fix merge conflict

education/windows/configure-aad-google-trust.md

@@ -18,7 +18,7 @@ To configure Google Workspace as an IdP for Microsoft Entra ID, the following pr
 1. A Microsoft Entra tenant, with one or multiple custom DNS domains (that is, domains that aren't in the format \**.onmicrosoft.com*)
     - If the federated domain hasn't yet been added to Microsoft Entra ID, you must have access to the DNS domain to create a DNS record. This is required to verify the ownership of the DNS namespace
     - Learn how to [Add your custom domain name using the Microsoft Entra admin center](/azure/active-directory/fundamentals/add-custom-domain)
-1. Access to Microsoft Entra ID with an account with the *Global Administrator* role
+1. Access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator)
 1. Access to Google Workspace with an account with *super admin* privileges
 
 To test federation, the following prerequisites must be met:
@@ -56,7 +56,7 @@ To test federation, the following prerequisites must be met:
     |Basic Information: Primary Email|App attributes: IDPEmail|
 
     > [!IMPORTANT]
-    > You must ensure that your the Microsoft Entra user accounts email match those in your Google Workspace.
+    > You must ensure that your Microsoft Entra user account's email matches that in your Google Workspace.
 
 1. Select **Finish**
 
@@ -73,7 +73,7 @@ Now that the app is configured, you must enable it for the users in Google Works
 ## Configure Microsoft Entra ID as a Service Provider (SP) for Google Workspace
 
 The configuration of Microsoft Entra ID consists of changing the authentication method for the custom DNS domains. This configuration can be done using PowerShell.\
-Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in a PowerShell session. When prompted to authenticate to Microsoft Entra ID, use the credentials of an account with the *Global Administrator* role.
+Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in a PowerShell session. When prompted to authenticate to Microsoft Entra ID, sign in as at least a [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator)
 
 ```powershell
 Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force

education/windows/federated-sign-in.md

@@ -1,7 +1,7 @@
 ---
 title: Configure federated sign-in for Windows devices
 description: Learn how federated sign-in in Windows works and how to configure it.
-ms.date: 04/10/2024
+ms.date: 06/03/2024
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -87,7 +87,7 @@ Review the following instructions to configure your devices using either Microso
 |--|--|--|
 | Education | Is Education Environment | Enabled |
 | Federated Authentication | Enable Web Sign In For Primary User | Enabled |
-| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
+| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>- `mobile-redirector.clever.com` |
 | Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
 
 [!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
@@ -134,7 +134,7 @@ Review the following instructions to configure your shared devices using either
 | Education | Is Education Environment | Enabled |
 | SharedPC | Enable Shared PC Mode With OneDrive Sync | True |
 | Authentication | Enable Web Sign In | Enabled |
-| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
+| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>- `mobile-redirector.clever.com` |
 | Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
 
 [!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]

education/windows/use-set-up-school-pcs-app.md

@@ -7,7 +7,7 @@ appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
-# Use the Set up School PCs app  
+# Use the Set up School PCs app
 
 IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows devices for students. The app configures devices with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student device in Microsoft Intune. You can then manage all the settings the app configures through Intune.
 
@@ -16,20 +16,20 @@ With Set up School PCs you can:
 - Joins student devices to your organization's Microsoft Entra tenant
 - Enable the optional Autopilot Reset feature, to return devices to a fully configured or known IT-approved state
 - Use Windows Update and maintenance hours to keep student devices up-to-date, without interfering with class time
-- Lock down student devices to prevent activity that aren't beneficial to their education  
+- Lock down student devices to prevent activity that aren't beneficial to their education
 
-This article describes how to use the Set up School PCs app. To learn more about the app's functionality, review the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md).  
+This article describes how to use the Set up School PCs app. To learn more about the app's functionality, review the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md).
 
 ## Requirements
 
 Before you begin, make sure that your devices and your school's network are configured with the following requirements:
 
 - Microsoft Entra ID and Microsoft 365 licenses
-- [Latest Set up School PCs app](https://apps.microsoft.com/detail/9NBLGGH4LS40)  
+- [Latest Set up School PCs app](https://apps.microsoft.com/detail/9NBLGGH4LS40)
 - A NTFS-formatted USB drive that is at least 1 GB
 - Student devices must either:
   - Be within range of the Wi-Fi network that you configured in the app
-  - Have a wired Ethernet connection when you set them up  
+  - Have a wired Ethernet connection when you set them up
 
 ### Prepare existing PC account for new setup
 
@@ -46,7 +46,7 @@ Alternatively, you can also select **Start** > **Power** icon. Hold down <kbd>Sh
 
 1. Select **Troubleshoot** > **Reset this PC**
 1. Select **Remove everything**
-1. If the option appears, select **Only the drive where Windows is installed**  
+1. If the option appears, select **Only the drive where Windows is installed**
 1. Select **Just remove my files**
 1. Select **Reset**
 
@@ -58,20 +58,20 @@ This section offers recommendations to prepare you for the best possible setup e
 
 We recommend you run the IT administrator or technical teacher's device on the same Windows build as the student devices.
 
-### Student devices must meet OS requirements for the app  
+### Student devices must meet OS requirements for the app
 
-Check the OS requirements in the Set up School PCs app. We recommend using the latest Set up School PCs app along with the latest Windows images on the student devices.  
+Check the OS requirements in the Set up School PCs app. We recommend using the latest Set up School PCs app along with the latest Windows images on the student devices.
 
 To check the app's OS requirements, go to the Microsoft Store and locate the Set up School PCs app. In the app's description, go to **System Requirements** > **OS**.
 
-### Use app on a PC that is connected to your school's network  
+### Use app on a PC that is connected to your school's network
 
 We recommend that you run the Set up School PCs app on a computer that's connected to your school's network. That way the app can gather accurate information about your school's wireless networks and cloud subscriptions. If it's not connected, you need to enter the information manually.
 
->[!NOTE]  
+>[!NOTE]
 >Don't use the **Set up Schools PCs** app for devices that must connect to enterprise or open Wi-Fi networds that require the user to accept Terms of Use.
 
-### Run app on an open network or network that requires a basic password  
+### Run app on an open network or network that requires a basic password
 
 Don't use Set up School PCs over a certificate-based network, or one where you have to enter credentials in a browser. If you need to set up many devices over Wi-Fi, make sure that your network configuration can support it.
 
@@ -87,57 +87,57 @@ We recommend that you:
 
 To set up more than one PC at the same time, save the provisioning package to additional USB drives. Then plug the USBs in at the same time during setup.
 
-### Limit changes to school-optimized settings  
+### Limit changes to school-optimized settings
 
-We strongly recommend that you avoid changing preset policies. Changes can slow down setup, performance, and the time it takes to sign in.  
+We strongly recommend that you avoid changing preset policies. Changes can slow down setup, performance, and the time it takes to sign in.
 
-## Create the provisioning package  
+## Create the provisioning package
 
 The **Set up School PCs** app guides you through the configuration choices for the student PCs.  To begin, open the app on your device and select **Get started**.
 
-![Launch the Set up School PCs app.](images/suspcs/suspc_getstarted_050817.png)  
+![Launch the Set up School PCs app.](images/suspcs/suspc_getstarted_050817.png)
 
 ### Package name
 
-Type a unique name to help distinguish your school's provisioning packages. The name appears:  
+Type a unique name to help distinguish your school's provisioning packages. The name appears:
 
 - On the local package folder
 - In your tenant's Microsoft Entra account in the Azure portal
 
-A package expiration date is also attached to the end of each package. For example, *Set_Up_School_PCs (Expires 1-1-2024)*. The expiration date is 180 days after you create your package.  
+A package expiration date is also attached to the end of each package. For example, *Set_Up_School_PCs (Expires 1-1-2024)*. The expiration date is 180 days after you create your package.
 
-  ![Example screenshot of the Set up School PCs app, Name your package screen.](images/suspcs/1810_Name_Your_Package_SUSPC.png)  
+  ![Example screenshot of the Set up School PCs app, Name your package screen.](images/suspcs/1810_Name_Your_Package_SUSPC.png)
 
-After you select **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.  
+After you select **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.
 
-To change an existing package's name, right-click the package folder on your device and select **Rename**. This action doesn't change the name in Microsoft Entra ID. If you have Global Admin permissions, you can go to Microsoft Entra ID in the Azure portal, and rename the package there.  
+To change an existing package's name, right-click the package folder on your device and select **Rename**. This action doesn't change the name in Microsoft Entra ID. You can access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](/entra/identity/role-based-access-control/permissions-reference#user-administrator), and rename the package there.
 
-### Sign in  
+### Sign in
 
 1. Select how you want to sign in
-    1. (Recommended) To enable student device to automatically connect and authenticate to Microsoft Entra ID, and management services like Microsoft Intune, select **Sign-in**. Then go to step 3  
+    1. (Recommended) To enable student device to automatically connect and authenticate to Microsoft Entra ID, and management services like Microsoft Intune, select **Sign-in**. Then go to step 3
     1. To complete setup without signing in, select **Continue without account**. Student devices won't connect to your school's cloud services and their management will be more difficult later. Continue to [Wireless network](#wireless-network)
-1. In the new window, select the account you want to use throughout setup.  
+1. In the new window, select the account you want to use throughout setup.
 
-    ![Sign-in screen showing the option to "Use this account" or use a different "Work or school account."](images/suspcs/1810_choose_account_suspc.png)  
+    ![Sign-in screen showing the option to "Use this account" or use a different "Work or school account."](images/suspcs/1810_choose_account_suspc.png)
 
-    To add an account not listed:  
+    To add an account not listed:
-    1. Select **Work or school account** > **Continue**.  
+    1. Select **Work or school account** > **Continue**.
-    1. Type in the account username and select **Next**.  
+    1. Type in the account username and select **Next**.
-    1. Verify the user account and password, if prompted.  
+    1. Verify the user account and password, if prompted.
 
 1. Select **Accept** to allow Set up School PCs to access your account throughout setup
 1. When your account name appears on the page, select **Next**
 
-      ![Example screenshot of the Set up School PC app, Sign in screen, showing that the user's account name appears at the bottom of the page.](images/suspcs/1810_Sign_In_SUSPC.png)  
+      ![Example screenshot of the Set up School PC app, Sign in screen, showing that the user's account name appears at the bottom of the page.](images/suspcs/1810_Sign_In_SUSPC.png)
 
 ### Wireless network
 
-Add and save the wireless network profile that you want student devices to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.  
+Add and save the wireless network profile that you want student devices to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.
 
-Select your organization's Wi-Fi network from the list of available wireless networks, or select **Add a wireless network** to manually configure it. Then select **Next**  
+Select your organization's Wi-Fi network from the list of available wireless networks, or select **Add a wireless network** to manually configure it. Then select **Next**
 
- ![Example screenshot of the Set up School PC app, Wireless network page with two Wi-Fi networks listed, one of which is selected.](images/suspcs/1810_SUSPC_select_Wifi.png)  
+ ![Example screenshot of the Set up School PC app, Wireless network page with two Wi-Fi networks listed, one of which is selected.](images/suspcs/1810_SUSPC_select_Wifi.png)
 
 ### Device names
 
@@ -147,17 +147,17 @@ To make sure all device names are unique, Set up School PCs automatically append
 
 To keep the default name for your devices, select **Continue with existing names**.
 
-  !["Name these devices" screen with the device field filled in with example device name, "Grd8."](images/suspcs/1810_name-devices_SUSPC.png)  
+  !["Name these devices" screen with the device field filled in with example device name, "Grd8."](images/suspcs/1810_name-devices_SUSPC.png)
 
 ### Settings
 
 Select more settings to include in the provisioning package. To begin, select the operating system on your student PCs.
 
-![Screenshot of the Current OS version page with the Select OS version menu selected, showing 7 Windows 10 options. All other settings on page are unavailable to select.](images/suspcs/1810_suspc_settings.png)  
+![Screenshot of the Current OS version page with the Select OS version menu selected, showing 7 Windows 10 options. All other settings on page are unavailable to select.](images/suspcs/1810_suspc_settings.png)
 
 Setting selections vary based on the OS version you select.
 
-![Example screenshot of the Current OS version page, with Windows 10 version 1803 selected. 4 available settings and 1 unavailable setting are shown, and none are selected.](images/suspcs/1810_SUSPC_available_settings.png)  
+![Example screenshot of the Current OS version page, with Windows 10 version 1803 selected. 4 available settings and 1 unavailable setting are shown, and none are selected.](images/suspcs/1810_SUSPC_available_settings.png)
 
 The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column.
 
@@ -172,20 +172,20 @@ The following table describes each setting and lists the applicable Windows 10 v
 
 After you've made your selections, select **Next**.
 
-### Time zone  
+### Time zone
 
 > [!WARNING]
 > If you are using the Autounattend.xml file to reimage your school PCs, do not specify a time zone in the file. If you set the time zone in the file *and* in this app, you will encounter an error.
 
-Choose the time zone where your school's devices are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, select **Next**.  
+Choose the time zone where your school's devices are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, select **Next**.
 
-![Choose PC time zone page with the time zone menu expanded to show all time zone selections.](images/suspcs/1810_suspc_timezone.png)  
+![Choose PC time zone page with the time zone menu expanded to show all time zone selections.](images/suspcs/1810_suspc_timezone.png)
 
 ### Product key
 
 Optionally, type in a 25-digit product key to upgrade or change the edition of Windows on your student devices. If you don't have a product key, select **Continue without change**.
 
-![Example screenshot of the Set up School PC app, Product key screen, showing a value field, Next button, and Continue without change option.](images/suspcs/1810_suspc_product_key.png)  
+![Example screenshot of the Set up School PC app, Product key screen, showing a value field, Next button, and Continue without change option.](images/suspcs/1810_suspc_product_key.png)
 
 ### Take a Test
 
@@ -195,7 +195,7 @@ Set up the Take a Test app to give online quizzes and high-stakes assessments. D
 
     ![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/suspcs/1810_SUSPC_Take_Test.png)
 
-1. Select from the advanced settings. Available settings include:  
+1. Select from the advanced settings. Available settings include:
     - Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the device's keyboard
     - Allow teachers to monitor online tests: Enables screen capture in the Take a Test app
 1. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to select or enter the link to view the assessment
@@ -203,11 +203,11 @@ Set up the Take a Test app to give online quizzes and high-stakes assessments. D
 
 ### Personalization
 
-Upload custom images to replace the student devices' default desktop and lock screen backgrounds. Select **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.  
+Upload custom images to replace the student devices' default desktop and lock screen backgrounds. Select **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.
 
-If you don't want to upload custom images or use the images that appear in the app, select **Continue without personalization**. This option doesn't apply any customizations, and instead uses the devices' default or preset images.  
+If you don't want to upload custom images or use the images that appear in the app, select **Continue without personalization**. This option doesn't apply any customizations, and instead uses the devices' default or preset images.
 
-![Example image of the Set up School PCs app, Personalization screen, showing the default desktop and lock screen background photos, a Browse button under each photo, a blue Next button, and a Continue without personalization button.](images/suspcs/1810_SUSPC_personalization.png)  
+![Example image of the Set up School PCs app, Personalization screen, showing the default desktop and lock screen background photos, a Browse button under each photo, a blue Next button, and a Continue without personalization button.](images/suspcs/1810_SUSPC_personalization.png)
 
 ### Summary
 
@@ -216,7 +216,7 @@ Review all of the settings for accuracy and completeness
 1. To make changes now, select any page along the left side of the window
 2. When finished, select **Accept**
 
-![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Time zone, Take a Test. Accept button is available and the page contains three links on the right-hand side to help and support.](images/suspcs/1810_SUSPC_summary.png)  
+![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Time zone, Take a Test. Accept button is available and the page contains three links on the right-hand side to help and support.](images/suspcs/1810_SUSPC_summary.png)
 
 > [!NOTE]
 > To make changes to a saved package, you have to start over.
@@ -230,34 +230,34 @@ Review all of the settings for accuracy and completeness
 
 1. When the package is ready, you see the filename and package expiration date. You can also select **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and select **Next**
 
-![Your provisioning package is ready screen with package filename and expiration date. Shows an active blue, Next button, and a gray Add a USB button.](images/suspcs/1810_SUSPC_Package_ready.png)  
+![Your provisioning package is ready screen with package filename and expiration date. Shows an active blue, Next button, and a gray Add a USB button.](images/suspcs/1810_SUSPC_Package_ready.png)
 
 ## Run package - Get PCs ready
 
 Complete each step on the **Get PCs ready** page to prepare student devices for set-up. Then select **Next**.
 
-![Your provisioning package is ready! screen with 3 steps to get student devices ready for setup. Save button is active.](images/suspcs/suspc_runpackage_getpcsready.png)  
+![Your provisioning package is ready! screen with 3 steps to get student devices ready for setup. Save button is active.](images/suspcs/suspc_runpackage_getpcsready.png)
 
 ## Run package - Install package on PC
 
 The provisioning package on your USB drive is named SetupSchoolPCs_<*devicename*>(Expires <*expiration date*>.ppkg. A provisioning package applies settings to Windows without reimaging the device.
 
-When used in context of the Set up School PCs app, the word *package* refers to your provisioning package. The word *provisioning* refers to the act of installing the package on the student device. This section describes how to apply the settings to a device in your school.  
+When used in context of the Set up School PCs app, the word *package* refers to your provisioning package. The word *provisioning* refers to the act of installing the package on the student device. This section describes how to apply the settings to a device in your school.
 
 > [!IMPORTANT]
-> The devices must have a new or reset Windows image and must not already have been through first-run setup experience (which is referred to as *OOBE*). For instructions about how to reset a devices's image, see [Prepare existing PC account for new setup](use-set-up-school-pcs-app.md#prepare-existing-pc-account-for-new-setup).  
+> The devices must have a new or reset Windows image and must not already have been through first-run setup experience (which is referred to as *OOBE*). For instructions about how to reset a devices's image, see [Prepare existing PC account for new setup](use-set-up-school-pcs-app.md#prepare-existing-pc-account-for-new-setup).
 
 1. Start with the student device turned off or with the device on the first-run setup screen. If the device is past the account setup screen, reset the device to start over. To reset the it, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**
 
     ![Example screenshot of the first screen the Windows 10 PC setup for OOBE. United States is selected as the region and the Yes button is active.](images/suspcs/win10_1703_oobe_firstscreen.png)
-  
+
 1. Insert the USB drive. Windows automatically recognizes and installs the package
 
     ![Screen showing that the installation is automatically beginning, with a loading bar showing the status on the installation.](images/suspcs/suspc_studentpcsetup_installingsetupfile.png)
 
 1. When you receive the message that it's okay to remove the USB drive, remove it from the device. If there are more devices to set up, insert the USB drive into the next one
 
-     ![Screen with message telling user to remove the USB drive.](images/suspcs/suspc_setup_removemediamessage.png)  
+     ![Screen with message telling user to remove the USB drive.](images/suspcs/suspc_setup_removemediamessage.png)
 
 1. If you didn't set up the package with Microsoft Entra join, continue the Windows device setup experience. If you did configure the package with Microsoft Entra join, the device is ready for use and no further configurations are required
 

store-for-business/prerequisites-microsoft-store-for-business.md

@@ -65,11 +65,10 @@ If your organization restricts computers on your network from connecting to the
 - `account.live.com`
 - `clientconfig.passport.net`
 - `windowsphone.com`
-- `\*.wns.windows.com`
+- `*.wns.windows.com`
-- `\*.microsoft.com`
+- `*.microsoft.com`
-- `\*.s-microsoft.com`
+- `*.s-microsoft.com`
 - `www.msftncsi.com` (prior to Windows 10, version 1607)
-- `www.msftconnecttest.com/connecttest.txt` (replaces `www.msftncsi.com`
+- `www.msftconnecttest.com/connecttest.txt` (replaces `www.msftncsi.com` starting with Windows 10, version 1607)
-  starting with Windows 10, version 1607)
  
 Store for Business requires Microsoft Windows HTTP Services (WinHTTP) to install, or update apps.

windows/client-management/client-tools/quick-assist.md

@@ -105,23 +105,7 @@ For more information, visit [Install Quick Assist](https://support.microsoft.com
 
 ### Install Quick Assist with Intune
 
-Before installing Quick Assist, you need to set up synchronization between Intune and Microsoft Store for Business. If you've already set up sync, log into [Microsoft Store for Business](https://businessstore.microsoft.com) and skip to step 5.
+To deploy Quick Assist with Intune, see [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft).
-
-1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Tenant administration** / **Connectors and tokens** / **Microsoft Store for Business** and verify that **Microsoft Store for Business sync** is set to **Enable**.
-1. Using your Global Admin account, log into [Microsoft Store for Business](https://businessstore.microsoft.com).
-1. Select **Manage** / **Settings** and enable **Show offline apps**.
-1. Choose the **Distribute** tab and verify that **Microsoft Intune** is **Active**. You might need to use the **+Add management tool** link if it's not.
-1. Search for **Quick Assist** and select it from the Search results.
-1. Choose the **Offline** license and select **Get the app**
-1. In the Intune admin center, choose **Sync**.
-1. Navigate to **Apps** / **Windows** and you should see **Quick Assist (Offline)** in the list.
-1. Select it to view its properties.
-1. By default, the app isn't assigned to any user or device, select the **Edit** link. Assign the app to the required group of devices and choose **Review + save** to complete the application install.
-
-> [!NOTE]
-> Assigning the app to a device or group of devices instead of a user is important because it's the only way to install a store app in device context.
-
-Visit [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-windows) for more information.
 
 ### Install Quick Assist Offline
 

windows/client-management/wmi-providers-supported-in-windows.md

@@ -76,7 +76,7 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw
 | [**MDM_WirelesssProfileXML**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml)        | Yes                          |
 | [**MDM_WNSChannel**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel)                         | Yes                          |
 | [**MDM_WNSConfiguration**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration)             | Yes                          |
-| [**MSFT_NetFirewallProfile**](/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile)           | Yes                          |
+| [**MSFT_NetFirewallProfile**](/windows/win32/fwp/wmi/wfascimprov/msft-netfirewallprofile)                       | Yes                          |
 | [**MSFT_VpnConnection**](/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection)                 | Yes                          |
 | [**SoftwareLicensingProduct**](/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct)              |                              |
 | [**SoftwareLicensingService**](/previous-versions/windows/desktop/sppwmi/softwarelicensingservice)              |                              |

windows/configuration/assigned-access/xsd.md

@@ -259,7 +259,7 @@ Here's the Assigned Access XSD for the features added in Windows 11, version 21H
 
 ## Windows 10, version 1909 additions
 
-Here's the Assigned Access XSD for the features added in Windows 10, version 1909:
+Here are the Assigned Access XSDs for the features added in Windows 10, version 1909:
 
 ```xml
 <xs:schema
@@ -292,6 +292,33 @@ Here's the Assigned Access XSD for the features added in Windows 10, version 190
 </xs:schema>
 ```
 
+```xml
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning"
+    vc:minVersion="1.1"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/202010/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/202010/config"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/202010/config"
+    >
+
+    <xs:complexType name="deviceOwnerGroup_t">
+        <xs:attribute name="Name" type="xs:string" fixed="DeviceOwner" />
+    </xs:complexType>
+
+    <xs:complexType name="exclusion_t">
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:choice>
+                   <xs:element name="SpecialGroup" type="deviceOwnerGroup_t" minOccurs="1" maxOccurs="1" />
+                </xs:choice>
+            </xs:sequence>
+    </xs:complexType>
+
+    <xs:element name="Exclusions" type="exclusion_t" />
+</xs:schema>
+```
+
 ## Windows 10, version 1809 additions
 
 Here's the Assigned Access XSD for the features added in Windows 10, version 1809:
@@ -331,4 +358,4 @@ Here's the Assigned Access XSD for the features added in Windows 10, version 180
     <xs:attribute name="AutoLaunchArguments" type="xs:string"/>
     <xs:attribute name="DisplayName" type="xs:string"/>
 </xs:schema>
-```
+```

windows/configuration/start/layout.md

@@ -649,45 +649,3 @@ When you configure the Start layout with policy settings, you overwrite the enti
 [MEM-1]: /mem/intune/configuration/custom-settings-windows-10
 [PS-1]: /powershell/module/startlayout/export-startlayout
 [WIN-1]: /windows/client-management/mdm/policy-csp-start
-
-
-<!--
-## Add image for secondary Microsoft Edge tiles
-
-App tiles are the Start screen tiles that represent and launch an app. A tile that allows a user to go to a specific location in an app is a *secondary tile*. Some examples of secondary tiles include:
-
-- Weather updates for a specific city in a weather app
-- A summary of upcoming events in a calendar app
-- Status and updates from an important contact in a social app
-- A website in Microsoft Edge
-
-By using the PowerShell cmdlet `export-StartLayoutEdgeAssets` and the policy setting `ImportEdgeAssets`, the tiles display the same as they did on the device from which you exported the Start layout.
-
-[!INCLUDE [example-secondary-tiles](includes/example-secondary-tiles.md)]
-
-## Export Start layout and assets
-
-1. If you'd like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
-   - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"`
-
-   - Open `C:\Users\<username>\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images.
-
-1. In Windows PowerShell, enter the following command:
-
-    ```powershell
-    Export-StartLayoutEdgeAssets assets.xml
-    ```
-
-[!INCLUDE [example-assets](includes/example-assets.md)]
-
-## Configure policy settings
-
-Prepare the Start layout and Edge assets XML files
-
-The `Export-StartLayout` and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
-
-1. Copy the contents of layout.xml into an online tool that escapes characters.
-1. Copy the contents of assets.xml into an online tool that escapes characters.
-1. When you create a provisioning package, you'll copy the text with the escape characters and paste it in the customizations.xml file for your project.
-
--->

windows/configuration/taskbar/includes/allow-widgets.md

@@ -15,4 +15,4 @@ This policy specifies whether the widgets feature is allowed on the device.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/NewsAndInterests/`[AllowNewsAndInterests](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests) |
-| **GPO** | **Computer Configuration**  > **Administrative Templates** > **Windows Components** > **Widgets** |
+| **GPO** | - **Computer Configuration**  > **Administrative Templates** > **Windows Components** > **Widgets** |

windows/configuration/taskbar/includes/configure-start-layout.md

@@ -13,7 +13,7 @@ This policy setting lets you specify the applications pinned to the taskbar. The
 
 |  | Path |
 |--|--|
-| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
+| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
 
 For more information, see [Customize the taskbar pinned applications](../pinned-apps.md).

windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md

@@ -18,4 +18,4 @@ This policy setting allows you to configure search on the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Search/`[ConfigureSearchOnTaskbarMode](/windows/client-management/mdm/policy-csp-search#configuresearchontaskbarmode) |
-| **GPO** | **Computer Configuration**  > **Windows Components** > **Search** |
+| **GPO** | - **Computer Configuration**  > **Windows Components** > **Search** |

windows/configuration/taskbar/includes/disable-editing-quick-settings.md

@@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[DisableEditingQuickSettings](/windows/client-management/mdm/policy-csp-start#disableeditingquicksettings)|
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |

windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md

@@ -15,4 +15,4 @@ With this policy setting you control the pinning of items in Jump Lists.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md

@@ -15,4 +15,4 @@ This policy setting allows you to control pinning programs to the Taskbar.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#nopinningtotaskbar) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md

@@ -15,4 +15,4 @@ This policy setting allows you to control pinning the Store app to the Taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md

@@ -12,4 +12,4 @@ This policy setting allows you to prevent taskbars from being displayed on more
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md

@@ -18,4 +18,4 @@ This policy setting allows you to control displaying or tracking items in Jump L
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/hide-recent-jumplists.md

@@ -19,5 +19,5 @@ Prevents the operating system and installed programs from creating and displayin
 
 |  | Path |
 |--|--|
-| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
+| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|

windows/configuration/taskbar/includes/hide-the-notification-area.md

@@ -12,4 +12,4 @@ This setting affects the notification area (previously called the "system tray")
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/hide-the-taskview-button.md

@@ -11,5 +11,5 @@ This policy setting allows you to hide the TaskView button. If you enable this p
 
 |  | Path |
 |--|--|
-| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
+| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
-| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/lock-all-taskbar-settings.md

@@ -15,4 +15,4 @@ With this policy setting you lock all taskbar settings.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/lock-the-taskbar.md

@@ -12,4 +12,4 @@ This setting affects the taskbar, which is used to switch between running applic
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md

@@ -15,4 +15,4 @@ With this policy setting you prevent changes to taskbar and Start settings.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md

@@ -15,4 +15,4 @@ Taskbar grouping consolidates similar applications when there's no room on the t
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md

@@ -15,4 +15,4 @@ With this policy setting you prevent users from adding or removing toolbars.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md

@@ -15,4 +15,4 @@ With this policy setting you prevent users from moving taskbar to another screen
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md

@@ -15,4 +15,4 @@ With this policy setting you prevent users from rearranging toolbars.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md

@@ -15,4 +15,4 @@ With this policy setting you prevent users from resizing the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md

@@ -17,4 +17,4 @@ This policy setting doesn't prevent users from using other methods to issue the
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md

@@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-notifications-and-action-center.md

@@ -17,4 +17,4 @@ The notification area is located at the far right end of the taskbar, and includ
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md

@@ -15,4 +15,4 @@ This policy setting allows you to remove pinned programs from the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-quick-settings.md

@@ -17,4 +17,4 @@ If this setting is enabled, Quick Settings isn't displayed in the Quick Settings
 |  | Path |
 |--|--|
 | **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[DisableControlCenter](/windows/client-management/mdm/policy-csp-start#disablecontrolcenter) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-the-battery-meter.md

@@ -15,4 +15,4 @@ With this policy setting you can remove the battery meter from the system contro
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-the-meet-now-icon.md

@@ -15,4 +15,4 @@ With this policy setting allows you can remove the Meet Now icon from the system
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-the-networking-icon.md

@@ -15,4 +15,4 @@ With this policy setting you can remove the networking icon from the system cont
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md

@@ -12,4 +12,4 @@ With this policy allows you can remove the People Bar from the taskbar and disab
 |  | Path |
 |--|--|
 | **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[HidePeopleBar](/windows/client-management/mdm/policy-csp-start#hidepeoplebar) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/remove-the-volume-control-icon.md

@@ -15,4 +15,4 @@ With this policy setting you can remove the volume control icon from the system
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/show-additional-calendar.md

@@ -19,4 +19,4 @@ By default, the calendar is set according to the locale of the operating system,
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/simplify-quick-settings-layout.md

@@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[SimplifyQuickSettings](/windows/client-management/mdm/policy-csp-start#simplifyquicksettings) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md

@@ -15,4 +15,4 @@ With this policy setting you can turn off automatic promotion of notification ic
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md

@@ -18,4 +18,4 @@ This setting determines whether the items are always expanded or always collapse
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

windows/configuration/taskbar/pinned-apps.md

@@ -231,3 +231,7 @@ If you apply the taskbar configuration to a clean install or an update, users ca
 Learn more about the options available to configure Start menu settings using the Configuration Service Provider (CSP) and Group Policy (GPO):
 
 - [Taskbar policy settings](policy-settings.md)
+
+---
+[WIN-1]: /windows/client-management/mdm/policy-csp-start
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10

windows/deployment/do/TOC.yml

@@ -27,6 +27,8 @@
       href: delivery-optimization-proxy.md
     - name: Testing Delivery Optimization
       href: delivery-optimization-test.md
+    - name: Delivery Optimization Troubleshooter
+      href: https://aka.ms/do-fix
 - name: Microsoft Connected Cache
   items:
     - name: What is Microsoft Connected Cache?

windows/deployment/do/delivery-optimization-endpoints.md

@@ -14,7 +14,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for ISPs</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
 - ✅ <a href=https://learn.microsoft.com/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache target=_blank>Connected Cache on a Configuration Manager distribution point</a>		
-ms.date: 03/31/2023
+ms.date: 05/23/2024
 ---
 
 # Microsoft Connected Cache content and services endpoints
@@ -22,7 +22,7 @@ ms.date: 03/31/2023
 > [!NOTE]
 > All ports are outbound.
 
-This article lists the content and services endpoints to allow in your firewall to be used by Microsoft Connected Cache. 
+This article lists the content and services endpoints to allow in your firewall to be used by Microsoft Connected Cache.
 Use the table below to reference any particular content types or services endpoints that are required for [Connected Cache on a Configuration Manager distribution point](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache), [Connected Cache managed in Azure](waas-microsoft-connected-cache.md), or both.
 
 |Domain Name  |Protocol/Port(s)  | Content Type | Additional Information | Microsoft Connected Cache Version |

windows/deployment/do/delivery-optimization-proxy.md

@@ -14,7 +14,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 06/02/2023
+ms.date: 05/23/2024
 ---
 
 # Using a proxy with Delivery Optimization
@@ -36,7 +36,7 @@ If no user is signed in, even if both the Internet Explorer proxy and netsh conf
 
 You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie`) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply.
 
-### Summary of settings behavior
+## Summary of settings behavior
 
 These tables summarize the behavior for various combinations of settings:
 

windows/deployment/do/delivery-optimization-test.md

@@ -29,7 +29,7 @@ Delivery Optimization is a powerful and useful tool to help enterprises manage b
 
 One of the most powerful advantages of using Delivery Optimization is the ability to fine-tune settings that empower users to dial in Microsoft content delivery to meet the needs of specific environments.
 
-## Monitoring The Results
+## Monitoring the Results
 
 Since Delivery Optimization is on by default, you're able to monitor the value either through the Windows Settings for 'Delivery Optimization' using Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-setup.md), and/or via the [Windows Update for Business Report](../update/wufb-reports-workbook.md) experience in Azure.
 
@@ -90,35 +90,39 @@ The following set of instructions will be used for each machine:
 1. Open PowerShell console as 'Administrator'.
    * Clear the DO cache: 'Delete-DeliveryOptimizationCache'.
    * Run 'Get-DeliveryOptimizationStatus'.
+
 2. Open MS Store and search for 'Asphalt Legends 9'. Select *Get* to initiate the download of the content (content size: ~3.4 GB).
 
 **On machine #1**
 
 * Run 'Test Instructions'
 
-|Windows 10 | Windows 11
+  |Windows 10 | Windows 11 |
-|--------|-------------------------------|
+  |--------|-------------------------------|
-| :::image type="content" source="images/test-scenarios/win10/m1-basic-complete.png" alt-text="Windows 10 21H2 - Machine 1 - Basic Test." lightbox="images/test-scenarios/win10/m1-basic-complete.png"::: | :::image type="content" source="images/test-scenarios/win11/m1-basic-complete.png" alt-text="Windows 11 21H2 - Machine 1 - Basic Test." lightbox="images/test-scenarios/win11/m1-basic-complete.png"::: |
+  | :::image type="content" source="images/test-scenarios/win10/m1-basic-complete.png" alt-text="Windows 10 21H2 - Machine 1 - Basic Test." lightbox="images/test-scenarios/win10/m1-basic-complete.png"::: | :::image type="content" source="images/test-scenarios/win11/m1-basic-complete.png" alt-text="Windows 11 21H2 - Machine 1 - Basic Test." lightbox="images/test-scenarios/win11/m1-basic-complete.png":::|
-| **Observations** | |
+  | **Observations** | |
-| *No peers were found on the first machine downloading the content.<br>* 'TotalBytesDownloaded' is equal to the file size.<br>*Status is set to 'Caching' the content so future peers can use it.<br>* Download was happening in the foreground.<br>*DownloadMode is set to 'Group' and no peers were found.<br>* No distinct observations seen between Window 10 and Windows 11 devices. |
+  | - No peers were found on the first machine downloading the content.<br>- 'TotalBytesDownloaded' is equal to the file size.<br>- Status is set to 'Caching' the content so future peers can use it.<br>- Download was happening in the foreground.<br>- DownloadMode is set to 'Group' and no peers were found.<br>- No distinct observations seen between Window 10 and Windows 11 devices. |
 
-*Wait 5 minutes*.
+  *Wait 5 minutes*.
 
 **On machine #2**
 
 * Run 'Test Instructions'
 
-|Windows 10 | Windows 11 |
+  |Windows 10 | Windows 11 |
-|--------|--------------------------------|
+  |--------|--------------------------------|
-| :::image type="content" source="images/test-scenarios/win10/m2-basic-complete.png" alt-text="Windows 10 21H2 - Machine 2 - Basic Test." lightbox="images/test-scenarios/win10/m2-basic-complete.png"::: | :::image type="content" source="images/test-scenarios/win11/m2-basic-complete.png" alt-text="Windows 11 21H2 - Machine 2 - Basic Test." lightbox="images/test-scenarios/win11/m2-basic-complete.png":::|
+  | :::image type="content" source="images/test-scenarios/win10/m2-basic-complete.png" alt-text="Windows 10 21H2 - Machine 2 - Basic Test." lightbox="images/test-scenarios/win10/m2-basic-complete.png"::: | :::image type="content" source="images/test-scenarios/win11/m2-basic-complete.png" alt-text="Windows 11 21H2 - Machine 2 - Basic Test." lightbox="images/test-scenarios/win11/m2-basic-complete.png":::|
-| **Observations** | **Observations**|
+  | **Observations** | **Observations** |
-| *A peer was found for the content and 87% of total bytes came from the peer. <br>* One peer was found for the piece of content, which is expected as there are only two devices in the peering group. <br> *Download mode was set to 'Group', but since group mode includes both LAN and Group devices, Delivery Optimization prioritizes LAN peers, if found. Therefore, 'BytesFromLanPeers' shows bytes where 'BytesFromGroupPeers' doesn't. <br>* 'DownloadDuration' is roughly the same between machines.|*A peer was found for the content and 90% of total bytes came from the peer. <br>* All other points are the same as Windows 10 results. |
+  | - A peer was found for the content and 87% of total bytes came from the peer. <br>- One peer was found for the piece of content, which is expected as there are only two devices in the peering group. <br>- Download mode was set to 'Group', but since group mode includes both LAN and Group devices, Delivery Optimization prioritizes LAN peers, if found. Therefore, 'BytesFromLanPeers' shows bytes where 'BytesFromGroupPeers' doesn't. <br>- 'DownloadDuration' is roughly the same between machines.| - A peer was found for the content and 90% of total bytes came from the peer. <br>-  All other points are the same as Windows 10 results. |
 
 ### Scenario 2: Advance Setup
 
 **Goal:**
+
 Demonstrate how Delivery Optimization peer-to-peer technology works in a non-controlled environment and expanding to three machines
+
 **Expected Results:**
+
 Machine 1 will download zero bytes from peers and Machine 2 will find peers and download 50-99% from peers. Machine 3 will find two peers and download 50-99% from peers.
 
 #### Test Machine Setup
@@ -131,10 +135,10 @@ Machine 1 will download zero bytes from peers and Machine 2 will find peers and
 |RAM | 8 GB |
 |Disk size | 127 GB |
 |Network | Connected to same network, one that is representative of the corporate network. |
-|Delivery Optimization 'Download Mode' Policy| 2 (Group)(set on each machine) |
+|Delivery Optimization 'Download Mode' Policy| 2 (Group)(set on each machine). |
 |Delivery Optimization 'Group ID' Policy| Set the *same* 'GUID' on each test machine. A GUID is required value, which can be generated using PowerShell, '[guid]::NewGuid().](https://devblogs.microsoft.com/scripting/powertip-create-a-new-guid-by-using-powershell/)'. |
-|Delivery Optimization 'Delay background download from http' Policy | 60 (set on each machine) |
+|Delivery Optimization 'Delay background download from http' Policy | 60 (set on each machine). |
-|Delivery Optimization 'Delay foreground download from http Policy |60 (set on each machine) |
+|Delivery Optimization 'Delay foreground download from http Policy |60 (set on each machine). |
 
 #### Testing Instructions
 
@@ -148,25 +152,25 @@ The following set of instructions will be used for each machine:
 
 * Run 'Test Instructions'
 
-**Output: Windows 10 (21H2)**
+  **Output: Windows 10 (21H2)**
 
-![Windows 10 21H2 - Machine 1 - Advanced Test.](images/test-scenarios/win10/m1-adv-complete.png)
+  ![Windows 10 21H2 - Machine 1 - Advanced Test.](images/test-scenarios/win10/m1-adv-complete.png)
 
 **Observations**
 
-* The first download in the group of devices shows all bytes coming from HTTP, 'BytesFromHttp'.
+  * The first download in the group of devices shows all bytes coming from HTTP, 'BytesFromHttp'.
-* Download is in the 'Foreground' because the Store app is doing the download and in the foreground on the device because it's initiated by the user in the Store app.
+  * Download is in the 'Foreground' because the Store app is doing the download and in the foreground on the device because it's initiated by the user in the Store app.
-* No peers are found.
+  * No peers are found.
 
-*Wait 5 minutes*.
+  *Wait 5 minutes*.
 
 **On machine #2:**
 
 * Run 'Test Instructions'
 
-**Output** Windows 10 (21H2)
+  **Output** Windows 10 (21H2)
 
-![Windows 10 21H2 - Machine 2 - Advanced Test.](images/test-scenarios/win10/m2-adv-complete.png)
+  ![Windows 10 21H2 - Machine 2 - Advanced Test.](images/test-scenarios/win10/m2-adv-complete.png)
 
 **Observations**
 
@@ -179,9 +183,9 @@ The following set of instructions will be used for each machine:
 
 * Run 'Test Instructions'
 
-**Output:** Windows 10 (21H2)
+  **Output:** Windows 10 (21H2)
 
-![Windows 10 21H2 - Machine 3 - Advanced Test.](images/test-scenarios/win10/m3-adv-complete.png)
+  ![Windows 10 21H2 - Machine 3 - Advanced Test.](images/test-scenarios/win10/m3-adv-complete.png)
 
 **Observations**
 

windows/deployment/do/delivery-optimization-workflow.md

@@ -17,7 +17,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>	
-ms.date: 01/18/2024
+ms.date: 05/23/2024
 ---
 
 # Delivery Optimization workflow, privacy, security, and endpoints
@@ -41,7 +41,6 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 5. If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fall back to simple mode. Simple mode will only pull content from the HTTP source and peer-to-peer won't be allowed.
 6. Once downloading is complete, Delivery Optimization uses all retrieved pieces of the content to put the file together. At that point, the Delivery Optimization caller (for example, Windows Update) checks the entire file to verify the signature prior to installing it.
 
-
 ## Delivery Optimization service endpoint and data information
 
 |Endpoint hostname | Port|Name|Description|Data sent from the computer to the endpoint

windows/deployment/do/index.yml

@@ -103,4 +103,5 @@ landingContent:
             url: delivery-optimization-endpoints.md
           - text: Testing Delivery Optimization
             url: delivery-optimization-test.md
-
+          - text: Delivery Optimization Troubleshooter
+            url: http://aka.ms/do-fix

windows/deployment/do/mcc-ent-edu-overview.md

@@ -13,12 +13,13 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
-ms.date: 05/09/2023
+ms.date: 05/23/2024
 ---
 
 # Microsoft Connected Cache for Enterprise and Education Overview
 
 > [!IMPORTANT]
+>
 > - Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 > - As we near the release of public preview, we have paused onboarding. Please continue to submit the form to express interest so we can follow up with you once public preview of Microsoft Connected Cache for Enteprise and Education is available. To register your interest, fill out the form located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
 

windows/deployment/do/mcc-enterprise-appendix.md

@@ -15,7 +15,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
-ms.date: 11/07/2023
+ms.date: 05/23/2024
 ---
 
 # Appendix
@@ -28,7 +28,8 @@ ms.date: 11/07/2023
 ### Troubleshooting
 
 If you're not able to sign up for a Microsoft Azure subscription with the **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** error, see the following articles:
-- [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription). 
+
+- [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription).
 - [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
 
 ## Hardware specifications
@@ -91,15 +92,15 @@ There are multiple methods that can be used to apply a policy to PCs that should
 
 You can either set your MCC IP address or FQDN using:
 
-1.  Registry key (version 1709 and later):  
+1. Registry key (version 1709 and later):  
     `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization`
 </br>
     "DOCacheHost"=" "  
-    
+
     From an elevated command prompt:
 
-    ```
+    ```powershell
-    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v DOCacheHost /t REG_SZ /d "10.137.187.38" /f
+        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v DOCacheHost /t REG_SZ /d "10.137.187.38" /f
     ```
 
 1. MDM path (version 1809 and later):
@@ -110,7 +111,6 @@ You can either set your MCC IP address or FQDN using:
 
    :::image type="content" source="./images/ent-mcc-group-policy-hostname.png" alt-text="Screenshot of the Group Policy editor showing the Cache Server Hostname Group Policy setting." lightbox="./images/ent-mcc-group-policy-hostname.png":::
 
-
 ## Verify content using the DO client
 
 To verify that the Delivery Optimization client can download content using MCC, you can use the following steps:
@@ -119,7 +119,6 @@ To verify that the Delivery Optimization client can download content using MCC,
 
    :::image type="content" source="./images/ent-mcc-store-example-download.png" alt-text="Screenshot of the Microsoft Store with the game, Angry Birds 2, selected.":::
 
-
 1. Verify downloads came from MCC by one of two methods:
 
     - Using the PowerShell Cmdlet Get-DeliveryOptimizationStatus you should see *BytesFromCacheServer*.
@@ -127,7 +126,7 @@ To verify that the Delivery Optimization client can download content using MCC,
       :::image type="content" source="./images/ent-mcc-get-deliveryoptimizationstatus.png" alt-text="Screenshot of the output of Get-DeliveryOptimization | FT from PowerShell." lightbox="./images/ent-mcc-get-deliveryoptimizationstatus.png":::
 
     - Using the Delivery Optimization Activity Monitor
-    
+
       :::image type="content" source="./images/ent-mcc-delivery-optimization-activity.png" alt-text="Screenshot of the Delivery Optimization Activity Monitor.":::
 
 ## EFLOW

windows/deployment/do/mcc-enterprise-deploy.md

@@ -1,6 +1,6 @@
 ---
 title: Deploying your cache node
-description: How to deploy a Microsoft Connected Cache (MCC) for Enterprise and Education cache node from the Auzre portal.
+description: How to deploy a Microsoft Connected Cache (MCC) for Enterprise and Education cache node from the Azure portal.
 ms.service: windows-client
 ms.subservice: itpro-updates
 ms.topic: how-to
@@ -13,7 +13,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
-ms.date: 11/09/2023
+ms.date: 05/23/2024
 ---
 
 # Deploy your cache node
@@ -32,10 +32,9 @@ To deploy MCC to your server:
 1. [Verify MCC functionality](#verify-mcc-server-functionality)
 1. [Review common Issues](#common-issues) if needed.
 
-
 ### Provide Microsoft with the Azure subscription ID
 
-As part of the MCC preview onboarding process an Azure subscription ID must be provided to Microsoft. 
+As part of the MCC preview onboarding process an Azure subscription ID must be provided to Microsoft.
 
 > [!IMPORTANT]
 > As we near the release of public preview, we have paused onboarding. Please continue to submit the form to express interest so we can follow up with you once public preview of Microsoft Connected Cache for Enteprise and Education is available. To register your interest, fill out the form located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
@@ -44,12 +43,13 @@ For information about creating or locating your subscription ID, see [Steps to o
 
 ### Create the MCC resource in Azure
 
-The MCC Azure management portal is used to create and manage MCC nodes. An Azure subscription ID is used to grant access to the preview and to create the MCC resource in Azure and Cache nodes. 
+The MCC Azure management portal is used to create and manage MCC nodes. An Azure subscription ID is used to grant access to the preview and to create the MCC resource in Azure and Cache nodes.
 
-Once you take the survey above and the MCC team adds your subscription ID to the allowlist, you'll be given a link to the Azure portal where you can create the resource described below. 
+Once you take the survey above and the MCC team adds your subscription ID to the allowlist, you'll be given a link to the Azure portal where you can create the resource described below.
 
 1. In the Azure portal home page, choose **Create a resource**:  
-    :::image type="content" source="./images/ent-mcc-create-azure-resource.png" alt-text="Screenshot of the Azure portal. The create a resource option is outlined in red.":::
+
+   :::image type="content" source="./images/ent-mcc-create-azure-resource.png" alt-text="Screenshot of the Azure portal. The create a resource option is outlined in red.":::
 
 1. Type **Microsoft Connected Cache** into the search box, and hit **Enter** to show search results.
 
@@ -58,8 +58,9 @@ Once you take the survey above and the MCC team adds your subscription ID to the
 
 1. Select **Microsoft Connected Cache Enterprise** and choose **Create** on the next screen to start the process of creating the MCC resource.
 
-    :::image type="content" source="./images/ent-mcc-azure-search-result.png" alt-text="Screenshot of the Azure portal search results for Microsoft Connected Cache.":::
+   :::image type="content" source="./images/ent-mcc-azure-search-result.png" alt-text="Screenshot of the Azure portal search results for Microsoft Connected Cache.":::
-    :::image type="content" source="./images/ent-mcc-azure-marketplace.png" alt-text="Screenshot of Microsoft Connected Cache Enterprise within the Azure Marketplace.":::
+
+   :::image type="content" source="./images/ent-mcc-azure-marketplace.png" alt-text="Screenshot of Microsoft Connected Cache Enterprise within the Azure Marketplace.":::
 
 1. Fill in the required fields to create the MCC resource.
 
@@ -75,8 +76,7 @@ Once you take the survey above and the MCC team adds your subscription ID to the
 
       :::image type="content" source="./images/ent-mcc-azure-create-connected-cache.png" alt-text="Screenshot of the Create a Connected Cache page within the Azure Marketplace.":::
 
-1. Once all the information has been entered, select the **Review + Create** button. Once validation is complete, select the **Create** button to start the
+1. Once all the information has been entered, select the **Review + Create** button. Once validation is complete, select the **Create** button to start the resource creation.
-    resource creation.
 
     :::image type="content" source="./images/ent-mcc-azure-cache-created.png" alt-text="Screenshot of the completed cache deployment within the Azure." lightbox="./images/ent-mcc-azure-cache-created.png":::
 
@@ -102,7 +102,7 @@ Creating an MCC node is a multi-step process and the first step is to access the
 
 1. Selecting the **Create Cache Node** button will open the **Create Cache Node** page; **Cache Node Name** is the only field required for cache node creation.
 
-   | **Field Name**| **Expected Value**|**Description** |
+   | Field Name | Expected Value | Description |
    |---|---|---|
    | **Cache Node Name** | Alphanumeric name that doesn't include any spaces. | The name of the cache node. You may choose names based on location such as `Seattle-1`. This name must be unique and can't be changed later. |
 
@@ -193,15 +193,16 @@ Installing MCC on your Windows device is a simple process. A PowerShell script p
     > </br>
     > </br> [D] Do not run **[R] Run once** [S] Suspend [?] Help (default is "D"):
 
-1. Choose whether you would like to create a new external virtual switch or select an existing external virtual switch.  
+1. Choose whether you would like to create a new external virtual switch or select an existing external virtual switch.
+
    If creating a new external virtual switch, name your switch and be sure to choose a Local Area Connection (USB adapters work as well however, we do not recommend using Wi-Fi). A computer restart will be required if you're creating a new switch.
 
-    > [!NOTE]
+   > [!NOTE]
-    > Restarting your computer after creating a switch is recommended. You'll notice network delays during installation if the computer has not been restarted.
+   > Restarting your computer after creating a switch is recommended. You'll notice network delays during installation if the computer has not been restarted.
 
-    If you restarted your computer after creating a switch, start from step 2 above and skip to step 5.
+   If you restarted your computer after creating a switch, start from step 2 above and skip to step 5.
 
-    If you opt to use an existing external switch, select the switch from the presented options. Local Area Connection (or USB) is preferable to Wi-Fi. 
+   If you opt to use an existing external switch, select the switch from the presented options. Local Area Connection (or USB) is preferable to Wi-Fi.
 
    :::image type="content" source="./images/ent-mcc-script-new-switch.png" alt-text="Screenshot of the installer script running in PowerShell when a new switch is created." lightbox="./images/ent-mcc-script-new-switch.png":::
 
@@ -220,16 +221,22 @@ Installing MCC on your Windows device is a simple process. A PowerShell script p
    For example, for host configuration where the server IP Address is 192.168.1.202 and the subnet mask is 255.255.255.0, the static IP can be anything 192.168.1.* except 192.168.1.202.
    <!-- Insert Image 1 & 2. Remove ent-mcc-script-dynamic-address.png image (it is replaced by image 2) -->
     :::image type="content" source="./images/external-switch-1.jpg" alt-text="Screenshot of a sample output of ipconfig command showing example of subnet mask." lightbox="./images/external-switch-1.jpg":::
+
     :::image type="content" source="./images/assigning-ip-2.png" alt-text="Screenshot of multiple installer questions about ipv4 address for Eflow." lightbox="./images/assigning-ip-2.png":::
-   
+
    If you would like to use your own DNS server instead of Google DNS 8.8.8.8, select **n** and set your own DNS server IP.
+
    :::image type="content" source="./images/use-custom-dns-3.png" alt-text="Screenshot of multiple installer questions about setting an alternate DNS server." lightbox="./images/use-custom-dns-3.png":::
-   If you use a dynamic IP address, the DHCP server will automatically configure the IP address and DNS settings. 
+
- 
+   If you use a dynamic IP address, the DHCP server will automatically configure the IP address and DNS settings.
-1. Choose where you would like to download, install, and store the virtual hard disk for EFLOW. You'll also be asked how much memory, storage, and how many cores you would like to allocate for the VM. For this example, we chose the default values for download path, install path, and virtual hard disk path. 
+
+1. Choose where you would like to download, install, and store the virtual hard disk for EFLOW. You'll also be asked how much memory, storage, and how many cores you would like to allocate for the VM. For this example, we chose the default values for download path, install path, and virtual hard disk path.
+
    <!-- Insert Image 4 -->
    :::image type="content" source="./images/installation-info-4.png" alt-text="Screenshot of multiple installer questions about memory and storage for EFLOW." lightbox="./images/installation-info-4.png":::
-   For more information, see [Sizing Recommendations](mcc-enterprise-prerequisites.md#sizing-recommendations) for memory, virtual storage, and CPU cores. For this example we chose the recommend values for a Branch Office/Small Enterprise deployment.
+
+   For more information, see [Sizing Recommendations](mcc-enterprise-prerequisites.md#sizing-recommendations) for memory, virtual storage, and CPU cores. For this example we chose the recommended values for a Branch Office/Small Enterprise deployment.
+
    <!-- Insert Image 5 -->
    :::image type="content" source="./images/memory-storage-5.png" alt-text="Screenshot of multiple installer questions about memory and storage." lightbox="./images/memory-storage-5.png":::
    <!-- Remove: If this is your first MCC deployment, select **n** so that a new IoT Hub can be created. If you have already configured MCC before, choose **y** so that your MCCs are grouped in the same IoT Hub.
@@ -238,12 +245,15 @@ Installing MCC on your Windows device is a simple process. A PowerShell script p
 
        :::image type="content" source="./images/ent-mcc-script-select-hub.png" alt-text="Screenshot of the installer script running in PowerShell prompting you to select which IoT Hub to use." lightbox="./images/ent-mcc-script-select-hub.png":::
        -->
-1.  When the installation is complete, you should see the following output (the values below will be your own)
+1. When the installation is complete, you should see the following output (the values below will be your own)
-       :::image type="content" source="./images/ent-mcc-script-complete.png" alt-text="Screenshot of the installer script displaying the completion summary in PowerShell." lightbox="./images/ent-mcc-script-complete.png":::
+
+    :::image type="content" source="./images/ent-mcc-script-complete.png" alt-text="Screenshot of the installer script displaying the completion summary in PowerShell." lightbox="./images/ent-mcc-script-complete.png":::
        <!-- Insert Image 7 -->
+
     :::image type="content" source="./images/installation-complete-7.png" alt-text="Screenshot of expected output when installation is complete." lightbox="./images/installation-complete-7.png":::
 
 1. Your MCC deployment is now complete.
+
    If you don't see any errors, continue to the next section to validate your MCC deployment. Your VM will not appear in Hyper-V Manager as it is an EFLOW VM.
    - After validating your MCC is properly functional, review your management solution documentation, such as [Intune](/mem/intune/configuration/delivery-optimization-windows), to set the cache host policy to the IP address of your MCC.
    - If you had errors during your deployment, see the [Common Issues](#common-issues) section in this article.
@@ -267,10 +277,12 @@ Connect to the EFLOW VM and check if MCC is properly running:
 
 You should see MCC, edgeAgent, and edgeHub running. If you see edgeAgent or edgeHub but not MCC, try this command in a few minutes. The MCC container can take a few minutes to deploy. If iotedge list times out, you can run docker ps -a to list the running containers.
 If the 3 containers are still not running, run the following commands to check if DNS resolution is working correctly:
+
 ```bash
 ping www.microsoft.com
 resolvectl query microsoft.com
 ```
+
 See the [common issues](#common-issues) section for more information.
 
 #### Verify server side
@@ -285,7 +297,7 @@ A successful test result will display a status code of 200 along with additional
 
 :::image type="content" source="./images/ent-mcc-verify-server-ssh.png" alt-text="Screenshot of a successful wget with an SSH client." lightbox="./images/ent-mcc-verify-server-ssh.png":::
 
- :::image type="content" source="./images/ent-mcc-verify-server-powershell.png" alt-text="Screenshot of a successful wget using PowerShell." lightbox="./images/ent-mcc-verify-server-powershell.png":::
+:::image type="content" source="./images/ent-mcc-verify-server-powershell.png" alt-text="Screenshot of a successful wget using PowerShell." lightbox="./images/ent-mcc-verify-server-powershell.png":::
 
 Similarly, enter the following URL from a browser in the network:
 
@@ -311,9 +323,9 @@ If you're seeing errors similar to this error: `The term Get-<Something> isn't r
 
 1. Ensure you have Hyper-V enabled:
 
-    **Windows 10:** [Enable Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v)
+   **Windows 10:** [Enable Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v)
 
-    **Windows Server:** [Install the Hyper-V role on Windows Server](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server)
+   **Windows Server:** [Install the Hyper-V role on Windows Server](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server)
 
 #### Verify Running MCC Container
 
@@ -336,10 +348,9 @@ This command will provide the current status of the starting, stopping of a cont
 
 :::image type="content" source="./images/ent-mcc-journalctl.png" alt-text="Screenshot of the output from journalctl -u iotedge -f." lightbox="./images/ent-mcc-journalctl.png":::
 
-
 > [!NOTE]
 > You should consult the IoT Edge troubleshooting guide ([Common issues and resolutions for Azure IoT Edge](/azure/iot-edge/troubleshoot)) for any issues you may encounter configuring IoT Edge, but we've listed a few issues that we encountered during our internal validation.
->
+
 
 ### DNS needs to be configured
 
@@ -355,53 +366,53 @@ To configure the device to work with your DNS, use the following steps:
 
 1. Use `ifconfig` to find the appropriate NIC adapter name.
 
-    ```bash
+   ```bash
-    ifconfig
+   ifconfig
-    ```
+   ```
 
 1. Run `nmcli device show <network adapter name>` to show the DNS name for the ethernet adapter. For example, to show DNS information for **eno1**:
 
-    ```bash
+   ```bash
-    nmcli device show eno1 
+   nmcli device show eno1 
-    ```
+   ```
 
-    :::image type="content" source="images/mcc-isp-nmcli.png" alt-text="Screenshot of a sample output of nmcli command to show network adapter information." lightbox="./images/mcc-isp-nmcli.png":::
+   :::image type="content" source="images/mcc-isp-nmcli.png" alt-text="Screenshot of a sample output of nmcli command to show network adapter information." lightbox="./images/mcc-isp-nmcli.png":::
 
 1. Open or create the Docker configuration file used to configure the DNS server.
 
-    ```bash
+   ```bash
-    sudo nano /etc/docker/daemon.json
+   sudo nano /etc/docker/daemon.json
-    ```
+   ```
 
 1. Paste the following string into the **daemon.json** file, and include the appropriate DNS server address. For example, in the previous screenshot, `IP4.DNS[1]` is `10.50.10.50`.
 
-    ```bash
+   ```bash
-    { "dns": ["x.x.x.x"]}
+   { "dns": ["x.x.x.x"]}
-    ```
+   ```
 
 1. Save the changes to daemon.json. If you need to change permissions on this file, use the following command:
 
-    ```bash
+   ```bash
-    sudo chmod 555 /etc/docker/daemon.json
+   sudo chmod 555 /etc/docker/daemon.json
-    ```
+   ```
 
 1. Restart Docker to pick up the new DNS setting. Then restart IoT Edge.
 
-    ```bash
+   ```bash
-    sudo systemctl restart docker
+   sudo systemctl restart docker
-    sudo systemctl daemon-reload
+   sudo systemctl daemon-reload
-    sudo restart IoTEdge
+   sudo restart IoTEdge
-    ```
+   ```
 
 ### Resolve DNS issues
-Follow these steps if you see a DNS error when trying to resolve hostnames during the provisioning or download of container:
-Run ``` Get-EflowVmEndpoint ``` to get interface name
 
-Once you get the name 
+Follow these steps if you see a DNS error when trying to resolve hostnames during the provisioning or download of container:
+Run `Get-EflowVmEndpoint` to get interface name
+
+Once you get the name:
+
 ```bash
 Set-EflowVmDNSServers -vendpointName "interface name from above" -dnsServers @("DNS_IP_ADDRESS")
 Stop-EflowVm
 Start-EflowVm
 ```
-
-

windows/deployment/do/mcc-enterprise-prerequisites.md

@@ -13,7 +13,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
-ms.date: 11/07/2023
+ms.date: 05/23/2024
 ---
 
 # Requirements of Microsoft Connected Cache for Enterprise and Education (early preview)

windows/deployment/do/mcc-enterprise-update-uninstall.md

@@ -15,7 +15,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a> 
-ms.date: 10/12/2022
+ms.date: 05/23/2024
 ---
 
 <!-- Customers will no longer update the private preview and instead install public preview
@@ -39,9 +39,9 @@ For example:
 -->
 # Uninstall MCC
 
-Please contact the MCC Team before uninstalling to let us know if you're facing issues.
+Contact the MCC Team before uninstalling to let us know if you're facing issues.
 
-This script will remove the following items:
+This script removes the following items:
 
 1. EFLOW + Linux VM
 1. IoT Edge

windows/deployment/do/mcc-isp-cache-node-configuration.md

@@ -15,12 +15,12 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for ISPs</a>
-ms.date: 08/16/2023
+ms.date: 05/23/2024
 ---
 
 # Cache node configuration
 
-All cache node configuration takes place within Azure portal. This article outlines all of the settings that you're able to configure. 
+All cache node configuration takes place within Azure portal. This article outlines all of the settings that you're able to configure.
 
 ## Settings
 
@@ -45,4 +45,3 @@ All cache node configuration takes place within Azure portal. This article outli
 | **Manual routing - Address range/CIDR blocks** | IPv4 CIDR notation | The IP address range (CIDR blocks) that should be routed to the MCC server as a comma separated list. For example: 2.21.234.0/24, 3.22.235.0/24, 4.23.236.0/24 |
 | **BGP - Neighbor ASN** | ASN | When configuring BGP, enter the ASN(s) of your neighbors that you want to establish. |
 | **BGP - Neighbor IP address** | IPv4 address | When configuring BGP, enter the IP address(es) of neighbors that you want to establish. |
-

windows/deployment/do/mcc-isp-create-provision-deploy.md

@@ -13,7 +13,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for ISPs</a> 	
-ms.date: 05/09/2023
+ms.date: 05/23/2024
 ---
 
 # Create, configure, provision, and deploy the cache node in Azure portal
@@ -54,12 +54,14 @@ You can manually upload a list of your CIDR blocks in Azure portal to enable man
 BGP (Border Gateway Protocol) routing is another method offered for client routing. BGP dynamically retrieves CIDR ranges by exchanging information with routers to understand reachable networks. For an automatic method of routing traffic, you can choose to configure BGP routing in Azure portal.
 
 Microsoft Connected Cache includes Bird BGP, which enables the cache node to:
- - Establish iBGP peering sessions with routers, route servers, or route collectors within operator networks 
+
- - Act as a route collector 
+- Establish iBGP peering sessions with routers, route servers, or route collectors within operator networks
+- Act as a route collector
 
 The operator starts the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then starts the session with the Microsoft Connected Cache node from the router.
 
 In the example configuration below:
+
 - The operator ASN is 65100
 - The ASN of the Microsoft Connected Cache cache node is 65100 and the IP address is 192.168.8.99
 - iBGP peering sessions are established from the portal for ASNs 65100, 65200, and 65300.
@@ -125,7 +127,7 @@ There are five IDs that the device provisioning script takes as input in order t
 
 1. After completing cache node provisioning, navigate to the **Server provisioning** tab. Select **Download provisioning package** to download the installation package to your server.  
 
-1. Open a terminal window in the directory where you would like to deploy your cache node and run the following command to change the access permission to the Bash script: 
+1. Open a terminal window in the directory where you would like to deploy your cache node and run the following command to change the access permission to the Bash script:
 
     ```bash
     sudo chmod +x provisionmcc.sh

windows/deployment/do/mcc-isp-faq.yml

@@ -15,7 +15,7 @@ metadata:
   appliesto: 
     - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
     - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-  ms.date: 03/21/2024
+  ms.date: 05/23/2024
 title: Microsoft Connected Cache Frequently Asked Questions
 summary: |
   Frequently asked questions about Microsoft Connected Cache

windows/deployment/do/mcc-isp-overview.md

@@ -13,7 +13,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for ISPs</a>	
-ms.date: 03/21/2024
+ms.date: 05/23/2024
 ---
 
 # Microsoft Connected Cache for ISPs overview
@@ -45,7 +45,6 @@ MCC complements peering by offloading static content that is served off of multi
 
 :::image type="content" source="./media/mcc-isp-overview/mcc-isp-peeringvsmcc.png" alt-text="Chart containing Peering vs Cache Content Traffic." lightbox="./media/mcc-isp-overview/mcc-isp-peeringvsmcc.png":::
 
-
 ## How MCC works
 
 :::image type="content" source="./images/mcc-isp-diagram.png" alt-text="Data flow diagram of how Microsoft Connected Cache works." lightbox="./images/mcc-isp-diagram.png":::
@@ -90,4 +89,3 @@ The following are recommended hardware configurations based on traffic ranges:
 *Requires systems (chipset, CPU, motherboard) with PCIe version 3, or higher.
 
 **Drive speeds are important and to achieve higher egress, we recommend SSD NVMe in m.2 PCIe slot (version 4, or higher).
-

windows/deployment/do/mcc-isp-signup.md

@@ -13,12 +13,12 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for ISPs</a>	
-ms.date: 07/07/2023
+ms.date: 05/23/2024
 ---
 
 # Operator sign up and service onboarding for Microsoft Connected Cache
 
-This article details the process of signing up for Microsoft Connected Cache for Internet Service Providers (public preview). 
+This article details the process of signing up for Microsoft Connected Cache for Internet Service Providers (public preview).
 
  > [!NOTE]
  > Microsoft Connected Cache is now in public preview. Instead of submitting a survey, you can directly onboard by following the instructions in this article.
@@ -34,7 +34,7 @@ Before you begin sign up, ensure you have the following components:
 
 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal.
 
-1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. 
+1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email.
 
 1. **Server**: Ensure the server you wish to install Microsoft Connected Cache on is ready, and that the server is installed on Ubuntu 20.04 LTS.
 1. **Configure cache drive**: Make sure that you have a data drive configured with full permissions on your server. You'll need to specify the location for this cache drive during the cache node configuration process. The minimum size for the data drive is 100 GB. For instructions to mount a disk on a Linux VM, see [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk).

windows/deployment/do/mcc-isp-support.md

@@ -13,7 +13,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for ISPs</a>	
-ms.date: 02/07/2024
+ms.date: 05/23/2024
 ---
 
 # Support and troubleshooting
@@ -38,51 +38,49 @@ During sign-up, a verification code is sent to your NOC email address present in
 
 Delete any MCC resource that you're using before you resign up for the service. Deleting any existing MCC resource unlocks your ASN, which allows you to successfully sign up.
 
-
 ### Cache Node Errors  
 
 #### Network connectivity issues
 
  Updating Docker's DNS can help resolve some connectivity issues.
- Try the following Docker DNS updates until one solves your connectivity problem. 
+ Try the following Docker DNS updates until one solves your connectivity problem.
  Once connectivity is established, there's no need to continue updating Docker's DNS.
 
 ##### Update Docker's DNS to use the Google DNS resolver
 
-```
+```bash
 nano /etc/docker/daemon.json
 ```
 
 Update the contents of this file to match the following example, which includes the public Google DNS resolver:
 
-```
+```bash
 "log-driver": "json-file", "log-opts": {"max-size": "10m","max-file": "3"},"dns":["8.8.8.8", "8.8.4.4"]
-``` 
+```
 
 Save and close using the command CTRL-X and then Y(es) to save
-		 
+
 Restart Docker for this change to take effect:
 
-```
+```bash
 systemctl restart docker
 ```
 
 Rerun the IoT Edge Check command to validate proper connectivity:
 
-```
+```bash
 iotedge check -verbose
 ```
 
-
 ##### Update Docker's DNS to use your company's DNS resolver
 
-```
+```bash
 nano /etc/docker/daemon.json
 ```
 
-Update the contents of this file to match the following example, which includes the public Google DNS resolver: 
+Update the contents of this file to match the following example, which includes the public Google DNS resolver:
 
-```
+```bash
 "log-driver": "json-file", "log-opts": {"max-size": "10m","max-file": "3"},"dns":["<Your companies DNS Resolver IP Address>"]
 ```
 
@@ -90,13 +88,13 @@ Save and close using the command CTRL-X and then Y(es) to save.
 
 Restart Docker for this change to take effect:
 
-```
+```bash
 systemctl restart docker
 ```
 
 Rerun the IoT Edge Check command to validate proper connectivity:
 
-```
+```bash
 iotedge check -verbose
 ```
 
@@ -122,4 +120,3 @@ To onboard onto Microsoft Connected Cache, you'll need an Azure subscription ID.
 
 - [Pay-as-you-go-subscription](https://azure.microsoft.com/offers/ms-azr-0003p/)
 - [Azure free account FAQs](https://azure.microsoft.com/free/free-account-faq/)
-

windows/deployment/do/mcc-isp-update.md

@@ -15,16 +15,16 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for ISPs</a>	
-ms.date: 10/10/2022
+ms.date: 05/23/2024
 ---
 
 # Update or uninstall your cache node
 
-This article details how to update or uninstall your cache node. 
+This article details how to update or uninstall your cache node.
 
 ## Update cache node
 
-Microsoft will release updates for Microsoft Connected Cache periodically to improve performance, functionality, and security. Updates won't require any action from the customer. Instead, when an update is available, your cache node will automatically update during low traffic hours with minimal to no impact to your end customers. 
+Microsoft will release updates for Microsoft Connected Cache periodically to improve performance, functionality, and security. Updates won't require any action from the customer. Instead, when an update is available, your cache node will automatically update during low traffic hours with minimal to no impact to your end customers.
 
 To view which version your cache nodes are currently on, navigate to the **Cache nodes** tab to view the versions in the list view.
 

windows/deployment/do/mcc-isp-verify-cache-node.md

@@ -12,12 +12,12 @@ ms.reviewer: mstewart
 ms.collection: tier3
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/mcc-isp target=_blank>Microsoft Connected Cache for ISPs</a>
-ms.date: 02/09/2023
+ms.date: 05/23/2024
 ---
 
 # Verify cache node functionality and monitor health and performance
 
-This article details how to verify that your cache node(s) are functioning properly and serving traffic. This article also details how to monitor your cache nodes. 
+This article details how to verify that your cache node(s) are functioning properly and serving traffic. This article also details how to monitor your cache nodes.
 
 ## Verify cache node installation is complete
 
@@ -39,7 +39,7 @@ For example, this command provides the current status of the starting and stoppi
 
 :::image type="content" source="./images/mcc-isp-edge-journalctl.png" alt-text="Terminal output of journalctl command for iotedge." lightbox="./images/mcc-isp-edge-journalctl.png":::
 
-You may need to wait up to 30 minutes for the cache node software to complete downloading and begin caching. 
+You may need to wait up to 30 minutes for the cache node software to complete downloading and begin caching.
 
 ## Verify functionality on Azure portal
 
@@ -75,11 +75,11 @@ If the test fails, for more information, see the [FAQ](mcc-isp-faq.yml) article.
 
 ## Verify BGP routing configuration
 
-To verify your BGP routes are correctly configured for a cache node, navigate to **Settings > Cache nodes**. Select the cache node you wish to verify BGP routes for. 
+To verify your BGP routes are correctly configured for a cache node, navigate to **Settings > Cache nodes**. Select the cache node you wish to verify BGP routes for.
 
-Verify that under **Routing Information**, the state of **BGP routes received** is True. Verify the IP space is correct. Lastly, select **Download JSON** next to **Download BGP Routes** to view the BGP routes that your cache node is currently advertising. 
+Verify that under **Routing Information**, the state of **BGP routes received** is True. Verify the IP space is correct. Lastly, select **Download JSON** next to **Download BGP Routes** to view the BGP routes that your cache node is currently advertising.
 
-If **BGP routes received** is False, your **IP Space** is 0, or you're experiencing any BGP routing errors, ensure your **ASN** and **IP address** is entered correctly. 
+If **BGP routes received** is False, your **IP Space** is 0, or you're experiencing any BGP routing errors, ensure your **ASN** and **IP address** is entered correctly.
 
 ## Monitor cache node health and performance
 

windows/deployment/do/mcc-isp-vm-performance.md

@@ -12,7 +12,7 @@ ms.reviewer: mstewart
 ms.collection: tier3
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/mcc-isp target=_blank>Microsoft Connected Cache for ISPs</a>
-ms.date: 12/31/2017
+ms.date: 05/23/2024
 ---
 
 # Enhancing cache performance
@@ -30,7 +30,7 @@ The Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. Install
 
 #### Drive performance
 
-The maximum number of disks supported is 9. When configuring your drives, we recommend SSD drives as cache read speed of SSD is superior to HDD. In addition, using multiple disks is recommended to improve cache performance. 
+The maximum number of disks supported is 9. When configuring your drives, we recommend SSD drives as cache read speed of SSD is superior to HDD. In addition, using multiple disks is recommended to improve cache performance.
 
 RAID disk configurations are discouraged as cache performance will be impacted. If using RAID disk configurations, ensure striping.
 

windows/deployment/do/mcc-isp.md

@@ -10,7 +10,7 @@ ms.reviewer: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
 ms.collection: tier3
-ms.date: 03/07/2023
+ms.date: 05/23/2024
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
@@ -114,7 +114,6 @@ To deploy MCC:
 6. [Verify properly functioning MCC server](#verify-properly-functioning-mcc-server)
 7. [Review common issues if needed](#common-issues)
 
-
 ## Provide Microsoft with your Azure subscription ID
 
 As part of the MCC preview onboarding process, an Azure subscription ID must be provided to Microsoft.
@@ -388,7 +387,6 @@ Before you start, make sure that you have a data drive configured on your server
 
     :::image type="content" source="./images/mcc-isp-use-bgp.png" alt-text="Screenshot of the Cache Node Configuration page with the Prefix Source set to Use BGP.":::
 
-
 1. If there are no errors, go to the next section to verify the MCC server.
 
     If there are errors:
@@ -567,7 +565,6 @@ To migrate, use the following steps:
    :::image type="content" source="images/mcc-isp-migrate.png" alt-text="A screenshot of Azure portal showing the migration instructions for migrating a cache node from the early preview to the public preview." lightbox="images/mcc-isp-migrate.png":::
 1. Go to https://portal.azure.com and navigate to your resource to check your migrated cache nodes.
 
-
 ## Uninstalling MCC
 
 In the installer zip file, you'll find the file **uninstallmcc.sh**. This script uninstalls MCC and all the related components. Before you run this script, contact the MCC team. Only run it if you're facing issues with MCC installation.
@@ -592,13 +589,12 @@ sudo ./uninstallmcc.sh
 ```
 
 ## Appendix
- 
+
 ### Steps to obtain an Azure subscription ID
 
 <!--Using include file, get-azure-subscription.md, for shared content-->
 [!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
 
-
 ### Performance of MCC in virtual environments
 
 In virtual environments, the cache server egress peaks at around 1.1 Gbps. If you want to maximize the egress in virtual environments, it's critical to change the following two settings:

windows/deployment/do/waas-delivery-optimization-faq.yml

@@ -17,7 +17,7 @@ metadata:
     - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
     - ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019, and later</a>
     - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>	
-  ms.date: 02/16/2024
+  ms.date: 05/23/2024
 title: Frequently Asked Questions about Delivery Optimization
 summary: |
   This article answers frequently asked questions about Delivery Optimization.
@@ -38,7 +38,7 @@ summary: |
   - [My firewall requires IP addresses and can't process FQDNs. How do I configure it to download content with Delivery Optimization?How do I configure it to download content with Delivery Optimization?](#my-firewall-requires-ip-addresses-and-can-t-process-fqdns--how-do-i-configure-it-to-download-content-with-delivery-optimization)
   - [What is the recommended configuration for Delivery Optimization used with cloud proxies?](#what-is-the-recommended-configuration-for-delivery-optimization-used-with-cloud-proxies)
  
-   **Peer-to-Peer related questions**: 
+   **Peer-to-peer related questions**: 
 
   - [How does Delivery Optimization determine which content is available for peering?](#how-does-delivery-optimization-determine-which-content-is-available-for-peering)
   - [Does Delivery Optimization use multicast?](#does-delivery-optimization-use-multicast)
@@ -77,11 +77,12 @@ sections:
     questions:
       - question: Which ports does Delivery Optimization use?
         answer: | 
-          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
+          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound and outbound TCP traffic through your firewall. If you don't allow traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download updates by using HTTP over port 80 (or HTTPS over port 443 where applicable).
 
-          Delivery Optimization uses Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
+          If you set the "Download Mode" policy to "Group (2)" or "Internet (3)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
 
-          Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
+          Delivery Optimization also communicates with its cloud service by using HTTPS over port 443.
+          
       - question: What are the requirements if I use a proxy?
         answer: |
           For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).

windows/deployment/do/waas-delivery-optimization-monitor.md

@@ -16,14 +16,14 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 08/13/2023
+ms.date: 05/23/2024
 ---
 
 # Monitor Delivery Optimization
 
 To monitor Delivery Optimization, you can use either the Windows Update for Business Delivery Optimization Report or Windows PowerShell cmdlets.
 
-## Monitor with Windows Update for Business Delivery Optimization Report
+## Monitor with Windows Update for Business Delivery Optimization report
 
 Windows Update for Business Delivery Optimization Report provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer, Microsoft Connected Cache (MCC), HTTP source/CDN distribution over the past 28 days.
 
@@ -47,7 +47,7 @@ For details, see [Windows Update for Business Delivery Optimization Report](/win
 | TotalBytesDownloaded | The number of bytes from any source downloaded so far |
 | PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
 | BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
-| BytesfromHTTP | Total number of bytes received over HTTP. This metric represents all HTTP sources, **which includes BytesFromCacheServer** |
+| BytesFromHTTP | Total number of bytes received over HTTP. This metric represents all HTTP sources, **which includes BytesFromCacheServer** |
 | Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but isn't uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
 | Priority | Priority of the download; values are **foreground** or **background** |
 | BytesFromCacheServer | Total number of bytes received from cache server (MCC) |
@@ -58,17 +58,17 @@ For details, see [Windows Update for Business Delivery Optimization Report](/win
 | BytesToGroupPeers | Total number of bytes delivered from peers found in the group |
 | BytesToInternetPeers | Total number of bytes delivered from peers found on the LAN  |
 | DownloadDuration | Total download time in seconds |
-| HttpConnectionCount |  |
+| HttpConnectionCount | Number of connections to HTTP source |
-| LanConnectionCount |  |
+| LanConnectionCount | Number of connections to LAN peers |
-| GroupConnectionCount |  |
+| GroupConnectionCount | Number of connections to Group peers |
-| InternetConnectionCount |  |
+| InternetConnectionCount | Number of connections to Internet peers |
-| DownloadMode |  |
+| DownloadMode | Delivery Optimization DownloadMode value |
 | SourceURL | Http source for the file |
 | CacheHost | IP address for the cache server |
 | NumPeers | Indicates the total number of peers returned from the service. |
 | PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. |
 | ExpireOn | The target expiration date and time for the file. |
-| IsPinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). |
+| IsPinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `Set-DeliveryOptimizationStatus`). |
 
 `Get-DeliveryOptimizationPerfSnap` returns a list of key performance data:
 
@@ -76,40 +76,36 @@ For details, see [Windows Update for Business Delivery Optimization Report](/win
 | --- | --- |
 | FilesDownloaded | Number of files downloaded |
 | FilesUploaded | Number of files uploaded |
-| Files | |
+| Files | Number of files available in the Delivery Optimization cache |
 | TotalBytesDownloaded | Total bytes downloaded |
 | TotalBytesUploaded | Total bytes uploaded |
 | AverageDownloadSize | Average transfer size (download); that is, the number bytes downloaded divided by the number of files |
 | AverageUploadSize | Average transfer size (upload); the number of bytes uploaded divided by the number of files |
-| DownloadMode | Delivery Optimization Download mode used to deliver file |
+| DownloadMode | Delivery Optimization Download mode configured for this device |
-| CacheSizeBytes |  |
+| CacheSizeBytes | Total disk space occupied by downloaded files in Delivery Optimization cache  |
-| TotalDiskBytes |  |
+| TotalDiskBytes | Total space of the disk volume on which Delivery Optimization cache is currently located  |
-| AvailableDiskBytes |  |
+| AvailableDiskBytes | Free space of the disk volume on which Delivery Optimization cache is currently located  |
-| CpuUsagePct |  |
+| CpuUsagePct | Average CPU usage by the Delivery Optimization process |
-| MemUsageKB |  |
+| MemUsageKB | Amount of committed memory currently used by the Delivery Optimization process |
-| NumberOfPeers |  |
+| NumberOfPeers | Total number of peers found across all files currently in the cache |
-| CacheHostConnections |  |
+| CacheHostConnections | Number of connections to Microsoft Connected Cache servers |
-| CdnConnections |  |
+| CdnConnections | Number of connections to CDN servers |
-| LanConnections |  |
+| LanConnections | Number of connections to LAN peers |
-| LinkLocalConnections |  |
+| LinkLocalConnections | Number of connections to Link Local peers |
-| GroupConnections |  |
+| GroupConnections | Number of connections to Group peers|
-| InternetConnections |  |
+| InternetConnections | Number of connections to Internet peers |
-| DownlinkBps |  |
+| DownlinkBps | Average download bandwidth usage currently seen across all network adapters |
-| DownlinkUsageBps |  |
+| DownlinkUsageBps | Average bandwidth currently used by Delivery Optimization for downloads |
-| UplinkBps |  |
+| UplinkBps | Average upload bandwidth usage currently seen across all network adapters |
-| UplinkUsageBps |  |
+| UplinkUsageBps | Average bandwidth currently used by Delivery Optimization for uploads |
-| ForegroundDownloadRatePct |  |
+| ForegroundDownloadRatePct | Percentage of bandwidth to be used for foreground downloads |
-| BackgroundDownloadRatePct |  |
+| BackgroundDownloadRatePct | Percentage of bandwidth to be used for background downloads |
-| UploadRatePct |  |
+| UploadRatePct | Percentage of upload bandwidth to be used for uploads |
-| UplinkUsageBps |  |
+| UploadCount | Number of files in Delivery Optimization cache currently eligible for uploading  |
-| ForegroundDownloadRatePct |  |
+| ForegroundDownloadCount | Number of foreground downloads that are running  |
-| BackgroundDownloadRatePct |  |
+| ForegroundDownloadsPending | Number of foreground downloads that are waiting in queue |
-| UploadRatePct |  |
+| BackgroundDownloadCount | Number of background downloads that are running  |
-| UploadCount |  |
+| BackgroundDownloadsPending | Number of background downloads that are waiting in queue |
-| ForegroundDownloadCount |  |
-| ForegroundDownloadsPending |  |
-| BackgroundDownloadCount |  |
-| BackgroundDownloadsPending |  |
 
 Using the `-Verbose` option returns additional information:
 
@@ -135,17 +131,17 @@ Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth
 
 **Starting in Windows 10, version 1903:**
 
-`set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time.
+`Set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time.
 
-`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache.
+`Set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache.
 
 You can now "pin" files to keep them persistent in the cache, only with files that are downloaded in modes 1, 2, or 3.
 
-`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation.
+`Set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `Set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation.
 
-`set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are reached. The file is included in the cache quota calculation.
+`Set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are reached. The file is included in the cache quota calculation.
 
-`delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet:
+`Delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet:
 
 - `-FileID` specifies a particular file to delete.
 - `-IncludePinnedFiles` deletes all files that are pinned.
@@ -188,7 +184,6 @@ If `Path` isn't specified, this cmdlet reads all logs from the DoSvc log directo
 
 Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content <output file>` or something similar.
 
-
 **Starting in Windows 10, version 1803:**
 
 `Get-DOConfig -Verbose`
@@ -198,7 +193,7 @@ This cmdlet lists local configuration and policies that are applied to Delivery
 DownloadMode:Simple
 DownloadModeProvider:Mdm Provider
 
-The provider is listed as "Default Provider" if it's using the Delivery Optimization platform configured default. 
+The provider is listed as "Default Provider" if it's using the Delivery Optimization platform configured default.
 
 The cmdlet returns the following data:
 
@@ -217,4 +212,3 @@ The cmdlet returns the following data:
 - DownloadForegroundLimitPct: Corresponds to the [DOPercentageMaxForegroundBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth) policy.
 - MaxUploadRatePct: Corresponds to the [DOMaxUploadBandwidth](waas-delivery-optimization-reference.md#max-upload-bandwidth) policy (deprecated in Windows 10, version 2004).
 - UploadLimitMonthlyGB: Corresponds to the [DOMonthlyUploadDataCap](waas-delivery-optimization-reference.md#monthly-upload-data-cap) policy.
-

windows/deployment/do/waas-delivery-optimization-reference.md

@@ -14,7 +14,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 02/14/2024
+ms.date: 05/23/2024
 ---
 
 # Delivery Optimization reference
@@ -34,35 +34,35 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 
 | Group Policy setting | MDM setting | Supported from version | Notes |
 | --- | --- | --- | ------- |
-| [Download mode](#download-mode) | DODownloadMode | 1511 | Default is set to LAN(1). The Group [Download mode](#download-mode) (2) combined with [Group ID](#group-id), enables administrators to create custom device groups that share content between devices in the group.|
+| [Download mode](#download-mode) | DODownloadMode | 1511 | Default is configured to LAN(1). The Group [Download mode](#download-mode) (2) combined with [Group ID](#group-id), enables administrators to create custom device groups that share content between devices in the group.|
-| [Group ID](#group-id)  | DOGroupID | 1511 | Used with Group [Download mode](#download-mode). If not set, check [GroupIDSource](#select-the-source-of-group-ids). When GroupID or GroupIDSource policies aren't set, the GroupID is defined as the AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order.  |
+| [Group ID](#group-id)  | DOGroupID | 1511 | Used with Group [Download mode](#download-mode). If not configured, check [GroupIDSource](#select-the-source-of-group-ids). When GroupID or GroupIDSource policies aren't configured, the GroupID is defined as the AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order.  |
-| [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | If not set, check [Group ID](#group-id). When the GroupID or GroupIDSource policies aren't set, the Group is defined as the AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. |
+| [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | If not configured, check [Group ID](#group-id). When the GroupID or GroupIDSource policies aren't configured, the Group is defined as the AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. |
-| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Starting in Windows 11, a new option to use 'Local discovery (DNS-SD)' is available to set via this policy. |
+| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Starting in Windows 11, a new option to use 'Local discovery (DNS-SD)' is available to configure via this policy. |
 | [Minimum RAM (inclusive) allowed to use peer caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | Default value is 4 GB. |
 | [Minimum disk size allowed to use peer caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | Default value is 32 GB. |
 | [Max cache age](#max-cache-age) | DOMaxCacheAge | 1511 | Default value is 259,200 seconds (three days). |
 | [Max cache size](#max-cache-size)  | DOMaxCacheSize | 1511 | Default value is 20%. |
-| [Absolute max cache size (in GBs)](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize | 1607 | Default value is 10 GB.|
+| [Absolute max cache size (in GBs)](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize | 1607 | Default isn't configured.|
 | [Modify cache drive](#modify-cache-drive) | DOModifyCacheDrive | 1607 | Default to the operating system drive through the %SYSTEMDRIVE% environment variable. |
 | [Minimum peer caching content file size](#minimum-peer-caching-content-file-size) | DOMinFileSizeToCache | 1703 | Default file size is 50 MB. |
 | [Monthly upload data cap](#monthly-upload-data-cap) | DOMonthlyUploadDataCap | 1607 | Default value is 20 GB. |
 | [Minimum background QoS](#minimum-background-qos) | DOMinBackgroundQoS | 1607 | Recommend setting this to 500 KB/s. Default value is 2500 KB/s. |
 | [Enable peer caching while the device connects via VPN](#enable-peer-caching-while-the-device-connects-via-vpn) | DOAllowVPNPeerCaching | 1709 | Default is to not allow peering while on VPN. |
-| [VPN Keywords](#vpn-keywords) | DOVpnKeywords | 22H2 September Moment | Allows you to set one or more keywords used to recognize VPN connections. |
+| [VPN keywords](#vpn-keywords) | DOVpnKeywords | 22H2 September Moment | Allows you to set one or more keywords used to recognize VPN connections. |
-| [Disallow Cache Server Downloads from VPN](#disallow-cache-server-downloads-on-vpn) | DODisallowCacheServerDownloadsOnVPN | 22H2 September Moment | Disallow downloads from Microsoft Connected Cache servers when the device connects via VPN. By default, the device is allowed to download from Microsoft Connected Cache when connected via VPN. |
+| [Disallow cache server downloads from VPN](#disallow-cache-server-downloads-on-vpn) | DODisallowCacheServerDownloadsOnVPN | 22H2 September Moment | Disallow downloads from Microsoft Connected Cache servers when the device connects via VPN. By default, the device is allowed to download from Microsoft Connected Cache when connected via VPN. |
 | [Allow uploads while the device is on battery while under set battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) | DOMinBatteryPercentageAllowedToUpload | 1709 | Default is to not allow peering while on battery.  |
 | [Maximum foreground download bandwidth (percentage)](#maximum-foreground-download-bandwidth) | DOPercentageMaxForegroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
 | [Maximum background download bandwidth (percentage)](#maximum-background-download-bandwidth) | DOPercentageMaxBackgroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
 | [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) | DOMaxForegroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
 | [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxBackgroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
-| [Set hours to limit background download bandwidth](#set-business-hours-to-limit-background-download-bandwidth) | DOSetHoursToLimitBackgroundDownloadBandwidth | 1803 | Default isn't set. |
+| [Set hours to limit foreground download bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) |DOSetHoursToLimitForegroundDownloadBandwidth | 1803 | Default isn't configured. |
-| [Set hours to limit foreground download bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) |DOSetHoursToLimitForegroundDownloadBandwidth | 1803 | Default isn't set. |
+| [Set hours to limit background download bandwidth](#set-business-hours-to-limit-background-download-bandwidth) | DOSetHoursToLimitBackgroundDownloadBandwidth | 1803 | Default isn't configured. |
-| [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) | DODelayBackgroundDownloadFromHttp | 1803 | Default isn't set. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
+| [Delay foreground download from HTTP (in secs)](#delay-foreground-download-from-http-in-secs) | DODelayForegroundDownloadFromHttp | 1803 | Default isn't configured. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
-| [Delay foreground download from HTTP (in secs)](#delay-foreground-download-from-http-in-secs) | DODelayForegroundDownloadFromHttp | 1803 | Default isn't set. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
+| [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) | DODelayBackgroundDownloadFromHttp | 1803 | Default isn't configured. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
-| [Delay background download Cache Server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | Default isn't set. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
+| [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | Default isn't configured. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
-| [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | Default isn't set. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
+| [Delay background download cache server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | Default isn't configured. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
-| [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809  | No value is set as default. |
+| [Cache server hostname](#cache-server-hostname) | DOCacheHost | 1809  | No value is configured as default. |
-| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | No value is set as default. |
+| [Cache server hostname source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | No value is configured as default. |
 | [Maximum download bandwidth](#maximum-download-bandwidth) | DOMaxDownloadBandwidth | 1607 (deprecated in Windows 10, version 2004); use [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) or [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| Default is '0' which will dynamically adjust. |
 | [Percentage of maximum download bandwidth](#percentage-of-maximum-download-bandwidth) | DOPercentageMaxDownloadBandwidth | 1607 (deprecated in Windows 10, version 2004); use [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs)  or [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| Default is '0' which will dynamically adjust. |
 | [Maximum upload bandwidth](#max-upload-bandwidth) | DOMaxUploadBandwidth | 1607 (deprecated in Windows 10, version 2004) | Default is '0' (unlimited). |
@@ -73,14 +73,14 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 
 Delivery Optimization uses locally cached updates to deliver contact via peers. The more content available in the cache, the more likely that peering can be used. In cases where devices have enough local storage and you'd like to cache more content. Likewise, if you have limited storage and would prefer to cache less, use the following settings to adjust the Delivery Optimization cache to suit your scenario:
 
-- [Max Cache Size](#max-cache-size) and [Absolute Max Cache Size](#absolute-max-cache-size) control the amount of space the Delivery Optimization cache can use.
+- [DOMaxCacheSize](#max-cache-size) and [DOAbsoluteMaxCacheSize](#absolute-max-cache-size) control the amount of space the Delivery Optimization cache can use.
-- [Max Cache Age](#max-cache-age) controls the retention period for each update in the cache.
+- [DOMaxCacheAge](#max-cache-age) controls the retention period for each update in the cache.
-- The system drive is the default location for the Delivery Optimization cache. [Modify Cache Drive](#modify-cache-drive) allows administrators to change that location.
+- The system drive is the default location for the Delivery Optimization cache. [DOModifyCacheDrive](#modify-cache-drive) allows administrators to change that location.
 
 >[!NOTE]
->It is possible to configure preferred cache devices. For more information, see [Group ID](#group-id).
+>It is possible to configure preferred cache devices. For more information, see [DOGroupID](#group-id).
 
-All cached files have to be above a set minimum size. This size is automatically set by the Delivery Optimization cloud services, but when local storage is sufficient and the network isn't strained or congested, administrators might choose to change it to obtain increased performance. You can set the minimum size of files to cache by adjusting [Minimum Peer Caching Content File Size](#minimum-peer-caching-content-file-size).
+All cached files have to be above a set minimum size. This size is automatically set by the Delivery Optimization cloud services, but when local storage is sufficient and the network isn't strained or congested, administrators might choose to change it to obtain increased performance. You can set the minimum size of files to cache by adjusting [DOMinFileSizeToCache](#minimum-peer-caching-content-file-size).
 
 #### Impact to network
 
@@ -94,7 +94,7 @@ More options available that control the impact Delivery Optimization has on your
 - [Select a method to restrict Peer Selection](#select-a-method-to-restrict-peer-selection) restricts peer selection by the options you select.
 - [Select the source of Group IDs](#select-the-source-of-group-ids) restricts peer selection to a specific source.
 
-#### Policies to prioritize the use of Peer-to-Peer and Cache Server sources
+#### Policies to prioritize the use of peer-to-peer and cache server sources
 
 When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client connects to both MCC and peers in parallel. If the desired content can't be obtained from MCC or peers, Delivery Optimization will automatically fallback to the HTTP source to get the requested content. There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the immediate fallback to HTTP source, which is the default behavior.
 
@@ -105,7 +105,7 @@ When Delivery Optimization client is configured to use peers and Microsoft Conne
 
 ##### Microsoft Connected Cache (MCC) delay fallback settings
 
-- [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use a cache server.
+- [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use a cache server.
 - [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) allows you to delay the use of an HTTP source in a background  download that is allowed to use a cache server.
 
 **If both peer-to-peer and MCC are configured, the peer-to-peer delay settings will take precedence over the cache server delay settings.** This setting allows Delivery Optimization to discover peers first then recognize the fallback setting for the MCC cache server.
@@ -114,8 +114,8 @@ When Delivery Optimization client is configured to use peers and Microsoft Conne
 
 Administrators can further customize scenarios where Delivery Optimization is used with the following settings:
 
-- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled.
+- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) configures the minimum RAM required for peer caching to be enabled.
-- [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) sets the minimum disk size required for peer caching to be enabled.
+- [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) configures the minimum disk size required for peer caching to be enabled.
 - [Enable Peer Caching while the device connects via VPN](#enable-peer-caching-while-the-device-connects-via-vpn) allows clients connected through VPN to use peer caching.
 - [Allow uploads while the device is on battery while under set Battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) controls the minimum battery level required for uploads to occur. You must enable this policy to allow upload while on battery.
 
@@ -125,14 +125,14 @@ MDM Setting: **DODownloadMode**
 
 Download mode dictates which download sources clients are allowed to use when downloading Windows updates in addition to Windows Update servers. The following table shows the available download mode options and what they do. Other technical details for these policies are available in [Policy CSP - Delivery Optimization](/windows/client-management/mdm/policy-csp-deliveryoptimization).
 
-| Download mode option | Functionality when set |
+| Download mode option | Functionality when configured |
 | --- | --- |
 | HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source or a Microsoft Connected Cache server. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
 | LAN (**1 - Default**) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.|
 | Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
 | Internet (3) | Enable Internet peer sources for Delivery Optimization. |
 | Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable, or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience over HTTP from the download's original source or a Microsoft Connected Cache server, with no peer-to-peer caching. |
-| Bypass (100) | Starting in Windows 11, this option is deprecated. Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. If you want to disable peer-to-peer functionality, set DownloadMode to (0). If your device doesn't have internet access, set Download Mode to (99). When you set Bypass (100), the download bypasses Delivery Optimization and uses BITS instead. You don't need to set this option if you're using Configuration Manager. |
+| Bypass (100) | Starting in Windows 11, this option is deprecated. Don't configure **Download mode** to '100' (Bypass), which can cause some content to fail to download. If you want to disable peer-to-peer functionality, configure DownloadMode to (0). If your device doesn't have internet access, configure Download Mode to (99). When you configure Bypass (100), the download bypasses Delivery Optimization and uses BITS instead. You don't need to configure this option if you're using Configuration Manager. |
 
 > [!NOTE]
 > When you use Microsoft Entra tenant, AD Site, or AD Domain as the source of group IDs, the association of devices participating in the group should not be relied on for an authentication of identity of those devices.
@@ -152,152 +152,130 @@ By default, peer sharing on clients using the Group download mode (option 2) is
 
 MDM Setting: **DOGroupIDSource**
 
-Starting in Windows 10, version 1803, set this policy to restrict peer selection to a specific source, when using a GroupID policy. The options are:
+Starting in Windows 10, version 1803, configure this policy to restrict peer selection to a specific source, when using a GroupID policy. The options are:
 
 - 0 = Not set
 - 1 = AD Site
 - 2 = Authenticated domain SID
 - 3 = DHCP Option ID (with this option, the client queries DHCP Option ID 234 and use the returned GUID value as the Group ID)
 - 4 = DNS Suffix
-- 5 = Starting with Windows 10, version 1903, you can use the Microsoft Entra tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
+- 5 = Starting with Windows 10, version 1903, you can use the Microsoft Entra tenant ID as a means to define groups. To do this configure the value for DOGroupIdSource to its new maximum value of 5.
 
-When set, the Group ID will be assigned automatically from the selected source. This policy is ignored if the GroupID policy is also set. The default behavior, when the GroupID or GroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.
+When configured, the Group ID will be assigned automatically from the selected source. This policy is ignored if the GroupID policy is also configured. The default behavior, when the GroupID or GroupIDSource policies aren't configured, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. If GroupIDSource is configured to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option configured in this policy only applies to Group (2) download mode. If Group (2) isn't configured as Download mode, this policy will be ignored. If you configure the value to anything other than 0-5, the policy is ignored.
 
-### Minimum RAM (inclusive) allowed to use Peer Caching
+### Minimum RAM (inclusive) allowed to use peer caching
 
 MDM Setting: **DOMinRAMAllowedToPeer**
 
 This setting specifies the minimum RAM size in GB required to use Peer Caching. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. The recommended values are 1 to 4, and **the default value is 4 GB**.
 
-### Minimum disk size allowed to use Peer Caching
+### Minimum disk size allowed to use peer caching
 
 MDM Setting: **DOMinDiskSizeAllowedToPeer**
 
 This setting specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The recommended values are 64 to 256, and **the default value is 32 GB**.
 
 >[!NOTE]
->If the [Modify Cache Drive](#modify-cache-drive) policy is set, the disk size check applies to the new working directory specified by this policy.
+>If the [Modify Cache Drive](#modify-cache-drive) policy is configured, the disk size check applies to the new working directory specified by this policy.
 
-### Max Cache Age
+### Max cache age
 
 MDM Setting: **DOMaxCacheAge**
 
-In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers redownloading content. When "Unlimited" value is set, Delivery Optimization holds the files in the cache longer and cleans up the cache as needed (for example when the cache size exceeded the maximum space allowed). **The default value is 259,200 seconds (three days)**.
+In environments configured for Delivery Optimization, you might want to configure an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. Alternatively, organizations might choose to configure this value to "0" which means "unlimited" to avoid peers redownloading content. When "Unlimited" value is configured, Delivery Optimization holds the files in the cache longer and cleans up the cache as needed (for example when the cache size exceeded the maximum space allowed). **The default value is 259,200 seconds (three days)**.
 
-### Max Cache Size
+### Max cache size
 
 MDM Setting: **DOMaxCacheSize**
 
-This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization uses up to 10 GB of that space. Delivery Optimization constantly assesses the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. **The default value is 20%**.
+This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you configure this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization uses up to 10 GB of that space. Delivery Optimization constantly assesses the available drive space and automatically clear the cache to keep the maximum cache size under the configured percentage. **The default value is 20%**.
 
-### Absolute Max Cache Size
+### Absolute max cache size
 
 MDM Setting: **DOAbsoluteMaxCacheSize**
 
-This setting specifies the maximum number of gigabytes the Delivery Optimization cache can use. This is different from the [**Max Cache Size**](#max-cache-size) setting, which is a percentage of available disk space. Also, if you configure this policy, it overrides the [**Max Cache Size**](#max-cache-size) setting. **The default value is 10 GB**.
+This setting specifies the maximum number of gigabytes the Delivery Optimization cache can use. This is different from the [**Max Cache Size**](#max-cache-size) setting, which is a percentage of available disk space. Also, if you configure this policy, it overrides the [**Max Cache Size**](#max-cache-size) setting. **The default value is not configured**.
 
-### Minimum Peer Caching Content File Size
+### Minimum peer caching content file size
 
 MDM Setting: **DOMinFileSizeToCache**
 
 This setting specifies the minimum content file size in MB enabled to use Peer Caching. The recommended values are from 1 to 100000. **The default file size is 50 MB** to participate in peering.
 
-### Maximum Download Bandwidth
+### Maximum foreground download bandwidth
-
-MDM Setting: **DOMaxDownloadBandwidth**
-
-Deprecated in Windows 10, version 2004.
-This setting specifies the maximum download bandwidth that can be used across all concurrent Delivery Optimization downloads in kilobytes per second (KB/s). **A default value of "0"** means that Delivery Optimization dynamically adjusts and optimizes the maximum bandwidth used.
-
-
-### Maximum Foreground Download Bandwidth
 
 MDM Setting: **DOPercentageMaxForegroundBandwidth**
 
-Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers aren't throttled even when this policy is set.
+Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers aren't throttled even when this policy is configured.
 
-### Maximum Background Download Bandwidth
+### Maximum background download bandwidth
 
 MDM Setting: **DOPercentageMaxBackgroundBandwidth**
 
-Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. However, downloads from LAN peers aren't throttled even when this policy is set.
+Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. However, downloads from LAN peers aren't throttled even when this policy is configured.
 
 > [!NOTE]
 > It is recommended to use the absolute value download options 'DOMaxBackgroundDownloadBandwidth' and 'DOMaxForegroundDownloadBandwidth', rather than percentage-based options, for low bandwidth environments.
 
-### Percentage of Maximum Download Bandwidth
+### Set business hours to limit foreground download bandwidth
-
-MDM Setting: **DOPercentageMaxDownloadBandwidth**
-
-Deprecated in Windows 10, version 2004.
-This setting specifies the maximum download bandwidth that Delivery Optimization can use across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
-
-### Max Upload Bandwidth
-
-MDM Setting: **DOMaxUploadBandwidth**
-
-Deprecated in Windows 10, version 2004.
-This setting allows you to limit the number of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). **The default value is "0" or "unlimited"** which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it doesn't cap the upload bandwidth rate at a set rate.
-
-### Set Business Hours to Limit Background Download Bandwidth
-
-MDM Setting: **DOSetHoursToLimitBackgroundDownloadBandwidth**
-
-Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't set.**
-
-### Set Business Hours to Limit Foreground Download Bandwidth
 
 MDM Setting: **DOSetHoursToLimitForegroundDownloadBandwidth**
 
-Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't set.**
+Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't configured.**
+
+### Set business hours to limit background download bandwidth
+
+MDM Setting: **DOSetHoursToLimitBackgroundDownloadBandwidth**
+
+Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't configured.**
 
 ### Select a method to restrict peer selection
 
 MDM Setting: **DORestrictPeerSelectionBy**
 
-Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. In Windows 11, the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there's no peering between subnets.
+Starting in Windows 10, version 1803, configure this policy to restrict peer selection via selected option. In Windows 11, the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there's no peering between subnets.
 
-If Group mode is set, Delivery Optimization connects to locally discovered peers that are also part of the same Group (have the same Group ID).
+If Group mode is configured, Delivery Optimization connects to locally discovered peers that are also part of the same Group (have the same Group ID).
 
-In Windows 11, the Local Peer Discovery (DNS-SD) option can be set via MDM or Group Policy. However, in Windows 10, this feature can be enabled by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**.
+In Windows 11, the Local Peer Discovery (DNS-SD) option can be configured via MDM or Group Policy. However, in Windows 10, this feature can be enabled by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**.
-
-### Delay background download from HTTP (in secs)
-
-MDM Setting: **DODelayBackgroundDownloadFromHttp**
-
-Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't set.**
 
 ### Delay foreground download from HTTP (in secs)
 
 MDM Setting: **DODelayForegroundDownloadFromHttp**
 
-Starting in Windows 10, version 1803, allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't set.**
+Starting in Windows 10, version 1803, allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't configured.**
 
-### Delay Foreground Download Cache Server Fallback (in secs)
+### Delay background download from HTTP (in secs)
+
+MDM Setting: **DODelayBackgroundDownloadFromHttp**
+
+Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't configured.**
+
+### Delay foreground download cache server fallback (in secs)
 
 MDM Setting: **DelayCacheServerFallbackForeground**
 
-Starting in Windows 10, version 1903, allows you to delay the fallback from cache server to the HTTP source for foreground content download by X seconds. If the 'Delay foreground download from HTTP policy is set, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't set.**
+Starting in Windows 10, version 1903, allows you to delay the fallback from cache server to the HTTP source for foreground content download by X seconds. If the 'Delay foreground download from HTTP policy is configured, it will apply first (to allow download from peers). **By default, this policy isn't configured.**
 
-### Delay Background Download Cache Server Fallback (in secs)
+### Delay background download cache server fallback (in secs)
 
 MDM Setting: **DelayCacheServerFallbackBackground**
 
-Starting in Windows 10, version 1903, set this policy to delay the fallback from cache server to the HTTP source for a background content download by X seconds. If the 'Delay background download from HTTP' policy is set, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't set.**
+Starting in Windows 10, version 1903, configure this policy to delay the fallback from cache server to the HTTP source for a background content download by X seconds. If the 'Delay background download from HTTP' policy is configured, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't configured.**
 
-### Minimum Background QoS
+### Minimum background QoS
 
 MDM Setting: **DOMinBackgroundQoS**
 
 This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from HTTP sources. The lower this value is, the more content is sourced using peers on the network rather than HTTP sources. The higher this value, the more content is received from HTTP sources, versus peers on the local network. **The default value is 2500 KB/s.**
 
-### Modify Cache Drive
+### Modify cache drive
 
 MDM Setting: **DOModifyCacheDrive**
 
-This setting allows for an alternate Delivery Optimization cache location on the clients. **By default, the cache is stored on the operating system drive through the %SYSTEMDRIVE% environment variable.** You can set the value to an environment variable (for example, %SYSTEMDRIVE%), a drive letter (for example, D:), or a folder path (for example, D:\DOCache).
+This setting allows for an alternate Delivery Optimization cache location on the clients. **By default, the cache is stored on the operating system drive through the %SYSTEMDRIVE% environment variable.** You can configure the value to an environment variable (for example, %SYSTEMDRIVE%), a drive letter (for example, D:), or a folder path (for example, D:\DOCache).
 
-### Monthly Upload Data Cap
+### Monthly upload data cap
 
 MDM Setting: **DOMonthlyUploadDataCap**
 
@@ -309,38 +287,38 @@ MDM Setting: **DOAllowVPNPeerCaching**
 
 This setting determines whether a device will be allowed to participate in Peer Caching while connected to VPN. **By default, if a VPN connection is detected, peering isn't allowed, except when the 'Local Discovery' (DNS-SD) option is chosen.** Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. The device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
 
-### VPN Keywords
+### VPN keywords
 
 MDM Setting: **DOVpnKeywords**
 
-This policy allows you to set one or more comma-separated keywords used to recognize VPN connections. **By default, this policy is not set so if a VPN is detected, the device will not use peering.** Delivery Optimization automatically detects a VPN connection by looking at the network adapter's 'Description' and 'FriendlyName' strings using the default keyword list including: "VPN", "Secure", and "Virtual Private Network" (ex: "MSFTVPN" matches the "VPN" keyword). As the number of VPNs grow it's difficult to support an ever-changing list of VPN names. To address this, we've introduced this new setting to set unique VPN names to meet the needs of individual environments.
+This policy allows you to configure one or more comma-separated keywords used to recognize VPN connections. **By default, this policy is not configured so if a VPN is detected, the device will not use peering.** Delivery Optimization automatically detects a VPN connection by looking at the network adapter's 'Description' and 'FriendlyName' strings using the default keyword list including: "VPN", "Secure", and "Virtual Private Network" (ex: "MSFTVPN" matches the "VPN" keyword). As the number of VPNs grow it's difficult to support an ever-changing list of VPN names. To address this, we've introduced this new setting to add unique VPN names to meet the needs of individual environments.
 
 ### Disallow cache server downloads on VPN
 
 MDM Setting: **DODisallowCacheServerDownloadsOnVPN**
 
-This policy disallows downloads from Connected Cache servers when the device connects via VPN. **By default, the device is allowed to download from Connected Cache when connected via VPN.** Set this policy if you prefer devices to download directly from the Internet when connected remotely (via VPN) instead of pulling from a Microsoft Connected Cache server deployed on your corporate network.
+This policy disallows downloads from Connected Cache servers when the device connects via VPN. **By default, the device is allowed to download from Connected Cache when connected via VPN.** Configure this policy if you prefer devices to download directly from the Internet when connected remotely (via VPN) instead of pulling from a Microsoft Connected Cache server deployed on your corporate network.
 
-### Allow uploads while the device is on battery while under set Battery level
+### Allow uploads while the device is on battery while under set battery level
 
 MDM Setting: **DOMinBatteryPercentageAllowedToUpload**
 
-This setting specifies battery levels at which a device will be allowed to upload data. Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on DC power (Battery). Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set if you allow uploads on battery is 40 (for 40%).
+This setting specifies battery levels at which a device will be allowed to upload data. Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on DC power (Battery). Uploads will automatically pause when the battery level drops below the configured minimum battery level. The recommended value to configure, if you allow uploads on battery, is 40 (for 40%).
 The device can download from peers while on battery regardless of this policy.
 
 >[!IMPORTANT]
-> **By default, devices will not upload while on battery**. To enable uploads while on battery, you need to enable this policy and set the battery value under which uploads pause.
+> **By default, devices will not upload while on battery**. To enable uploads while on battery, you need to enable this policy and configure the battery value under which uploads pause.
 
-### Cache Server Hostname
+### Cache server hostname
 
 MDM Setting: **DOCacheHost**
 
-Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed, fallback to the CDN occurs immediately after the first failure in downloading from a cache server, unless the [DelayCacheServerFallbackBackground](#delay-background-download-cache-server-fallback-in-secs) or [DelayCacheServerFallbackForeground](#delay-foreground-download-cache-server-fallback-in-secs) policies are set. When these delay policies are set, the fallback occurs only after the configured delay time and the client continues to attempt connecting to the cache servers in round robin order before the delay time expires.
+Configure this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed, fallback to the CDN occurs immediately after the first failure in downloading from a cache server, unless the [DelayCacheServerFallbackBackground](#delay-background-download-cache-server-fallback-in-secs) or [DelayCacheServerFallbackForeground](#delay-foreground-download-cache-server-fallback-in-secs) policies are configured. When these delay policies are configured, the fallback occurs only after the configured delay time and the client continues to attempt connecting to the cache servers in round robin order before the delay time expires.
 
 >[!IMPORTANT]
-> Any value will signify that the policy is set. For example, an empty string ("") isn't considered empty.
+> Any value will signify that the policy is configured. For example, an empty string ("") isn't considered empty.
 
-### Cache Server Hostname Source
+### Cache server hostname source
 
 MDM Setting: **DOCacheHostSource**
 
@@ -349,14 +327,14 @@ This policy allows you to specify how your client(s) can discover Delivery Optim
 - 1 = DHCP Option 235.
 - 2 = DHCP Option 235 Force.
 
-With either option, the client queries DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. **By default, this policy has no value.**
+With either option, the client queries DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if configured. **By default, this policy has no value.**
 
-Set this policy to designate Delivery Optimization in Network Cache servers through a custom DHCP Option. Specify the custom DHCP option on your DHCP server as *text* type. You can add one or more values as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address with commas.
+Configure this policy to designate Delivery Optimization in Network Cache servers through a custom DHCP Option. Specify the custom DHCP option on your DHCP server as *text* type. You can add one or more values as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address with commas.
 
 > [!NOTE]
-> If you format the DHCP Option ID incorrectly, the client will fall back to the Cache Server Hostname policy value if that value has been set.
+> If you format the DHCP Option ID incorrectly, the client will fall back to the Cache Server Hostname policy value if that value has been configured.
 
-### Maximum Foreground Download Bandwidth (in KB/s)
+### Maximum foreground download bandwidth (in KB/s)
 
 MDM Setting: **DOMaxForegroundDownloadBandwidth**
 
@@ -364,10 +342,33 @@ Specifies the maximum foreground download bandwidth in kilobytes/second that the
 
 **The default value of "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.**
 
-### Maximum Background Download Bandwidth (in KB/s)
+### Maximum background download bandwidth (in KB/s)
 
 MDM Setting: **DOMaxBackgroundDownloadBandwidth**
 
 Specifies the maximum background download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization.
 
 **The default value "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.**
+
+## Deprecated policies
+
+### Maximum download bandwidth
+
+MDM Setting: **DOMaxDownloadBandwidth**
+
+Deprecated in Windows 10, version 2004.
+This setting specifies the maximum download bandwidth that can be used across all concurrent Delivery Optimization downloads in kilobytes per second (KB/s). **A default value of "0"** means that Delivery Optimization dynamically adjusts and optimizes the maximum bandwidth used.
+
+### Percentage of maximum download bandwidth
+
+MDM Setting: **DOPercentageMaxDownloadBandwidth**
+
+Deprecated in Windows 10, version 2004.
+This setting specifies the maximum download bandwidth that Delivery Optimization can use across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
+
+### Max upload bandwidth
+
+MDM Setting: **DOMaxUploadBandwidth**
+
+Deprecated in Windows 10, version 2004.
+This setting allows you to limit the number of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is configured in kilobytes per second (KB/s). **The default value is "0" or "unlimited"** which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it doesn't cap the upload bandwidth rate at a set rate.

windows/deployment/do/waas-delivery-optimization-setup.md

@@ -16,7 +16,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 08/15/2023
+ms.date: 05/23/2024
 ---
 
 # Set up Delivery Optimization for Windows

windows/deployment/do/waas-delivery-optimization.md

@@ -16,7 +16,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 06/02/2023
+ms.date: 05/23/2024
 ---
 
 # What is Delivery Optimization?
@@ -48,11 +48,11 @@ The following table lists the minimum Windows 10 version that supports Delivery
 
 #### Windows Client
 
-| Windows Client | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC)
+| Windows Client | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC) |
 |------------------|---------------|----------------|----------|----------------|
 | Windows Update ([feature updates quality updates, language packs, drivers](../update/get-started-updates-channels-tools.md#types-of-updates)) | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Windows 10/11 UWP Store apps | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Windows 11 Win32 Store apps | Windows 11 | :heavy_check_mark: |  |  |
+| Windows 11 Win32 Store apps | Windows 11 | :heavy_check_mark: | |
 | Windows 10 Store for Business apps | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Windows Defender definition updates | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Intune Win32 apps| Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
@@ -60,22 +60,22 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Edge Browser Updates | Windows 10 1809, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Configuration Manager Express updates| Windows 10 1709 + Configuration Manager version 1711, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
 | Dynamic updates| Windows 10 1903, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
-| MDM Agent | Windows 11 | :heavy_check_mark: |  |  |
+| MDM Agent | Windows 11 | :heavy_check_mark: | | |
 | Xbox Game Pass (PC) | Windows 10 1809, Windows 11 | :heavy_check_mark: |  | :heavy_check_mark: |
-| Windows Package Manager| Windows 10 1809, Windows 11 | :heavy_check_mark: |  |  |
+| Windows Package Manager| Windows 10 1809, Windows 11 | :heavy_check_mark: | | |
-| MSIX Installer| Windows 10 2004, Windows 11 | :heavy_check_mark: |  |  |
+| MSIX Installer| Windows 10 2004, Windows 11 | :heavy_check_mark: |  | |
-| Teams (via MSIX Installer) | Windows 10 2004, Windows 11 | :heavy_check_mark: |  |  |
+| Teams (via MSIX Installer) | Windows 10 2004, Windows 11 | :heavy_check_mark: | | |
 
 #### Windows Server
 
-| Windows Server | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC)
+| Windows Server | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC) |
 |----------------|--------------------------|----------------|----------|----------------|
 | Windows Update | Windows Server 2019 (1809) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Edge Browser Updates | Windows Server 2019 (1809) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 
 #### Linux (Public Preview)
 
-| Linux ([Public Preview](https://github.com/microsoft/do-client)) | Linux versions | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC)
+| Linux ([Public Preview](https://github.com/microsoft/do-client)) | Linux versions | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC) |
 |------------------------|----------------|-----------------|--------------|---------------|
 | Device Update for IoT Hub | Ubuntu 18.04, 20.04 / Debian 9, 10 | :heavy_check_mark: |  | :heavy_check_mark: |
 > [!NOTE]

windows/deployment/do/waas-microsoft-connected-cache.md

@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 06/02/2023
+ms.date: 05/23/2024
 ---
 
 # What is Microsoft Connected Cache?

windows/deployment/do/waas-optimize-windows-10-updates.md

@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 02/14/2023
+ms.date: 05/23/2024
 ---
 
 # Optimize Windows update delivery

windows/deployment/do/whats-new-do.md

@@ -13,12 +13,13 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 06/02/2023
+ms.date: 05/23/2024
 ---
 
 # What's new in Delivery Optimization
 
 This article contains information about what's new in Delivery Optimization, a peer-to-peer distribution method in Windows 10 and Windows 11.
+
 ## Microsoft Connected Cache (early preview)
 
 Microsoft Connected Cache (MCC) is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many bare-metal servers or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
@@ -32,6 +33,14 @@ There are two different versions:
 
 ## New in Delivery Optimization for Windows
 
+### General
+
+[Check out](https://aka.ms/do-fix) the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the available switches:
+
+- -HealthCheck: Provides an overall check of the device setup to ensure Delivery Optimization communication is possible on the device.
+- -P2P: Provides output specific to P2P settings, efficiency, and errors.
+- -MCC: Provides output specific to MCC settings and verifies the client can access the cache server.
+
 ### Windows 11 22H2
 
 - New setting: Customize vpn detection by choosing custom keywords. Now, you don't have to rely on Delivery Optimization keywords to detect your Vpn. By using the new VpnKeywords configuration you can add keywords for Delivery Optimization to use when detecting a Vpn when in use. You can find this configuration **[VPN Keywords](waas-delivery-optimization-reference.md#vpn-keywords)** in Group Policy or MDM under **DOVpnKeywords**.

windows/deployment/update/check-release-health.md

@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 04/04/2024
+ms.date: 06/04/2024
 ---
 
 # How to check Windows release health
@@ -33,7 +33,7 @@ Ensure the following prerequisites are met to display the Windows release health
    - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
 
 - Sign into the Microsoft 365 admin center using an [admin role](/microsoft-365/admin/add-users/about-admin-roles).
-   - Most roles containing the word `administrator` give you access to the Windows release health page such as [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator), [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator), and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).
+   - Most roles containing the word `administrator` give you access to the Windows release health page such as [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator) and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).
 
 > [!NOTE]
 > Currently, Windows release health is available for Government Community Cloud (GCC) tenants, but isn't available for GCC High and DoD. <!--8337541-->

windows/deployment/update/includes/wufb-deployment-limitations.md

@@ -10,4 +10,6 @@ ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-overview.md and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
 
-Windows Update for Business deployment service is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Windows Update for Business deployment service doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Windows Update for Business deployment service is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
+Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with GCC tenants may choose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
+
+Windows Update for Business deployment service isn't available in Azure Government for [Office 365 GCC High and DoD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.

windows/deployment/update/includes/wufb-reports-admin-center-permissions.md

@@ -19,7 +19,6 @@ Accessing Windows Update for Business reports typcially requires permissions fro
 
 To [enroll](../wufb-reports-enable.md#bkmk_enroll) into Windows Update for Business reports from the [Azure portal](https://portal.azure.com) or the [Microsoft 365 admin center](https://admin.microsoft.com) requires one of the following roles:
 
-- [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator) Microsoft Entra role
 - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator) Microsoft Entra role
 - [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator) Microsoft Entra role
 - [Policy and profile manager](/mem/intune/fundamentals/role-based-access-control#built-in-roles) Microsoft Intune role

windows/deployment/update/release-cycle.md

@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 05/19/2023
+ms.date: 06/04/2024
 ---
 
 # Update release cycle for Windows clients
@@ -56,18 +56,15 @@ Many update management tools, such as [Microsoft Configuration Manager](/mem/con
 
 ## Optional nonsecurity preview release
 
-**Optional nonsecurity preview releases** provide IT admins an opportunity for early validation of that content prior to the **monthly security update release**. Admins can test and validate production-quality releases ahead of the planned monthly security update release for the following month. These updates are optional, cumulative, nonsecurity preview releases. New features might initially be deployed in the prior month's **optional nonsecurity preview release**, then ship in the following **monthly security update release**. These releases are only offered to the most recent, supported versions of Windows.
+**Optional nonsecurity preview releases** provide IT admins an opportunity for early validation of that content prior to the **monthly security update release**. Admins can test and validate production-quality releases ahead of the planned monthly security update release for the following month. These updates are optional, cumulative, nonsecurity preview releases. New features might initially be deployed in the prior month's **optional nonsecurity preview release**, then ship in the following **monthly security update release**. **Optional nonsecurity preview releases** are typically released on the fourth Tuesday of the month at 10:00 AM Pacific Time (PST/PDT). These releases are only offered to the most recent, supported versions of Windows.
 
 **Optional nonsecurity preview releases** might commonly be referred to as:
 
-- C or D week releases (meaning the third or fourth week of the month)
+- D week releases (meaning the fourth week of the month)
 - Preview updates
 - Preview CU
 - LCU preview
 
-> [!Important]
-> Starting in April 2023, all **optional nonsecurity preview releases** will be released on the fourth Tuesday of the month. This change in release cadence gives admins a consistent time cycle for testing and validating fixes and features.
-
 To access the optional nonsecurity preview release:
 - Navigate to **Settings** > **Update & Security** > **Windows Update** and select **Check for updates**. 
 - Use [Windows Insider Program for Business](https://insider.windows.com/for-business)
@@ -77,7 +74,7 @@ To access the optional nonsecurity preview release:
 
 **Out-of-band (OOB) releases** might be provided to fix a recently identified issue or vulnerability. They're used in atypical cases when an issue is detected and can't wait for the next monthly release, because devices must be updated immediately to address security vulnerabilities or to resolve a quality issue impacting many devices. **Out-of-band (OOB) releases** are provided outside of the monthly schedule when there's an exceptional need.
 
-Some key considerations about OOB releases include: 
+Some key considerations about OOB releases include:
 
 - OOB releases are always cumulative. 
   - OOB releases supersede any prior monthly security update and optional nonsecurity preview release. 

windows/deployment/update/update-other-microsoft-products.md

@@ -11,7 +11,7 @@ manager: aaroncz
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 03/14/2024
+ms.date: 06/07/2024
 ---
 
 # Update other Microsoft products
@@ -44,6 +44,7 @@ The following is a list of other Microsoft products that might be updated:
 - Microsoft Advanced Threat Analytics
 - Microsoft Application Virtualization
 - Microsoft Azure StorSimple
+- Microsoft Configuration Manager
 - Microsoft Dynamics CRM
 - Microsoft Information Protection
 - Microsoft Lync Server and Microsoft Lync
@@ -59,7 +60,6 @@ The following is a list of other Microsoft products that might be updated:
 - Skype for Business
 - SQL
 - System Center Application Controller
-- System Center Configuration Manager
 - System Center Data Protection Manager
 - System Center Operations Manager
 - System Center Orchestrator

windows/deployment/update/wufb-reports-prerequisites.md

@@ -11,7 +11,7 @@ manager: aaroncz
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 05/07/2024
+ms.date: 06/04/2024
 ---
 
 # Windows Update for Business reports prerequisites
@@ -50,9 +50,11 @@ Windows Update for Business reports supports Windows client devices on the follo
 - General Availability Channel
 - Windows Update for Business reports *counts* Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them.
 
-### Windows operating system updates
+## Windows operating system updates for client devices
 
-For [changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended.
+Installing the February 2023 cumulative update, or a later equivalent update, is required for clients to enroll into Windows Update for Business reports. This update helped enable [changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), which Windows Update for Business reports relies on. 
+
+For more information about available updates, see [Windows 11 release information](/windows/release-health/windows11-release-information) and [Windows 10 release information](/windows/release-health/release-information). 
 
 ## Diagnostic data requirements
 

windows/deployment/update/wufb-wsus.md

@@ -46,7 +46,7 @@ To help you better understand the scan source policy, see the default scan behav
   - On Windows 10: All of your updates will come from WSUS.
   - On Windows 11: All of your updates will still come from WSUS unless you configure the specify scan source policy.
 
-- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy.
+- If you configure a WSUS server and deferral policies on Windows 10: All of your updates will come from Windows Update unless you specify the scan source policy or have disabled dual scan.
 - If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy.
 
 > [!TIP]

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md

@@ -208,7 +208,7 @@ The following config file can be used to easily test the downloaded files inside
 
 ```xml
 <Configuration>
-  <VGpu>Disable</VGpu>
+  <vGpu>Disable</vGpu>
   <Networking>Disable</Networking>
   <MappedFolders>
     <MappedFolder>

windows/security/hardware-security/pluton/pluton-as-tpm.md

@@ -19,21 +19,7 @@ To learn more about the TPM related scenarios that benefit from Pluton, see [TPM
 
 Microsoft Pluton can be used as a TPM, or in conjunction with a TPM. Although Pluton builds security directly into the CPU, device manufacturers may choose to use discrete TPM as the default TPM, while having Pluton available to the system as a security processor for use cases beyond the TPM.
 
-Pluton is integrated within the SoC subsystem, and provides a flexible, updatable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. We encourage users owning devices that are Pluton capable, to enable Microsoft Pluton as the default TPM.
+Pluton is integrated within the SoC subsystem, and provides a flexible, updatable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft.
-
-## Enable Microsoft Pluton as TPM
-
-Devices with Ryzen 6000 and Qualcomm Snapdragon® 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
-
-UEFI setup options differ from product to product. Visit the product website and check for guidance to enable Pluton as TPM.
-
-> [!WARNING]
-> If BitLocker is enabled, We recommend disabling BitLocker before changing the TPM configuration to prevent lockouts. After changing TPM configuration, re-enable BitLocker which will then bind the BitLocker keys with the Pluton TPM. Alternatively, save the BitLocker recovery key onto a USB drive.
->
-> Windows Hello must be re-configured after switching the TPM. Setup alternate login methods before changing the TPM configuration to prevent any login issues.
-
-> [!TIP]
-> On most Lenovo devices, entering the UEFI options requires pressing Enter key at startup followed by pressing F1. In the UEFI Setup menu, select Security option, then on the Security page, select Security Chip option, to see the TPM configuration options. Under the drop-down list for Security Chip selection, select **MSFT Pluton** and click F10 to Save and Exit.
 
 ## Related articles
 

windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

@@ -495,7 +495,7 @@ Connector group automatically round-robin, load balance the Microsoft Entra appl
 
 Sign-in a workstation with access equivalent to a *domain user*.
 
-1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**
+1. Access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator)
 1. Select **All Services**. Type **Microsoft Entra ID** to filter the list of services. Under **SERVICES**, select **Microsoft Entra ID**
 1. Under **MANAGE**, select **Application proxy**
 1. Select **Download connector service**. Select **Accept terms & Download**. Save the file (AADApplicationProxyConnectorInstaller.exe) in a location accessible by others on the domain
@@ -506,7 +506,7 @@ Sign-in a workstation with access equivalent to a *domain user*.
 1. Start **AADApplicationProxyConnectorInstaller.exe**
 1. Read the license terms and then select **I agree to the license terms and conditions**. Select **Install**
    ![Azure Application Proxy Connector: license terms](images/aadjcert/azureappproxyconnectorinstall-01.png)
-1. Sign-in to Microsoft Azure with access equivalent to **Global Administrator**
+1. Sign-in as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator)
    ![Azure Application Proxy Connector: sign-in](images/aadjcert/azureappproxyconnectorinstall-02.png)
 1. When the installation completes. Read the information regarding outbound proxy servers. Select **Close**
    ![Azure Application Proxy Connector: read](images/aadjcert/azureappproxyconnectorinstall-03.png)
@@ -516,7 +516,7 @@ Sign-in a workstation with access equivalent to a *domain user*.
 
 Sign-in a workstation with access equivalent to a *domain user*.
 
-1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**
+1. Access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator)
 1. Select **All Services**. Type **Microsoft Entra ID** to filter the list of services. Under **SERVICES**, select **Microsoft Entra ID**
 1. Under **MANAGE**, select **Application proxy**.
 
@@ -533,7 +533,7 @@ Sign-in a workstation with access equivalent to a *domain user*.
 
 Sign-in a workstation with access equivalent to a *domain user*.
 
-1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**
+1. Access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator)
 1. Select **All Services**. Type **Microsoft Entra ID** to filter the list of services. Under **SERVICES**, select **Microsoft Entra ID**
 1. Under **MANAGE**, select **Application proxy**
 1. Select **Configure an app**
@@ -692,7 +692,7 @@ Optionally (not required), you can configure the Intune connector for certificat
 
 Sign-in a workstation with access equivalent to a *domain user*.
 
-1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**
+1. Access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator)
 1. Select **All Services**. Type **Microsoft Entra ID** to filter the list of services. Under **SERVICES**, select **Microsoft Entra ID**
 1. Select **Groups**. Select **New group**
 1. Select **Security** from the **Group type** list

windows/security/identity-protection/hello-for-business/pin-reset.md

@@ -49,7 +49,7 @@ To register the applications, follow these steps:
 
 :::row:::
   :::column span="3":::
-  1. Go to the [Microsoft PIN Reset Service Production website][APP-1], and sign in using a *Global Administrator* account you use to manage your Microsoft Entra tenant. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to give consent to the application to access your organization
+  1. Go to the [Microsoft PIN Reset Service Production website][APP-1], and sign in as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator). Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to give consent to the application to access your organization
   :::column-end:::
   :::column span="1":::
     :::image type="content" alt-text="Screenshot showing the PIN reset service permissions page." source="images/pin-reset/pin-reset-service-prompt.png" lightbox="images/pin-reset/pin-reset-service-prompt.png" border="true":::
@@ -57,7 +57,7 @@ To register the applications, follow these steps:
 :::row-end:::
 :::row:::
   :::column span="3":::
-  2. Go to the [Microsoft PIN Reset Client Production website][APP-2], and sign in using a *Global Administrator* account you use to manage your Microsoft Entra tenant. Review the permissions requested by the *Microsoft Pin Reset Client Production* application, and select **Next**.
+  2. Go to the [Microsoft PIN Reset Client Production website][APP-2], and sign as at least an [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator). Review the permissions requested by the *Microsoft Pin Reset Client Production* application, and select **Next**.
   :::column-end:::
   :::column span="1":::
     :::image type="content" alt-text="Screenshot showing the PIN reset client permissions page." source="images/pin-reset/pin-reset-client-prompt.png" lightbox="images/pin-reset/pin-reset-client-prompt.png" border="true":::

windows/whats-new/deprecated-features-resources.md

@@ -1,7 +1,11 @@
 ---
 title: Resources for deprecated features in the Windows client
 description: Resources and details for deprecated features in the Windows client.
+<<<<<<< HEAD
 ms.date: 06/17/2024
+=======
+ms.date: 06/03/2024
+>>>>>>> 31265cfecbcd5148d609eedc50e016cdc9ac82ca
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@@ -21,12 +25,22 @@ appliesto:
 
 This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
 
+<<<<<<< HEAD
 ## Paint 3D
 
 Paint 3D is deprecated and will be removed from the Microsoft Store on September 3, 2024. Existing installations of Paint 3D will continue to work, but the app will no longer be available for download from the Microsoft Store. If you remove the app, you can reinstall it from the Microsoft Store until September 3, 2024. After that date, Paint 3D will no longer be available for download. Paint 3D was preinstalled on some Windows 10 devices, but wasn't preinstalled on Windows 11 devices. Some alternatives to Paint 3D include:
 
 - View and edit 2D images: [Paint](https://www.microsoft.com/windows/paint) or [Photos](https://support.microsoft.com/topic/c0c6422f-d4cb-2e3d-eb65-7069071b2f9b)
 - View 3D content: [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths).
+=======
+## NTLM
+
+Customers concerned about NTLM usage in their environments are encouraged to utilize [NTLM auditing](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain) to [investigate how NTLM is being used](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191).  
+
+In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance).
+
+Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm).
+>>>>>>> 31265cfecbcd5148d609eedc50e016cdc9ac82ca
 
 ## WordPad
 

windows/whats-new/deprecated-features.md

@@ -47,7 +47,8 @@ The features in this article are no longer being actively developed, and might b
 
 | Feature | Details and mitigation  | Deprecation announced |
 |---|---|---|
-| Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on September 3, 2024. To view and edit 2D images, you can use [Paint](https://www.microsoft.com/windows/paint) or [Photos](https://support.microsoft.com/topic/c0c6422f-d4cb-2e3d-eb65-7069071b2f9b). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | June 2024 |  
+| Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on September 3, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | June 2024 |  
+| NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | June 2024 |
 | Driver Verifier GUI (verifiergui.exe) <!--8995057--> | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | 
 | NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 |
 | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|