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. The default value for this setting is 20.
+This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization will use up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. The default value for this setting is 20.
 ### Absolute Max Cache Size
@ -197,8 +201,9 @@ Starting in Windows 10, version 1803, specifies the maximum background download
 Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 ### Select a method to restrict peer selection
-Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option.  
+Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2).
-Currently the only available option is **1 = Subnet mask**. The subnet mask option applies to both Download Modes LAN (1) and Group (2).  
+
 If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID).
 ### Delay background download from http (in secs)
 Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
--- a/windows/deployment/update/waas-delivery-optimization-setup.md
+++ b/windows/deployment/update/waas-delivery-optimization-setup.md
@ -2,7 +2,7 @@
 title: Set up Delivery Optimization
 ms.reviewer: 
 manager: laurawi
-description: In this article, learn how to set up Delivery Optimization, a new peer-to-peer distribution method in Windows 10.
+description: In this article, learn how to set up Delivery Optimization.
 keywords: oms, operations management suite, wdav, updates, downloads, log analytics
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -15,11 +15,12 @@ ms.topic: article
 ms.custom: seo-marvel-apr2020
 ---
-# Set up Delivery Optimization for Windows 10 updates
+# Set up Delivery Optimization for Windows client updates
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@ -1,5 +1,5 @@
 ---
-title: Delivery Optimization for Windows 10 updates
+title: Delivery Optimization for Windows client updates
 manager: laurawi
 description: This article provides information about Delivery Optimization, a peer-to-peer distribution method in Windows 10.
 keywords: oms, operations management suite, wdav, updates, downloads, log analytics
@ -16,12 +16,12 @@ ms.topic: article
 ms.custom: seo-marvel-apr2020
 ---
-# Delivery Optimization for Windows 10 updates
+# Delivery Optimization for Windows client updates
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158).
@ -29,44 +29,17 @@ Windows updates, upgrades, and applications can contain packages with very large
 Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that in order to use the peer-to-peer functionality of Delivery Optimization, devices must have access to the internet.
-For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md).
+For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md).
 >[!NOTE]
 >WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead. 
-## New in Windows 10, version 2004
+## New in Windows 10, version 20H2 and Windows 11
- Enterprise network throttling: new settings have been added in Group Policy and mobile device management (MDM) to control foreground and background throttling as absolute values (Maximum Background Download Bandwidth in (in KB/s)). These settings are also available in the Windows user interface:
+- New peer selection options: Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)."
-
+- Local Peer Discovery: a new option for **Restrict Peer Selection By** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID).
-  ![absolute bandwidth settings in delivery optimization interface.](images/DO-absolute-bandwidth.png)
+- Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of [Download Mode](waas-delivery-optimization-reference.md#download-mode) is no longer used.
 - Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
 - New options for [`Get-DeliveryOptimizationPerfSnap`](waas-delivery-optimization-setup.md#analyze-usage).
 - New cmdlets:
    - `Enable-DeliveryOptimizationVerboseLogs`
    - `Disable-DeliveryOptimizationVerboseLogs`
    - `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]`
 - New policy settings:
    - [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname)
    - [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source)
    - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs); replaces DOPercentageMaxDownloadBandwidth
    - [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs)
 - Removed policy settings (if you set these policies in Windows 10, 2004, they will have no effect):
    - DOMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) or [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead.
    - DOPercentageMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) or [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead.
    - DOMaxUploadBandwidth
 - Support for new types of downloads:
    - Office installs and updates
    - Xbox game pass games
    - MSIX apps (HTTP downloads only)
    - Microsoft Edge browser installations and updates
    - [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) 
 ## Requirements
@ -82,8 +55,8 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Download package | Minimum Windows version |
 |------------------|---------------|
-| Windows 10 updates (feature updates and quality updates) | 1511 |
+| Windows client updates (feature updates and quality updates) | 1511 |
-| Windows 10 drivers | 1511 |
+| Windows client drivers | 1511 |
 | Windows Store files | 1511 |
 | Windows Store for Business files | 1511 |
 | Windows Defender definition updates | 1511 |
@ -100,7 +73,7 @@ The following table lists the minimum Windows 10 version that supports Delivery
-In Windows 10 Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT, but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune.
+In Windows client Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT, but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune.
 For more information, see "Download mode" in [Delivery optimization reference](waas-delivery-optimization-reference.md).
@ -242,7 +215,7 @@ Try a Telnet test between two devices on the network to ensure they can connect
 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run `telnet 192.168.9.17 7680` (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success.
 > [!NOTE]
-> You can also use [Test-NetConnection](/powershell/module/nettcpip/test-netconnection?view=windowsserver2019-ps) instead of Telnet to run the test.
+> You can also use [Test-NetConnection](/powershell/module/nettcpip/test-netconnection) instead of Telnet to run the test.
 > **Test-NetConnection -ComputerName 192.168.9.17 -Port 7680**
 ### None of the computers on the network are getting updates from peers
@ -254,28 +227,3 @@ Check Delivery Optimization settings that could limit participation in peer cach
 - Enable peer caching while the device connects using VPN.
 - Allow uploads when the device is on battery while under the set battery level
 ## Learn more
 [Windows 10, Delivery Optimization, and WSUS](/archive/blogs/mniehaus/windows-10-delivery-optimization-and-wsus-take-2)
 ## Related articles
 - [Update Windows 10 in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
 - [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
 - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
@ -1,62 +0,0 @@
 ---
 title: Build deployment rings for Windows client updates
 description: Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 # Build deployment rings for Windows client updates
 **Applies to**
 -   Windows 10
 -   Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 > [!NOTE]
 > We're in the process of updating this topic with more definitive guidance. In the meantime, see [this post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) on the Windows 10 IT Pro blog for some great suggestions for a deployment ring structure.
 For Windows as a service, maintenance is ongoing and iterative. Deploying previous versions of Windows required organizations to build sets of users to roll out the changes in phases. Typically, these users ranged (in order) from the most adaptable and least risky to the least adaptable or riskiest. With Windows 10, a similar methodology exists, but construction of the groups is a little different. 
 Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows client, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings. 
 Defining deployment rings is generally a one-time event (or at least infrequent), but IT should revisit these groups to ensure that the sequencing is still correct. Also, there are times in which client computers could move between different deployment rings when necessary.
 Table 1 provides an example of the deployment rings you might use. 
 **Table 1**
 | Deployment ring | Servicing channel | Deferral for feature updates | Deferral for quality updates | Example |
 | --- | --- | --- | --- | --- |
 | Preview | Windows Insider Program | None | None | A few machines to evaluate early builds prior to their arrival to the Semi-Annual channel |
 | Broad | Semi-Annual channel | 120 days | 7-14 days | Broadly deployed to most of the organization and monitored for feedback</br>Pause updates if there are critical issues |
 | Critical | Semi-Annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for some time by most of the organization |
 >[!NOTE]
 >In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC does not receive feature updates. 
 As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense. 
 ## Steps to manage updates for Windows client
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
 | ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | Build deployment rings for Windows client updates (this article) |
 | ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@ -1,5 +1,5 @@
 ---
-title: Integrate Windows Update for Business (Windows 10)
+title: Integrate Windows Update for Business
 description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
 ms.prod: w10
 ms.mktglfcycl: manage
@ -17,6 +17,7 @@ ms.topic: article
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
@ -25,7 +26,7 @@ You can integrate Windows Update for Business deployments with existing manageme
 ## Integrate Windows Update for Business with Windows Server Update Services
-For Windows 10, version 1607, devices can now be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS).  In a joint WSUS and Windows Update for Business setup:
+For Windows 10, version 1607 and later, devices can be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS).  In a joint WSUS and Windows Update for Business setup:
 - Devices will receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy
 - All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows will not follow your Windows Update for Business deferral policies
@ -34,7 +35,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
 **Configuration:**
- Device is configured to defer Windows Quality Updates using Windows Update for Business
+- Device is configured to defer Windows quality updates using Windows Update for Business
 - Device is also configured to be managed by WSUS
 - Device is not configured to enable Microsoft Update (**Update/AllowMUUpdateService** = not enabled)
 - Admin has opted to put updates to Office and other products on WSUS
@ -46,11 +47,11 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
 <tr><td>Third-party drivers</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
 </table>
-### Configuration example \#2: Excluding drivers from Windows Quality Updates using Windows Update for Business 
+### Configuration example \#2: Excluding drivers from Windows quality updates using Windows Update for Business 
 **Configuration:**
- Device is configured to defer Windows Quality Updates and to exclude drivers from Windows Update Quality Updates (**ExcludeWUDriversInQualityUpdate** = enabled)
+- Device is configured to defer Windows quality updates and to exclude drivers from Windows Update quality updates (**ExcludeWUDriversInQualityUpdate** = enabled)
 - Device is also configured to be managed by WSUS
 - Admin has opted to put Windows Update drivers on WSUS
@ -66,7 +67,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
 **Configuration:**
- Device is configured to defer Quality Updates using Windows Update for Business and to be managed by WSUS
+- Device is configured to defer quality updates using Windows Update for Business and to be managed by WSUS
 - Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
 - Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
@ -86,26 +87,9 @@ In this example, the deferral behavior for updates to Office and other non-Windo
 ## Integrate Windows Update for Business with Microsoft Endpoint Configuration Manager
-For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (i.e. setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
+For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
 ![Example of unknown devices.](images/wufb-sccm.png)
 For more information, see [Integration with Windows Update for Business in Windows 10](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
 - [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md) 
 - [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
 - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@ -21,9 +21,6 @@ ms.topic: article
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 >[!IMPORTANT]
 >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy or the registry. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
 WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Endpoint Manager provides.
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@ -1,5 +1,5 @@
 ---
-title: Windows Update for Business (Windows 10)
+title: Windows Update for Business
 ms.reviewer: 
 manager: laurawi
 description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
@ -18,14 +18,15 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 - Windows 10
 - Windows 11
-Windows Update for Business is a free service that is available for all premium editions including Windows 10 Pro, Enterprise, Pro for Workstation, and Education editions. 
+Windows Update for Business is a free service that is available for all premium editions including Windows 10 and Windows 11 Pro, Enterprise, Pro for Workstation, and Education editions. 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
-Windows Update for Business enables IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated.
+Windows Update for Business enables IT administrators to keep the Windows client devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when devices are updated.
 Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
@ -46,7 +47,7 @@ Windows Update for Business enables an IT administrator to receive and manage a
 Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
+- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available.
 - **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
 - **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer. 
 - **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
@ -62,16 +63,15 @@ You can defer or pause the installation of updates for a set period of time.
 The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
- Windows Insider Fast
+- Windows Insider Dev
- Windows Insider Slow
+- Windows Insider Beta
- Windows Insider Release Preview
+- Windows Insider Preview
- Semi-Annual Channel
+- General Availability Channel
 Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 #### Defer an update
-A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy.
+A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
 |Category  |Maximum deferral period  |
@ -88,7 +88,7 @@ A Windows Update for Business administrator can defer the installation of both f
 If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
 If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
-To pause feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
+To pause feature updates, use the **Select when Preview Builds and feature updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
 Built-in benefits:
 When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
@ -110,9 +110,9 @@ Windows Update for Business provides controls to help meet your organization’s
 Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
-1.	Automatically download, install, and restart (default if no restart policies are set up or enabled)
+1. Automatically download, install, and restart (default if no restart policies are set up or enabled).
-2.	Use the default notifications 
+2. Use the default notifications.
-3.	Set update deadlines
+3. Set update deadlines.
 ##### Setting deadlines 
@ -121,101 +121,11 @@ A compliance deadline policy (released in June 2019) enables you to set separate
 This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This approach is useful in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
 #### Update Baseline
-The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
+
 The large number of different policies offered can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
 The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
 >[!NOTE]
->The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when.
+>The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when. Update Baseline is not currently supported for Windows 11.
 <!--
 >[!NOTE]
 > To use Windows Update for Business, you must allow devices to access the Windows Update service.
 ## Types of updates managed by Windows Update for Business
 Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
 - **Feature updates:** previously referred to as upgrades, feature updates contain not only security and quality revisions, but also significant feature additions and changes; they are released semi-annually in the fall and in the spring.
 - **Quality updates:** these are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and can configure devices to receive or not receive such updates along with their Windows updates.
 - **Driver updates:** these are non-Microsoft drivers that are applicable to your devices. Driver updates can be turned off by using Windows Update for Business policies. 
 - **Microsoft product updates**: these are updates for other Microsoft products, such as Office. These updates can be enabled or disabled by using Windows Update for Business policy.
 ## Offering
 You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period.
 ### Manage which updates are offered
 Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates.   
 - Disable Drivers (on/off): When "on," this policy will not include drivers with Windows Update.
 - Microsoft product updates (on/off): When "on" this policy will install updates for other Microsoft products.
 ### Manage when updates are offered
 You can defer or pause the installation of updates for a set period of time.
 #### Defer or pause an update
 A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device (if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days). To defer feature updates use the **Select when Preview Builds and Feature Updates are Received** policy.
 |Category |Maximum deferral  |
 |---------|---------|
 |Feature updates     |  365 days       |
 |Quality updates     |  30 days       |
 |Non-deferrable     |   none      |
 #### Pause an update
 If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days to prevent other devices from installing it until the issue is mitigated.
 If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
 To pause feature updates use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
 #### Select branch readiness level for feature updates
 The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
 - Windows Insider Program for Business pre-release updates
    - Windows Insider Fast 
    - Windows Insider Slow 
    - Windows Insider Release Preview 
    - Semi-Annual Channel for released updates
 Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 ### Recommendations
 For the best experience with Windows Update, follow these guidelines: 
 -    Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
 -    Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
 -    Make sure that devices have at least 10 GB of free space.
 -    Give devices unobstructed access to the Windows Update service.
 ## Monitor Windows Updates by using Update Compliance
 Update Compliance provides a holistic view of operating system update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This  service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without extra infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
 ![Update Compliance Dashboard.](images/waas-wufb-update-compliance.png)
 For more information about Update Compliance, see [Monitor Windows Updates using Update Compliance](update-compliance-monitor.md).
 ## Steps to manage updates for Windows 10
 | | |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
 | ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | Deploy updates using Windows Update for Business (this topic) </br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
--- a/windows/deployment/update/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/update/waas-optimize-windows-10-updates.md
@ -1,6 +1,6 @@
 ---
-title: Optimize update delivery for Windows client updates
+title: Optimize Windows update delivery
-description: Two methods of peer-to-peer content distribution are available in Windows 10, Delivery Optimization and BranchCache.
+description: Two methods of peer-to-peer content distribution are available, Delivery Optimization and BranchCache.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@ -11,7 +11,7 @@ manager: laurawi
 ms.topic: article
 ---
-# Optimize Windows client update delivery
+# Optimize Windows update delivery
 **Applies to**
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@ -1,6 +1,6 @@
 ---
-title: Overview of Windows as a service (Windows 10)
+title: Overview of Windows as a service
-description: Windows as a service introduces a new way to build, deploy, and service Windows. Learn how Windows as a service works.
+description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
 keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
 ms.prod: w10
 ms.mktglfcycl: manage
@ -18,10 +18,11 @@ ms.topic: article
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
-The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. 
+Windows as a service is a way to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. 
 ## Building
@ -35,87 +36,65 @@ Of course Microsoft also performs extensive internal testing, with engineering t
 ## Deploying
-Deploying Windows 10 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, an easy in-place upgrade process can be used to automatically preserve all apps, settings, and data. And once running Windows 10, deployment of Windows 10 feature updates will be equally simple.
+Deploying Windows 10 and Windows 11 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, you can use an easy in-place upgrade process to automatically preserve all apps, settings, and data. Afterwards, deployment of feature updates is equally simple.
 One of the biggest challenges for organizations when it comes to deploying a new version of Windows is compatibility testing. Whereas compatibility was previously a concern for organizations upgrading to a new version of Windows, Windows 10 is compatible with most hardware and software capable of running on Windows 7 or later. Because of this high level of compatibility, the app compatibility testing process can be greatly simplified. 
 ### Application compatibility
-Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7 and has been working to make Windows 10 upgrades a much better experience.
+Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. .
 Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal.  Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. 
 For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics is a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](/mem/configmgr/desktop-analytics/ready-for-windows).
 ### Device compatibility
 Device compatibility in Windows 10 is also very strong; new hardware is not needed for Windows 10 as any device capable of running Windows 7 or later can run Windows 10. In fact, the minimum hardware requirements to run Windows 10 are the same as those required for Windows 7. Most hardware drivers that functioned in Windows 8.1, Windows 8, or Windows 7 will continue to function in Windows 10. 
 ## Servicing
-Traditional Windows servicing has included several release types: major revisions (e.g., the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality twice per year, and quality updates that provide security and reliability fixes at least once a month. 
+Traditional Windows servicing has included several release types: major revisions (for example, the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10 and Windows 11, there are two release types: feature updates that add new functionality and quality updates that provide security and reliability fixes. 
-With Windows 10, organizations will need to change the way they approach deploying updates. Servicing channels are the first way to separate users into deployment groups for feature and quality updates. With the introduction of servicing channels comes the concept of a [deployment ring](waas-deployment-rings-windows-10-updates.md), which is simply a way to categorize the combination of a deployment group and a servicing channel to group devices for successive waves of deployment. For more information about developing a deployment strategy that leverages servicing channels and deployment rings, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). 
+Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that leverages servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md). 
-For information about each servicing tool available for Windows 10, see [Servicing tools](#servicing-tools).
+For information about each servicing tool, see [Servicing tools](#servicing-tools).
-To align with this new update delivery model, Windows 10 has three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For information about the servicing channels available in Windows 10, see [Servicing channels](#servicing-channels).
+There are three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For more information, see [Servicing channels](#servicing-channels).
 ### Naming changes
-There are currently two release channels for Windows 10:
+There are currently three release channels for Windows clients:
- The **Semi-Annual Channel** receives feature updates twice per year. 
+- The **General Availability Channel** receives feature updates as soon as they are available. 
 - The **Long-Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
 - The **Windows Insider Program** provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update.
 >[!NOTE]
 >With each General Availability release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. 
 >[!IMPORTANT]
->With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. The "Semi-Annual Channel (Targeted)" designation is no longer used. For more information, see the blog post [Windows 10 and the "disappearing" SAC-T](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747).
+>Devices on the General Availability Channel must have their diagnostic data set to **1 (Basic)** or higher in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
 > [!NOTE]
 >For additional information, see the section about [Servicing Channels](#servicing-channels). 
 >
 >You can also read the blog post [Waas simplified and aligned](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/), with details on this change. 
 >[!IMPORTANT]
 >Devices on the Semi-Annual Channel must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
 ### Feature updates
-With Windows 10, Microsoft will package new features into feature updates that can be deployed using existing management tools. Because feature updates are delivered more frequently than with previous Windows releases — twice per year, around March and September, rather than every 3–5 years — changes will be in bite-sized chunks rather than all at once and end user readiness time much shorter. 
+New features are packaged into feature updates that you can deploy using existing management tools. These changes come in bite-sized chunks rather than all at once, decreasing user readiness time. 
 ### Quality updates
 Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes.
-In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment devices contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates.
+Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
 **Figure 1**
 ![Comparison of patch environment in enterprise compared to test.](images/waas-overview-patch.png)
 ## Servicing channels 
-To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. 
+There are three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [General Availability Channel](#general-availability-channel) provides new functionality with feature update releases. Organizations can choose when to deploy updates from the General Availability Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information).
 With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information).
 The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools).
 > [!NOTE]
-> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). 
+> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md). 
-### Semi-Annual Channel
+### General Availability Channel
-In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Starting with Windows 10, version 1607, more servicing tools that can delay feature updates for up to 365 days are available. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
+In the General Availability Channel, feature updates are available as soon as Microsoft releases them. This servicing model is ideal for pilot deployments and testing of feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
-When Microsoft officially releases a feature update for Windows 10, it is made available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools).
+When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about servicing tools, see [Servicing tools](#servicing-tools).
 Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases.  All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release.
 > [!NOTE]
 > All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
 > 
@ -125,82 +104,44 @@ Organizations are expected to initiate targeted deployment on Semi-Annual Channe
 ### Long-term Servicing Channel
-Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Windows 10 Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
+Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
 > [!NOTE]
 > Windows 10 Enterprise LTSB is a separate Long-Term Servicing Channel version.
 >
-> Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel.
+> The Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the General Availability channel.
-Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
+Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 or Windows 11 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
 > [!NOTE]
-> Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
+> LTSB releases will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
-The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading.
+The Long-term Servicing Channel is available only in the Windows 10 or Windows 11 Enterprise LTSB editions. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSB editions, even if you install by using sideloading.
 > [!NOTE]
 > If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel.
 ### Windows Insider
-For many IT pros, gaining visibility into feature updates early—before they’re available to the Semi-Annual Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next Semi-Annual Channel release. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
+For many IT pros, gaining visibility into feature updates early--before they’re available to the Semi-Annual Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next General Availability release. Windows Insiders can consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
 Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started).
 >[!NOTE]
 >Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. 
 >
 > The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. 
 ## Servicing tools
-There are many tools with which IT pros can service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
+There are many tools you can use to service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 device.
+- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the **Defer upgrades** check box in **Start\Settings\Update & Security\Advanced Options** on a Windows client device.
- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes control over update deferment and provides centralized management using Group Policy. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune.
+- **Windows Update for Business** includes control over update deferment and provides centralized management using Group Policy or MDM. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the General Availability Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Microsoft Intune.
- **Windows Server Update Services (WSUS)** provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. 
+- **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. 
 - **Microsoft Endpoint Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. 
-With all these options, which an organization chooses depends on the resources, staff, and expertise its IT organization already has. For example, if IT already uses Microsoft Endpoint Manager to manage Windows updates, it can continue to use it. Similarly, if IT is using WSUS, it can continue to use that. For a consolidated look at the benefits of each tool, see Table 1.
+**Servicing tools comparison**
 **Table 1**
 | Servicing tool | Can updates be deferred? | Ability to approve updates | Peer-to-peer option | Additional features |
 | --- | --- | --- | --- | --- |
 | Windows Update | Yes (manual) | No | Delivery Optimization | None|
 | Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects |
 | WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
-| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows 10 Update Delivery](./waas-optimize-windows-10-updates.md) | Distribution points, multiple deployment options |
+| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows Update Delivery](./waas-optimize-windows-10-updates.md) | Distribution points, multiple deployment options |
 >[!NOTE]
 >Due to [naming changes](#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
 </br>
 ## Steps to manage updates for Windows 10
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | Learn about updates and servicing channels (this topic) |
 | ![to do.](images/checklistbox.gif) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md)
 - [Quick guide to Windows as a service](waas-quick-start.md) 
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@ -18,17 +18,18 @@ ms.topic: article
 **Applies to**
 - Windows 10
 - Windows 11
-Windows as a service is a new concept, introduced with the release of Windows 10. While [an extensive set of documentation](index.md) is available explaining all the specifics and nuances, here is a quick guide to the most important concepts.
+Here is a quick guide to the most important concepts in Windows as a service. For more information, see the [extensive set of documentation](index.md).
 ## Definitions
 Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean.
- **Feature updates** are released twice per year, around March and September. As the name suggests, these updates add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
+- **Feature updates** are released twice per year, around March and September. As the name suggests, these updates add new features, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
 - **Quality updates** deliver both security and non-security fixes. They are typically released on the second Tuesday of each month, though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md).
 - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
 - **Servicing channels** allow organizations to choose when to deploy new features. 
-    - The **Semi-Annual Channel** receives feature updates twice per year. 
+    - The **General Availability Channel** receives feature updates as they become available. 
    - The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
 - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. 
@ -36,42 +37,20 @@ See [Overview of Windows as a service](waas-overview.md) for more information.
 For some interesting in-depth information about how cumulative updates work, see [Windows Updates using forward and reverse differentials](PSFxWhitepaper.md).
-## Key Concepts
+## Key concepts
-Windows 10 gains new functionality with twice-per-year feature update releases. Initially, organizations will use these feature update releases for pilot deployments to ensure compatibility with existing apps and infrastructure. With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. 
+With each release in the General Availability Channel, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. 
-All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607 and later. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18-month lifecycle.
+Windows 10 and Windows 11 Enterprise LTSB are separate **Long-Term Servicing Channel** versions. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
-Windows 10 Enterprise LTSB is a separate **Long-Term Servicing Channel** version. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
+For more information, see [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md).
 For more information, see [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md).
 ## Staying up to date
-The process for keeping Windows 10 up to date involves deploying a feature update, at an appropriate time after its release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Endpoint Configuration Manager, and non-Microsoft products) to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
+To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Endpoint Configuration Manager, and non-Microsoft products) to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
-Because app compatibility, both for desktop apps and web apps, is outstanding with Windows 10, extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
+Extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
-This process repeats with each new feature update, twice per year. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
+This process repeats with each new feature update as they become available. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
 Other technologies such as BranchCache and Delivery Optimization, both peer-to-peer distribution tools, can help with the distribution of the feature update installation files.
 See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) and [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) for more information.
 ## Learn more
 - [Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft)
 - [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet)
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md) 
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@ -1,5 +1,5 @@
 ---
-title: Assign devices to servicing channels for Windows 10 updates (Windows 10)
+title: Assign devices to servicing channels for Windows client updates
 description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -19,18 +19,17 @@ ms.custom:
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 >[!TIP]
->If you're not familiar with the Windows 10 servicing or release channels, read [Servicing Channels](waas-overview.md#servicing-channels) first.
+>If you're not familiar with the servicing or release channels, read [Servicing Channels](waas-overview.md#servicing-channels) first.
 >
 >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
-The Semi-Annual Channel is the default servicing channel for all Windows 10 devices except devices with the LTSB edition installed. The following table shows the servicing channels available to each Windows 10 edition. 
+The General Availability Channel is the default servicing channel for all Windows 10 and Windows 11 devices except devices with the LTSB edition installed. The following table shows the servicing channels available to each edition. 
-| Windows 10 edition | Semi-Annual Channel | Long-Term Servicing Channel | Insider Program |
+| Edition | General Availability Channel | Long-Term Servicing Channel | Insider Program |
 | --- | --- | --- | --- |
 | Home | ![no.](images/crossmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) |
 | Pro | ![yes.](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) |
@ -41,48 +40,27 @@ The Semi-Annual Channel is the default servicing channel for all Windows 10 devi
 >[!NOTE]
->The LTSB edition of Windows 10 is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
+>The LTSB edition is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
 ## Assign devices to Semi-Annual Channel
 >[!IMPORTANT]
 >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
 >[!NOTE]
->Devices will automatically recieve updates from the Semi-Annual Channel, unless they are configured to recieve preview updates through the Windows Insider Program.
+>Devices will automatically receive updates from the Semi-Annual Channel, unless they are configured to receive preview updates through the Windows Insider Program.
 **To assign devices to the Semi-Annual Channel by using Group Policy**
 - In Windows 10, version 1607 and later releases:
    Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** - enable policy and set branch readiness level to the Semi-Annual Channel
 **To assign devices to the Semi-Annual Channel by using MDM**
 - In Windows 10, version 1607 and later releases:
    ../Vendor/MSFT/Policy/Config/Update/**BranchReadinessLevel**
 ## Enroll devices in the Windows Insider Program
-To get started with the Windows Insider Program for Business, you will need to follow a few steps:
+To get started with the Windows Insider Program for Business, follows these steps:
 1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/).
 2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
 3. Make sure the **Allow Telemetry** setting is set to **2** or higher.
-4. Starting with Windows 10, version 1709, set policies to manage preview builds and their delivery:
+4. For Windows 10, version 1709 or later, set policies to manage preview builds and their delivery:
 The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
 * MDM: **Update/ManagePreviewBuilds**
 The **Branch Readiness Level** settings allow you to choose between preview flight rings, and allows you to defer or pause the delivery of updates.
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
+* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and feature updates are received*
 * MDM: **Update/BranchReadinessLevel**
 For more information, see [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started)
@ -99,85 +77,3 @@ To prevent devices in your organization from being enrolled in the Insider Progr
 > * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
 > * MDM: **Update/ManagePreviewBuilds**
 ## Switching channels
 During the life of a device, it might be necessary or desirable to switch between the available channels. Depending on the channel you are using, the exact mechanism for doing this can be different; some will be simple, others more involved.
 <table>
 <colgroup>
 <col width="33%" />
 <col width="33%" />
 <col width="33%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">From this channel</th>
 <th align="left">To this channel</th>
 <th align="left">You need to</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left" rowspan="3">Windows Insider Program</td>
 </tr>
 <tr class="even">
 <td align="left">Semi-Annual Channel</td>
 <td align="left">Not directly possible</td>
 </tr>
 <tr class="odd">
 <td align="left">Long-Term Servicing Channel</td>
 <td align="left">Not directly possible (requires wipe-and-load).</td>
 </tr>
 <tr class="odd">
 <td align="left" rowspan="3">Semi-Annual Channel</td>
 <td align="left">Insider</td>
 <td align="left">Use the Settings app to enroll the device in the Windows Insider Program.</td>
 </tr>
 <tr class="even">
 </tr>
 <tr class="odd">
 <td align="left">Long-Term Servicing Channel</td>
 <td align="left">Not directly possible (requires wipe-and-load).</td>
 </tr>
 <tr class="even">
 <td align="left" rowspan="3">Long-Term Servicing Channel</td>
 <td align="left">Insider</td>
 <td align="left">Use media to upgrade to the latest Windows Insider Program build.</td>
 <tr class="even">
 <td align="left">Semi-Annual Channel</td>
 <td align="left">Use media to upgrade. Note that the Semi-Annual Channel build must be a later build.</td>
 </tr>
 </tbody>
 </table>
 ## Block user access to Windows Update settings
 In Windows 10, administrators can control user access to Windows Update.
 Administrators can disable the "Check for updates" option for users by enabling the Group Policy setting under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features**. Any background update scans, downloads, and installations will continue to work as configured. We don't recomment this setting if you have configured the device to "notify" to download or install as this policy will prevent the user from being able to do so.
 >[!NOTE]
 > Starting with Windows 10, any Group Policy user configuration settings for Windows Update are no longer supported.
 ## Steps to manage updates for Windows 10
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
 | ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | Assign devices to servicing channels for Windows 10 updates (this topic) |
 | ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md) 
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-servicing-differences.md
+++ b/windows/deployment/update/waas-servicing-differences.md
@ -1,126 +0,0 @@
 ---
 title: Servicing differences between Windows 10 and older operating systems
 ms.reviewer: 
 manager: laurawi
 description: In this article, learn the differences between servicing Windows 10 and servicing older operating systems.
 keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 ms.localizationpriority: medium
 ms.audience: itpro
 author: jaimeo
 ms.topic: article
 ms.collection: M365-modern-desktop
 ms.custom: seo-marvel-apr2020
 ---
 # Understanding the differences between servicing Windows 10-era and legacy Windows operating systems 
 > Applies to: Windows 10 
 > 
 > **February 15, 2019:  This document has been corrected and edited to reflect that security-only updates for legacy OS versions are not cumulative. They were previously identified as cumulative similar to monthly rollups, which is inaccurate.**
 Today, many enterprise customers have a mix of modern and legacy client and server operating systems. Managing the servicing and updating differences between those legacy operating systems and Windows 10 versions adds a level of complexity that is not well understood. This can be confusing. With the end of support for legacy [Windows 7 SP1](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020) and Windows Server 2008 R2 variants on January 14, 2020, System Administrators have a critical need to understand how best to leverage a modern workplace to support system updates.
 The following provides an initial overview of how updating client and server differs between the Windows 10-era Operating Systems (such as, Windows 10 version 1709, Windows Server 2016) and legacy operating systems (such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2). 
 > [!NOTE]
 > A note on naming convention in this article: For brevity, "Windows 10" refers to all operating systems across client, server and IoT released since July 2015, while "legacy" refers to all operating systems prior to that period for client and server, including Windows 7, Window 8.1, Windows Server 2008 R2, Windows Server 2012 R2, etc.
 ## Infinite fragmentation
 Prior to Windows 10, all updates to operating system (OS) components were published individually. On "Update Tuesday," customers would pick and choose individual updates they wanted to apply. Most chose to update security fixes, while far fewer selected non-security fixes, updated drivers, or installed .NET Framework updates. 
 As a result, each environment within the global Windows ecosystem that had only a subset of security and non-security fixes installed had a different set of binaries and behaviors than those that consistently installed every available update as tested by Microsoft. 
 This resulted in a fragmented ecosystem  that created diverse challenges in predictively testing interoperability, resulting in high update failure rates - which were subsequently mitigated by customers removing individual updates that were causing issues. Each customer that selectively removed individual updates amplified this fragmentation by creating more diverse environment permutations across the ecosystem. As an IT Administrator once quipped, "If you've seen one Windows 7 PC, you have seen one Windows 7 PC," suggesting no consistency or predictability across more than 250M commercial devices at the time.
 ## Windows 10 – Next generation
 Windows 10 provided an opportunity to end the era of infinite fragmentation. With Windows 10 and the Windows as a service model, updates came rolled together in the "latest cumulative update" (LCU) packages for both client and server. Every new update published includes all changes from previous updates, as well as new fixes. Since Windows client and server share the same code base, these LCUs allow the same update to be installed on the same client and server OS family, further reducing fragmentation.
 This helps simplify servicing. Devices with the original Release to Market (RTM) version of a feature release installed could get up to date by installing the most recent LCU. 
 Windows publishes the new LCU packages for each Windows 10 version (1607, 1709, etc.) on the second Tuesday of each month. This package is classified as a required security update and contains contents from the previous LCU as well as new security, non-security, and Internet Explorer 11 (IE11) fixes. A reboot of the device might be required to complete installation of the update.
 ![High level cumulative update model.](images/servicing-cadence.png)
 *Figure 1.0 - High level cumulative update model*
 Another benefit of the LCU model is fewer steps. Devices that have the original Release to Market (RTM) version of a release can install the most recent LCU to get up to date in one step, rather than having to install multiple updates with reboots after each.
 This cumulative update model for Windows 10 has helped provide the Windows ecosystem with consistent update experiences that can be predicted by baseline testing before release. Even with highly complex updates with hundreds of fixes, the number of incidents with monthly security updates for Windows 10 have fallen month over month since the initial release of Windows 10.
 ### Points to consider
 - Windows 10 does not have the concept of a Security-Only or Monthly Rollup for updates. All updates are an LCU package, which includes the last release plus anything new.
 - Windows 10 no longer has the concept of a "hotfix" since all individual updates must be rolled into the cumulative packages. (Note: Any private fix is offered for customer validation only, and then rolled into an LCU.)
 - [Updates for the .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in the Windows 10 LCU. They are separate packages with different behaviors depending on the version of .NET Framework being updated, and on which OS. As of October 2018, .NET Framework updates for Windows 10 will be separate and have their own cumulative update model.
 - For Windows 10, available update types vary by publishing channel: 
   - For customers using Windows Server Update Services (WSUS) and for the Update Catalog, several different updates types for Windows 10 are rolled together for the core OS in a single LCU package, with exception of Servicing Stack Updates.
   - Servicing Stack Updates (SSU) are available for download from the Update Catalog and can be imported through WSUS. Servicing Stack Updates (SSU) will be synced automatically (See this example for Windows 10, version 1709). Learn more about [Servicing Stack Updates](./servicing-stack-updates.md).
   - For customers connecting to Windows Update, the new cloud update architecture uses a database of updates which break out all the different update types, including Servicing Stack Updates (SSU) and Dynamic Updates (DU). The update scanning in the Windows 10 servicing stack on the client automatically takes only the updates that are needed by the device to be completely up to date.
 - Windows 7 and other legacy operating systems have cumulative updates that operate differently than in Windows 10 (see next section).
 ## Windows 7 and legacy OS versions
 While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in a fragmented environment, we moved Windows 7 to a cumulative update model in October 2016. 
 Customers saw the LCU model used for Windows 10 as having packages that were too large and represented too much of a change for legacy operating systems, so a different model was implemented. Windows instead offered one cumulative package (Monthly Rollup) and one individual package (Security Only) for all legacy operating systems.
 The Monthly Rollup includes new non-security (if appropriate), security updates, Internet Explorer (IE) updates, and all updates from the previous month similar to the Windows 10 model. The Security-only package includes only new security updates for the month. This means that any security updates from any previous month are not included in current month's Security-Only Package. If a Security-Only update is missed, it is missed. Those updates will not appear in a future Security-Only update. Additionally, a cumulative package is offered for IE, which can be tested and installed separately, reducing the total update package size. The IE cumulative update includes both security and non-security fixes following the same model as Windows 10.
 ![Legacy OS security-only update model.](images/security-only-update.png)
 *Figure 2.0 - Legacy OS security-only update model*
 Moving to the cumulative model for legacy OS versions continues to improve predictability of update quality. The Windows legacy environments which have fully updated machines with Monthly Rollups are running the same baseline against which all legacy OS version updates are tested. These include all of the updates (security and non-security) prior to and after October 2016. Many customer environments do not have all updates prior to this change installed, which leaves some continued fragmentation in the ecosystem. Further, customers who are installing Security-Only Updates and potentially doing so inconsistently are also more fragmented than Microsoft's test environments for legacy OS version. This remaining fragmentation results in issues like those seen when the September 2016 Servicing Stack Update (SSU) was needed for smooth installation of the August 2018 security update. These environments did not have the SSU applied previously.
 ### Points to consider
 - Windows 7 and Windows 8 legacy operating system updates [moved from individual to cumulative in October 2016](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783). Devices with updates missing prior to that point are still missing those updates, as they were not included in the subsequent cumulative packages. 
 -  "Hotfixes" are no longer published for legacy OS versions. All updates are rolled into the appropriate package depending on their classification as either non-security, security, or Internet Explorer updates. (Note: any private fix is offered for customer validation only. Once validated they are then rolled into a Monthly Rollup or IE cumulative update, as appropriate.)
 - Both Monthly Rollups and Security-only updates released on Update Tuesday for legacy OS versions are identified as "security required" updates, because both have the full set of security updates in them. The Monthly Rollup may have additional non-security updates that are not included in the Security Only update. The "security" classification requires the device be rebooted so the update can be fully installed.
 - Given the differences between the cumulative Monthly Rollups and the single-month Security-only update packages, switching between these update types is not advised. Differences in the baselines of these packages may result in installation errors and conflicts. Choosing one and staying on that update type with high consistency – Monthly Rollup or Security-only – is recommended.
 - With all Legacy OS versions now in the Extended Support stage of their 10-year lifecycle, they typically receive only security updates for both Monthly Rollup and Security Only updates. Using Express for the Monthly Rollup results in almost the same package size as Security Only, with the added confidence of ensuring all relevant updates are installed.
 - In [February 2017](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798), Windows pulled IE updates out of the legacy OS versions Security-only updates, while leaving them in the Monthly Rollup updates. This was done specifically to reduce package size based on customer feedback.
 - The IE cumulative update includes both security and non-security updates and is also needed for to help secure the entire environment. This update can be installed separately or as part of the Monthly Rollup.
 - [Updates for .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in legacy Monthly Rollup or Security Only packages. They are separate packages with different behaviors depending on the version of the .NET Framework, and which legacy OS, being updated.
 - For [Windows Server 2008 SP2](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/), cumulative updates began in October 2018, and follow the same model as Windows 7. Updates for IE9 are included in those packages, as the last supported version of Internet Explorer for that Legacy OS version. 
 ## Public preview releases
 Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that month's B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next month's B release package together with new security updates. Security-only Packages are not part of the C/D preview program.
 > [!NOTE]
 > Only preview updates for the most recent release of Windows 10 are published to Windows Server Update Services (WSUS). For customers using the WSUS channel, and products such as Microsoft Endpoint Manager that rely on it, will not see preview updates for older versions of Windows 10.
 > [!NOTE]
 > Preview updates for Windows 10 are not named differently than their LCU counterparts and do not contain the word 'Preview'. They can be identified by their release date (C or D week) and their classification as non-security updates.
 ### Examples
 Windows 10 version 1709:
 - (9B) September 11, 2018 Update Tuesday / B release - includes security, non-security and IE update. This update is categorized as "Required, Security" it requires a system reboot.
 - (9C) September 26, 2018 Preview C release - includes everything from 9B PLUS some non-security updates for testing/validation. This update is qualified as not required, non-security. No system reboot is required.
 - (10B) October 9, 2018 Update Tuesday / B release includes all fixes included in 9B, all fixes in 9C and introduces new security fixes and IE updates. This update is qualified as "Required, Security" and requires a system reboot.
 All of these updates are cumulative and build on each other for Windows 10. This is in contrast to legacy OS versions, where the 9C release becomes part of the "Monthly Rollup," but not the "Security Only" update. In other words, a Window 7 SP1 9C update is part of the cumulative "Monthly Rollup" but not included in the "Security Only" update because the fixes are qualified as "non-security". This is an important variation to note on the two models. 
 ![Preview releases in the Windows 10 LCU model.](images/servicing-previews.png)
 *Figure 3.0 - Preview releases within the Windows 10 LCU model*
 ## Previews vs. on-demand releases
 In 2018, we experienced incidents which required urgent remediation that didn't map to the monthly update release cadence. These incidents were situations that required an immediate fix to an Update Tuesday release. While Windows engineering worked aggressively to respond within a week of the B-release, these "on-demand" releases created confusion with the C Preview releases.
 As a general policy, if a Security-Only package has a regression, which is defined as an unintentional error in the code of an update, then the fix for that regression will be added to the next month's Security-Only Update. The fix for that regression may also be offered as part an On-Demand release and will be rolled into the next Monthly Update. (Note: Exceptions do exist to this policy, based on timing.)
 ### Point to consider
 - When Windows identifies an issue with a Update Tuesday release, engineering teams work to remediate or fix the issue as quickly as possible. The outcome is often a new update which may be released at any time, including during the 3rd or 4th week of the month. Such updates are independent of the regularly scheduled "C" and "D" update previews. These updates are created on-demand to remediate a customer impacting issue. In most cases they are qualified as a "non-security" update, and do not require a system reboot.
 - Rarely do incidents with Update Tuesday releases impact more than .1% of the total population. With the new Windows Update (WU) architecture, updates can be targeted to affected devices. This targeting is not available through the Update Catalog or WSUS channels, however. 
 - On-demand releases address a specific issue with an Update Tuesday release and are often qualified as "non-security" for one of two reasons. First, the fix may not be an additional security fix, but a non-security change to the update. Second, the "non-security" designation allows individuals or companies to choose when and how to reboot the devices, rather than forcing a system reboot on all Windows devices receiving the update globally. This trade-off is rarely a difficult choice as it has the potential to impact customer experience across client and server, across consumer and commercial customers for more than one billion devices.
 - Because the cumulative model is used across Window 10 and legacy Windows OS versions, despite variations between these OS versions, an out of band release will include all of the changes from the Update Tuesday release plus the fix that addresses the issue. And since Windows no longer releases hotfixes, everything is cumulative in some way.
 In closing, I hope this overview of the update model across current and legacy Windows OS versions highlights the benefits of the Windows 10 cumulative update model to help defragment the Windows ecosystem environments, simplify servicing and help make systems more secure. 
 ## Resources
 - [Simplifying updates for Windows 7 and 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplifying-updates-for-Windows-7-and-8-1/ba-p/166530) 
 - [Further simplifying servicing models for Windows 7 and Windows 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Further-simplifying-servicing-models-for-Windows-7-and-Windows-8/ba-p/166772) 
 - [More on Windows 7 and Windows 8.1 servicing changes](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783)  
 - [.NET Framework Monthly Rollups Explained](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/)   
 - [Simplified servicing for Windows 7 and Windows 8.1: the latest improvements](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798)  
 - [Windows Server 2008 SP2 servicing changes](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/) 
 - [Windows 10 update servicing cadence](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376) 
 - [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434)
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@ -12,7 +12,7 @@ ms.topic: article
 ms.collection: m365initiative-coredeploy
 ---
-# Prepare servicing strategy for Windows 10 updates
+# Prepare servicing strategy for Windows client updates
 **Applies to**
@ -23,39 +23,20 @@ ms.collection: m365initiative-coredeploy
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
-In the past, traditional Windows deployments tended to be large, lengthy, and expensive. Windows 10 offers a new approach to deploying both quality and feature updates, making the process much simpler and therefore the planning much more straightforward. With Windows as a service, the methodology around updating Windows has changed, moving away from major upgrades every few years to iterative updates twice per year. Each iteration contains a smaller subset of changes so that they won’t seem like substantial differences, like they do today. This image illustrates the level of effort needed for traditional Windows deployments versus servicing Windows 10 and how it is now spread evenly over time versus spiking every few years.
+Here’s an example of what this process might look like:
-
+- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Avialability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
-![Compare traditional servicing to Windows 10.](images/waas-strategy-fig1a.png)
+- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSB edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. 
 Windows 10 spreads the traditional deployment effort of a Windows upgrade, which typically occurred every few years, over smaller, continuous updates. With this change, you must approach the ongoing deployment and servicing of Windows differently. A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. Here’s an example of what this process might look like:
 - **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-Annual Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
 - **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-Annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. 
 - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). Always manage new group policies from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
+- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
+- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). 
+- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). 
 > [!NOTE]
 > This strategy is applicable to approaching an environment in which Windows 10 already exists. For information about how to deploy or upgrade to Windows 10 where another version of Windows exists, see [Plan for Windows 10 deployment](../planning/index.md).
 >
 > Windows 10 Enterprise LTSC is a separate Long-Term Servicing Channel version.
 Each time Microsoft releases a Windows 10 feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
 1.	**Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test machines” step of the Predeployment strategy section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase. For more information about device and application compatibility in Windows 10, see the section Compatibility.
 2.	**Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but it’s still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity will represent most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-Annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that you’re looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan in place to address it. 
 3.	**Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. 
-## Steps to manage updates for Windows client
+Each time Microsoft releases a feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
 1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test devices step of the previous section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase.
 2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it’s still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity will represent most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the “Recruit volunteers” step of the previous section. Be sure to communicate clearly that you’re looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it. 
 3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. 
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
 | ![done.](images/checklistdone.png) | Prepare servicing strategy for Windows client updates (this topic) |
 | ![to do.](images/checklistbox.gif) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@ -1,6 +1,6 @@
 ---
-title: Manage additional Windows Update settings (Windows 10)
+title: Manage additional Windows Update settings
-description: In this article, learn about additional settings to control the behavior of Windows Update in Windows 10.
+description: In this article, learn about additional settings to control the behavior of Windows Update.
 ms.prod: w10
 ms.mktglfcycl: deploy
 audience: itpro
@ -19,11 +19,12 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more.
+You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more.
 ## Summary of Windows Update settings
@ -45,7 +46,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure
 ## Scanning for updates
-With Windows 10, admins have a lot of flexibility in configuring how their devices scan and receive updates.
+Admins have a lot of flexibility in configuring how their devices scan and receive updates.
 [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) allows admins to point devices to an internal Microsoft update service location, while [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) gives them the option to restrict devices to just that internal update service. [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) controls how frequently devices scan for updates.
@ -55,7 +56,7 @@ Finally, to make sure the updating experience is fully controlled by the admins,
 For additional settings that configure when Feature and Quality updates are received, see [Configure Windows Update for Business](waas-configure-wufb.md).
-### Specify Intranet Microsoft update service location
+### Specify intranet Microsoft update service location
 Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
 This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
@ -138,11 +139,11 @@ To configure this policy with MDM, use [AllowNonMicrosoftSignedUpdate](/windows/
 To add more flexibility to the update process, settings are available to control update installation.
-[Configure Automatic Updates](#configure-automatic-updates) offers 4 different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates.
+[Configure Automatic Updates](#configure-automatic-updates) offers four different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates.
 ### Do not include drivers with Windows Updates
-Allows admins to exclude Windows Update (WU) drivers during updates.
+Allows admins to exclude Windows Update drivers during updates.
 To configure this setting in Group Policy, use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not include drivers with Windows Updates**.
 Enable this policy to not include drivers with Windows quality updates.
@ -247,12 +248,3 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
 *  WUStatusServer (REG_SZ)
   This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS).
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@ -1,5 +1,5 @@
 ---
-title: Configure Windows Update for Business via Group Policy (Windows 10)
+title: Configure Windows Update for Business via Group Policy
 description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy.
 ms.prod: w10
 ms.mktglfcycl: manage
@ -17,30 +17,30 @@ ms.topic: article
 **Applies to**
 - Windows 10
 - Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 ## Overview 
-You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) for more information. 
+You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) for more information. 
 An IT administrator can set policies for Windows Update for Business by using Group Policy, or they can be set locally (per device). All of the relevant policies are under the path **Computer configuration > Administrative Templates > Windows Components > Windows Update**.
 To manage updates with Windows Update for Business as described in this article, you should prepare with these steps, if you haven't already:
- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10.
+- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates.
 - Allow access to the Windows Update service.
 - Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates).
 ## Set up Windows Update for Business
-In this example, one security group is used to manage updates. Typically we would recommend having at least three rings (early testers for pre-release builds, broad deployment for releases, critical devices for mature releases) to deploy. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) for more information.
+In this example, one security group is used to manage updates. Typically we would recommend having at least three rings (early testers for pre-release builds, broad deployment for releases, critical devices for mature releases) to deploy. 
 Follow these steps on a device running the Remote Server Administration Tools or on a domain controller:
 ### Set up a ring
 1. Start Group Policy Management Console (gpmc.msc).
 2. Expand **Forest > Domains > *\<your domain\>**.
 3. Right-click *\<your domain>* and select **Create a GPO in this domain and link it here**.
@ -55,7 +55,7 @@ You can control when updates are applied, for example by deferring when an updat
 ### Determine which updates you want offered to your devices
-Both Windows 10 feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
+Both feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
 To enable Microsoft Updates use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates**  and select **Install updates for other Microsoft products**.
@ -69,14 +69,14 @@ Drivers are automatically enabled because they are beneficial to device systems.
 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 
 2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
-3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation.
+3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation.
 4. Select **OK**. 
 #### I want to manage which released feature update my devices receive
 A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you will not receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
- To defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are Received**
+- To defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are Received**
 - Defer or pause a quality update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are Received**
 #### Example
@ -111,12 +111,9 @@ At this point, the IT administrator can set a policy to pause the update. In thi
 Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again.
 #### I want to stay on a specific version
-If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the **Select the target Feature Update version** setting instead of  using the **Specify when Preview Builds and Feature Updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
+If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version, use the **Select the target feature update version** setting instead of  using the **Specify when Preview Builds and feature updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your devices to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
 When you set the target version policy, if you specify a feature update version that is older than your current version or set a value that isn't valid, the device will not receive any feature updates until the policy is updated. When you specify target version policy, feature update deferrals will not be in effect.
@ -189,24 +186,3 @@ Users with access to update pause settings can prevent both feature and quality
 When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
 If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to use all Windows Update features**.
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
 - [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
 - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@ -1,285 +0,0 @@
 ---
 title: Walkthrough use Intune to configure Windows Update for Business
 description: In this article, learn how to configure Windows Update for Business settings using Microsoft Intune.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 ms.localizationpriority: medium
 ms.audience: itpro
 ms.date: 07/27/2017
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ms.author: jaimeo
 author: jaimeo
 ---
 # Walkthrough: use Microsoft Intune to configure Windows Update for Business
 **Applies to**
 - Windows 10
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 >[!IMPORTANT]
 >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products.
 >
 >In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel.
 You can use Intune to configure Windows Update for Business even if you don't have on-premises infrastructure when you use Intune in conjunction with Azure AD. Before configuring Windows Update for Business, consider a [deployment strategy](waas-servicing-strategy-windows-10-updates.md) for updates and feature updates in your environment. 
 Windows Update for Business in Windows 10 version 1511 allows you to delay quality updates up to 4 weeks and feature updates up to an additional 8 months after Microsoft releases builds to the Current Branch for Business (CBB) servicing branch. In Windows 10 version 1607 and later, you can delay quality updates for up to 30 days and feature updates up to an additional 180 days after the release of either a Current Branch (CB) or CBB build.
 To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings. 
 >[!NOTE]
 >Coming soon: [Intune Groups will be converted to Azure Active Directory-based Security Groups](/intune/deploy-use/use-groups-to-manage-users-and-devices-with-microsoft-intune)
 ## Configure Windows Update for Business in Windows 10, version 1511
 In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from  Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). 
 - The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they're released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
 - The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release.
 >[!NOTE]
 >Although the [sample deployment rings](waas-deployment-rings-windows-10-updates.md) specify a feature update deferral of 2 weeks for Ring 5, deferrals in Windows 10, version 1511 are in increments of months only. 
 ### Configure the Ring 4 Broad business users deployment ring for CBB with no deferral
 1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials.
 2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
    ![Shows the UI for this step.](images/waas-wufb-intune-step2a.png)
 3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
 4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**.
 5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list.
 6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**.
 7. In the **Value** box, type **1**, and then click **OK**.
    >[!NOTE]
    >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
    ![Settings for the RequireDeferUpgrade policy.](images/waas-wufb-intune-step7a.png)
 8. For this deployment ring, you're required to enable only CBB, so click **Save Policy**.
 9. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**.
    >[!NOTE]
    >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
 10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**.
 You have now configured the **Ring 4 Broad business users** deployment ring to enable the CBB servicing branch. Now, you must configure **Ring 5 Broad business users #2** to accommodate a 1-week delay for quality updates and a 1-month delay for feature updates. 
 ### Configure the Ring 5 Broad business users \#2 deployment ring for CBB with deferrals
 1. In the Policy workspace, click **Configuration Policies**, and then click **Add**.
 2. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
 3. Name the policy **Windows Update for Business – CBB2**. Then, in the **OMA-URI Settings** section, click **Add**.
    In this policy, you add two OMA-URI settings, one for each deferment type.
 4. In **Setting name**, type **Enable Clients for CBB**, and then in the **Data type** list, select **Integer**.
 6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**. Then, in the **Value** box, type **1**.
 7. Click **OK** to save the setting.
 8. In the **OMA-URI Settings** section, click **Add**.
 9. For this setting, in **Setting name**, type **Defer Updates for 1 Week**, and then in the **Data type** list, select **Integer**.
 11. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpdatePeriod**. 
 12. In the **Value** box, type **1**.
 13. Click **OK** to save the setting.
 14. In the **OMA-URI Settings** section, click **Add**.
 15. For this setting, in **Setting name**, type **Defer Upgrades for 1 Month**, and then in the **Data type** list, select **Integer**.
 17. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpgradePeriod**.
 18. In the **Value** box, type **1**.
 19. Click **OK** to save the setting.
    Three settings should appear in the **Windows Update for Business – CBB2** policy.
    ![Settings for CBB2 policy.](images/waas-wufb-intune-step19a.png)
 20. Click **Save Policy**, and then click **Yes** at the **Deploy Policy** prompt.
 21. In the **Manage Deployment** dialog box, select the **Ring 5 Broad business users #2** computer group, click **Add**, and then click **OK**.
 ## Configure Windows Update for Business in Windows 10 version 1607
 To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings.
 In this example, you use three security groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to manage your updates: 
 - **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds 28 days after they are released.
 - **Ring 4 Broad business users** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch.
 - **Ring 5 Broad business users #2** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 14 days. 
 ### Configure Ring 2 Pilot Business Users policy
 1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials.
 2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
    ![Shows the UI for this step.](images/waas-wufb-intune-step2a.png)
 3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
 4. Name the policy **Windows Update for Business - CB2**. Then, in the **OMA-URI Settings** section, click **Add**.
 4. In **Setting name**, type **Enable Clients for CB**, and then select **Integer** from the **Data type** list.
 6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**.
 7. In the **Value** box, type **0**, and then click **OK**.
    >[!NOTE]
    >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
    ![Settings for the BranchReadinessLevel policy.](images/waas-wufb-intune-cb2a.png)
 8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 28 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 8. In **Setting name**, type **Defer feature updates for 28 days**, and then select **Integer** from the **Data type** list.
 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 11. In the **Value** box, type **28**, and then click **OK**.
    ![Settings for the DeferFeatureUpdatesPeriodInDays policy step 11.](images/waas-wufb-intune-step11a.png)
 9. Click **Save Policy**.
 9. In the **Deploy Policy: Windows Update for Business – CB2** dialog box, click **Yes**.
    >[!NOTE]
    >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
 10. In the **Manage Deployment: Windows Update for Business – CB2** dialog box, select the **Ring 2 Pilot Business Users** group, click **Add**, and then click **OK**.
 You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 4 Broad business users** to receive CBB features updates as soon as they're available.
 ### Configure Ring 4 Broad business users policy
 2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
    ![Shows the UI for this step.](images/waas-wufb-intune-step2a.png)
 3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
 4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**.
 5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list.
 6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**.
 7. In the **Value** box, type **1**, and then click **OK**.
    >[!NOTE]
    >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
 8. Because the **Ring 4 Broad business users** deployment ring receives the CBB feature updates immediately, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 9. In **Setting name**, type **Defer feature updates for 0 days**, and then select **Integer** from the **Data type** list.
 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 11. In the **Value** box, type **0**, and then click **OK**.
    ![Settings for the DeferFeatureUpdatesPeriodInDays policy for broad business.](images/waas-wufb-intune-cbb1a.png)
 12. Click **Save Policy**.
 13. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**.
     >[!NOTE]
     >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
 14. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**.
 You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they're available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates. 
 ### Configure Ring 5 Broad business users \#2 policy
 2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
    ![Shows the UI for this step.](images/waas-wufb-intune-step2a.png)
 3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
 4. Name the policy **Windows Update for Business - CBB2**. Then, in the **OMA-URI Settings** section, click **Add**.
 5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list.
 6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**.
 7. In the **Value** box, type **1**, and then click **OK**.
    >[!NOTE]
    >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
 8. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 9. In **Setting name**, type **Defer quality updates for 7 days**, and then select **Integer** from the **Data type** list.
 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesPeriodInDays**.
 11. In the **Value** box, type **7**, and then click **OK**.
 12. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 13. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list.
 14. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 15. In the **Value** box, type **14**, and then click **OK**.
    ![Settings for the DeferFeatureUpdatesPeriodInDays policy.](images/waas-wufb-intune-cbb2a.png)
 16. Click **Save Policy**.
 17. In the **Deploy Policy: Windows Update for Business – CBB2** dialog box, click **Yes**.
     >[!NOTE]
     >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
 18. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 5 Broad Business Users #2** group, click **Add**, and then click **OK**.
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
 - [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md) 
 - [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
 - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
 - [Manage device restarts after updates](waas-restart.md)
--- a/windows/deployment/update/wufb-autoupdate.md
+++ b/windows/deployment/update/wufb-autoupdate.md
@ -1,37 +0,0 @@
 ---
 title: Setting up Automatic Update in Windows Update for Business (Windows 10)
 description: In this article, learn how to configure Automatic Update in Windows Update for Business with group policies.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
 ms.audience: itpro
 ms.date: 06/20/2018
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ---
 # Set up Automatic Update in Windows Update for Business with group policies
 >Applies to: Windows 10
 Use the Automatic Update group policies to manage the interaction between Windows Update and clients.
 Automatic Update governs the "behind the scenes" download and installation processes. It's important to keep in mind the device limitation in your environment as the download and install process can consume processing power. The below section outlines the ideal configuration for devices with the least amount of user experience degradation.
 |Policy|Description |
 |-|-|
 |Configure Automatic Updates|Governs the installation activity that happens in the background. This allows you to configure the installation to happen during the [maintenance window](/configmgr/core/clients/manage/collections/use-maintenance-windows). Also, you can specify an installation time where the device will also try to install the latest packages. You can also pick a certain day and or week.|
 |Automatic Update Detection Frequency|Lets you set the scan frequency the device will use to connect to Windows Update to see if there is any available content. Default is 22 hours, but you can increase or decrease the frequency. Keep in mind a desktop computer may need to scan less frequently than laptops, which can have intermittent internet connection.|
 |Specify Intranet Microsoft Update Service Location|Used for Windows Server Update Services or Microsoft Endpoint Manager users who want to install custom packages that are not offered through Windows Update.|
 |Do not connect to any Windows Update Internet locations <br>Required for Dual Scan|Prevents access to Windows Update.|
 ## Suggested configuration
 |Policy|Location|Suggested configuration|
 |-|-|-|
 |Configure Automatic Updates|	GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates|	**Attention**: If you are using this policy, don't set it/configure it to get the default behavior. If you have set this policy, delete the reg key. This ensures the device uses the default behavior. Note that this is not the same as the default setting within the policy.<br><br> **Default behavior**: Download and installation happen automatically. The device will then be in a pending reboot state. <br><br>**Pro tip**: You can configure the scan frequency to be more frequent with the policy below.|
 |Automatic Update Detection Frequency|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Automatic Updates detection frequency|State: Enabled <br>**Check for updates on the following interval (hours)**: 22|
 |Do not connect to any Windows Update Internet locations (Required for Dual Scan) |	GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not connect to any Windows Update Internet locations	|State: Disabled |
--- a/windows/deployment/update/wufb-basics.md
+++ b/windows/deployment/update/wufb-basics.md
@ -1,30 +0,0 @@
 ---
 title: Configure the Basic group policy for Windows Update for Business
 description: In this article, you will learn how to configure the basic group policy for Windows Update for Business.
 ms.custom: seo-marvel-apr2020
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
 ms.localizationpriority: medium
 ms.audience: itpro
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ---
 # Configure the Basic group policy for Windows Update for Business
 For Windows Update for Business configurations to work, devices need to be configured with minimum [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) level of "Basic." Additionally, compliance reporting for configured devices is obtained using [Monitor Windows Update with Update Compliance](./update-compliance-monitor.md). To view your data in Update Compliance [diagnostics data must be enabled](/windows/deployment/update/windows-analytics-get-started#set-diagnostic-data-levels) and the devices must be configured with a commercial ID, a unique GUID created for an enterprise at the time of onboarding.
 |Policy name|Description |
 |-|-|
 |Allow Telemetry|Enables Microsoft to run diagnostics on your device and troubleshoot.|
 |Configure Commercial ID|This policy allows you to join the device to an entity.|
 ## Suggested configuration
 |Policy|Location|Suggested configuration|
 |-|-|-|
 |Allow Telemetry |GPO: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Allow Telemetry	|State: Enabled <br>**Option**: 1-Basic|
 |Configure Commercial ID|GPO: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Commercial ID	|State: Enabled <br>**Commercial ID**: The GUID created for you at the time of onboarding|
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@ -13,25 +13,20 @@ ms.topic: article
 ---
 # Enforcing compliance deadlines for updates
-> Applies to: Windows 10
+**Applies to**
 - Windows 10
 - Windows 11
 Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
-The compliance options have changed for devices on Windows 10, version 1709 and above:
+With a current version, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and later: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
 - [For Windows 10, version 1709 and above](#for-windows-10-version-1709-and-above)
 - [Prior to Windows 10, version 1709](#prior-to-windows-10-version-1709)
 ## For Windows 10, version 1709 and above
 With a current version of Windows 10, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and above: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
 - Update/ConfigureDeadlineForFeatureUpdates
 - Update/ConfigureDeadlineForQualityUpdates
 - Update/ConfigureDeadlineGracePeriod
 - Update/ConfigureDeadlineNoAutoReboot
 ### Policy setting overview
 |Policy|Description |
@ -49,98 +44,3 @@ When **Specify deadlines for automatic updates and restarts** is set (Windows 10
 For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.) 
 For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours.
 ## Prior to Windows 10, version 1709
 Two compliance flows are available:
 - [Deadline only](#deadline-only)
 - [Deadline with user engagement](#deadline-with-user-engagement)
 ### Deadline only
 This flow only enforces the deadline where the device will attempt to silently restart outside of active hours before the deadline is reached. Once the deadline is reached the user is prompted with either a confirmation button or a restart now option.
 #### User experience
 Once the device is in the pending restart state, it will attempt to restart the device during non-active hours. This is known as the auto-restart period, and by default it does not require user interaction to restart the device.
 > [!NOTE]
 > Deadlines are enforced from pending restart state (for example, when the device has completed the installation and download from Windows Update).
 #### Policy overview
 |Policy|Description |
 |-|-|
 |Specify deadline before auto-restart for update installation|Governs the update experience once the device has entered pending restart state. It specifies a deadline, in days, to enforce compliance (such as imminent installation).|
 |Configure Auto-restart warning notification schedule for updates|Configures the reminder notification and the warning notification for a scheduled installation. The user can dismiss a reminder, but not the warning.|
 #### Suggested configuration
 |Policy|Location|3-day compliance|5-day compliance|7-day compliance|
 |-|-|-|-|-|
 |Specify deadline before auto-restart for update installation| GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline before auto-restart for update installation |State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 2| State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 3 | State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 4|
 #### Controlling notification experience for deadline
 |Policy| Location|Suggested Configuration |
 |-|-|-|
 |Configure Auto-restart warning notification schedule for updates|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure auto-restart warning notifications schedule for updates	|State: Enabled <br>**Reminder** (hours): 2<br>**Warning** (minutes): 60 |
 #### Notification experience for deadline
 Notification users get for a quality update deadline:
 ![The notification users get for an impending quality update deadline.](images/wufb-quality-notification.png)
 Notification users get for a feature update deadline:
 ![The notification users get for an impending feature update deadline.](images/wufb-feature-notification.png)
 ### Deadline with user engagement
 This flow provides the end user with prompts to select a time to restart the device before the deadline is reached. If the device is unable to restart at the time specified by the user or the time selected is outside the deadline, the device will restart the next time it is active.
 #### End-user experience
 Before the deadline the device will be in two states: auto-restart period and engaged-restart period. During the auto-restart period the device will silently try to restart outside of active hours. If the device can't find an idle moment to restart, then the device will go into engaged-restart. The end user, at this point, can select a time that they would like the device to try to restart. Both phases happen before the deadline; once that deadline has passed then the device will restart at the next available time.
 #### Policy overview
 |Policy| Description |
 |-|-|
 |Specify engaged restart transition and notification schedule for updates|Governs how the user will be impacted by the pending restart. Transition days, first starts out in Auto-Restart where the device will find an idle moment to restart the device. After 2 days engaged restart will commence and the user will be able to choose a time|
 |Configure Auto-restart required notification for updates|Governs the notifications during the Auto-Restart period. During Active hours, the user will be notified that the device is trying to restart. They will have the option to confirm or dismiss the notification|
 #### Suggested configuration
 |Policy| Location|	3-day compliance|  	5-day compliance|	7-day compliance |
 |-|-|-|-|-|
 |Specify engaged restart transition and notification schedule for updates|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify Engaged restart transition and notification schedule for updates|State: Enabled<br>**Transition** (Days): 2<br>**Snooze** (Days): 2<br>**Deadline** (Days): 3|State: Enabled<br>**Transition** (Days): 2<br>**Snooze** (Days): 2<br>**Deadline** (Days): 4|State: Enabled<br>**Transition** (Days): 2<br>**Snooze** (Days): 2<br>**Deadline** (Days): 5|
 #### Controlling notification experience for engaged deadline
 |Policy| Location	|Suggested Configuration
 |-|-|-|
 |Configure Auto-restart required notification for updates	|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Auto-restart required notification for updates|State: Enabled <br>**Method**: 2- User|
 #### Notification experience for engaged deadlines
 Notification users get for quality update engaged deadline:
 ![The notification users get for an impending engaged quality update deadline example.](images/wufb-quality-engaged-notification.png)
 Notification users get for a quality update deadline:
 ![The notification users get for an impending quality update deadline example.](images/wufb-quality-notification.png)
 Notification users get for a feature update engaged deadline:
 ![The notification users get for an impending feature update engaged deadline example.](images/wufb-feature-update-engaged-notification.png)
 Notification users get for a feature update deadline:
 ![The notification users get for an impending feature update deadline example.](images/wufb-feature-update-deadline-notification.png)
--- a/windows/deployment/update/wufb-managedrivers.md
+++ b/windows/deployment/update/wufb-managedrivers.md
@ -1,68 +0,0 @@
 ---
 title: Managing drivers, dual-managed environments, and Delivery Optimization with group policies in Windows Update for Business
 description: Learn how to manage drivers, dual managed environments, and bandwidth (Delivery Optimization) with GPOs in Windows Update for Business.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
 ms.date: 06/21/2018
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ---
 # Managing drivers, dual-managed environments, and Delivery Optimization with group policies
 >Applies to: Windows 10
 Use the following group policy information to manage drivers, to manage environments using both Windows Update for Business and Windows Server Update Services, and to manage the bandwidth required for updates with Delivery Optimization.
 ## Managing drivers
 Windows Update for Business provides the ability to manage drivers from the Windows Update service. By default, drivers will be offered to your Windows Update-connected devices. Our guidance here is to continue to receive drivers from Windows Update. Alternatively, you can enable the following policy to stop receiving drivers from Windows Update. 
 ### Policy overview 
 |Policy| Description |
 |-|-|
 |Do not include drivers with Windows Update |When enabled prevents Windows Update from offering drivers.|
 ### Suggested configuration 
 |Policy| Location|Suggested configuration |
 |-|-|-|
 |Do not include drivers with Windows Update |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates|State: Disabled |
 ## Dual-managed environment 
 You can use an on-premises catalog, like WSUS, to deploy 3rd Party patches and use Windows Update to deploy feature and quality updates. We provide capabilities to deploy content from both Windows Update Service and from WSUS. In addition to the policies for managing drivers, apply the following configurations to your environment. 
 |Policy| Description |
 |-|-|
 |Specify Intranet Microsoft Update Service Location| Used for WSUS/Microsoft Endpoint Manager customers who want to install custom packages that are not offered through Windows Update.|
 ### Suggested configuration 
 |Policy| Location|Suggested configuration |
 |-|-|-|
 |Specify Intranet Microsoft Update Service Location|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify Intranet Microsoft update service location|State: Enabled <br>**Set the Intranet Update service for detecting updates**: <br>**Set the Intranet statistics server**: <br>**Set the alternate download server**: |
 ## Download Optimization - Managing your bandwidth 
 [Delivery Optimization](waas-delivery-optimization.md) is Windows 10's built-in downloader and peer-caching technology that can benefit CSE for network bandwidth reduction of Windows 10 servicing updates. Windows 10 clients can source content from other devices on their local network that have already downloaded the same updates in addition to downloading these updates from Microsoft. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfil peer-to-peer requests. To configure devices for delivery optimization, ensure the following configurations are set. 
 |Policy| Description |
 |-|-|
 |Download Mode|	2=HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if exist) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2|
 |Minimum Peer Caching Content File Size (in MB)|Specifies the minimum content file size in MB enabled to use peer caching. <br>Choose a size that meets your environment's constraints.| 
 |Allow uploads while the device is on battery while under set battery level (percentage)|Specify a battery level from 1-100, where the device will pause uploads once the battery level drops below that percentage. |
 |Max Cache Age (in seconds)|Maximum number of seconds to keep data in cache.|
 ### Suggested configuration  
 |Policy| Location| Suggested configuration |
 |-|-|-|
 |Download Mode|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Download Mode|State: Enabled <br>**Download Mode**: Group (2)|
 |Minimum Peer Caching Content File Size (in MB)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Minimum Peer Caching Content File Size (in MB)|State: Enabled <br>**Minimum Peer caching content file size (in MB)**: 10 MB|
 |Allow uploads while the device is on battery while under set battery level (percentage)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Allow uploads while the device is on battery while under set battery level (percentage)|State: Enabled <br>**Minimum battery level (Percentage)**: 60|
 |Max Cache Age (in seconds)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Max Cache Age (in seconds)|State: Enabled <br>**Max Cache Age (in seconds)**: 604800 ~ 7 days|
--- a/windows/deployment/update/wufb-manageupdate.md
+++ b/windows/deployment/update/wufb-manageupdate.md
@ -1,59 +0,0 @@
 ---
 title: Managing feature and quality updates with policies in Windows Update for Business (Windows 10)
 description: Learn how to manage feature and quality updates using group policies in Windows Update for Business.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
 ms.audience: itpro
 ms.date: 06/20/2018
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ---
 # Manage feature and quality updates with group policies
 >Applies to: Windows 10
 Windows Update for Business allows users to control when devices should receive a feature or quality update from Windows Update. Depending on the size of your organization you may want to do a wave deployment of updates. The first step in this process is to determine which Branch Readiness Level you want your organization on. For more information on which level is right for your organization review [Overview of Windows as a service](waas-overview.md). 
 The following policies let you configure when you want a device to see a feature and or quality update from Windows Update. 
 ## Policy overview
 |Policy name| Description |
 |-|-|
 |Select when Quality Updates are received|Configures when the device should receive quality update. In this policy you can also select a date to pause receiving Quality Updates until. |
 |Select when Preview Builds & feature Updates are received|Configures when the device should receive a feature update. You can also configure your branch readiness level. This policy also provides the ability to "pause" updates until a certain point. |
 |Do not allow update deferral policies to cause scans against Windows Update|When enabled will not allow the deferral policies to cause scans against Windows Update.|
 ## Suggested configuration for a non-wave deployment
 If you don't need a wave deployment and have a small set of devices to manage, we recommend the following configuration:  
 |Policy| Location|Suggested configuration |
 |-|-|-|
 |Select when Quality Updates are received | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are received|State: Enabled <br>**Defer receiving it for this many days**: 0<br>**Pause Quality Updates**: Blank <br>*Note: use this functionality to prevent the device from receiving a quality update until the time passes|
 |Select when Preview Builds & feature Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received|State: Enabled <br>**Select Windows Readiness Level**: SAC<br>**Defer receiving for this many days**: 0-365<br>**Pause Feature Updates**: Blank <br>*Note: use this functionality to prevent the device from receiving a feature update until the time passes|
 |Do not allow update deferral policies to cause scans against Windows Update|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not allow update deferral policies to cause scans against Windows Update|State: Disabled|
 ## Suggested configuration for a wave deployment
 ![Graphic showing a deployment divided into rings for a wave deployment.](images/wufb-wave-deployment.png)
 ## Early validation and testing
 Depending on your organizational size and requirements you might be able to test feature updates earlier to identify if there are impacts to Line of Business applications. Our recommendation is to enroll a set of devices that are a good representation of your device ecosystem (for example, devices with accounting software or engineering software). Learn more about [different deployment rings](https://insider.windows.com/how-to-pc/#working-with-rings).
 |Policy|Location|Suggested configuration |
 |-|-|-|
 |Select when Preview Builds & feature Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received|State: Enabled <br>**Select Windows Readiness Level**: WIP Fast or WIP slow<br>**Defer receiving for this many days**: 0<br>**Pause Feature Updates**: Blank *Note: use this functionality to prevent the device from receiving a feature update until the time passes.|
 |Select when Quality Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are received|State: Enabled <br>**Defer receiving it for this many days**: 0 <br>**Pause Quality Updates**: Blank <br>*Note: use this functionality to prevent the device from receiving a quality update until the time passes|
 ## Wave deployment for feature updates
 If you want to deploy feature updates in waves we suggest using the following configuration. For the deferral days we recommend staging them out in 1-month increments. Manage your risk by placing critical devices later in the wave (deferrals > 30 or 60 days) while placing your low risk devices earlier in the wave (deferrals < 30 days). Using deferrals days is a great method to manage your wave deployment. Using this in combination with our suggested early validation will help you prepare your environment for the latest updates from Windows. 
 |Policy|Location|Suggested configuration |
 |-|-|-|
 |Select when Preview Builds & feature Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received|State: Enabled <br>**Select Windows Readiness Level**: SAC<br>**Defer receiving for this many days**: 0, 30, 60, 90, 120 <br>**Pause Feature Updates**: Blank <br>*Note: use this functionality to prevent the device from receiving a feature update until the time passes
--- a/windows/deployment/update/wufb-onboard.md
+++ b/windows/deployment/update/wufb-onboard.md
@ -1,47 +0,0 @@
 ---
 title: Onboarding to Windows Update for Business (Windows 10)
 description: Get started using Windows Update for Business, a tool that enables IT pros and power users to manage content they want to receive from Windows Update.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ---
 # Onboarding to Windows Update for Business in Windows 10
 >Applies to: Windows 10
 Windows Update for Business is a tool that enables IT pros and power users to manage content they want to receive from Windows Update Service. Windows Update for Business can control the following:
 - Interaction between the client and Windows Update service
 - End user notification for pending updates 
 - Compliance deadlines for feature or quality updates 
 - Configure wave deployment for feature or quality updates bandwidth optimization
 We also provide additional functionality to manage your environment when risk or issues arise such as applications being blocked:
 - Uninstall latest feature or quality update 
 - Pause for a duration of time 
 Use the following information to set up your environment using Windows Update for Business policies:
 - [Supported SKUs](#supported-editions)
 - [Windows Update for Business basics](wufb-basics.md)
 - [Setting up automatic update](wufb-autoupdate.md)
 - [Managing feature and quality updates](wufb-manageupdate.md)
 - [Enforcing compliance deadlines](wufb-compliancedeadlines.md)
 - [Managing drivers, environments with both Windows Update for Business and WSUS, and Download Optmization](wufb-managedrivers.md)
 ## Supported editions
 Windows Update for Business is supported on the following editions of Windows 10:
 - Windows 10 Education 
 - Windows 10 Enterprise 
 - Windows 10 Pro 
 - Windows 10 S (for Windows 10, version 1709 and earlier)
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@ -71,7 +71,6 @@ X = unsupported <BR>
 > - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
 > - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
 > <br>
 > - Due to [naming changes](../update/waas-overview.md#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
 ## Upgrade using mobile device management (MDM)
 - To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp).
@ -239,7 +238,6 @@ You can move directly from Enterprise to any valid destination edition. In this
    </tr>
 </table>
 > **Windows 10 LTSC/LTSB**: Due to [naming changes](../update/waas-overview.md#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
 > 
 > **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@ -27,8 +27,6 @@ If you are also migrating to a different edition of Windows, see [Windows 10 edi
 > **Windows 10 version upgrade**: You can directly upgrade any semi-annual channel version of Windows 10 to a newer, supported semi-annual channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information.
 > 
 > **Windows 10 LTSC/LTSB**: Due to [naming changes](../update/waas-overview.md#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
 > 
 > In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](/windows/release-health/release-information) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
 > 
 > **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@ -1,6 +1,6 @@
 ---
-title: How to install fonts missing after upgrading to Windows 10
+title: How to install fonts missing after upgrading to Windows client
-description: Some of the fonts are missing from the system after you upgrade to Windows 10.
+description: Some of the fonts are missing from the system after you upgrade to Windows client.
 keywords: deploy, upgrade, FoD, optional feature
 ms.prod: w10
 ms.mktglfcycl: plan
@ -9,18 +9,20 @@ ms.localizationpriority: medium
 audience: itpro
 author: greg-lindsay
 ms.audience: itpro
 ms.date: 10/31/2017
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
 ---
-# How to install fonts that are missing after upgrading to Windows 10
+# How to install fonts that are missing after upgrading to Windows client
-> Applies to: Windows 10
+**Applies to**
-When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows 10. If you install a fresh instance of Windows 10, or upgrade an older version of Windows to Windows 10, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system.
+- Windows 10
 - Windows 11
-If you have documents created using the missing fonts, these documents might display differently on Windows 10.
+When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10 or Windows 11, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows client. If you install a fresh instance of Windows client, or upgrade an older version of Windows to Windows client, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system.
 If you have documents created using the missing fonts, these documents might display differently on Windows client.
 For example, if you have an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
@ -35,22 +37,26 @@ For example, if you have an English (or French, German, or Spanish) version of W
 - Gungsuh
 - GungsuhChe
-If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows 10, and it will remain this way in future releases.
+If you want to use these fonts, you can enable the optional feature to add them back to your system. This is a permanent change in behavior for Windows client, and it will remain this way in future releases.
 ## Installing language-associated features via language settings:
-If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. You do this the Settings app.
+If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. Use the Settings app.
 For example, here are the steps to install the fonts associated with the Hebrew language:
-1. Click **Start > Settings**.
+1. Select **Start > Settings**.
 2. In Settings, click **Time & language**, and then click **Region & language**.
 3. If Hebrew is not included in the list of languages, click the plus sign (**+**) to add a language.
 4. Find Hebrew, and then click it to add it to your language list.
-Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This should only take a few minutes.
+2. In **Settings**, select **Time & language**, and then select **Region & language**.
-> Note: The optional features are installed by Windows Update. This means you need to be online for the Windows Update service to work.
+3. If Hebrew is not included in the list of languages, select the plus sign (**+**) to add a language.
 4. Find **Hebrew**, and then select it to add it to your language list.
 Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This process should only take a few minutes.
 > [!NOTE]
 > The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
 ## Install optional fonts manually without changing language settings:
@ -58,13 +64,16 @@ If you want to use fonts in an optional feature but don't need to search web pag
 For example, here are the steps to install the fonts associated with the Hebrew language without adding the Hebrew language itself to your language preferences:
-1. Click **Start > Settings**.
+1. Select **Start > Settings**.
 2. In Settings, click **Apps**, click **Apps & features**, and then click **Manage optional features**.
-3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, click the plus sign (**+**) to add a feature.
+2. In **Settings**, select **Apps**, select **Apps & features**, and then select **Manage optional features**.
 4. Select **Hebrew Supplemental Fonts** in the list, and then click **Install**.
-> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
+3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, select the plus sign (**+**) to add a feature.
 4. Select **Hebrew Supplemental Fonts** in the list, and then clselectick **Install**.
 > [!NOTE]
 > The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
 ## Fonts included in optional font features
@ -95,7 +104,7 @@ Here is a comprehensive list of the font families in each of the optional featur
 - Telugu Supplemental Fonts: Gautami, Vani
 - Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC
-## Related Topics
+## Related articles
 [Download the list of all available language FODs](https://download.microsoft.com/download/0/A/A/0AA4342D-3933-4216-A90D-3BA8392FB1D1/Windows%2010%201703%20FOD%20to%20LP%20Mapping%20Table.xlsx)
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@ -219,4 +219,5 @@ sections:
      - question: Does Windows Hello for Business work with Mac and Linux clients?
        answer: |
-          Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
+          Windows Hello for Business is a feature of the Windows platform. At this time, Microsoft is not developing clients for other platforms. 
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@ -28,15 +28,20 @@ ms.date:
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
-Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
+Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're quickly patched and rolled out to the ecosystem. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
 - Hypervisor-protected code integrity (HVCI) enabled devices
 - Windows 10 in S mode (S mode) devices
-Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: 
-> [!Note]
+- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
-> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It's recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. 
+- Malicious behaviors (malware) or certificates used to sign malware
 - Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
 Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article. 
 Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@ -59,6 +64,46 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
  <EKUs />
  <!--File Rules-->
  <FileRules>
    <Deny ID="ID_DENY_ASIO_32_SHA1" FriendlyName="ASIO32.sys Hash Sha1" Hash="D569D4BAB86E70EFBCDFDAC9D822139D6F477B7C" />
    <Deny ID="ID_DENY_ASIO_32_SHA256" FriendlyName="ASIO32.sys Hash Sha256" Hash="80599708CE61EC5D6DCFC5977208A2A0BE2252820A88D9BA260D8CDF5DC7FBE4" />
    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="80FA962BDFB76DFCB9E5D13EFC38BB3D392F2E77" />
    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="9091E044273FF624585235AC885EB2B05DFB12F3022DCF535B178FF1B2E012D1" />
    <Deny ID="ID_DENY_ASIO_32_SHA1_1" FriendlyName="ASIO32.sys Hash Sha1" Hash="5A7DD0DA0AEE0BDEDC14C1B7831B9CE9178A0346" />
    <Deny ID="ID_DENY_ASIO_32_SHA256_1" FriendlyName="ASIO32.sys Hash Sha256" Hash="92EDD48DFAC025D4069EB6491B9730D9D131B77CCEAA480AF9B3C32BC8C5E3A9" />
    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1ACC7A486B52C5EE6619DBDC3B4210B5F48B936F" />
    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="F84634B5C0E83CA9BB25928DC3C4FC05D37451C23B780DBEEB1F10F056F1EEEE" />
    <Deny ID="ID_DENY_ASIO_32_SHA1_2" FriendlyName="ASIO32.sys Hash Sha1" Hash="55AB7E27412ECA433D76513EDC7E6E03BCDD7EDA" />
    <Deny ID="ID_DENY_ASIO_32_SHA256_2" FriendlyName="ASIO32.sys Hash Sha256" Hash="C1B41D6B91448E2409BB2F4FBF4AEB952ADF373D0DECC9D052277B89BA401407" />
    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1E7C241B9A9EA79061B50FB19B3D141DEE175C27" />
    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="1056806F6508B4F5E8A00A6E8D07AEAC06A1BE5F9B92F1684F33682D2DA9349E" />
    <Deny ID="ID_DENY_ASIO_64_SHA1" FriendlyName="ASIO64.sys Hash Sha1" Hash="E5C090903A20744BA3583A8EA684D035E8CECC34" />
    <Deny ID="ID_DENY_ASIO_64_SHA256" FriendlyName="ASIO64.sys Hash Sha256" Hash="9DCFD796E244D0687CC35EAC9538F209F76C6DF12DE166F19DBC7D2C47FB16B3" />
    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="CA5FF4EB8CCBDE4EFF3491FD7941769E8D093D79" />
    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="D8841803F181F735D8794C82BA52D8C484B3B0A95DBBB66114314F439B75B0E9" />
    <Deny ID="ID_DENY_ASIO_64_SHA1_1" FriendlyName="ASIO64.sys Hash Sha1" Hash="C92148D0666F2235500805975BE79738B84E48C2" />
    <Deny ID="ID_DENY_ASIO_64_SHA256_1" FriendlyName="ASIO64.sys Hash Sha256" Hash="19C74EA0E0BAF04820E5642BD2FA224158801ED966BE1041539E3C55BD65C471" />
    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="F8270F774B3549079EA7D5F0D5406F307019BDFB" />
    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="A3C9C5625BA6A6075D365543603A4DD4D7790850753D5289FF976EB2A839910F" />
    <Deny ID="ID_DENY_ASIO_64_SHA1_2" FriendlyName="ASIO64.sys Hash Sha1" Hash="61E1B497A5DF0797527D6D465A8F315A82AD35EB" />
    <Deny ID="ID_DENY_ASIO_64_SHA256_2" FriendlyName="ASIO64.sys Hash Sha256" Hash="739C11FDB8673AB5B78F1A874DAF5BA3FADDB7910A6D4E0CC49ABD8B8537333F" />
    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="708855DB4202A792862E1139D673C3B4B713053C" />
    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="BE5653E4C1ED75A451BE4297FF233A22C7AAB93B2126CA428834E83CADFF5E9C" />
    <Deny ID="ID_DENY_ASRDRV10_SHA1" FriendlyName="AsrDrv10.sys Hash Sha1" Hash="2E6D61FA32E12FE4ABF7B7D87AA6824F5F528000" />
    <Deny ID="ID_DENY_ASRDRV10_SHA256" FriendlyName="AsrDrv10.sys Hash Sha256" Hash="C767A5895119154467AC3FCE8E82C20E6538A4E54F6C109001C61F8ABD58F9F8" />
    <Deny ID="ID_DENY_ASRDRV10_SHA1_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha1" Hash="085529E58BE3806D396F1BB15FF078FD4C471AAB" />
    <Deny ID="ID_DENY_ASRDRV10_SHA256_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha256" Hash="14141F03EFF7C2F44BFED93524F4EC64ABDC8F3D45D55B1BCB5701CA354319FD" />
    <Deny ID="ID_DENY_ASRDRV101_SHA1" FriendlyName="AsrDrv101.sys Hash Sha1" Hash="D0580BFC31FAEFB7E017798121C5B8A4E68155F9" />
    <Deny ID="ID_DENY_ASRDRV101_SHA256" FriendlyName="AsrDrv101.sys Hash Sha256" Hash="FEE4560F2160A951D83344857EB4587AB10C1CFD8C5CFC23B6F06BEF8EBCD984" />
    <Deny ID="ID_DENY_ASRDRV101_SHA1_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha1" Hash="55A90E7822A1444FAE81371DF7296CC5642FB353" />
    <Deny ID="ID_DENY_ASRDRV101_SHA256_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha256" Hash="B00060733F88E3897D4B1E4732DF67FF277A8D615F84E6EFAB98C79C72CBA370" />
    <Deny ID="ID_DENY_ASRDRV102_SHA1" FriendlyName="AsrDrv102.sys Hash Sha1" Hash="5F9C7D3552FFA98C9DCF9A9B7AD1263D2AB24A2F" />
    <Deny ID="ID_DENY_ASRDRV102_SHA256" FriendlyName="AsrDrv102.sys Hash Sha256" Hash="11EECF9E6E2447856ED4CF86EE1CB779CFE0672C808BBD5934CF2F09A62D6170" />
    <Deny ID="ID_DENY_ASRDRV102_SHA1_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha1" Hash="B419D69A4ED8D4EABD90A155ED15C3374BEA6FFC" />
    <Deny ID="ID_DENY_ASRDRV102_SHA256_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha256" Hash="23E39D9E40235A5C456260E03CACCC186FE79FFD7D0439AEA7530EBB0380946D" />
    <Deny ID="ID_DENY_ASRDRV103_SHA1" FriendlyName="AsrDrv103.sys Hash Sha1" Hash="B3410021EA5A46818D9FF05A96C2809A9ABE8E4A" />
    <Deny ID="ID_DENY_ASRDRV103_SHA256" FriendlyName="AsrDrv103.sys Hash Sha256" Hash="B6BF2460E023B1005CC60E107B14A3CFDF9284CC378A086D92E5DCDF6E432E2C" />
    <Deny ID="ID_DENY_ASRDRV103_SHA1_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha1" Hash="490F85E291C4D9ED0AB8457CE6B424C0F3F7E7AC" />
    <Deny ID="ID_DENY_ASRDRV103_SHA256_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha256" Hash="E22B7BA6D064C75913C3BDADAF7AADA535DDDD83175D8A47467FED5ABC56D5AC" />
    <Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
    <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
    <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
@ -128,40 +173,148 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
    <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
    <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
    <Deny ID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha256" Hash="4F12EE563E7496E7105D67BF64AF6B436902BE4332033AF0B5A242B206372CB7" />
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1"  FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2"  FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3"  FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4"  FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1"  FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2"  FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3"  FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4"  FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="TGSafe.sys Hash Sha1" Hash="F3E60B7B9C53315D6158F82596919209A00E1CDA"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="BlackBoneDrv10.sys Hash Sha1" Hash="AA97BF43E6BAD521F3A3D8081FB350C89382F06F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="4604A20CAE2DFE42320FE8F6AED000EC204EFA7E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="gameink.sys Hash Sha1" Hash="60A632E4B838731AAD553650D6BC8AF3D3D80B26"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="windows-xp-64.sys Hash Sha1" Hash="03F0DD3124EC3A4BB6D30865A488F54E74DED699"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="windows8-10-32.sys Hash Sha1" Hash="8A50E81D6E6C45410BF13F95B1A67CADA8C82221"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="kbdcap64.sys Hash Sha1" Hash="83660D245FE618ECAFE4900AC1E2AD0292C2DA2A"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="202D5A05E546740037F9A4DC2B21F71680C39D3B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="2.sys Hash Sha1" Hash="64309DB7AF8665368636186805745126B8BD5BFE"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="My.sys Hash Sha1" Hash="2A506E2512C9083419B7741B4499E012CDC60204"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_38" FriendlyName="Black.sys Hash Sha1" Hash="1236573A309C4EDB52E050E53E73188183C23E7E"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_39" FriendlyName="WYProxy32.sys Hash Sha1" Hash="22C5E127E7E7C567D8624607A6F8F5809DEACB55"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_40" FriendlyName="WYProxy64.sys Hash Sha1" Hash="DC38CC55B84A1A7C0846FB5509B43B4FF97A9BE6"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_41" FriendlyName="Proxy64.sys Hash Sha1" Hash="AA937F73A8AFCDA98E868F4AEEB0EB81A4150075"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_42" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="481488488CF7BB5CD470B62600A3570A1711ABAA"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_43" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="C58BEBEF6A92F5A5B37BE0394695E8E18A42867F"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_44" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="7AA2C4C51AFC1C82BEAE55AB9CA7BA0BB588B5C0"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_45" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_46" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_47" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_48" FriendlyName="t.sys Hash Sha1" Hash="1CF3B0A2A0B47477A840ADC2B520401E18AF16D6"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_49" FriendlyName="1.sys Hash Sha1" Hash="F50B475D5FD1ED4F866BF43342676E449F779C67"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_50" FriendlyName="cpupress.sys Hash Sha1" Hash="C4FE0CBB8DA5BF1E02EC6D7A0F97D740955DDD97"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_51" FriendlyName="gameink.sys Hash Sha1" Hash="3AE56AB63230D6D9552360845B4A37B5801CC5EA"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_52" FriendlyName="NetFlt.sys Hash Sha1" Hash="B04ECC8DD0D52FE4552D2C4D693D67FAE20C460F"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_53" FriendlyName="ProtectS.sys Hash Sha1" Hash="710BBA7C3D6CAC7B62AB05E6B12274D1548985E6"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_54" FriendlyName="ProtectS.sys Hash Sha1" Hash="67650BC9CDF0716BC7B5664723C38FC5327EC662"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_55" FriendlyName="GameTerSafe.sys Hash Sha1" Hash="39F934078A060BAD2D58B5DBA8F8884903D697A7"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_56" FriendlyName="Lurker.sys Hash Sha1" Hash="CEC5447D0529F97C4BF4A012EA58AAB07139FFE0"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_57" FriendlyName="TestBone.sys Hash Sha1" Hash="0D523E8B0B96675AC2E5AC0D56C367564B260545"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_58" FriendlyName="Proxy32.sys Hash Sha1" Hash="69D6B4032F1456506382885EBA5B396F1C36841B"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_59" FriendlyName="t7.sys Hash Sha1" Hash="738CF0AFB7ECDF35A92667C8802D512A0CAF353C"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_60" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_61" FriendlyName="t8.sys Hash Sha1" Hash="D85C6097A2279301222B6A06B93296ACE669A76D"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_62" FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_63" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_64" FriendlyName="t3.sys Hash Sha1" Hash="0CE54B617DE11C24670064960B736EF9C47A5F15"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_65" FriendlyName="windows7-32.sys Hash Sha1" Hash="82F8D4BA137FA4B0DA20E8CD1968A7AAEA803DBC"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_66" FriendlyName="NetProxyDriver.sys Hash Sha1" Hash="00B4FDC0F7F28DDECD5B4E5880A71E7F08B5F825"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_67" FriendlyName="c.sys Hash Sha1" Hash="3C20BB896FD16B5C698185FB176E820A448997B3"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_68" FriendlyName="gameink.sys Hash Sha1" Hash="6A784D45517142C11D5CCA3FF9956B2ED6EAF4C9"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA1_69" FriendlyName="gameink.sys Hash Sha1" Hash="4E5E719362CD48BB323803C1D00AFDE11D4B9D4C"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="TGSafe.sys Hash Sha256" Hash="3A95CC82173032B82A0FFC7D2E438DF64C13BC16B4574214C9FE3BE37250925E"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="BlackBoneDrv10.sys Hash Sha256" Hash="0BB5F2EAACD64398A66D73D4617AA0C1209D483FAFCBE99E4E12CA6C024DB2EC"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="13B82D81D6EAC1A8B2E4655504DABECBD70673CDF45C244702A02F3397FDFF9A"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="gameink.sys Hash Sha256" Hash="8168304169A2453C0C3E0A285C2A07D3B3B83433E0342F6B33400C371AF86221"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="windows-xp-64.sys Hash Sha256" Hash="DFAEFD06B680F9EA837E7815FC1CC7D1F4CC375641AC850667AB20739F46AD22"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="windows8-10-32.sys Hash Sha256" Hash="5B9623DA9BA8E5C80C49473F40FFE7AD315DCADFFC3230AFDC9D9226D60A715A"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="kbdcap64.sys Hash Sha256" Hash="72B99147839BCFB062D29014EC09FE20A8F261748B5925B00171EF3CB849A4C1"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="0391107305D76EB9DDF1A5B3B3C50DA361E8AB35B573DBD19BF9383436B9303E"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="2.sys Hash Sha256" Hash="9385E4CDABD0AEE2670FB756598EA977161F45B71687ECB9E43533081629F661"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="My.sys Hash Sha256" Hash="D25904FBF907E19F366D54962FF543D9F53B8FDFD2416C8B9796B6A8DD430E26"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_38" FriendlyName="Black.sys Hash Sha256" Hash="D5562FB90B0B3DEB633AB335BCBD82CE10953466A428B3F27CB5B226B453EAF3"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_39" FriendlyName="WYProxy32.sys Hash Sha256" Hash="DE6BF572D39E2611773E7A01F0388F84FB25DA6CBA2F1F8B9B36FFBA467DE6FA"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_40" FriendlyName="WYProxy64.sys Hash Sha256" Hash="FAFA1BB36F0AC34B762A10E9F327DCAB2152A6D0B16A19697362D49A31E7F566"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_41" FriendlyName="Proxy64.sys Hash Sha256" Hash="C60FCFF9C8E5243BBB22EC94618B9DCB02C59BB49B90C04D7D6AB3EBBD58DC3A"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_42" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="BFCFFC82A564A2ADCD3522CD78CDF83795B6212F787230A5EA6B7EFB9F232784"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_43" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="350E15BF24DCFDC052DB117718329A03E930C17AC8C835E51D001E74BAD784E4"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_44" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="DF4E25990742FC8D3AED70F6CB4D402E111E7ED08FA5F76ACA685B8C03B98B93"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_45" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_46" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_47" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_48" FriendlyName="t.sys Hash Sha256" Hash="146D77E80CA70EA5CB17BFC9A5CEA92334F809CBDC87A51C2D10B8579A4B9C88"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_49" FriendlyName="1.sys Hash Sha256" Hash="64F9E664BC6D4B8F5F68616DD50AE819C3E60452EFD5E589D6604B9356841B57"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_50" FriendlyName="cpupress.sys Hash Sha256" Hash="FCDFE570E6DC6E768EF75138033D9961F78045ADCA53BEB6FDB520F6417E0DF1"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_51" FriendlyName="gameink.sys Hash Sha256" Hash="E9B433A33DC72EB2622947B41F01D04A48CD71BEAC775A88F3F1E4C838090EE8"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_52" FriendlyName="NetFlt.sys Hash Sha256" Hash="F8886A9C759E0426E08D55E410B02C5B05AF3C287B15970175E4874316FFAF13"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_53" FriendlyName="ProtectS.sys Hash Sha256" Hash="9D58F640C7295952B71BDCB456CAE37213BACCDCD3032C1E3AEB54E79081F395"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_54" FriendlyName="ProtectS.sys Hash Sha256" Hash="4A9093E8DBCB867E1B97A0A67CE99A8511900658F5201C34FFB8035881F2DBBE"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_55" FriendlyName="GameTerSafe.sys Hash Sha256" Hash="3E9B62D2EA2BE50A2DA670746C4DBE807DB9601980AF3A1014BCD72D0248D84C"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_56" FriendlyName="Lurker.sys Hash Sha256" Hash="0FD2DF82341BF5EBB8A53682E60D08978100C01ACB0BED7B6CE2876ADA80F670"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_57" FriendlyName="TestBone.sys Hash Sha256" Hash="0DE4247E72D378713BCF22D5C5D3874D079203BB4364E25F67A90D5570BDCCE8"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_58" FriendlyName="Proxy32.sys Hash Sha256" Hash="49ED27460730B62403C1D2E4930573121AB0C86C442854BC0A62415CA445A810"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_59" FriendlyName="t7.sys Hash Sha256" Hash="BE03E9541F56AC6ED1E81407DCD7CC85C0FFC538C3C2C2C8A9C747EDBCF13100"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_60" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_61" FriendlyName="t8.sys Hash Sha256" Hash="258359A7FA3D975620C9810DAB3A6493972876A024135FEAF3AC8482179B2E79"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_62" FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_63" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_64" FriendlyName="t3.sys Hash Sha256" Hash="4CFF6E53430B81ECC4FAE453E59A0353BCFE73DD5780ABFC35F299C16A97998E"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_65" FriendlyName="windows7-32.sys Hash Sha256" Hash="4941C4298F4560FC1E59D0F16F84BAB5C060793700B82BE2FD7C63735F1657A8"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_66" FriendlyName="NetProxyDriver.sys Hash Sha256" Hash="8111085022BDA87E5F6AA4C195E743CC6DD6A3A6D41ADD475D267DC6B105A69F"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_67" FriendlyName="c.sys Hash Sha256" Hash="CC383AD11E9D06047A1558ED343F389492DA3AC2B84B71462AEE502A2FA616C8"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_68" FriendlyName="gameink.sys Hash Sha256" Hash="E94E8A87459DB56837D1C58F9854794AA99F36566A9DED9B398BE9D4D3A2C2AF"/>
    <Deny ID="ID_DENY_RETLIFTEN_SHA256_69" FriendlyName="gameink.sys Hash Sha256" Hash="44A0599DEFEA351314663582DBC61069B3A095A4DDAD571BB17DD0D8B21E7FF2"/>
    <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" />
    <Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
    <Deny ID="ID_DENY_ASMMAP" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
    <Deny ID="ID_DENY_ASMMAP_64" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
    <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
    <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
    <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
@ -178,6 +331,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
    <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
    <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
    <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
    <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
    <FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
    <FileAttrib ID="ID_FILEATTRIB_VIRAGT" FriendlyName="viragt.sys 32-bit" FileName="viragt.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.80.0.0" />
    <FileAttrib ID="ID_FILEATTRIB_VIRAGT64" FriendlyName="viragt64.sys" FileName="viragt64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.11" />
  </FileRules>
  <!--Signers-->
  <Signers>
@ -185,11 +342,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
      <CertPublisher Value="CPUID" />
      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
-    </Signer>
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
    <Signer ID="ID_SIGNER_F_2" Name="Microsoft Windows Third Party Component CA 2014">
      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
    </Signer>
    <Signer ID="ID_SIGNER_CPUZ" Name="DigiCert EV Code Signing CA (SHA2)">
      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
@ -247,11 +400,20 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
    </Signer>
    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2012" Name="Microsoft Windows Third Party Component CA 2012">
      <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
    </Signer>
    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
      <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
    </Signer>
    <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
@ -288,6 +450,42 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
      <CertPublisher Value="Insyde Software Corp." />
      <FileAttribRef RuleID="ID_FILEATTRIB_SEGWINDRVX64" />
    </Signer>
    <Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
      <CertPublisher Value="Advanced Micro Devices INC." />
      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
    </Signer>
    <Signer ID="ID_SIGNER_VERISIGN_TG_SOFT" Name="VeriSign Class 3 Code Signing 2010 CA">
      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
      <CertPublisher Value="TG Soft S.a.s. Di Tonello Gianfranco e C." />
      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
    </Signer>
    <Signer ID="ID_SIGNER_GLOBALSIGN_TG_SOFT" Name="GlobalSign CodeSigning CA - G3">
      <CertRoot Type="TBS" Value="F478F0E790D5C8EC6056A3AB2567404A991D2837" />
      <CertPublisher Value="TG Soft di Tonello Gianfranco ed Enrico S.r.l." />
      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
    </Signer>
    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
      <CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
    </Signer>
    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2010" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
      <CertRoot Type="TBS" Value="e5ba2abbd1dc89f143a66a3cdcda26d968758e2d" />
    </Signer>
    <Signer ID="ID_SIGNER_HANDAN" Name="Handan City Congtai District LiKang  Daily Goods Department">
      <CertRoot Type="TBS" Value="cccae21fbc083f5d1af6997bb3f29ed9915e7324" />
    </Signer>
    <Signer ID="ID_SIGNER_NANJING" Name="Nanjing Zhixiao Information Technology Co.,Ltd">
      <CertRoot Type="TBS" Value="f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984" />
    </Signer>
    <Signer ID="ID_SIGNER_TRUST_ASIA" Name="上海域联软件技术有限公司">
      <CertRoot Type="TBS" Value="232a71b4d1734eac2cfc6ea554c86de34f9f8b72" />
    </Signer>
    <Signer ID="ID_SIGNER_JEROMIN_CODY_ERIC" Name="Jeromin Cody Eric">
      <CertRoot Type="TBS" Value="dfa6171201b51a2ec174310e8fb9f4c0fde2d365235e589ded0213c5279bea6e" />
    </Signer>
  </Signers>
  <!--Driver Signing Scenarios-->
  <SigningScenarios>
@ -304,10 +502,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
          <DeniedSigner SignerId="ID_SIGNER_CPUZ" />
          <DeniedSigner SignerId="ID_SIGNER_ELBY" />
          <DeniedSigner SignerId="ID_SIGNER_F_1" />
          <DeniedSigner SignerId="ID_SIGNER_F_2" />
          <DeniedSigner SignerId="ID_SIGNER_REALTEK" />
          <DeniedSigner SignerId="ID_SIGNER_REALTEK_2" />
          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2014" />
          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009" />
          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_BIOSTAR" />
@ -315,8 +513,57 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_MICROSTAR" />
          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
          <DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TG_SOFT" />
          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
          <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
          <DeniedSigner SignerId="ID_SIGNER_NANJING" />
          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
        </DeniedSigners>
        <FileRulesRef>        
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_2" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_2" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_2" />
          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_2" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_1" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_2" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_2" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_2" />
          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_2" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
@ -325,67 +572,67 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_GDRV" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C"/>
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1F" />
          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1"/>
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256"/>
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE"/>
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" />
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
@ -403,6 +650,58 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
@ -420,13 +719,67 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68"/>
          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69"/>
          <FileRuleRef RuleID="ID_DENY_PROCESSHACKER"/>
          <FileRuleRef RuleID="ID_DENY_AMP"/>
          <FileRuleRef RuleID="ID_DENY_ASMMAP"/>
          <FileRuleRef RuleID="ID_DENY_ASMMAP_64"/>
        </FileRulesRef>
      </ProductSigners>
    </SigningScenario>
    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
      <ProductSigners>
        <FileRulesRef>
        </FileRulesRef>
      </ProductSigners>
    </SigningScenario>
  </SigningScenarios>
@ -441,7 +794,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
    </Setting>
    <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
      <Value>
-        <String>10.0.19565.0</String>
+        <String>10.0.22417.0</String>
      </Value>
    </Setting>
  </Settings>
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
 ms.author: greglin
 ms.date: 08/18/2021
 ms.reviewer: 
 manager: laurawi
 ms.localizationpriority: high
@ -39,7 +38,7 @@ If you are looking for ways to optimize your approach to deploying Windows 11, o
 As a first step, you will need to know which of your current devices meet the Windows 11 hardware requirements. Most devices purchased in the last 18-24 months will be compatible with Windows 11. Verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md) to ensure it is compatible.
-Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, end-users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. End-users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.  
+Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. Users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.  
 Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as Endpoint analytics and Update Compliance. This capability will be available when Windows 11 is generally available. Microsoft is also working with software publishing partners to facilitate adding Windows 11 device support into their solutions. 
@ -57,8 +56,7 @@ If you manage devices on behalf of your organization, you will be able to upgrad
 - Additional insight into safeguard holds. While safeguard holds will function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business will have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11. 
 > [!NOTE]
-> If you use Windows Update for Business to manage feature update deployments today, you will need to leverage the **Target Version** policy rather than **Feature Update deferrals** to move from Windows 10 to Windows 11. Deferrals are great for quality updates or to move to newer version of the same product (from example, from Windows 10, version 20H2 to 21H1), but they cannot migrate a device between products (from Windows 10 to Windows 11). <br>
+> Also, Windows 11 has new Microsoft Software License Terms. If you are deploying with Windows Update for Business or Windows Server Update Services, you are accepting these new license terms on behalf of the users in your organization. 
 > Also, Windows 11 has a new End User License Agreement. If you are deploying with Windows Update for Business **Target Version** or with Windows Server Update Services, you are accepting this new End User License Agreement on behalf of the end-users within your organization. 
 ##### Unmanaged devices
@ -85,7 +83,7 @@ The introduction of Windows 11 is also a good time to review your hardware refre
 ## Servicing and support
-Along with end-user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback. 
+Along with user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback. 
 **Quality updates**: Windows 11 and Windows 10 devices will receive regular monthly quality updates to provide security updates and bug fixes. 
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
 ms.author: greglin
 ms.date: 09/03/2021
 ms.reviewer: 
 manager: laurawi
 ms.localizationpriority: high
@ -36,25 +35,30 @@ The tools that you use for core workloads during Windows 10 deployments can stil
 - If you use [Windows Server Update Service (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), you will need to sync the new **Windows 11** product category. After you sync the product category, you will see Windows 11 offered as an option. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.
  > [!NOTE]
-  > During deployment, you will be prompted to agree to the End User License Agreement on behalf of your users. Additionally, you will not see an x86 option because Windows 11 is not supported on 32-bit architecture.
+  > During deployment, you will be prompted to agree to the Microsoft Software License Terms on behalf of your users. Additionally, you will not see an x86 option because Windows 11 is not supported on 32-bit architecture.
 - If you use [Microsoft Endpoint Configuration Manager](/mem/configmgr/), you can sync the new **Windows 11** product category and begin upgrading eligible devices. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.  
  > [!NOTE]
-  > Configuration Manager will prompt you to accept the End User License Agreement on behalf of the users in your organization. 
+  > Configuration Manager will prompt you to accept the Microsoft Software License Terms on behalf of the users in your organization. 
 #### Cloud-based solutions
-	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1, but do not enable you to move between products (Windows 10 to Windows 11). 
+-	If you use Windows Update for Business policies, you will need to use the **Target Version** capability (either through policy or the Windows Update for Business deployment service) rather than using feature update deferrals alone to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but won't automatically devices move between products (Windows 10 to Windows 11). 
    - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use the [feature update deployments](/mem/intune/protect/windows-10-feature-updates) page to select **Windows 11, version 21H2** and upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11 on the **Update Rings** page in Intune. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. 
    - In Group Policy, **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. 
    - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. 
    - For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
 - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
  > [!NOTE]
  > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicllty configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy. 
 ## Cloud-based management
-If you aren’t already taking advantage of cloud-based management capabilities, like those available in [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Endpoint Manager can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives, while protecting end-user privacy.  
+If you aren’t already taking advantage of cloud-based management capabilities, like those available in [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Endpoint Manager can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives, while protecting user privacy.  
 The following are some common use cases and the corresponding Microsoft Endpoint Manager capabilities that support them: 
@ -113,9 +117,9 @@ At a high level, the tasks involved are:
 6. Test and support the pilot devices. 
 7. Determine broad deployment readiness based on the results of the pilot. 
-## End-user readiness
+## User readiness
-Do not overlook the importance of end-user readiness to deliver an effective, enterprise-wide deployment of Windows 11. Windows 11 has a familiar design, but your users will see several enhancements to the overall user interface. They will also need to adapt to changes in menus and settings pages. Therefore, consider the following tasks to prepare users and your IT support staff Windows 11: 
+Do not overlook the importance of user readiness to deliver an effective, enterprise-wide deployment of Windows 11. Windows 11 has a familiar design, but your users will see several enhancements to the overall user interface. They will also need to adapt to changes in menus and settings pages. Therefore, consider the following tasks to prepare users and your IT support staff Windows 11: 
 - Create a communications schedule to ensure that you provide the right message at the right time to the right groups of users, based on when they will see the changes. 
 - Draft concise emails that inform users of what changes they can expect to see. Offer tips on how to use or customize their experience. Include information about support and help desk options. 
 - Update help desk manuals with screenshots of the new user interface, the out-of-box experience for new devices, and the upgrade experience for existing devices. 
--- a/windows/whats-new/windows-11.md
+++ b/windows/whats-new/windows-11.md
@ -89,5 +89,4 @@ When Windows 11 reaches general availability, important servicing-related announ
 ## Also see
 [What's new in Windows 11](/windows-hardware/get-started/what-s-new-in-windows)<br>
 [Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions](https://www.youtube.com/watch?v=2RTwGNyhSy8)<br>
 [Windows 11: The Optimization and Performance Improvements](https://www.youtube.com/watch?v=oIYHRRTCVy4)