Merge branch 'main' into danbrown-privacy-endpoints

.openpublishing.redirection.json

@@ -21764,6 +21764,21 @@
       "source_path": "windows/security/information-protection/personal-data-encryption/overview-pde.md",
       "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/index",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/introduction/security-features-edition-requirements.md",
+      "redirect_url": "/windows/security/licensing-and-edition-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/introduction/security-features-licensing-requirements.md",
+      "redirect_url": "/windows/security/licensing-and-edition-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/security-foundations.md",
+      "redirect_url": "/windows/security/security-foundations/index",
+      "redirect_document_id": false
     }
   ]
 }

education/windows/windows-11-se-faq.yml

@@ -33,6 +33,9 @@ sections:
       - question: Can I load Windows 11 SE on any hardware? 
         answer: |
           Windows 11 SE is only available on devices that are built for education. To learn more, see [Windows 11 SE Overview](/education/windows/windows-11-se-overview).
+      - question: Can I PXE boot a Windows SE device?
+        answer: |
+          No, Secure Boot prevents Windows SE devices from booting via PXE. As a workaround, you can use a UEFI bootable USB device to boot the device.
   - name: Applications and settings
     questions:
       - question: How can I install applications on Windows 11 SE?

windows/configuration/provisioning-packages/provisioning-packages.md

@@ -71,7 +71,7 @@ The following table describes settings that you can configure using the wizards
 
 | Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
 | --- | --- | --- | --- | --- |
-| Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ |
+| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove pre-installed software | ✔️ | ✔️ | ✔️ |
 | Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
 | Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
 | Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token</br></br> [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment. | ✔️ | ✔️ | ✔️ |

windows/deployment/TOC.yml

@@ -218,7 +218,9 @@
             href: update/wufb-reports-admin-center.md                                
           - name: Use Windows Update for Business reports data
             href: update/wufb-reports-use.md
-          - name: Feedback, support, and troubleshooting 
+          - name: FAQ for Windows Update for Business reports
+            href: update/wufb-reports-faq.yml                                            
+          - name: Feedback and support 
             href: update/wufb-reports-help.md                                               
         - name: Windows Update for Business reports schema reference
           items:

windows/deployment/update/deployment-service-drivers.md

@@ -8,7 +8,7 @@ ms.author: mstewart
 manager: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
-ms.date: 06/16/2023
+ms.date: 06/22/2023
 ---
 
 # Deploy drivers and firmware updates with Windows Update for Business deployment service
@@ -81,7 +81,7 @@ To create a policy without any deployment settings, in the request body specify
    
    {
      "audience": {
-       "@odata.id": "d39ad1ce-0123-4567-89ab-cdef01234567"
+       "id": "d39ad1ce-0123-4567-89ab-cdef01234567"
      }
    }
    ```

windows/deployment/update/wufb-reports-faq.yml

@@ -0,0 +1,182 @@
+### YamlMime:FAQ
+metadata:
+  title: Windows Update for Business reports - Frequently Asked Questions (FAQ)
+  description: Answers to frequently asked questions about Windows Update for Business reports.
+  ms.prod: windows-client
+  ms.topic: faq
+  ms.date: 06/20/2023
+  manager: aaroncz
+  author: mestew
+  ms.author: mstewart
+  ms.technology: itpro-updates
+title: Frequently Asked Questions about Windows Update for Business reports
+summary: |
+  This article answers frequently asked questions about Windows Update for Business reports. <!--7760853-->
+
+  **General questions**:
+
+  - [What is Windows Update for Business reports?](#what-is-windows-update-for-business-reports)
+  - [Is Windows Update for Business reports free?](#is-windows-update-for-business-reports-free)
+  - [What Windows versions are supported?](#what-windows-versions-are-supported)
+
+  **Setup questions**:
+
+  - [How do you set up Windows Update for Business reports?](#how-do-you-set-up-windows-update-for-business-reports)
+  - [Why is "Waiting for Windows Update for Business reports data" displayed on the page](#why-is--waiting-for-windows-update-for-business-reports-data--displayed-on-the-page)
+  - [Why am I getting the error "400 Bad Request: The specified resource already exists"?](#why-am-i-getting-the-error--400-bad-request--the-specified-resource-already-exists-)
+
+  **Questions about using Windows Update for Business reports**:
+
+  - [Why is the device name null(#)?](#why-is-the-device-name-null---)
+  - [Why am I missing devices in reports?](#why-am-i-missing-devices-in-reports)
+  - [What is the difference between OS version and target version?](#what-is-the-difference-between-os-version-and-target-version)
+  - [Why are there multiple records for the same device?](#why-are-there-multiple-records-for-the-same-device)
+  - [When should I use the UCClient, UCClientUpdateStatus, or UCUpdateAlert tables?](#when-should-i-use-the-ucclient--ucclientupdatestatus--or-ucupdatealert-tables)
+  - [What is the difference between quality and security updates?](#what-is-the-difference-between-quality-and-security-updates)
+  - [How do I confirm that devices are sending data?](#how-do-i-confirm-that-devices-are-sending-data)
+  - [Why isn't the workbook displaying data even though my UCClient table has data?](#why-isn-t-the-workbook-displaying-data-even-though-my-ucclient-table-has-data)
+
+  **Delivery Optimization data**:
+
+  - [What time period does the Delivery Optimization data include?](#what-time-period-does-the-delivery-optimization-data-include)
+  - [Data is showing as "Unknown", what does that mean?](#data-is-showing-as--unknown---what-does-that-mean)
+  - [How are the 'Top 10' groups identified?](#how-are-the--top-10--groups-identified)
+  - [The GroupIDs don't look familiar, why are they different?](#the-groupids-don-t-look-familiar--why-are-they-different)
+  - [How can I see data for device in the office vs. out of the office?](#how-can-i-see-data-for-device-in-the-office-vs--out-of-the-office)
+  - [What does the data in UCDOStatus table represent?](#what-does-the-data-in-ucdostatus-table-represent)
+  - [What does the data in UCDOAggregatedStatus table represent?](#what-does-the-data-in-ucdoaggregatedstatus-table-represent)
+  - [How are BytesFromCache calculated when there's a Connected Cache server used by my ISP?](#how-are-bytesfromcache-calculated-when-there-s-a-connected-cache-server-used-by-my-isp)
+  - [How do the results from the Delivery Optimization PowerShell cmdlets compare to the results in the report?](#how-do-the-results-from-the-delivery-optimization-powershell-cmdlets-compare-to-the-results-in-the-report)
+  - [The report represents the last 28 days of data, why do some queries include >= seven days?](#the-report-represents-the-last-28-days-of-data--why-do-some-queries-include----seven-days)  
+
+sections:
+  - name: General
+    questions:
+      - question: What is Windows Update for Business reports?
+        answer: |
+          Windows Update for Business reports is a cloud-based solution that provides information about your Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses.  
+      - question: Is Windows Update for Business reports free?
+        answer: |
+          Data ingested into your Log Analytics workspace can be retained at no charge for up to first 31 days (or 90 days if [Microsoft Sentinel](/azure/sentinel/overview) is enabled on the workspace). Data ingested into [Application Insights](/azure/azure-monitor/app/app-insights-overview), either classic or workspace-based, is retained for 90 days without any charge.
+          Data retained beyond these no-charge periods are charged for each GB of data retained for a month, pro-rated daily. For more information, see **Log Data Retention** in [Azure Monitor pricing](https://azure.microsoft.com/en-us/pricing/details/monitor/#pricing).
+      - question: What Windows versions are supported?
+        answer: |
+          Windows Update for Business reports supports clients running a [supported version of Windows 10 or Windows 11](/windows/release-health/supported-versions-windows-client) Professional, Education, Enterprise, and Enterprise multi-session editions. Windows Update for Business reports only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
+
+  - name: Setup questions
+    questions:
+      - question: How do you set up Windows Update for Business reports?
+        answer: |
+          After verifying the [prerequisites](wufb-reports-prerequisites.md) are met, you can start to set up Windows Update for Business reports. 
+          The two main steps for setting up  Windows Update for Business reports are:
+
+          1. [Add Windows Update for Business reports](wufb-reports-enable.md#bkmk_add) to your Azure subscription. This step has the following phases:
+            1. [Select or create a new Log Analytics workspace](wufb-reports-enable.md#bkmk_workspace) for use with Windows Update for Business reports.
+            1. Enroll into Windows Update for Business reports using one of the following methods:
+              - Enroll through the [Azure Workbook](wufb-reports-enable.md#bkmk_enroll) (preferred method)
+              - Enroll from the [Microsoft 365 admin center](wufb-reports-enable.md#bkmk_admin-center).
+          1. Configure the clients to send data to Windows Update for Business reports. You can configure clients in the following three ways:
+              - Use a [script](wufb-reports-configuration-script.md)
+              - Use [Microsoft Intune](wufb-reports-configuration-intune.md)
+              - Configure [manually](wufb-reports-configuration-manual.md)    
+      - question: Why is `Waiting for Windows Update for Business reports data` displayed on the page?
+        answer: |
+          Typically, the **Waiting for Windows Update for Business reports data** message is displayed because: 
+          - You may not have the correct [permissions](wufb-reports-prerequisites.md#permissions) to display the data. 
+          - The initial enrollment may not be complete yet.
+          - It's possible that devices aren't sharing data. If you received a successful save message during enrollment but still haven't seen any data after 48 hours, try using the [configuration script](wufb-reports-configuration-script.md) on devices to ensure they're configured properly.
+          If you've verified the above items, but still aren't seeing data, you can unenroll then re-enroll. However, it takes another 24-48 hours for the enrollment to complete. If the issue persists, [contact support](wufb-reports-help.md).  
+      - question: "Why am I getting the error `400 Bad Request: The specified resource already exists`?"
+        answer: |
+          A `400 Bad Request: The specified resource already exists` error message indicates that the service already has a subscription and workspace mapping saved. If you're trying to re-enroll with the same configuration settings, wait a few minutes, then refresh the page before saving your subscription and workspace again. Sometimes it can take time to register the save, so it's important to not re-enroll too quickly.
+  - name: Using Windows Update for Business reports
+    questions:
+      - question: Why is the device name null(#)?
+        answer: |
+          If you're seeing the device ID but not the device name, it's possible that the required policy for displaying the device name isn't set on the client. Ensure clients have the policy configured.
+          - CSP: [System/AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#allowdevicenameindiagnosticdata)
+          - Group Policy: Allow device name to be sent in Windows diagnostic data
+            - Located in **Computer Configuration** > **Administrative Templates** > **Windows Components** >**Data Collection and Preview Builds**. It can take up to 21 days for all device names to show in up in reports assuming they're powered on and active.
+      - question: Why am I missing devices in reports?
+        answer: |
+          Here are some reasons why you may not be seeing devices in reports:
+
+          - **The device isn't enrolled with Azure Active Directory**: A [prerequisite](wufb-reports-prerequisites.md#azure-and-azure-active-directory) for devices is that they're either [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) or [hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
+          - **The device isn't sending data**: It's possible devices aren't sharing data due to a policy being incorrectly configured or a proxy or firewall configuration. Try using the [configuration script](wufb-reports-configuration-script.md) on devices to ensure they're configured properly.
+          - **The device isn't active enough**: Clients must be active and connected to the internet to scan against Microsoft Update. Ensure devices are powered on and have been active at least once in the past 28 days.
+          - **The workbook has limited the results**: The default limit for rows in Azure workbooks is set to 1000. This limit is to avoid any delay in the load time for the interface. If you noticed that you can't find a specific device, you can export the output in Excel, or open the results in the logs view for the full result by selecting the three dots beside each component.
+      - question: Why are there multiple records for the same device?
+        answer: |
+          Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.    
+      - question: What is the difference between OS version and target version?
+        answer: |
+          The word *target* in data labels refers to the update version, build or KB the client intends to update to. Typically, the fields starting with *OS*, such as OSbuild and OSversion, represents what the device is currently running.
+      - question: When should I use the UCClient, UCClientUpdateStatus, or UCUpdateAlert tables?
+        answer: |
+          These tables can be used for the following information:
+
+          - **UCClient**: Represents an individual device's record. It contains data such as the device's name, currently installed build, and the OS Edition. Each device has one record in this table. Use this table to get the overall compliance status of your devices.
+            - To display information for a specific device by Azure AD device ID: </br>
+              `UCClient where AzureADDeviceId contains "01234567-89ab-cdef-0123-456789abcdef"`
+            - To display all device records for devices running any Windows 11 OS version:</br>
+              `UCClient | where OSVersion contains "Windows 11"`
+
+          - **UCClientUpdateStatus**: Contains records for every update the device determined was applicable. There can be multiple records for a device if it's discovered multiple applicable updates in the past 60 days. Use this table if you want to get detailed update status for your active deployments. There will typically be 3 update status records per device for the latest 3 security updates.    
+            - To find device records for devices that determined the March 14, 2023 update was applicable:</br>
+              `UCClientUpdateStatus | where UpdateCategory =="WindowsQualityUpdate" and UpdateReleaseTime == "3/14/2023"`  
+            - To display devices that are in the restart required substate:</br>
+              `UCClientUpdateStatus |where ClientSubstate =="RestartRequired"`
+          
+          - **UCUpdateAlert**: Use this table to understand update failures and act on devices through alert recommendations. This table contains information that needs attention, relative to one device, one update and one deployment (if relevant).  
+            - To display information about an error code: 
+              `UCUpdateAlert|where ErrorCode =="0X8024000b"`
+            - To display a count of devices with active alerts by subtype:
+              `UCUpdateAlert |where AlertStatus =="Active"|summarize Devices=count() by AlertSubtype`
+      - question: What is the difference between quality and security updates?
+        answer: |
+          Windows quality updates are monthly updates that are [released on the second or fourth Tuesday of the month](release-cycle.md). The cumulative updates released on the second Tuesday of the month can contain both security updates and nonsecurity updates. Cumulative updates released on the fourth Tuesday of the month are optional nonsecurity preview releases. Use the fields within the [UCClient table](wufb-reports-schema-ucclient.md) for additional information, such as:
+            
+            - **OSSecurityUpdateStatus**: Indicates the status of the monthly update that's released on the second Tuesday
+            - **OSQualityUpdateStatus**: Indicates the status of the monthly update that's released on the fourth Tuesday
+      - question: How do I confirm that devices are sending data?
+        answer: |
+          Once enrollment is done and devices are properly configured to share data, wait for 48 hours for data to start showing up in reports. It can take up to 14 days for all of your devices to show up in reports in some cases where devices aren't active much. You can check to see if the Log Analytics tables are being populated in your workspace. The data is ingested by the service daily to generate reports. If you notice a day is missing, it's possible that the reports service missed an ingestion. To confirm devices are sending data, [query](wufb-reports-use.md#display-windows-update-for-business-reports-data) the [UCClient table](wufb-reports-schema-ucclient.md). The following query shows total enrolled device count per time-generated: 
+
+          `UCClient | summarize count() by TimeGenerated`
+
+          :::image type="content" source="media/7760853-wufb-reports-time-generated.png" alt-text="Screenshot of using a Kusto (KQL) query for time generated on Windows Update for Business reports data in Log Analytics." lightbox="media/7760853-wufb-reports-time-generated.png":::
+      - question: Why isn't the workbook displaying data even though my UCClient table has data?
+        answer: |
+          If the [UCClient table](wufb-reports-schema-ucclient.md) has data, but the [workbook](wufb-reports-workbook.md) isn't displaying data, ensure that the user has correct permissions to read the data. The [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role is needed to view the data in the workbooks. The [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role is needed to do any edits to the queries and workbooks.
+  - name: Delivery Optimization data
+    questions:  
+      - question: What time period does the Delivery Optimization data include?
+        answer: |
+          Data is aggregated for the last 28 days for active devices.
+      - question: Data is showing as 'Unknown', what does that mean?
+        answer: |
+          You may see data in the report listed as 'Unknown'. This status indicates that the Delivery Optimization DownloadMode setting is either invalid or empty.
+      - question: How are the 'Top 10' groups identified?
+        answer: |
+          The top groups are represented by the number of devices in a particular group, for any of the four group types (GroupID, City, Country, and ISP).
+      - question: The GroupIDs don't look familiar, why are they different?
+        answer: |
+          The GroupID values are encoded for data protection requirements. For more information, see [Mapping GroupIDs](wufb-reports-do.md#mapping-groupid).
+      - question: How can I see data for device in the office vs. out of the office?
+        answer: |
+          Today, we don't have a distinction for data that was downloaded by location. 
+      - question: What does the data in UCDOStatus table represent?
+        answer: |
+          A row in UCDOStatus represents data downloaded by a combination of a single device ID (AzureADDeviceId) by content type (ContentType).
+      - question: What does the data in UCDOAggregatedStatus table represent?
+        answer: |
+          A row in UCDOAggregatedStatus represents data summarized at the tenant level (AzureADTenantID) for each content type (ContentType).
+      - question: How are BytesFromCache calculated when there's a Connected Cache server used by my ISP?
+        answer: |
+            If there's a Connected Cache server at the ISP level, BytesFromCache filters out any bytes coming the ISP's Connected Cache.
+      - question: How do the results from the Delivery Optimization PowerShell cmdlets compare to the results in the report?
+        answer: |
+            [Delivery Optimization PowerShell cmdlets](waas-delivery-optimization-setup.md#monitor-delivery-optimization) can be a powerful tool used to monitor Delivery Optimization data on the device. These cmdlets use the cache on the device. The data calculated in the report is taken from the Delivery Optimization events.
+      - question: The report represents the last 28 days of data, why do some queries include >= seven days?
+        answer: |
+            The data in the report does represent the last 28 days of data. The query for last seven days is just to get the data for the latest snapshot from past seven days. It's possible that data is delayed for sometime and not available for current day, so we look for past seven day snapshot in log analytics and show the latest snapshot.

windows/deployment/update/wufb-reports-help.md

@@ -21,7 +21,6 @@ There are several resources that you can use to find help with Windows Update fo
 - Open a [Microsoft support case](#open-a-microsoft-support-case)
 
 - [Documentation feedback](#documentation-feedback)
-- [Troubleshooting tips](#troubleshooting-tips) for Windows Update for Business reports
 - Follow the [Windows IT Pro blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog) to learn about upcoming changes to Windows Update for Business reports
 - Use Microsoft Q&A to [ask product questions](/answers/products/)
 
@@ -82,19 +81,3 @@ If you create an issue for something not related to documentation, Microsoft wil
 - [Support requests](#open-a-microsoft-support-case) for Windows Update for Business reports
 
 To share feedback about the Microsoft Learn platform, see [Microsoft Learn feedback](https://aka.ms/sitefeedback). The platform includes all of the wrapper components such as the header, table of contents, and right menu. Also how the articles render in the browser, such as the font, alert boxes, and page anchors.
-
-## Troubleshooting tips
-
-Use the following troubleshooting tips to resolve the most common problems when using Windows Update for Business reports:
-
-### Ensuring devices are configured correctly to send data
-
-The first step in troubleshooting Windows Update for Business reports is ensuring that devices are configured. Review [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md) for the settings. We recommend using the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) for troubleshooting and configuring devices.
-
-### Devices have been correctly configured but aren't showing up in Windows Update for Business reports
-
-It takes some time for data to appear in Windows Update for Business reports for the first time, or if you moved to a new Log Analytics workspace. To learn more about data latencies for Windows Update for Business reports, review [Windows Update for Business reports data latency](wufb-reports-use.md#data-latency).
-
-### Devices are appearing, but without a device name
-
-Device Name is  an opt-in via policy. Review the required policies for enabling device name in the [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md) article.

windows/deployment/update/wufb-reports-workbook.md

@@ -48,7 +48,7 @@ Each of these tiles contains an option to **View details**. When **View details*
 | Tile name | Description | View details description |
 |---|---|------|
 | **Enrolled devices** | Total number of devices that are enrolled into Windows Update for Business reports | Displays multiple charts about the operating systems (OS) for enrolled devices: </br> **OS Version** </br> **OS Edition** </br> **OS Servicing Channel** </br> **OS Architecture**|
-|**Active alerts** | Total number of active alerts on enrolled devices | Displays the top three active alert subtypes and the count of devices in each. </br> </br> Select the count of **Devices** to display a table of the devices. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). </br> </br> Select an **AlertSubtype** to display a list containing: </br> - Each **Error Code** in the alert subtype </br>- A **Description** of the error code </br> - A **Recommendation** to help you remediate the error code </br> - A count of **Devices** with the specific error code |
+|**Active alerts** | Total number of active alerts on enrolled devices | Displays the top three active alert subtypes and the count of devices in each. </br> </br> Select the count of **Devices** to display a table of the devices. This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). </br> </br> Select an **AlertSubtype** to display a list containing: </br> - Each **Error Code** in the alert subtype </br>- A **Description** of the error code </br> - A **Recommendation** to help you remediate the error code </br> - A count of **Devices** with the specific error code |
 |  **Windows 11 eligibility** | Percentage of devices that are capable of running Windows 11 | Displays the following items: </br> - **Windows 11 Readiness Status** chart </br> - **Readiness Reason(s) Breakdown** chart that displays  Windows 11 requirements that aren't met. </br> - A table for **Readiness reason**. Select a reason to display a list of devices that don't meet a specific requirement for Windows 11. |
 
 ### Summary tab charts
@@ -70,7 +70,7 @@ The **Quality updates** tab displays generalized data at the top by using tiles.
 - **Missing multiple security updates**: Count of devices that are missing two or more security updates.
 - **Active alerts**: Count of active update and device alerts for quality updates.
 
-Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 1000 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 
 Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end users are impacted.
@@ -88,8 +88,8 @@ The **Update deployment status** table displays the quality updates for each ope
 | Column name | Description | Drill-in description |
 |---|---|---|
 |**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code.  
-| **KB Number** | KB number for the update |  Selecting the KB number opens the support information webpage for the update.|
-| **Total devices** | Number of devices that have been offered the update, or are installing, have installed, or canceled the update. | Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).  |
+| **KB Number** | KB number for the update |  Selecting the KB number will open the support information webpage for the update.|
+| **Total devices** | Number of devices that have been offered the update, or are installing, have installed, or canceled the update. | Selecting the device count opens a device list table. This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).  |
 
 ### <a name="bkmk_device-group-quality"></a> Device status group for quality updates
 
@@ -98,7 +98,7 @@ The **Device status** group for quality updates contains the following items:
 - **OS build number**: Chart containing a count of devices by OS build that are getting security updates.
 - **Device alerts**: Chart containing the count of active device errors and warnings for quality updates.
 - **Device compliance status**: Table containing a list of devices getting security updates and update installation information including active alerts for the devices.
-  - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+  - This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ## Feature updates tab
 
@@ -109,7 +109,7 @@ The **Feature updates** tab displays generalized data at the top by using tiles.
 - **Nearing EOS** Count of devices that are within 18 months of their end of service date.
 - **Active alerts**: Count of active update and device alerts for feature updates.
 
-Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles. Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles. Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 1000 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ### <a name="bkmk_update-group-feature"></a> Update status group for feature updates
 
@@ -125,7 +125,7 @@ The **Update status** group for feature updates contains the following items:
 |---|---|---|
 | **Total progress** | Percentage of devices that installed the targeted operating system version feature update within the last 30 days. | A bar graph is included in this column. Use the **Total devices** drill-in for additional information. |
 |**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code.  |
-| **Total Devices** | Count of devices for each targeted operating system version that have been offered the update, or are installing, have installed, or canceled the feature update.| Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
+| **Total Devices** | Count of devices for each targeted operating system version that have been offered the update, or are installing, have installed, or canceled the feature update.| Selecting the device count opens a device list table. This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
 
 ### <a name="bkmk_device-group-feature"></a> Device status group for feature updates
 
@@ -134,7 +134,7 @@ The **Device status** group for feature updates contains the following items:
 - **Windows 11 readiness status**: Chart containing how many devices that have a status of capable, not capable, or unknown for Windows 11 readiness.
 - **Device alerts**: Count of active device alerts for feature updates in each alert classification.
 - **Device compliance status**: Table containing a list of devices getting a feature update and installation information including active alerts for the devices.
-  - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+  - This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ## Driver updates tab
 
@@ -145,7 +145,7 @@ The **Driver update** tab provides information on driver and firmware update dep
 **Total policies**: The total number of deployment polices for driver and firmware updates from [Windows Update for Business deployment service](deployment-service-overview.md)
 **Active alerts**: Count of active alerts for driver deployments
 
-Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 1000 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 :::image type="content" source="media/7539531-wufb-reports-workbook-drivers.png" alt-text="Screenshot of the update status tab for driver updates." lightbox="media/7539531-wufb-reports-workbook-drivers.png":::
 
@@ -167,7 +167,7 @@ The **Device status** group for driver updates contains the following items:
 
 - **Device alerts**: Count of active device alerts for driver updates in each alert classification.
 - **Device compliance status**: Table containing a list of devices getting a driver update and installation information including active alerts for the devices.
-  - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+  - This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ## <a name="bkmk_do"></a> Delivery Optimization
 

windows/hub/TOC.yml

@@ -1,28 +0,0 @@
-- name: Windows
-  href: index.yml
-  items: 
-    - name: What's new
-      expanded: true
-      items:
-        - name: What's new in Windows
-          href: /windows/whats-new
-        - name: Windows 11
-          href: /windows/whats-new/windows-11
-    - name: Release information
-      href: /windows/release-health
-    - name: Deployment
-      href: /windows/deployment
-    - name: Configuration
-      href: /windows/configuration
-    - name: Client management
-      href: /windows/client-management
-    - name: Application management
-      href: /windows/application-management
-    - name: Security
-      href: /windows/security
-    - name: Privacy
-      href: /windows/privacy
-    - name: Troubleshooting
-      href: /windows/client-management/windows-10-support-solutions
-    - name: Previous Windows versions
-      href: /previous-versions/windows

windows/hub/breadcrumb/toc.yml

@@ -37,9 +37,13 @@ items:
             tocHref: /windows/security/
             topicHref: /windows/security/
             items:
-              - name: Windows Hello for Business
-                tocHref: /windows/security/identity-protection/hello-for-business/
-                topicHref: /windows/security/identity-protection/hello-for-business/
+              - name: Identity protection
+                tocHref: /windows/security/identity-protection/
+                topicHref: /windows/security/identity-protection/
+                items:
+                - name: Windows Hello for Business
+                  tocHref: /windows/security/identity-protection/hello-for-business/
+                  topicHref: /windows/security/identity-protection/hello-for-business
               - name: Security auditing
                 tocHref: /windows/security/threat-protection/auditing/
                 topicHref: /windows/security/threat-protection/auditing/security-auditing-overview
@@ -52,6 +56,13 @@ items:
               - name: Application Control for Windows
                 tocHref: /windows/security/threat-protection/windows-defender-application-control/
                 topicHref: /windows/security/threat-protection/windows-defender-application-control/
+              - name: OS
+                tocHref: /windows/security/operating-system-security/
+                topicHref: /windows/security/operating-system-security/
+              - name: Network
+                tocHref: /windows/security/operating-system-security/network-security/
+                topicHref: /windows/security/operating-system-security/network-security/
               - name: Windows Defender Firewall
-                tocHref: /windows/security/threat-protection/windows-firewall/
-                topicHref: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security
+                tocHref: /windows/security/operating-system-security/network-security/windows-firewall/
+                topicHref: /windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security
+                

windows/hub/images/accessprotection.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3,.cls-4{fill:none;stroke:#0070c0;stroke-miterlimit:10;}.cls-3{stroke-width:3.02px;}.cls-4{stroke-width:3px;}</style></defs><title>AccessProtection</title><g id="Icons"><polygon class="cls-2" points="52.5 18 36 18 36 1.5 39 1.5 39 15 52.5 15 52.5 18"/><path class="cls-2" d="M9,57V3H36.88L51,17.12V28.2a10.09,10.09,0,0,1,3,1.15V15.88L38.12,0H6V60H35V57Z"/><rect class="cls-3" x="39.5" y="43.5" width="19" height="15"/><path class="cls-4" d="M43.5,43.5V38a5.5,5.5,0,0,1,11,0v5.5"/></g></svg>

windows/hub/images/applicationmanagement.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>ApplicationManagement</title><g id="Icons"><polyline class="cls-2" points="50.75 46.5 58.5 46.5 58.5 5.5 9.5 5.5 9.5 13.5"/><rect class="cls-2" x="1.5" y="13.5" width="49" height="41"/><line class="cls-2" x1="1.5" y1="21.5" x2="50.5" y2="21.5"/><rect class="cls-2" x="8.5" y="28.5" width="16" height="19"/><line class="cls-2" x1="30" y1="28.5" x2="45" y2="28.5"/><line class="cls-2" x1="30" y1="36.5" x2="45" y2="36.5"/><line class="cls-2" x1="30" y1="44.5" x2="40" y2="44.5"/></g></svg>

windows/hub/images/clientmanagement.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}.cls-3{fill:#0070c0;}</style></defs><title>ClientManagement</title><g id="Icons"><path class="cls-2" d="M1.5,48.5a2.09,2.09,0,0,0,2,2h53a2.09,2.09,0,0,0,2-2,5.1,5.1,0,0,0-.84-3l-6.16-7H8.5l-6.16,7A5.1,5.1,0,0,0,1.5,48.5Z"/><rect class="cls-2" x="8.5" y="9.5" width="43" height="29"/><circle class="cls-3" cx="30" cy="15" r="1.75"/></g></svg>

windows/hub/images/configuration.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>Configuration</title><g id="Icons"><path class="cls-2" d="M50.63,30c0-.64,0-1.28-.1-1.91l7.25-4.52-3.59-8.66-8.32,1.92a20.87,20.87,0,0,0-2.7-2.7l1.92-8.32L36.43,2.22,31.91,9.47c-.63-.06-1.27-.09-1.91-.09s-1.28,0-1.91.09L23.57,2.22,14.91,5.81l1.92,8.32a20.87,20.87,0,0,0-2.7,2.7L5.81,14.91,2.22,23.57l7.25,4.52c-.06.63-.09,1.27-.09,1.91s0,1.28.09,1.91L2.22,36.43l3.59,8.66,8.32-1.92a20.87,20.87,0,0,0,2.7,2.7l-1.92,8.32,8.66,3.59,4.52-7.25c.63.06,1.27.1,1.91.1s1.28,0,1.91-.1l4.52,7.25,8.66-3.59-1.92-8.32a20.87,20.87,0,0,0,2.7-2.7l8.32,1.92,3.59-8.66-7.25-4.52C50.59,31.28,50.63,30.64,50.63,30ZM20.5,30A9.5,9.5,0,1,1,30,39.5,9.5,9.5,0,0,1,20.5,30Z"/></g></svg>

windows/hub/images/deployment.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2,.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}.cls-3{stroke-dasharray:2.4 2.4;}.cls-4{mask:url(#mask);}.cls-5{filter:url(#luminosity-noclip);}</style><filter id="luminosity-noclip" x="-3" y="3" width="66" height="54" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-color="#fff" result="bg"/><feBlend in="SourceGraphic" in2="bg"/></filter><mask id="mask" x="-3" y="3" width="66" height="54" maskUnits="userSpaceOnUse"><g class="cls-5"><rect x="-3" y="18" width="24" height="24"/><rect x="39" y="3" width="24" height="24"/><rect x="39" y="33" width="24" height="24"/></g></mask></defs><title>Deployment</title><g id="Icons"><rect class="cls-2" x="1.5" y="22.5" width="15" height="15"/><polyline class="cls-2" points="58.5 21 58.5 22.5 57 22.5"/><line class="cls-3" x1="54.6" y1="22.5" x2="46.2" y2="22.5"/><polyline class="cls-2" points="45 22.5 43.5 22.5 43.5 21"/><line class="cls-3" x1="43.5" y1="18.6" x2="43.5" y2="10.2"/><polyline class="cls-2" points="43.5 9 43.5 7.5 45 7.5"/><line class="cls-3" x1="47.4" y1="7.5" x2="55.8" y2="7.5"/><polyline class="cls-2" points="57 7.5 58.5 7.5 58.5 9"/><line class="cls-3" x1="58.5" y1="11.4" x2="58.5" y2="19.8"/><polyline class="cls-2" points="58.5 51 58.5 52.5 57 52.5"/><line class="cls-3" x1="54.6" y1="52.5" x2="46.2" y2="52.5"/><polyline class="cls-2" points="45 52.5 43.5 52.5 43.5 51"/><line class="cls-3" x1="43.5" y1="48.6" x2="43.5" y2="40.2"/><polyline class="cls-2" points="43.5 39 43.5 37.5 45 37.5"/><line class="cls-3" x1="47.4" y1="37.5" x2="55.8" y2="37.5"/><polyline class="cls-2" points="57 37.5 58.5 37.5 58.5 39"/><line class="cls-3" x1="58.5" y1="41.4" x2="58.5" y2="49.8"/><g class="cls-4"><line class="cls-2" x1="16.5" y1="22.5" x2="43.5" y2="14.5"/><line class="cls-2" x1="16.5" y1="37.5" x2="43.5" y2="45.5"/></g></g></svg>

windows/hub/images/deviceSecurity.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>DeviceSecurity</title><g id="Icons"><path class="cls-2" d="M29.89,49H3.5a.62.62,0,0,1-.5-.5,3.88,3.88,0,0,1,.47-2L9.18,40H28V37H10V11H50V26.7a11.62,11.62,0,0,1,3,1.42h0V8H7V37.93l-5.82,6.6A6.62,6.62,0,0,0,0,48.5,3.6,3.6,0,0,0,3.5,52H31.64A22.74,22.74,0,0,1,29.89,49Z"/><path class="cls-3" d="M58.5,33.5V41c0,6.25-4.65,12.38-12.14,16.31l-.86.45-.86-.45C37.15,53.38,32.5,47.25,32.5,41V33.5h2a11.13,11.13,0,0,0,6-1.66,9.85,9.85,0,0,1,10,0,11.17,11.17,0,0,0,6,1.62Z"/></g></svg>

windows/hub/images/threatprotection.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>ThreatProtection</title><g id="Icons"><rect class="cls-2" x="28" y="41" width="3" height="3"/><rect class="cls-2" x="28" y="11" width="3" height="26"/><path class="cls-3" d="M55.5,21.5c0,13.78-9.93,26.31-26,35.34-16.07-9-26-21.56-26-35.34V9.5A30.48,30.48,0,0,0,20.21,4.29,15.89,15.89,0,0,1,29.5,1.5a15.89,15.89,0,0,1,9.29,2.79A30.48,30.48,0,0,0,55.5,9.5Z"/></g></svg>

windows/hub/images/whatsnew.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2,.cls-3{fill:none;stroke:#107c10;stroke-miterlimit:10;stroke-width:3px;}.cls-3{stroke-linecap:round;}</style></defs><title>WhatsNew</title><g id="Icons"><path class="cls-2" d="M58.5,41.5a6,6,0,0,1-6,6H7.5a6,6,0,0,1-6-6V9.5h49v7h8Z"/><line class="cls-3" x1="50.5" y1="16.5" x2="50.5" y2="39.5"/><line class="cls-2" x1="45" y1="16.5" x2="7" y2="16.5"/><line class="cls-2" x1="45" y1="40.5" x2="29" y2="40.5"/><line class="cls-2" x1="45" y1="32.5" x2="29" y2="32.5"/><line class="cls-2" x1="45" y1="24.5" x2="29" y2="24.5"/><rect class="cls-2" x="8.5" y="24.5" width="15" height="16"/></g></svg>

windows/hub/images/winlogo.svg

@@ -1,96 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<!-- Generated by Microsoft Visio, SVG Export winlogo.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="6.06944in" height="6.09028in"
-		viewBox="0 0 437 438.5" xml:space="preserve" color-interpolation-filters="sRGB" class="st2">
-	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
-
-	<style type="text/css">
-	<![CDATA[
-		.st1 {fill:none;stroke:none;stroke-width:0.25}
-		.st2 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
-	]]>
-	</style>
-
-	<g v:mID="0" v:index="1" v:groupContext="foregroundPage">
-		<title>Page-1</title>
-		<v:pageProperties v:drawingScale="1" v:pageScale="1" v:drawingUnits="0" v:shadowOffsetX="9" v:shadowOffsetY="-9"/>
-		<g id="shape1-1" v:mID="1" v:groupContext="shape" transform="translate(0.25,-0.25)">
-			<title>Sheet.1</title>
-			<rect v:rectContext="foreign" x="0" y="0.500011" width="436.5" height="438" class="st1"/>
-			<image x="0" y="0.500011" width="436.5" height="438" preserveAspectRatio="none" xlink:href="data:image/png;base64,iV
-						BORw0KGgoAAAANSUhEUgAAAkYAAAJICAYAAACE1yscAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAU
-						lSJPAAABTLSURBVHhe7dYxTiBQDENBjs1B9z6shL4r3EREaZgnTe/SH1+SJEn6zjGSJEl6OUaSJEkvx0iSJOnlGEmSJL1+HKOPz38Av3
-						Jd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bAD
-						CRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2
-						DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQ
-						PARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEco
-						yAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117
-						UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8
-						kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l
-						3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AE
-						wkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCF
-						h3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2w
-						AwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHC
-						Ng3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW
-						0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARH
-						KMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdd
-						e1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNAB
-						PJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAt
-						Zd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNg
-						BMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxw
-						hYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3Xd
-						sAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkR
-						wjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3X
-						VtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwE
-						RyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgH
-						XXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQ
-						ATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQ
-						LWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1z
-						YATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJM
-						cIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd1
-						3bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJ
-						EcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN
-						11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8
-						BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjI
-						B117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BE+nGMJEmS/mqOkSRJ0ssxkiRJejlGkiRJL8dIkiTp5RhJkiS9HCNJkqSXYy
-						RJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJL8dIkiTp5RhJkiS9HCNJkqSXYyRJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJL8dIkiTp5R
-						hJkiS9HCNJkqSXYyRJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJrx/H6OPzH8CvXNc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQ
-						ATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQ
-						LWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1z
-						YATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJM
-						cIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd1
-						3bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJ
-						EcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN
-						11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8
-						BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjI
-						B117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ
-						0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyT
-						EC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXd
-						c2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATC
-						THCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWH
-						dd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bAD
-						CRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2
-						DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQ
-						PARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEco
-						yAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117
-						UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8
-						kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l
-						3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AE
-						wkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCF
-						h3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2w
-						AwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHC
-						Ng3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW
-						0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARH
-						KMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdd
-						e1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNAB
-						PJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAt
-						Zd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNg
-						BMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxw
-						hYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3Xd
-						sAMJF+HCNJkqS/mmMkSZL0cowkSZK++/r6DwqOoucNyrLNAAAAAElFTkSuQmCC"/>
-			<rect v:rectContext="foreign" x="0" y="0.500011" width="436.5" height="438" class="st1"/>
-		</g>
-	</g>
-</svg>

windows/hub/index.yml

@@ -1,255 +1,168 @@
 ### YamlMime:Hub
 
-title: Windows client documentation for IT Pros # < 60 chars
-summary: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # < 160 chars
-# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin
+title: Windows client documentation for IT Pros
+summary: Learn how to deploy, secure, and manage Windows clients for your organization.
 brand: windows
 
 metadata:
-  title: Windows client documentation for IT Pros # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
+  title: Windows client documentation
+  description: Learn how to deploy, secure, and manage Windows clients for your organization.
   ms.topic: hub-page
   ms.prod: windows-client
   ms.collection:
     - highpri
     - tier1
-  author: aczechowski #Required; your GitHub user alias, with correct capitalization.
-  ms.author: aaroncz #Required; microsoft alias of author; optional team alias.
-  ms.date: 10/01/2021 #Required; mm/dd/yyyy format.
-  localization_priority: medium
+  author: paolomatarazzo
+  ms.author: paoloma
+  manager: aaroncz
+  ms.date: 06/20/2023
 
-# highlightedContent section (optional)
-# Maximum of 8 items
 highlightedContent:
-# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
   items:
-    # Card
-    - title: Become a Windows Insider
-      itemType: overview
-      url: https://insider.windows.com
-    # Card
-    - title: See what's new in Windows release health
-      itemType: overview
-      url: /windows/release-health/
-    # Card
-    - title: Empower your hybrid workforce
-      itemType: overview
-      url: https://www.microsoft.com/microsoft-365/blog/2021/10/04/empower-your-hybrid-workforce-today-with-windows-11/
+  - title: Get started with Windows 11
+    itemType: get-started
+    url: /windows/whats-new/windows-11-overview
+  - title: Windows 11, version 22H2
+    itemType: whats-new
+    url: /windows/whats-new/whats-new-windows-11-version-22H2
+  - title: Windows 11, version 22H2 group policy settings reference 
+    itemType: download
+    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
+  - title: Windows release health
+    itemType: whats-new
+    url: /windows-insider/get-started
+  - title: Windows commercial licensing
+    itemType: overview
+    url: /windows/whats-new/windows-licensing
+  - title: Windows 365 documentation
+    itemType: overview
+    url: /windows-365
+  - title: Explore all Windows trainings and learning paths for IT pros
+    itemType: learn
+    url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
+  - title: Enroll Windows client devices in Microsoft Intune
+    itemType: how-to-guide
+    url: /mem/intune/fundamentals/deployment-guide-enrollment-windows
 
-# productDirectory section (optional)
 productDirectory:
-  title: Get to know Windows 11 # < 60 chars (optional)
-  summary: Learn more about what's new, what's updated, and what you get in Windows 11 # < 160 chars (optional)
+  title: Get started
   items:
-  # Card
-    - title: Windows 11 overview
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Get more information about features and improvements that are important to admins
-      url: /windows/whats-new/windows-11-overview
-    - title: Windows 11 requirements
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: See the system requirements for Windows 11, including running Windows 11 on a virtual machine
-      url: /windows/whats-new/windows-11-requirements
-    - title: Learn more about Windows 11 Enterprise
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Get more information on the features, security, and licensing plans designed for organizations
-      url: https://www.microsoft.com/microsoft-365/windows/windows-11-enterprise
-    - title: FAQ - Upgrade to Windows 11
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: See some common questions and answers when upgrading to Windows 11
-      url: https://support.microsoft.com/windows/upgrade-to-windows-11-faq-fb6206a2-1a0f-448a-80f1-8668ee5b2bf9
-    - title: Windows 11 chip to cloud protection - Security challenges of hybrid work
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Blog from the Microsoft Windows Security Team
-      url: https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work
-    - title: Trusted Platform Module (TPM)
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Learn more about TPM, and why it's a good thing
-      url: /windows/security/information-protection/tpm/trusted-platform-module-overview
 
-# conceptualContent section (optional)
-conceptualContent:
-# Supports up to 3 sections
-# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
-
-  title: Windows client resources and documentation for IT Pros 
-  summary: Plan, deploy, secure, and manage devices running Windows 10 and Windows 11.
-  items:
-  # card
-    - title: Overview
+    - title: Learn how to deploy Windows
+      imageSrc: /media/common/i_deploy.svg
       links:
-        - url: /windows/whats-new/windows-11-overview
-          itemType: overview
-          text: Windows 11 overview
-        - url: /windows/whats-new/windows-11-plan
-          itemType: overview
-          text: Plan for Windows 11
-        - url: /windows/whats-new/windows-11-prepare
-          itemType: overview
-          text: Prepare for Windows 11
-        - url: /windows/whats-new/whats-new-windows-10-version-21H1
-          itemType: overview
-          text: What's new in Windows 10, version 21H1
-        - url:  /windows/release-health/release-information
-          itemType: overview
-          text: Windows release information
-
-  # Card (optional)
-    - title: Configuration
-      links:
-        - url: /windows/configuration/index
-          itemType: overview
-          text: Configure Windows
-        - url: /windows/configuration/provisioning-packages/provisioning-packages
-          itemType: how-to-guide
-          text: Use Provisioning packages to configure new devices
-        - url: /windows/configuration/windows-accessibility-for-itpros
-          itemType: overview
-          text: Accessibility information for IT Pros
-        - url: /windows/configuration/customize-start-menu-layout-windows-11
-          itemType: how-to-guide
-          text: Customize the Start menu layout
-        - url: /windows/configuration/stop-employees-from-using-microsoft-store
-          itemType: how-to-guide
-          text: Control access to Microsoft Store
-        - url: /windows/configuration/set-up-shared-or-guest-pc
-          itemType: how-to-guide
-          text: Set up a shared or guest PC
-
-  # Card (optional)
-    - title: Deployment
-      links:
-        - url: /windows/deployment/index      
-          itemType: deploy
-          text: Deploy and update Windows
-        - url: /windows/deployment/windows-10-deployment-scenarios
-          itemType: deploy
-          text: Windows deployment scenarios
-        - url: /windows/deployment/update/create-deployment-plan
-          itemType: deploy
-          text: Create a deployment plan
-        - url: /windows/deployment/update/prepare-deploy-windows
-          itemType: deploy
-          text: Prepare to deploy Windows client
+        - url: /mem/autopilot/
+          text: Windows Autopilot overview
+        - url: /mem/autopilot/tutorial/autopilot-scenarios
+          text: "Tutorial: Windows Autopilot scenarios"
+        - url: /windows/deployment/do/
+          text: Delivery optimization
+        - url: /windows/deployment/update/deployment-service-overview
+          text: Windows Update for Business deployment service
         - url: /windows/deployment/windows-autopatch
-          itemType: deploy
-          text: Windows Autopatch
+          text: Windows Autopatch overview
+        - url: /windows/deployment
+          text: Learn more about Windows deployment >
 
-  # Card
-    - title: App management
+    - title: Learn how to secure Windows
+      imageSrc: /media/common/i_security-management.svg
       links:
-        - url: /windows/application-management/index
-          itemType: overview
-          text: Windows application management
-        - url: /windows/application-management/apps-in-windows-10
-          itemType: overview
-          text: Learn more about the different apps types for Windows
-        - url: /windows/application-management/private-app-repository-mdm-company-portal-windows-11
-          itemType: how-to-guide
-          text: Use the private app repo on Windows 11
-        - url:  /windows/application-management/remove-provisioned-apps-during-update
-          itemType: how-to-guide
-          text: Keep removed apps from returning during an update
-        - url:  https://blogs.windows.com/windowsdeveloper/2021/10/04/developing-for-windows-11/
-          itemType: overview
-          text: Blog - Develop apps for Windows 11
+        - url: /windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines
+          text: Windows security baselines
+        - url: /windows/security/identity-protection/credential-guard/credential-guard-how-it-works
+          text: Windows Defender Credential Guard
+        - url: /windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust
+          text: Windows Hello for Business cloud Kerberos trust
+        - url: /education/windows/tutorial-school-deployment/windows/security/threat-protection/windows-defender-application-control/
+          text: Windows Defender Application Control (WDAC)
+        - url: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
+          text: Microsoft Defender Application Guard
+        - url: /windows/security
+          text: Learn more about Windows security >
 
-  # Card
-    - title: Client management
+    - title: Learn about privacy in Windows
+      imageSrc: /media/common/i_lock.svg
       links:
+        - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2
+          text: Windows 11 required diagnostic data
+        - url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization
+          text: Configure Windows diagnostic data in your organization
+        - url: /windows/privacy/diagnostic-data-viewer-overview
+          text: Diagnostic Data Viewer
+        - url: /windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
+          text: Manage connections to Microsoft services
+        - url: /windows/privacy/windows-10-and-privacy-compliance
+          text: Windows privacy compliance guide
+        - url: /windows/privacy
+          text: Learn more about privacy in Windows >
 
-        - url: /windows/client-management/index
-          itemType: overview
-          text: Windows client management
+    - title: Learn how to manage Windows
+      imageSrc: /media/common/i_management.svg
+      links:
+        - url: /windows/client-management/mobile-device-enrollment
+          text: MDM enrollment
+        - url: /windows/client-management/mdm/
+          text: Configuration Service Provider (CSP)
         - url: /windows/client-management/administrative-tools-in-windows-10
-          itemType: overview
-          text: Administrative tools 
-        - url: /windows/client-management/mandatory-user-profile
-          itemType: how-to-guide
-          text: Create mandatory user profiles
-        - url: /windows/client-management/new-policies-for-windows-10
-          itemType: overview
-          text: New policies for Windows 10
-        - url: /windows/client-management/mdm/configuration-service-provider-reference
-          itemType: reference
-          text: Configuration service provider reference
+          text: Windows administrative tools
+        - url: /windows/client-management/client-tools/quick-assist
+          text: Use Quick Assist to help users
+        - url: /windows/application-management/index
+          text: Learn more about application management >
+        - url: /windows/client-management
+          text: Learn more about Windows management >
 
-  # Card (optional)
-    - title: Security and Privacy
+    - title: Learn how to configure Windows
+      imageSrc: /media/common/i_config-tools.svg
       links:
-        - url: /windows/security/index    
-          itemType: overview
-          text: Windows Enterprise Security
-        - url: /windows/security/hardware
-          itemType: overview
-          text: Hardware security
-        - url: /windows/security/operating-system
-          itemType: overview
-          text: Operating system security
-        - url: /windows/security/apps         
-          itemType: overview
-          text: Application security
-        - url: /windows/security/identity
-          itemType: overview
-          text: Identity and privacy
-        - url: /windows/security/cloud
-          itemType: overview
-          text: Cloud services
-        - url: /windows/privacy/index
-          itemType: overview
-          text: Windows Privacy
+        - url: /windows/configuration/windows-accessibility-for-itpros
+          text: Accessibility information
+        - url: /windows/configuration/provisioning-packages/provisioning-packages
+          text: Use Provisioning packages to configure new devices
+        - url: /windows/configuration/customize-start-menu-layout-windows-11
+          text: Customize the Start menu layout
+        - url: /windows/configuration/set-up-shared-or-guest-pc
+          text: Set up a shared or guest PC
+        - url: /windows/configuration/kiosk-methods
+          text: Configure kiosks and digital signs
+        - url: /windows/configuration
+          text: Learn more about Windows configuration >
+
+    - title: Learn about Windows for Education
+      imageSrc: /media/common/i_advanced.svg
+      links:
+        - url: /education/windows/windows-11-se-overview
+          text: Windows 11 SE Overview
+        - url: /education/windows/federated-sign-in
+          text: Configure federated sign-in for Windows devices
+        - url: /education/windows/get-minecraft-for-education
+          text: Get and deploy Minecraft Education
+        - url: /education/windows/tutorial-school-deployment/
+          text: "Tutorial: deploy and manage Windows devices in a school"
+        - url: /education/windows/tutorial-deploy-apps-winse/
+          text: "Tutorial: deploy applications to Windows 11 SE"
+        - url: /education/Windows
+          text: Learn more about Windows for Education >
 
-# additionalContent section (optional)
-# Card with summary style
 additionalContent:
-  # Supports up to 4 subsections
   sections:
-    - title: More Windows resources # < 60 chars (optional)
+    - title: More Windows resources
       items:
-        # Card
-        - title: Windows product site
-          summary: Find out how Windows enables your business to do more
-          url: https://www.microsoft.com/microsoft-365/windows
-        - title: "Windows 11: A new era for the PC begins today"
-          summary: Blog article that describes how Windows 11 empowers you to produce and inspires you to create
-          url: https://blogs.windows.com/windowsexperience/2021/10/04/windows-11-a-new-era-for-the-pc-begins-today/
-        - title: Windows IT Pro blogs
-          summary: The latest Windows blog articles for the IT Pro 
-          url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
-        - title: Windows blogs
-          summary: Keep up with the latest news about Windows
-          url: https://blogs.windows.com/
-        - title: Participate in the Tech Community
-          summary: Learn how to be part of the Windows Tech Community
-          url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
-        - title: Ask the community
-          summary: Get help, and help others
-          url: https://answers.microsoft.com/windows/forum
 
-    - title: Other resources
-      items:
-        - title: Microsoft endpoint management with Intune
+        - title: Windows hardware
           links:
-            - text: Intune is a family of products
-              url: /mem/endpoint-manager-overview
-            - text: What is Microsoft Intune?
-              url: /mem/intune/fundamentals/what-is-intune
-            - text: Microsoft Intune services simplify upgrades to Windows 11
-              url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/endpoint-manager-simplifies-upgrades-to-windows-11/ba-p/2771886
-            - text: Understanding readiness for Windows 11 with Microsoft Intune services
-              url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/understanding-readiness-for-windows-11-with-microsoft-endpoint/ba-p/2770866
-            - text: Microsoft endpoint management blog
-              url: https://aka.ms/memblog
-        - title: Windows 365
-          links:
-            - text: Windows 365 documentation
-              url: /windows-365
-            - text: What is Windows 365
-              url: /windows-365/overview
-            - text: Windows 365 Enterprise now supports Windows 11
-              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-365-enterprise-now-supports-windows-11/ba-p/2810334              
-            - text: Windows 365 blog
-              url: https://www.microsoft.com/microsoft-365/blog/
+            - text: Windows hardware developer documentation
+              url: /windows-hardware/drivers/
+            - text: Get started with building Windows devices
+              url: /windows-hardware/get-started
+            - text: Download the Windows Driver Kit
+              url: /windows-hardware/drivers/download-the-wdk
+            - text: Device and driver installation
+              url: /windows-hardware/drivers/install/overview-of-device-and-driver-installation
+            - text: Windows Driver Frameworks
+              url: /windows-hardware/drivers/wdf/
+            - text: Kernel-mode driver architecture design guide
+              url: /windows-hardware/drivers/kernel/
 
         - title: Windows Server
           links:
@@ -257,7 +170,27 @@ additionalContent:
               url: /windows-server
             - text: What's new in Windows Server 2022?
               url: /windows-server/get-started/whats-new-in-windows-server-2022
-            - text: Get started with Windows Server
-              url: /windows-server/get-started/get-started-with-windows-server
             - text: Windows Server blog
               url: https://cloudblogs.microsoft.com/windowsserver/
+
+        - title: Windows product site and blogs
+          links:
+            - text: Find out how Windows enables your business to do more
+              url: https://www.microsoft.com/microsoft-365/windows
+            - text: Windows blogs
+              url: https://blogs.windows.com/
+            - text: Windows IT Pro blog
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+            - text: Microsoft Intune blog
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
+            - text: "Windows help & learning: end-user documentation"
+              url: https://support.microsoft.com/windows
+
+        - title: Participate in the community
+          links:
+            - text: Windows community
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
+            - text: Microsoft Intune community
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+            - text: Microsoft Support community
+              url: https://answers.microsoft.com/windows/forum

windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md

@@ -5,7 +5,7 @@ ms.collection:
   - ContentEngagementFY23
   - tier1
 ms.topic: article
-ms.date: 03/15/2023
+ms.date: 06/20/2023
 ---
 
 # Deploy certificates for remote desktop (RDP) sign-in
@@ -88,8 +88,11 @@ Follow these steps to create a certificate template:
 
 ## Deploy certificates via Intune
 
-> [!NOTE]
+> [!CAUTION]
 > This process is applicable to both *Azure AD joined* and *hybrid Azure AD joined* devices that are managed via Intune.
+>
+> If you deploy certificates via Intune and configure Windows Hello for Business via group policy, the devices will fail to obtain a certificate, logging the error code `0x82ab0011` in the `DeviceManagement-Enterprise-Diagnostic-Provider` log.\
+> To avoid the error, configure Windows Hello for Business via Intune instead of group policy.
 
 Deploying a certificate to Azure AD joined or hybrid Azure AD joined devices may be achieved using the Simple Certificate Enrollment Protocol (SCEP) or PKCS (PFX) via Intune. For guidance deploying the required infrastructure, refer to:
 

windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md

@@ -32,12 +32,13 @@ Windows Hello for Business cloud Kerberos trust uses *Azure AD Kerberos*, which
 Cloud Kerberos trust uses Azure AD Kerberos, which doesn't require a PKI to request TGTs.\
 With Azure AD Kerberos, Azure AD can issue TGTs for one or more AD domains. Windows can request a TGT from Azure AD when authenticating with Windows Hello for Business, and use the returned TGT for sign-in or to access AD-based resources. The on-premises domain controllers are still responsible for Kerberos service tickets and authorization.
 
-When Azure AD Kerberos is enabled in an Active Directory domain, an *Azure AD Kerberos server object* is created in the domain. This object:
+When Azure AD Kerberos is enabled in an Active Directory domain, an *AzureADKerberos* computer object is created in the domain. This object:
 
 - Appears as a Read Only Domain Controller (RODC) object, but isn't associated with any physical servers
-- Is only used by Azure AD to generate TGTs for the Active Directory domain.
+- Is only used by Azure AD to generate TGTs for the Active Directory domain
+
   > [!NOTE]
-  > The same rules and restrictions used for RODCs apply to the Azure AD Kerberos Server object. For example, users that are direct or indirect members of the built-in security group *Denied RODC Password Replication Group* won't be able to use cloud Kerberos trust.
+  > Similar rules and restrictions used for RODCs apply to the AzureADKerberos computer object. For example, users that are direct or indirect members of priviliged built-in security groups won't be able to use cloud Kerberos trust.
 
 :::image type="content" source="images/azuread-kerberos-object.png" alt-text="Active Directory Users and Computers console, showing the computer object representing the Azure AD Kerberos server ":::
 
@@ -67,9 +68,9 @@ The following scenarios aren't supported using Windows Hello for Business cloud
 - Signing in with cloud Kerberos trust on a Hybrid Azure AD joined device without previously signing in with DC connectivity
 
 > [!NOTE]
-> The default security policy for AD does not grant permission to sign high privilege accounts on to on-premises resources with cloud Kerberos trust or FIDO2 security keys.
+> The default *Password Replication Policy* configured on the AzureADKerberos computer object doesn't allow to sign high privilege accounts on to on-premises resources with cloud Kerberos trust or FIDO2 security keys.
 >
-> To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object `CN=AzureADKerberos,OU=Domain Controllers,<domain-DN>`.
+> Due to possible attack vectors from Azure AD to Active Directory, it **isn't recommended** to unblock these accounts by relaxing the Password Replication Policy of the computer object `CN=AzureADKerberos,OU=Domain Controllers,<domain-DN>`.
 
 ## Next steps
 

windows/security/images/icons/certificate.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M4.75 3C3.23122 3 2 4.23122 2 5.75V10.9995C2.91223 9.78534 4.3644 9 6 9C8.76142 9 11 11.2386 11 14C11 15.1258 10.6279 16.1647 10 17.0005V18H19.25C20.7688 18 22 16.7688 22 15.25V5.75C22 4.23122 20.7688 3 19.25 3H4.75ZM6.75 7H17.25C17.6642 7 18 7.33579 18 7.75C18 8.16421 17.6642 8.5 17.25 8.5H6.75C6.33579 8.5 6 8.16421 6 7.75C6 7.33579 6.33579 7 6.75 7ZM12 12.75C12 12.3358 12.3358 12 12.75 12H17.25C17.6642 12 18 12.3358 18 12.75C18 13.1642 17.6642 13.5 17.25 13.5H12.75C12.3358 13.5 12 13.1642 12 12.75ZM5.99967 10C3.79017 10 1.99902 11.7911 1.99902 14.0006C1.99902 16.2101 3.79017 18.0013 5.99967 18.0013C8.20916 18.0013 10.0003 16.2101 10.0003 14.0006C10.0003 11.7911 8.20916 10 5.99967 10ZM9.00076 18.001C8.16487 18.6291 7.12573 19.0013 5.99967 19.0013C4.8745 19.0013 3.83612 18.6297 3.00058 18.0025L3.0001 21.2487C3.0001 21.8195 3.6046 22.1681 4.09019 21.9176L4.17966 21.8635L6.00002 20.5912L7.81967 21.8635C8.28757 22.1904 8.91959 21.8946 8.99232 21.353L8.99923 21.2487L9.00076 18.001Z" fill="#0078D4" />
+</svg>

windows/security/images/icons/license.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M2 3.75C2 2.7835 2.7835 2 3.75 2H9.25C10.2165 2 11 2.7835 11 3.75V10H14V11.5C14 12.8807 12.8807 14 11.5 14H4.5C3.11929 14 2 12.8807 2 11.5V3.75ZM11 13H11.5C12.3284 13 13 12.3284 13 11.5V11H11V13ZM4.5 5.5C4.5 5.77614 4.72386 6 5 6H8C8.27614 6 8.5 5.77614 8.5 5.5C8.5 5.22386 8.27614 5 8 5H5C4.72386 5 4.5 5.22386 4.5 5.5ZM5 7.5C4.72386 7.5 4.5 7.72386 4.5 8C4.5 8.27614 4.72386 8.5 5 8.5H8C8.27614 8.5 8.5 8.27614 8.5 8C8.5 7.72386 8.27614 7.5 8 7.5H5ZM4.5 10.5C4.5 10.7761 4.72386 11 5 11H6.5C6.77614 11 7 10.7761 7 10.5C7 10.2239 6.77614 10 6.5 10H5C4.72386 10 4.5 10.2239 4.5 10.5Z"  fill="#0078D4"  />
+</svg>

windows/security/index.yml

@@ -145,7 +145,7 @@ landingContent:
       - linkListType: overview
         links:
         - text: Overview
-          url: security-foundations.md
+          url: security-foundations/index.md
       - linkListType: reference
         links:
           - text: Microsoft Security Development Lifecycle

windows/security/introduction/security-features-edition-requirements.md

@@ -1,26 +0,0 @@
----
-title: Windows security features and edition requirements
-description: Learn about Windows edition requirements for the feature included in Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.collection:
-- tier3
-ms.topic: conceptual
-ms.date: 05/04/2023
-appliesto:
-- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-security
----
-
-# Windows security features and edition requirements
-
-This article lists the security features that are available in Windows, and the Windows editions that support them.
-
-> [!NOTE]
-> The **Windows edition** requirements listed in the following table may be different from the **licensing** requirements. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md).
-
-[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
-
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).

windows/security/introduction/security-features-licensing-requirements.md

@@ -1,26 +0,0 @@
----
-title: Windows security features and licensing requirements
-description: Learn about Windows features and licensing requirements for the feature included in Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.collection:
-- tier3
-ms.topic: conceptual
-ms.date: 04/24/2023
-appliesto:
-- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-security
----
-
-# Windows security features and licensing requirements
-
-This article lists the security features that are available in Windows, and the licensing requirements to use them.
-
-> [!NOTE]
-> The **licensing** requirements listed in the following table may be different from the **Windows edition** requirements. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md).
-
-[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
-
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).

windows/security/licensing-and-edition-requirements.md

@@ -0,0 +1,31 @@
+---
+title: Windows security features licensing and edition requirements
+description: Learn about Windows licensing and edition requirements for the features included in Windows.
+ms.collection:
+- tier2
+ms.topic: conceptual
+ms.date: 06/15/2023
+appliesto:
+- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+ms.author: paoloma
+author: paolomatarazzo
+ms.prod: windows-client
+---
+
+# Windows security features licensing and edition requirements
+
+This article lists the security features that are available in Windows.
+
+Select one of the two tabs to learn about licensing requirements to use the security features, or to learn about the Windows edition requirements that support them:
+
+#### [:::image type="icon" source="images/icons/certificate.svg" border="false"::: **Licensing requirements**](#tab/licensing)
+
+[!INCLUDE [licensing-requirements](../../includes/licensing/_licensing-requirements.md)]
+
+#### [:::image type="icon" source="images/icons/windows-os.svg" border="false"::: **Edition requirements**](#tab/edition)
+
+[!INCLUDE [_edition-requirements](../../includes/licensing/_edition-requirements.md)]
+
+---
+
+For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).

windows/security/operating-system-security/network-security/toc.yml

@@ -1,8 +1,10 @@
 items:
   - name: Transport layer security (TLS) 🔗
     href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
-  - name: WiFi Security
+  - name: Wi-Fi Security
     href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
+  - name: Extensible Authentication Protocol (EAP) for network access
+    href: /windows-server/networking/technologies/extensible-authentication-protocol/network-access
   - name: Windows Firewall 🔗
     href: windows-firewall/windows-firewall-with-advanced-security.md
   - name: Virtual Private Network (VPN)

windows/security/operating-system-security/network-security/vpn/vpn-authentication.md

@@ -1,7 +1,7 @@
 ---
 title: VPN authentication options 
 description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
-ms.date: 09/23/2021
+ms.date: 06/20/2023
 ms.topic: conceptual
 ---
 
@@ -43,7 +43,7 @@ Windows supports a number of EAP authentication methods.
 
   - Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials.
 
-  - [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.
+  - [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it's possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.
 
 - Tunneled Transport Layer Security (TTLS)
   - Inner method
@@ -78,7 +78,7 @@ See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EA
 
 The following image shows the field for EAP XML in a Microsoft Intune VPN profile. The EAP XML field only appears when you select a built-in connection type (automatic, IKEv2, L2TP, PPTP).
 
-:::image type="content" source="images/vpn-eap-xml.png" alt-text="EAP XML configuration in Intune profile.":::
+:::image type="content" source="images/vpn-eap-xml.png" alt-text="Screenshot showing EAP XML configuration in Intune profile.":::
 
 ## Related topics
 
@@ -90,3 +90,4 @@ The following image shows the field for EAP XML in a Microsoft Intune VPN profil
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
 - [VPN profile options](vpn-profile-options.md)
+- [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)

windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md

@@ -147,18 +147,18 @@ In general, to maintain maximum security, admins should only push firewall excep
 
 The Windows Firewall settings configured via group policy are stored in the registry. By default, group policies are refreshed in the background every 90 minutes, with a random offset of 0 to 30 minutes.
 
-When Windows Firewall checks the registry for any configuration changes, the *Windows Filtering Platform (WFP)* performs the following actions:
+Windows Firewall monitors the registry for changes, and if something is written to the registry it notifies the *Windows Filtering Platform (WFP)*, which performs the following actions:
 
 - Reads all firewall rules and settings
 - Applies any new filters
 - Removes the old filters
 
 > [!NOTE]
-> The actions are triggered regardless if there's a configuration change. During the process, IPsec connections are disconnected.
+> The actions are triggered whenever something is written to, or deleted from the registry location the GPO settings are stored, regardless if there's really a configuration change. During the process, IPsec connections are disconnected.
 
 Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. To control the behavior of the registry group policy processing, you can use the policy `Computer Configuration > Administrative Templates > System > Group Policy > Configure registry policy processing`. The *Process even if the Group Policy objects have not changed* option updates and reapplies the policies even if the policies have not changed. This option is disabled by default.
 
-If you enable the option *Process even if the Group Policy objects have not changed*, the WFP filters get reapplied during every background refresh. In case you have ten group policies, the WFP filters get reapplied ten times during the refresh interval. If an error happens during policy processing, the applied settings may be incomplete, resulting in issues like:
+If you enable the option *Process even if the Group Policy objects have not changed*, the WFP filters get reapplied during **every** background refresh. In case you have ten group policies, the WFP filters get reapplied ten times during the refresh interval. If an error happens during policy processing, the applied settings may be incomplete, resulting in issues like:
 
 - Windows Defender Firewall blocks inbound or outbound traffic allowed by group policies
 - Local Firewall settings are applied instead of group policy settings

windows/security/security-foundations/index.md

@@ -1,18 +1,15 @@
 ---
 title: Windows security foundations
 description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
-ms.reviewer: 
-ms.topic: article
-ms.author: paoloma
+ms.topic: conceptual
+ms.date: 06/15/2023
 author: paolomatarazzo
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.date: 12/31/2017
+ms.author: paoloma
 ---
 
 # Windows security foundations
 
-Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
+Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today's threat environment.
 
 Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified.
 
@@ -20,7 +17,7 @@ Use the links in the following table to learn more about the security foundation
 
 | Concept | Description |
 |:---|:---|
-| FIPS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
-| Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
-| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
+| FIPS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](../threat-protection/fips-140-validation.md). |
+| Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](../threat-protection/windows-platform-common-criteria.md). |
+| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](../threat-protection/msft-security-dev-lifecycle.md).|
 | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |

windows/security/security-foundations/toc.yml

@@ -1,6 +1,6 @@
 items:
 - name: Overview
-  href: ../security-foundations.md
+  href: index.md
 - name: Microsoft Security Development Lifecycle
   href: ../threat-protection/msft-security-dev-lifecycle.md
 - name: Certification

windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md

@@ -55,12 +55,12 @@ The following table lists the actual and effective default values for this polic
 
 | Server type or Group Policy Object (GPO) | Default value |
 | - | - |
-| Default domain policy| Disabled| 
-| Default domain controller policy| Disabled| 
-| Stand-alone server default settings | Disabled| 
-| Domain controller effective default settings| Not defined| 
-| Member server effective default settings | Not defined| 
-| Effective GPO default settings on client computers | Not defined| 
+| Default domain policy| Not defined| 
+| Default domain controller policy| Not defined| 
+| Stand-alone server default settings | Not defined| 
+| Domain controller effective default settings| Disabled| 
+| Member server effective default settings | Disabled| 
+| Effective GPO default settings on client computers |Disabled| 
  
 ### Policy management
 

windows/security/toc.yml

@@ -8,10 +8,8 @@
     href: introduction/index.md
   - name: Zero Trust and Windows
     href: zero-trust-windows-device-health.md
-  - name: Security features and edition requirements
-    href: introduction/security-features-edition-requirements.md
-  - name: Security features and licensing requirements
-    href: introduction/security-features-licensing-requirements.md
+  - name: Security features licensing and edition requirements
+    href: licensing-and-edition-requirements.md
 - name: Hardware security
   href: hardware-security/toc.yml
 - name: Operating system security